1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml;
18
19 import java.util.List;
20
21 import org.opensaml.saml2.metadata.NameIDFormat;
22 import org.opensaml.saml2.metadata.SSODescriptor;
23 import org.slf4j.Logger;
24 import org.slf4j.LoggerFactory;
25
26 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException;
27 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext;
28 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor;
29
30
31 public abstract class AbstractNameIDFormatSupportedMatchFunctor extends AbstractMatchFunctor {
32
33
34 private final Logger log = LoggerFactory.getLogger(AbstractNameIDFormatSupportedMatchFunctor.class);
35
36
37 private String nameIdFormat;
38
39
40
41
42
43
44 public String getNameIdFormat() {
45 return nameIdFormat;
46 }
47
48
49
50
51
52
53 public void setNameIdFormat(String format) {
54 nameIdFormat = format;
55 }
56
57
58 protected boolean doEvaluatePolicyRequirement(ShibbolethFilteringContext filterContext)
59 throws FilterProcessingException {
60 return isNameIDFormatSupported(filterContext);
61 }
62
63
64 protected boolean doEvaluateValue(ShibbolethFilteringContext filterContext, String attributeId,
65 Object attributeValue) throws FilterProcessingException {
66 return isNameIDFormatSupported(filterContext);
67 }
68
69
70
71
72
73
74
75
76 protected boolean isNameIDFormatSupported(ShibbolethFilteringContext filterContext) {
77 SSODescriptor role = getEntitySSODescriptor(filterContext);
78 if (role == null) {
79 log.debug("entity does contain an appropriate SSO role descriptor");
80 return false;
81 }
82
83 List<NameIDFormat> supportedFormats = role.getNameIDFormats();
84 if (supportedFormats == null || supportedFormats.isEmpty()) {
85 log.debug("entity SSO role descriptor does not list any supported NameID formats");
86 return false;
87 }
88
89 for (NameIDFormat supportedFormat : supportedFormats) {
90 if (nameIdFormat.equals(supportedFormat.getFormat())) {
91 log.debug("entity does support the NameID format '{}'", nameIdFormat);
92 return true;
93 }
94 }
95
96 log.debug("entity does not support the NameID format '{}'", nameIdFormat);
97 return false;
98 }
99
100
101
102
103
104
105
106
107 protected abstract SSODescriptor getEntitySSODescriptor(ShibbolethFilteringContext filterContext);
108 }