teichmann@5861: /* Copyright (C) 2011, 2012, 2013 by Bundesanstalt für Gewässerkunde teichmann@5861: * Software engineering by Intevation GmbH teichmann@5861: * teichmann@5861: * This file is Free Software under the GNU AGPL (>=v3) teichmann@5861: * and comes with ABSOLUTELY NO WARRANTY! Check out the teichmann@5861: * documentation coming with Dive4Elements River for details. teichmann@5861: */ teichmann@5861: teichmann@5835: package org.dive4elements.river.client.server.auth.was; bjoern@2956: bjoern@2956: import java.text.ParseException; bjoern@2956: import java.text.SimpleDateFormat; bjoern@2956: import java.util.Iterator; bjoern@2956: import java.util.Date; bjoern@2956: import java.util.List; bjoern@2956: import java.util.LinkedList; bjoern@2956: bjoern@2956: import org.apache.log4j.Logger; bjoern@2956: bjoern@2956: import org.jdom.Element; bjoern@2956: bjoern@2956: public class Assertion { bjoern@2956: bjoern@2956: private static Logger logger = Logger.getLogger(Assertion.class); bjoern@2956: bjoern@2956: private Element assertion; bjoern@2956: private LinkedList roles; bjoern@2956: private String assertion_id; bjoern@2956: private String user_id; bjoern@2956: private String name_id; bjoern@2956: private String group_id; bjoern@2956: private String group_name; bjoern@2956: private Date notbefore; bjoern@2956: private Date notonorafter; bjoern@2956: private Signature signature; bjoern@2956: bjoern@2956: private static final String ATTR_CONT_USER_ID = bjoern@2956: "urn:conterra:names:sdi-suite:policy:attribute:user-id"; bjoern@2956: private static final String ATTR_CONT_GROUP_ID = bjoern@2956: "urn:conterra:names:sdi-suite:policy:attribute:group-id"; bjoern@2956: private static final String ATTR_CONT_GROUP_NAME = bjoern@2956: "urn:conterra:names:sdi-suite:policy:attribute:group-name"; bjoern@2956: private static final String ATTR_CONT_ROLE = bjoern@2956: "urn:conterra:names:sdi-suite:policy:attribute:role"; bjoern@2956: bjoern@2956: bjoern@2956: public Assertion(Element assertion) { bjoern@2956: this.assertion = assertion; bjoern@2956: this.roles = new LinkedList(); bjoern@2956: bjoern@2956: this.assertion_id = assertion.getAttributeValue("AssertionID"); bjoern@2956: bjoern@2956: this.parseContition(); bjoern@2956: this.parseAttributeStatement(); bjoern@2956: } bjoern@2956: bjoern@2956: private void parseContition() { bjoern@2956: Element condition = this.assertion.getChild("Conditions", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: if (condition != null) { bjoern@2956: SimpleDateFormat dateformat = new SimpleDateFormat(); bjoern@2956: // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only bjoern@2956: // available in java 7+ bjoern@2956: dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"); bjoern@2956: String from = condition.getAttributeValue("NotBefore"); bjoern@2956: if (from != null) { bjoern@2956: try { bjoern@2956: this.notbefore = dateformat.parse(from); bjoern@2956: } bjoern@2956: catch(ParseException e) { bjoern@2956: logger.error("Unknown datetime format for Condition " + bjoern@2956: "NotBefore " + from); bjoern@2956: } bjoern@2956: } bjoern@2956: bjoern@2956: String until = condition.getAttributeValue("NotOnOrAfter"); bjoern@4231: logger.debug("Session is valid until " + until); bjoern@2956: if (until != null) { bjoern@2956: try { bjoern@2956: this.notonorafter = dateformat.parse(until); bjoern@2956: } bjoern@2956: catch(ParseException e) { bjoern@2956: logger.error("Unknown datetime format for Condition " + bjoern@2956: "NotOnOrAfter " + until); bjoern@2956: } bjoern@2956: } bjoern@2956: } bjoern@2956: } bjoern@2956: bjoern@2956: private void parseAttributeStatement() { bjoern@2956: Element attrstatement = this.assertion.getChild("AttributeStatement", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: if (attrstatement != null) { bjoern@2956: bjoern@2956: Element subject = attrstatement.getChild("Subject", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: if (subject != null) { bjoern@2956: this.name_id = subject.getChildText("NameIdentifier", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: } bjoern@2956: bjoern@2956: List attributes = attrstatement.getChildren("Attribute", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: for(Iterator i = attributes.iterator(); i.hasNext();) { bjoern@2956: Element attr = (Element)i.next(); bjoern@2956: String attrname = attr.getAttributeValue("AttributeName"); bjoern@2956: if (attrname.equals(ATTR_CONT_USER_ID)) { bjoern@2956: this.user_id = this.getAttributeValue(attr); bjoern@2956: } bjoern@2956: else if (attrname.equals(ATTR_CONT_GROUP_ID)) { bjoern@2956: this.group_id = this.getAttributeValue(attr); bjoern@2956: } bjoern@2956: else if (attrname.equals(ATTR_CONT_GROUP_NAME)) { bjoern@2956: this.group_name = this.getAttributeValue(attr); bjoern@2956: } bjoern@2956: else if (attrname.equals(ATTR_CONT_ROLE)) { bjoern@2956: List roles = attr.getChildren("AttributeValue", bjoern@2956: Namespaces.SAML_NS_ASSERT); bjoern@2956: for(Iterator j = roles.iterator(); j.hasNext();) { bjoern@2956: Element role = (Element)j.next(); bjoern@2956: this.roles.add(role.getText()); bjoern@2956: } bjoern@2956: } bjoern@2956: else { bjoern@2956: logger.debug("Unknown AttributeName " + attrname + bjoern@2956: " found while parsing AttributeStatement."); bjoern@2956: } bjoern@2956: } bjoern@2956: } bjoern@2956: } bjoern@2956: bjoern@2956: private String getAttributeValue(Element attr) { bjoern@2956: return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT); bjoern@2956: } bjoern@2956: bjoern@2956: public List getRoles() { bjoern@2956: return this.roles; bjoern@2956: } bjoern@2956: bjoern@2956: public Boolean isValid() { bjoern@2956: // TODO: bjoern@2956: // check signature digest bjoern@2956: // check signature value bjoern@2956: // check signature cert bjoern@2956: return false; bjoern@2956: } bjoern@2956: bjoern@2956: public Signature getSiganture() { bjoern@2956: if (this.signature == null) { bjoern@2956: Element signature = this.assertion.getChild("Signature", bjoern@2956: Namespaces.XML_SIG_NS); bjoern@2956: if (signature != null) { bjoern@2956: this.signature = new Signature(signature); bjoern@2956: } bjoern@2956: } bjoern@2956: return this.signature; bjoern@2956: } bjoern@2956: bjoern@2956: public String getUserID() { bjoern@2956: return this.user_id; bjoern@2956: } bjoern@2956: bjoern@2956: public String getNameID() { bjoern@2956: return this.name_id; bjoern@2956: } bjoern@2956: bjoern@2956: public String getGroupID() { bjoern@2956: return this.group_id; bjoern@2956: } bjoern@2956: bjoern@2956: public String getGroupName() { bjoern@2956: return this.group_name; bjoern@2956: } bjoern@2956: bjoern@2956: public String getID() { bjoern@2956: return this.assertion_id; bjoern@2956: } bjoern@2956: bjoern@2956: public Date getFrom() { bjoern@2956: return this.notbefore; bjoern@2956: } bjoern@2956: bjoern@2956: public Date getUntil() { bjoern@2956: return this.notonorafter; bjoern@2956: } bjoern@2956: } bjoern@2956: // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: