Mercurial > dive4elements > river

/* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU AGPL (>=v3)
 * and comes with ABSOLUTELY NO WARRANTY! Check out the
 * documentation coming with Dive4Elements River for details.
 */

package org.dive4elements.river.client.server.auth.was;

import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.Date;
import java.util.List;
import java.util.LinkedList;

import org.apache.log4j.Logger;

import org.jdom.Element;

public class Assertion {

    private static Logger logger = Logger.getLogger(Assertion.class);

    private Element assertion;
    private LinkedList<String> roles;
    private String assertion_id;
    private String user_id;
    private String name_id;
    private String group_id;
    private String group_name;
    private Date notbefore;
    private Date notonorafter;

    private static final String ATTR_CONT_USER_ID =
        "urn:conterra:names:sdi-suite:policy:attribute:user-id";
    private static final String ATTR_CONT_GROUP_ID =
        "urn:conterra:names:sdi-suite:policy:attribute:group-id";
    private static final String ATTR_CONT_GROUP_NAME =
        "urn:conterra:names:sdi-suite:policy:attribute:group-name";
    private static final String ATTR_CONT_ROLE =
        "urn:conterra:names:sdi-suite:policy:attribute:role";


    public Assertion(Element assertion) {
        this.assertion = assertion;
        this.roles = new LinkedList<String>();

        this.assertion_id = assertion.getAttributeValue("AssertionID");

        this.parseContition();
        this.parseAttributeStatement();
    }

    private void parseContition() {
        Element condition = this.assertion.getChild("Conditions",
                Namespaces.SAML_NS_ASSERT);
        if (condition != null) {
            SimpleDateFormat dateformat = new SimpleDateFormat();
            // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only
            // available in java 7+
            dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
            String from = condition.getAttributeValue("NotBefore");
            if (from != null) {
                try {
                    this.notbefore = dateformat.parse(from);
                }
                catch(ParseException e) {
                    logger.error("Unknown datetime format for Condition " +
                            "NotBefore " + from);
                }
            }

            String until = condition.getAttributeValue("NotOnOrAfter");
            logger.debug("Session is valid until " + until);
            if (until != null) {
                try {
                    this.notonorafter = dateformat.parse(until);
                }
                catch(ParseException e) {
                    logger.error("Unknown datetime format for Condition " +
                            "NotOnOrAfter " + until);
                }
            }
        }
    }

    private void parseAttributeStatement() {
        Element attrstatement = this.assertion.getChild("AttributeStatement",
                Namespaces.SAML_NS_ASSERT);
        if (attrstatement != null) {

            Element subject = attrstatement.getChild("Subject",
                    Namespaces.SAML_NS_ASSERT);
            if (subject != null) {
                this.name_id = subject.getChildText("NameIdentifier",
                        Namespaces.SAML_NS_ASSERT);
            }

            List attributes = attrstatement.getChildren("Attribute",
                    Namespaces.SAML_NS_ASSERT);
            for(Iterator i = attributes.iterator(); i.hasNext();) {
                Element attr = (Element)i.next();
                String attrname = attr.getAttributeValue("AttributeName");
                if (attrname.equals(ATTR_CONT_USER_ID)) {
                    this.user_id = this.getAttributeValue(attr);
                }
                else if (attrname.equals(ATTR_CONT_GROUP_ID)) {
                    this.group_id = this.getAttributeValue(attr);
                }
                else if (attrname.equals(ATTR_CONT_GROUP_NAME)) {
                    this.group_name = this.getAttributeValue(attr);
                }
                else if (attrname.equals(ATTR_CONT_ROLE)) {
                    List roles = attr.getChildren("AttributeValue",
                            Namespaces.SAML_NS_ASSERT);
                    for(Iterator j = roles.iterator(); j.hasNext();) {
                        Element role = (Element)j.next();
                        this.roles.add(role.getText());
                    }
                }
                else {
                    logger.debug("Unknown AttributeName " + attrname +
                            " found while parsing AttributeStatement.");
                }
            }
        }
    }

    private String getAttributeValue(Element attr) {
        return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT);
    }

    public List<String> getRoles() {
        return this.roles;
    }

    public Boolean isValid() {
        // TODO:
        // check signature digest
        // check signature value
        // check signature cert
        return false;
    }

    public String getUserID() {
        return this.user_id;
    }

    public String getNameID() {
        return this.name_id;
    }

    public String getGroupID() {
        return this.group_id;
    }

    public String getGroupName() {
        return this.group_name;
    }

    public String getID() {
        return this.assertion_id;
    }

    public Date getFrom() {
        return this.notbefore;
    }

    public Date getUntil() {
        return this.notonorafter;
    }
}
// vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80:
author	Bernhard Herzog <bh@intevation.de>
date	Wed, 08 May 2013 17:56:13 +0200
parents	172338b1407f
children	302b3497677c