1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml;
19
20 import java.util.List;
21
22 import org.opensaml.saml2.metadata.NameIDFormat;
23 import org.opensaml.saml2.metadata.SSODescriptor;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException;
28 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext;
29 import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor;
30
31
32 public abstract class AbstractNameIDFormatSupportedMatchFunctor extends AbstractMatchFunctor {
33
34
35 private final Logger log = LoggerFactory.getLogger(AbstractNameIDFormatSupportedMatchFunctor.class);
36
37
38 private String nameIdFormat;
39
40
41
42
43
44
45 public String getNameIdFormat() {
46 return nameIdFormat;
47 }
48
49
50
51
52
53
54 public void setNameIdFormat(String format) {
55 nameIdFormat = format;
56 }
57
58
59 protected boolean doEvaluatePolicyRequirement(ShibbolethFilteringContext filterContext)
60 throws FilterProcessingException {
61 return isNameIDFormatSupported(filterContext);
62 }
63
64
65 protected boolean doEvaluateValue(ShibbolethFilteringContext filterContext, String attributeId,
66 Object attributeValue) throws FilterProcessingException {
67 return isNameIDFormatSupported(filterContext);
68 }
69
70
71
72
73
74
75
76
77 protected boolean isNameIDFormatSupported(ShibbolethFilteringContext filterContext) {
78 SSODescriptor role = getEntitySSODescriptor(filterContext);
79 if (role == null) {
80 log.debug("entity does contain an appropriate SSO role descriptor");
81 return false;
82 }
83
84 List<NameIDFormat> supportedFormats = role.getNameIDFormats();
85 if (supportedFormats == null || supportedFormats.isEmpty()) {
86 log.debug("entity SSO role descriptor does not list any supported NameID formats");
87 return false;
88 }
89
90 for (NameIDFormat supportedFormat : supportedFormats) {
91 if (nameIdFormat.equals(supportedFormat.getFormat())) {
92 log.debug("entity does support the NameID format '{}'", nameIdFormat);
93 return true;
94 }
95 }
96
97 log.debug("entity does not support the NameID format '{}'", nameIdFormat);
98 return false;
99 }
100
101
102
103
104
105
106
107
108 protected abstract SSODescriptor getEntitySSODescriptor(ShibbolethFilteringContext filterContext);
109 }