Mercurial > dive4elements > river
diff flys-client/src/main/java/de/intevation/flys/client/server/was/Assertion.java @ 2943:7683d4e43afa
Implement class representation of a Web Authentication Service (WAS)
request and response. If the authentication is successful the WAS
responses with a base64 encoded Security Assertion Markup Language.
The current implementation of the saml response simplifies the protocol
and misses validation.
flys-client/trunk@4909 c6561f87-3c4e-4783-a992-168aeb5c3f6f
| author | Bjoern Ricks <bjoern.ricks@intevation.de> |
|---|---|
| date | Tue, 10 Jul 2012 10:49:18 +0000 |
| parents | |
| children | 0889ec33249c |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/flys-client/src/main/java/de/intevation/flys/client/server/was/Assertion.java Tue Jul 10 10:49:18 2012 +0000 @@ -0,0 +1,178 @@ +package de.intevation.flys.client.server.was; + +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Iterator; +import java.util.Date; +import java.util.List; +import java.util.LinkedList; + +import org.apache.log4j.Logger; + +import org.jdom.Element; + +public class Assertion { + + private static Logger logger = Logger.getLogger(Assertion.class); + + private Element assertion; + private LinkedList<String> roles; + private String assertion_id; + private String user_id; + private String name_id; + private String group_id; + private String group_name; + private Date notbefore; + private Date notonorafter; + private Signature signature; + + private static final String ATTR_CONT_USER_ID = + "urn:conterra:names:sdi-suite:policy:attribute:user-id"; + private static final String ATTR_CONT_GROUP_ID = + "urn:conterra:names:sdi-suite:policy:attribute:group-id"; + private static final String ATTR_CONT_GROUP_NAME = + "urn:conterra:names:sdi-suite:policy:attribute:group-name"; + private static final String ATTR_CONT_ROLE = + "urn:conterra:names:sdi-suite:policy:attribute:role"; + + + public Assertion(Element assertion) { + this.assertion = assertion; + this.roles = new LinkedList<String>(); + + this.assertion_id = assertion.getAttributeValue("AssertionID"); + + this.parseContition(); + this.parseAttributeStatement(); + } + + private void parseContition() { + Element condition = this.assertion.getChild("Conditions", + Namespaces.SAML_NS_ASSERT); + if (condition != null) { + SimpleDateFormat dateformat = new SimpleDateFormat(); + // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only + // available in java 7+ + dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); + String from = condition.getAttributeValue("NotBefore"); + if (from != null) { + try { + this.notbefore = dateformat.parse(from); + } + catch(ParseException e) { + logger.error("Unknown datetime format for Condition " + "NotBefore " + from); + } + } + + String until = condition.getAttributeValue("NotOnOrAfter"); + if (until != null) { + try { + this.notonorafter = dateformat.parse(until); + } + catch(ParseException e) { + logger.error("Unknown datetime format for Condition " + "NotOnOrAfter " + until); + } + } + } + } + + private void parseAttributeStatement() { + Element attrstatement = this.assertion.getChild("AttributeStatement", + Namespaces.SAML_NS_ASSERT); + if (attrstatement != null) { + + Element subject = attrstatement.getChild("Subject", + Namespaces.SAML_NS_ASSERT); + if (subject != null) { + this.name_id = subject.getChildText("NameIdentifier", + Namespaces.SAML_NS_ASSERT); + } + + List attributes = attrstatement.getChildren("Attribute", + Namespaces.SAML_NS_ASSERT); + for(Iterator i = attributes.iterator(); i.hasNext();) { + Element attr = (Element)i.next(); + String attrname = attr.getAttributeValue("AttributeName"); + if (attrname.equals(ATTR_CONT_USER_ID)) { + this.user_id = this.getAttributeValue(attr); + } + else if (attrname.equals(ATTR_CONT_GROUP_ID)) { + this.group_id = this.getAttributeValue(attr); + } + else if (attrname.equals(ATTR_CONT_GROUP_NAME)) { + this.group_name = this.getAttributeValue(attr); + } + else if (attrname.equals(ATTR_CONT_ROLE)) { + List roles = attr.getChildren("AttributeValue", + Namespaces.SAML_NS_ASSERT); + for(Iterator j = roles.iterator(); j.hasNext();) { + Element role = (Element)j.next(); + this.roles.add(role.getText()); + } + } + else { + logger.debug("Unknown AttributeName " + attrname + + " found while parsing AttributeStatement."); + } + } + } + } + + private String getAttributeValue(Element attr) { + return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT); + } + + public List<String> getRoles() { + return this.roles; + } + + public Boolean isValid() { + // TODO: + // check signature digest + // check signature value + // check signature cert + return false; + } + + public Signature getSiganture() { + if (this.signature == null) { + Element signature = this.assertion.getChild("Signature", + Namespaces.XML_SIG_NS); + if (signature != null) { + this.signature = new Signature(signature); + } + } + return this.signature; + } + + public String getUserID() { + return this.user_id; + } + + public String getNameID() { + return this.name_id; + } + + public String getGroupID() { + return this.group_id; + } + + public String getGroupName() { + return this.group_name; + } + + public String getID() { + return this.assertion_id; + } + + public Date getFrom() { + return this.notbefore; + } + + public Date getUntil() { + return this.notonorafter; + } +} +// vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: