Mercurial > dive4elements > river

comparison flys-client/src/main/java/org/dive4elements/river/client/server/auth/was/Assertion.java @ 5834:f507086aa94b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Repaired internal references.
author Sascha L. Teichmann <teichmann@intevation.de>
date Thu, 25 Apr 2013 12:31:32 +0200
parents flys-client/src/main/java/de/intevation/flys/client/server/auth/was/Assertion.java@adcb8aee1910
children 821a02bbfb4e
comparison
equal deleted inserted replaced
5833:a2bdc0f524e8 5834:f507086aa94b
1 package de.intevation.flys.client.server.auth.was;
2
3 import java.text.ParseException;
4 import java.text.SimpleDateFormat;
5 import java.util.Iterator;
6 import java.util.Date;
7 import java.util.List;
8 import java.util.LinkedList;
9
10 import org.apache.log4j.Logger;
11
12 import org.jdom.Element;
13
14 public class Assertion {
15
16 private static Logger logger = Logger.getLogger(Assertion.class);
17
18 private Element assertion;
19 private LinkedList<String> roles;
20 private String assertion_id;
21 private String user_id;
22 private String name_id;
23 private String group_id;
24 private String group_name;
25 private Date notbefore;
26 private Date notonorafter;
27 private Signature signature;
28
29 private static final String ATTR_CONT_USER_ID =
30 "urn:conterra:names:sdi-suite:policy:attribute:user-id";
31 private static final String ATTR_CONT_GROUP_ID =
32 "urn:conterra:names:sdi-suite:policy:attribute:group-id";
33 private static final String ATTR_CONT_GROUP_NAME =
34 "urn:conterra:names:sdi-suite:policy:attribute:group-name";
35 private static final String ATTR_CONT_ROLE =
36 "urn:conterra:names:sdi-suite:policy:attribute:role";
37
38
39 public Assertion(Element assertion) {
40 this.assertion = assertion;
41 this.roles = new LinkedList<String>();
42
43 this.assertion_id = assertion.getAttributeValue("AssertionID");
44
45 this.parseContition();
46 this.parseAttributeStatement();
47 }
48
49 private void parseContition() {
50 Element condition = this.assertion.getChild("Conditions",
51 Namespaces.SAML_NS_ASSERT);
52 if (condition != null) {
53 SimpleDateFormat dateformat = new SimpleDateFormat();
54 // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only
55 // available in java 7+
56 dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
57 String from = condition.getAttributeValue("NotBefore");
58 if (from != null) {
59 try {
60 this.notbefore = dateformat.parse(from);
61 }
62 catch(ParseException e) {
63 logger.error("Unknown datetime format for Condition " +
64 "NotBefore " + from);
65 }
66 }
67
68 String until = condition.getAttributeValue("NotOnOrAfter");
69 logger.debug("Session is valid until " + until);
70 if (until != null) {
71 try {
72 this.notonorafter = dateformat.parse(until);
73 }
74 catch(ParseException e) {
75 logger.error("Unknown datetime format for Condition " +
76 "NotOnOrAfter " + until);
77 }
78 }
79 }
80 }
81
82 private void parseAttributeStatement() {
83 Element attrstatement = this.assertion.getChild("AttributeStatement",
84 Namespaces.SAML_NS_ASSERT);
85 if (attrstatement != null) {
86
87 Element subject = attrstatement.getChild("Subject",
88 Namespaces.SAML_NS_ASSERT);
89 if (subject != null) {
90 this.name_id = subject.getChildText("NameIdentifier",
91 Namespaces.SAML_NS_ASSERT);
92 }
93
94 List attributes = attrstatement.getChildren("Attribute",
95 Namespaces.SAML_NS_ASSERT);
96 for(Iterator i = attributes.iterator(); i.hasNext();) {
97 Element attr = (Element)i.next();
98 String attrname = attr.getAttributeValue("AttributeName");
99 if (attrname.equals(ATTR_CONT_USER_ID)) {
100 this.user_id = this.getAttributeValue(attr);
101 }
102 else if (attrname.equals(ATTR_CONT_GROUP_ID)) {
103 this.group_id = this.getAttributeValue(attr);
104 }
105 else if (attrname.equals(ATTR_CONT_GROUP_NAME)) {
106 this.group_name = this.getAttributeValue(attr);
107 }
108 else if (attrname.equals(ATTR_CONT_ROLE)) {
109 List roles = attr.getChildren("AttributeValue",
110 Namespaces.SAML_NS_ASSERT);
111 for(Iterator j = roles.iterator(); j.hasNext();) {
112 Element role = (Element)j.next();
113 this.roles.add(role.getText());
114 }
115 }
116 else {
117 logger.debug("Unknown AttributeName " + attrname +
118 " found while parsing AttributeStatement.");
119 }
120 }
121 }
122 }
123
124 private String getAttributeValue(Element attr) {
125 return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT);
126 }
127
128 public List<String> getRoles() {
129 return this.roles;
130 }
131
132 public Boolean isValid() {
133 // TODO:
134 // check signature digest
135 // check signature value
136 // check signature cert
137 return false;
138 }
139
140 public Signature getSiganture() {
141 if (this.signature == null) {
142 Element signature = this.assertion.getChild("Signature",
143 Namespaces.XML_SIG_NS);
144 if (signature != null) {
145 this.signature = new Signature(signature);
146 }
147 }
148 return this.signature;
149 }
150
151 public String getUserID() {
152 return this.user_id;
153 }
154
155 public String getNameID() {
156 return this.name_id;
157 }
158
159 public String getGroupID() {
160 return this.group_id;
161 }
162
163 public String getGroupName() {
164 return this.group_name;
165 }
166
167 public String getID() {
168 return this.assertion_id;
169 }
170
171 public Date getFrom() {
172 return this.notbefore;
173 }
174
175 public Date getUntil() {
176 return this.notonorafter;
177 }
178 }
179 // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80:
http://dive4elements.wald.intevation.org