View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml;
19  
20  import java.util.List;
21  
22  import org.opensaml.saml2.metadata.NameIDFormat;
23  import org.opensaml.saml2.metadata.SSODescriptor;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException;
28  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext;
29  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor;
30  
31  /** Base class for matching functions that check if an SAML entity supports a particular NameID format type. */
32  public abstract class AbstractNameIDFormatSupportedMatchFunctor extends AbstractMatchFunctor {
33  
34      /** Class logger. */
35      private final Logger log = LoggerFactory.getLogger(AbstractNameIDFormatSupportedMatchFunctor.class);
36  
37      /** The NameID format that needs to be supported by the entity. */
38      private String nameIdFormat;
39  
40      /**
41       * Get the NameID format that needs to be supported by the entity.
42       * 
43       * @return NameID format that needs to be supported by the entity
44       */
45      public String getNameIdFormat() {
46          return nameIdFormat;
47      }
48  
49      /**
50       * Sets the NameID format that needs to be supported by the entity.
51       * 
52       * @param format NameID format that needs to be supported by the entity
53       */
54      public void setNameIdFormat(String format) {
55          nameIdFormat = format;
56      }
57  
58      /** {@inheritDoc} */
59      protected boolean doEvaluatePolicyRequirement(ShibbolethFilteringContext filterContext)
60              throws FilterProcessingException {
61          return isNameIDFormatSupported(filterContext);
62      }
63  
64      /** {@inheritDoc} */
65      protected boolean doEvaluateValue(ShibbolethFilteringContext filterContext, String attributeId,
66              Object attributeValue) throws FilterProcessingException {
67          return isNameIDFormatSupported(filterContext);
68      }
69  
70      /**
71       * Checks to see if the metadata for the entity supports the required NameID format.
72       * 
73       * @param filterContext current filter context
74       * 
75       * @return true if the entity supports the required NameID format, false otherwise
76       */
77      protected boolean isNameIDFormatSupported(ShibbolethFilteringContext filterContext) {
78          SSODescriptor role = getEntitySSODescriptor(filterContext);
79          if (role == null) {
80              log.debug("entity does contain an appropriate SSO role descriptor");
81              return false;
82          }
83  
84          List<NameIDFormat> supportedFormats = role.getNameIDFormats();
85          if (supportedFormats == null || supportedFormats.isEmpty()) {
86              log.debug("entity SSO role descriptor does not list any supported NameID formats");
87              return false;
88          }
89  
90          for (NameIDFormat supportedFormat : supportedFormats) {
91              if (nameIdFormat.equals(supportedFormat.getFormat())) {
92                  log.debug("entity does support the NameID format '{}'", nameIdFormat);
93                  return true;
94              }
95          }
96  
97          log.debug("entity does not support the NameID format '{}'", nameIdFormat);
98          return false;
99      }
100 
101     /**
102      * Gets the SSO role descriptor for the entity to be checked.
103      * 
104      * @param filterContext current filtering context
105      * 
106      * @return the SSO role descriptor of the entity or null if the entity does not have such a descriptor
107      */
108     protected abstract SSODescriptor getEntitySSODescriptor(ShibbolethFilteringContext filterContext);
109 }