1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition;
19
20 import org.slf4j.Logger;
21 import org.slf4j.LoggerFactory;
22
23 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
24 import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
25 import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
26 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
27 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
28 import edu.internet2.middleware.shibboleth.common.util.DataSealer;
29 import edu.internet2.middleware.shibboleth.common.util.DataSealerException;
30
31
32
33
34
35 public class CryptoTransientIdAttributeDefinition extends BaseAttributeDefinition {
36
37
38 private static Logger log = LoggerFactory.getLogger(CryptoTransientIdAttributeDefinition.class);
39
40
41 private DataSealer dataSealer;
42
43
44 private long idLifetime;
45
46
47
48
49
50
51 public CryptoTransientIdAttributeDefinition(DataSealer sealer) {
52 if (sealer == null) {
53 throw new IllegalArgumentException("DataSealer may not be null.");
54 }
55 dataSealer = sealer;
56 idLifetime = 1000 * 60 * 60 * 4;
57 }
58
59
60 protected BaseAttribute<String> doResolve(ShibbolethResolutionContext resolutionContext)
61 throws AttributeResolutionException {
62
63 SAMLProfileRequestContext<?, ?, ?, ?> requestContext = resolutionContext.getAttributeRequestContext();
64
65 StringBuilder principalTokenIdBuilder = new StringBuilder();
66 principalTokenIdBuilder.append(requestContext.getOutboundMessageIssuer()).append("!").append(
67 requestContext.getInboundMessageIssuer()).append("!").append(requestContext.getPrincipalName());
68 String transientId;
69 try {
70 transientId = dataSealer.wrap(principalTokenIdBuilder.toString(), System.currentTimeMillis() + idLifetime);
71 } catch (DataSealerException e) {
72 throw new AttributeResolutionException("Caught exception wrapping principal identifier.", e);
73 }
74
75 BasicAttribute<String> attribute = new BasicAttribute<String>();
76 attribute.setId(getId());
77 attribute.getValues().add(transientId);
78
79 return attribute;
80 }
81
82
83
84
85
86
87 public long getIdLifetime() {
88 return idLifetime;
89 }
90
91
92
93
94
95
96 public void setIdLifetime(long lifetime) {
97 idLifetime = lifetime;
98 }
99
100
101 public void validate() throws AttributeResolutionException {
102 if (dataSealer == null) {
103 log.error("CryptoTransientIdAttributeDefinition (" + getId()
104 + ") must have a DataSealer object set.");
105 throw new AttributeResolutionException("CryptoTransientIdAttributeDefinition (" + getId()
106 + ") must have a DataSealer object set.");
107 }
108 }
109 }