Mercurial > dive4elements > river
comparison flys-client/src/main/java/de/intevation/flys/client/server/was/Assertion.java @ 2943:7683d4e43afa
Implement class representation of a Web Authentication Service (WAS)
request and response. If the authentication is successful the WAS
responses with a base64 encoded Security Assertion Markup Language.
The current implementation of the saml response simplifies the protocol
and misses validation.
flys-client/trunk@4909 c6561f87-3c4e-4783-a992-168aeb5c3f6f
author | Bjoern Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Tue, 10 Jul 2012 10:49:18 +0000 |
parents | |
children | 0889ec33249c |
comparison
equal
deleted
inserted
replaced
2942:5885c5b8d71d | 2943:7683d4e43afa |
---|---|
1 package de.intevation.flys.client.server.was; | |
2 | |
3 import java.text.ParseException; | |
4 import java.text.SimpleDateFormat; | |
5 import java.util.Iterator; | |
6 import java.util.Date; | |
7 import java.util.List; | |
8 import java.util.LinkedList; | |
9 | |
10 import org.apache.log4j.Logger; | |
11 | |
12 import org.jdom.Element; | |
13 | |
14 public class Assertion { | |
15 | |
16 private static Logger logger = Logger.getLogger(Assertion.class); | |
17 | |
18 private Element assertion; | |
19 private LinkedList<String> roles; | |
20 private String assertion_id; | |
21 private String user_id; | |
22 private String name_id; | |
23 private String group_id; | |
24 private String group_name; | |
25 private Date notbefore; | |
26 private Date notonorafter; | |
27 private Signature signature; | |
28 | |
29 private static final String ATTR_CONT_USER_ID = | |
30 "urn:conterra:names:sdi-suite:policy:attribute:user-id"; | |
31 private static final String ATTR_CONT_GROUP_ID = | |
32 "urn:conterra:names:sdi-suite:policy:attribute:group-id"; | |
33 private static final String ATTR_CONT_GROUP_NAME = | |
34 "urn:conterra:names:sdi-suite:policy:attribute:group-name"; | |
35 private static final String ATTR_CONT_ROLE = | |
36 "urn:conterra:names:sdi-suite:policy:attribute:role"; | |
37 | |
38 | |
39 public Assertion(Element assertion) { | |
40 this.assertion = assertion; | |
41 this.roles = new LinkedList<String>(); | |
42 | |
43 this.assertion_id = assertion.getAttributeValue("AssertionID"); | |
44 | |
45 this.parseContition(); | |
46 this.parseAttributeStatement(); | |
47 } | |
48 | |
49 private void parseContition() { | |
50 Element condition = this.assertion.getChild("Conditions", | |
51 Namespaces.SAML_NS_ASSERT); | |
52 if (condition != null) { | |
53 SimpleDateFormat dateformat = new SimpleDateFormat(); | |
54 // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only | |
55 // available in java 7+ | |
56 dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); | |
57 String from = condition.getAttributeValue("NotBefore"); | |
58 if (from != null) { | |
59 try { | |
60 this.notbefore = dateformat.parse(from); | |
61 } | |
62 catch(ParseException e) { | |
63 logger.error("Unknown datetime format for Condition " | |
64 "NotBefore " + from); | |
65 } | |
66 } | |
67 | |
68 String until = condition.getAttributeValue("NotOnOrAfter"); | |
69 if (until != null) { | |
70 try { | |
71 this.notonorafter = dateformat.parse(until); | |
72 } | |
73 catch(ParseException e) { | |
74 logger.error("Unknown datetime format for Condition " | |
75 "NotOnOrAfter " + until); | |
76 } | |
77 } | |
78 } | |
79 } | |
80 | |
81 private void parseAttributeStatement() { | |
82 Element attrstatement = this.assertion.getChild("AttributeStatement", | |
83 Namespaces.SAML_NS_ASSERT); | |
84 if (attrstatement != null) { | |
85 | |
86 Element subject = attrstatement.getChild("Subject", | |
87 Namespaces.SAML_NS_ASSERT); | |
88 if (subject != null) { | |
89 this.name_id = subject.getChildText("NameIdentifier", | |
90 Namespaces.SAML_NS_ASSERT); | |
91 } | |
92 | |
93 List attributes = attrstatement.getChildren("Attribute", | |
94 Namespaces.SAML_NS_ASSERT); | |
95 for(Iterator i = attributes.iterator(); i.hasNext();) { | |
96 Element attr = (Element)i.next(); | |
97 String attrname = attr.getAttributeValue("AttributeName"); | |
98 if (attrname.equals(ATTR_CONT_USER_ID)) { | |
99 this.user_id = this.getAttributeValue(attr); | |
100 } | |
101 else if (attrname.equals(ATTR_CONT_GROUP_ID)) { | |
102 this.group_id = this.getAttributeValue(attr); | |
103 } | |
104 else if (attrname.equals(ATTR_CONT_GROUP_NAME)) { | |
105 this.group_name = this.getAttributeValue(attr); | |
106 } | |
107 else if (attrname.equals(ATTR_CONT_ROLE)) { | |
108 List roles = attr.getChildren("AttributeValue", | |
109 Namespaces.SAML_NS_ASSERT); | |
110 for(Iterator j = roles.iterator(); j.hasNext();) { | |
111 Element role = (Element)j.next(); | |
112 this.roles.add(role.getText()); | |
113 } | |
114 } | |
115 else { | |
116 logger.debug("Unknown AttributeName " + attrname + | |
117 " found while parsing AttributeStatement."); | |
118 } | |
119 } | |
120 } | |
121 } | |
122 | |
123 private String getAttributeValue(Element attr) { | |
124 return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT); | |
125 } | |
126 | |
127 public List<String> getRoles() { | |
128 return this.roles; | |
129 } | |
130 | |
131 public Boolean isValid() { | |
132 // TODO: | |
133 // check signature digest | |
134 // check signature value | |
135 // check signature cert | |
136 return false; | |
137 } | |
138 | |
139 public Signature getSiganture() { | |
140 if (this.signature == null) { | |
141 Element signature = this.assertion.getChild("Signature", | |
142 Namespaces.XML_SIG_NS); | |
143 if (signature != null) { | |
144 this.signature = new Signature(signature); | |
145 } | |
146 } | |
147 return this.signature; | |
148 } | |
149 | |
150 public String getUserID() { | |
151 return this.user_id; | |
152 } | |
153 | |
154 public String getNameID() { | |
155 return this.name_id; | |
156 } | |
157 | |
158 public String getGroupID() { | |
159 return this.group_id; | |
160 } | |
161 | |
162 public String getGroupName() { | |
163 return this.group_name; | |
164 } | |
165 | |
166 public String getID() { | |
167 return this.assertion_id; | |
168 } | |
169 | |
170 public Date getFrom() { | |
171 return this.notbefore; | |
172 } | |
173 | |
174 public Date getUntil() { | |
175 return this.notonorafter; | |
176 } | |
177 } | |
178 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: |