bjoern@2943: package de.intevation.flys.client.server.was;
bjoern@2943: 
bjoern@2943: import java.text.ParseException;
bjoern@2943: import java.text.SimpleDateFormat;
bjoern@2943: import java.util.Iterator;
bjoern@2943: import java.util.Date;
bjoern@2943: import java.util.List;
bjoern@2943: import java.util.LinkedList;
bjoern@2943: 
bjoern@2943: import org.apache.log4j.Logger;
bjoern@2943: 
bjoern@2943: import org.jdom.Element;
bjoern@2943: 
bjoern@2943: public class Assertion {
bjoern@2943: 
bjoern@2943:     private static Logger logger = Logger.getLogger(Assertion.class);
bjoern@2943: 
bjoern@2943:     private Element assertion;
bjoern@2943:     private LinkedList<String> roles;
bjoern@2943:     private String assertion_id;
bjoern@2943:     private String user_id;
bjoern@2943:     private String name_id;
bjoern@2943:     private String group_id;
bjoern@2943:     private String group_name;
bjoern@2943:     private Date notbefore;
bjoern@2943:     private Date notonorafter;
bjoern@2943:     private Signature signature;
bjoern@2943: 
bjoern@2943:     private static final String ATTR_CONT_USER_ID =
bjoern@2943:         "urn:conterra:names:sdi-suite:policy:attribute:user-id";
bjoern@2943:     private static final String ATTR_CONT_GROUP_ID =
bjoern@2943:         "urn:conterra:names:sdi-suite:policy:attribute:group-id";
bjoern@2943:     private static final String ATTR_CONT_GROUP_NAME =
bjoern@2943:         "urn:conterra:names:sdi-suite:policy:attribute:group-name";
bjoern@2943:     private static final String ATTR_CONT_ROLE =
bjoern@2943:         "urn:conterra:names:sdi-suite:policy:attribute:role";
bjoern@2943: 
bjoern@2943: 
bjoern@2943:     public Assertion(Element assertion) {
bjoern@2943:         this.assertion = assertion;
bjoern@2943:         this.roles = new LinkedList<String>();
bjoern@2943: 
bjoern@2943:         this.assertion_id = assertion.getAttributeValue("AssertionID");
bjoern@2943: 
bjoern@2943:         this.parseContition();
bjoern@2943:         this.parseAttributeStatement();
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     private void parseContition() {
bjoern@2943:         Element condition = this.assertion.getChild("Conditions",
bjoern@2943:                 Namespaces.SAML_NS_ASSERT);
bjoern@2943:         if (condition != null) {
bjoern@2943:             SimpleDateFormat dateformat = new SimpleDateFormat();
bjoern@2943:             // format should be "yyyy-MM-dd'T'HH:mm:ss.SSSXXX" but that's only
bjoern@2943:             // available in java 7+
bjoern@2943:             dateformat.applyPattern("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
bjoern@2943:             String from = condition.getAttributeValue("NotBefore");
bjoern@2943:             if (from != null) {
bjoern@2943:                 try {
bjoern@2943:                     this.notbefore = dateformat.parse(from);
bjoern@2943:                 }
bjoern@2943:                 catch(ParseException e) {
bjoern@2943:                     logger.error("Unknown datetime format for Condition "
bjoern@2943:                             "NotBefore " + from);
bjoern@2943:                 }
bjoern@2943:             }
bjoern@2943: 
bjoern@2943:             String until = condition.getAttributeValue("NotOnOrAfter");
bjoern@2943:             if (until != null) {
bjoern@2943:                 try {
bjoern@2943:                     this.notonorafter = dateformat.parse(until);
bjoern@2943:                 }
bjoern@2943:                 catch(ParseException e) {
bjoern@2943:                     logger.error("Unknown datetime format for Condition "
bjoern@2943:                             "NotOnOrAfter " + until);
bjoern@2943:                 }
bjoern@2943:             }
bjoern@2943:         }
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     private void parseAttributeStatement() {
bjoern@2943:         Element attrstatement = this.assertion.getChild("AttributeStatement",
bjoern@2943:                 Namespaces.SAML_NS_ASSERT);
bjoern@2943:         if (attrstatement != null) {
bjoern@2943: 
bjoern@2943:             Element subject = attrstatement.getChild("Subject",
bjoern@2943:                     Namespaces.SAML_NS_ASSERT);
bjoern@2943:             if (subject != null) {
bjoern@2943:                 this.name_id = subject.getChildText("NameIdentifier",
bjoern@2943:                         Namespaces.SAML_NS_ASSERT);
bjoern@2943:             }
bjoern@2943: 
bjoern@2943:             List attributes = attrstatement.getChildren("Attribute",
bjoern@2943:                     Namespaces.SAML_NS_ASSERT);
bjoern@2943:             for(Iterator i = attributes.iterator(); i.hasNext();) {
bjoern@2943:                 Element attr = (Element)i.next();
bjoern@2943:                 String attrname = attr.getAttributeValue("AttributeName");
bjoern@2943:                 if (attrname.equals(ATTR_CONT_USER_ID)) {
bjoern@2943:                     this.user_id = this.getAttributeValue(attr);
bjoern@2943:                 }
bjoern@2943:                 else if (attrname.equals(ATTR_CONT_GROUP_ID)) {
bjoern@2943:                     this.group_id = this.getAttributeValue(attr);
bjoern@2943:                 }
bjoern@2943:                 else if (attrname.equals(ATTR_CONT_GROUP_NAME)) {
bjoern@2943:                     this.group_name = this.getAttributeValue(attr);
bjoern@2943:                 }
bjoern@2943:                 else if (attrname.equals(ATTR_CONT_ROLE)) {
bjoern@2943:                     List roles = attr.getChildren("AttributeValue",
bjoern@2943:                             Namespaces.SAML_NS_ASSERT);
bjoern@2943:                     for(Iterator j = roles.iterator(); j.hasNext();) {
bjoern@2943:                         Element role = (Element)j.next();
bjoern@2943:                         this.roles.add(role.getText());
bjoern@2943:                     }
bjoern@2943:                 }
bjoern@2943:                 else {
bjoern@2943:                     logger.debug("Unknown AttributeName " + attrname +
bjoern@2943:                             " found while parsing AttributeStatement.");
bjoern@2943:                 }
bjoern@2943:             }
bjoern@2943:         }
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     private String getAttributeValue(Element attr) {
bjoern@2943:         return attr.getChildText("AttributeValue", Namespaces.SAML_NS_ASSERT);
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public List<String> getRoles() {
bjoern@2943:         return this.roles;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public Boolean isValid() {
bjoern@2943:         // TODO:
bjoern@2943:         // check signature digest
bjoern@2943:         // check signature value
bjoern@2943:         // check signature cert
bjoern@2943:         return false;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public Signature getSiganture() {
bjoern@2943:         if (this.signature == null) {
bjoern@2943:             Element signature = this.assertion.getChild("Signature",
bjoern@2943:                     Namespaces.XML_SIG_NS);
bjoern@2943:             if (signature != null) {
bjoern@2943:                 this.signature = new Signature(signature);
bjoern@2943:             }
bjoern@2943:         }
bjoern@2943:         return this.signature;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public String getUserID() {
bjoern@2943:         return this.user_id;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public String getNameID() {
bjoern@2943:         return this.name_id;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public String getGroupID() {
bjoern@2943:         return this.group_id;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public String getGroupName() {
bjoern@2943:         return this.group_name;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public String getID() {
bjoern@2943:         return this.assertion_id;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public Date getFrom() {
bjoern@2943:         return this.notbefore;
bjoern@2943:     }
bjoern@2943: 
bjoern@2943:     public Date getUntil() {
bjoern@2943:         return this.notonorafter;
bjoern@2943:     }
bjoern@2943: }
bjoern@2943: // vim: set fileencoding=utf-8 ts=4 sw=4 et si tw=80: