Mercurial > dive4elements > river

comparison flys-client/src/main/java/de/intevation/flys/client/server/was/Assertion.java @ 2943:7683d4e43afa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement class representation of a Web Authentication Service (WAS) request and response. If the authentication is successful the WAS responses with a base64 encoded Security Assertion Markup Language. The current implementation of the saml response simplifies the protocol and misses validation. flys-client/trunk@4909 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author Bjoern Ricks <bjoern.ricks@intevation.de>
date Tue, 10 Jul 2012 10:49:18 +0000
parents
children 0889ec33249c
comparison
equal deleted inserted replaced
2942:5885c5b8d71d 2943:7683d4e43afa
1 package de.intevation.flys.client.server.was;
2
3 import java.text.ParseException;
4 import java.text.SimpleDateFormat;
5 import java.util.Iterator;
6 import java.util.Date;
7 import java.util.List;
8 import java.util.LinkedList;
9
10 import org.apache.log4j.Logger;
11
12 import org.jdom.Element;
13
14 public class Assertion {
15
16 private static Logger logger = Logger.getLogger(Assertion.class);
17
18 private Element assertion;
19 private LinkedList<String> roles;
20 private String assertion_id;
21 private String user_id;
22 private String name_id;
23 private String group_id;
24 private String group_name;
25 private Date notbefore;
26 private Date notonorafter;
27 private Signature signature;
28
29 private static final String ATTR_CONT_USER_ID =
30 "urn:conterra:names:sdi-suite:policy:attribute:user-id";
31 private static final String ATTR_CONT_GROUP_ID =
32 "urn:conterra:names:sdi-suite:policy:attribute:group-id";
33 private static final String ATTR_CONT_GROUP_NAME =
34 "urn:conterra:names:sdi-suite:policy:attribute:group-name";
35 private static final String ATTR_CONT_ROLE =
36 "urn:conterra:names:sdi-suite:policy:attribute:role";
37
38
39 public Assertion(Element assertion) {
40 this.assertion = assertion;
41 this.roles = new LinkedList<String>();
42
43 this.assertion_id = assertion.getAttributeValue("AssertionID");
44
45 this.parseContition();
46 this.parseAttributeStatement();
47 }
48
49 private void parseContition() {
50 Element condition = this.assertion.getChild("Conditions",
51 Namespaces.SAML_NS_ASSERT);
52 if (condition != null) {
53 SimpleDateFormat dateformat = new SimpleDateFormat();
54 // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only
55 // available in java 7+
56 dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
57 String from = condition.getAttributeValue("NotBefore");
58 if (from != null) {
59 try {
60 this.notbefore = dateformat.parse(from);
61 }
62 catch(ParseException e) {
63 logger.error("Unknown datetime format for Condition "
64 "NotBefore " + from);
65 }
66 }
67
68 String until = condition.getAttributeValue("NotOnOrAfter");
69 if (until != null) {
70 try {
71 this.notonorafter = dateformat.parse(until);
72 }
73 catch(ParseException e) {
74 logger.error("Unknown datetime format for Condition "
75 "NotOnOrAfter " + until);
76 }
77 }
78 }
79 }
80
81 private void parseAttributeStatement() {
82 Element attrstatement = this.assertion.getChild("AttributeStatement",
83 Namespaces.SAML_NS_ASSERT);
84 if (attrstatement != null) {
85
86 Element subject = attrstatement.getChild("Subject",
87 Namespaces.SAML_NS_ASSERT);
88 if (subject != null) {
89 this.name_id = subject.getChildText("NameIdentifier",
90 Namespaces.SAML_NS_ASSERT);
91 }
92
93 List attributes = attrstatement.getChildren("Attribute",
94 Namespaces.SAML_NS_ASSERT);
95 for(Iterator i = attributes.iterator(); i.hasNext();) {
96 Element attr = (Element)i.next();
97 String attrname = attr.getAttributeValue("AttributeName");
98 if (attrname.equals(ATTR_CONT_USER_ID)) {
99 this.user_id = this.getAttributeValue(attr);
100 }
101 else if (attrname.equals(ATTR_CONT_GROUP_ID)) {
102 this.group_id = this.getAttributeValue(attr);
103 }
104 else if (attrname.equals(ATTR_CONT_GROUP_NAME)) {
105 this.group_name = this.getAttributeValue(attr);
106 }
107 else if (attrname.equals(ATTR_CONT_ROLE)) {
108 List roles = attr.getChildren("AttributeValue",
109 Namespaces.SAML_NS_ASSERT);
110 for(Iterator j = roles.iterator(); j.hasNext();) {
111 Element role = (Element)j.next();
112 this.roles.add(role.getText());
113 }
114 }
115 else {
116 logger.debug("Unknown AttributeName " + attrname +
117 " found while parsing AttributeStatement.");
118 }
119 }
120 }
121 }
122
123 private String getAttributeValue(Element attr) {
124 return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT);
125 }
126
127 public List<String> getRoles() {
128 return this.roles;
129 }
130
131 public Boolean isValid() {
132 // TODO:
133 // check signature digest
134 // check signature value
135 // check signature cert
136 return false;
137 }
138
139 public Signature getSiganture() {
140 if (this.signature == null) {
141 Element signature = this.assertion.getChild("Signature",
142 Namespaces.XML_SIG_NS);
143 if (signature != null) {
144 this.signature = new Signature(signature);
145 }
146 }
147 return this.signature;
148 }
149
150 public String getUserID() {
151 return this.user_id;
152 }
153
154 public String getNameID() {
155 return this.name_id;
156 }
157
158 public String getGroupID() {
159 return this.group_id;
160 }
161
162 public String getGroupName() {
163 return this.group_name;
164 }
165
166 public String getID() {
167 return this.assertion_id;
168 }
169
170 public Date getFrom() {
171 return this.notbefore;
172 }
173
174 public Date getUntil() {
175 return this.notonorafter;
176 }
177 }
178 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80:
http://dive4elements.wald.intevation.org