use the new session manager interface
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / common / provider / X509SubjectNameNameIdentifierMapping.java
1 /*
2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package edu.internet2.middleware.shibboleth.common.provider;
18
19 import java.security.Principal;
20 import java.util.regex.Matcher;
21 import java.util.regex.Pattern;
22 import java.util.regex.PatternSyntaxException;
23
24 import javax.xml.namespace.QName;
25
26 import org.apache.log4j.Logger;
27 import org.opensaml.SAMLException;
28 import org.opensaml.SAMLNameIdentifier;
29 import org.w3c.dom.Element;
30
31 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
32 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
33 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
34 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
35 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
36 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
37
38 /**
39  * <code>NameIdentifierMapping</code> implementation that translates principal names to E-Auth compliant
40  * X509SubjectNames.
41  * 
42  * @author Walter Hoehn
43  */
44 public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements NameIdentifierMapping {
45
46         private static Logger log = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
47         private String regexTemplate = ".*uid=([^,/]+).*";
48         private Pattern regex;
49         private String qualifier;
50         private String internalNameContext;
51         private QName[] errorCodes = new QName[0];
52
53         public X509SubjectNameNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
54
55                 super(config);
56
57                 String rawRegex = ((Element) config).getAttribute("regex");
58                 if (rawRegex != null && !rawRegex.equals("")) {
59                         try {
60                                 regex = Pattern.compile(rawRegex);
61                         } catch (PatternSyntaxException e) {
62                                 log.error("Supplied (regex) attribute is not a valid regular expressions.  Using default value.");
63                                 regex = Pattern.compile(regexTemplate);
64                         }
65                 } else {
66                         regex = Pattern.compile(regexTemplate);
67                 }
68
69                 qualifier = ((Element) config).getAttribute("qualifier");
70                 if (qualifier == null || qualifier.equals("")) {
71                         log.error("The X509SubjectName NameMapping requires a (qualifier) attribute.");
72                         throw new NameIdentifierMappingException(
73                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
74                 }
75
76                 internalNameContext = ((Element) config).getAttribute("internalNameContext");
77                 if (internalNameContext == null || internalNameContext.equals("")) {
78                         log.error("The X509SubjectName NameMapping requires a (internalNameContext) attribute.");
79                         throw new NameIdentifierMappingException(
80                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
81                 }
82         }
83
84         /*
85          * (non-Javadoc)
86          * 
87          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getPrincipal(org.opensaml.SAMLNameIdentifier,
88          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
89          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
90          */
91         public Principal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
92                         throws NameIdentifierMappingException, InvalidNameIdentifierException {
93
94                 if (!nameId.getNameQualifier().equals(qualifier)) {
95                         log.error("The name qualifier (" + nameId.getNameQualifier()
96                                         + ") for the referenced subject is not valid for this identity provider.");
97                         throw new NameIdentifierMappingException("The name qualifier (" + nameId.getNameQualifier()
98                                         + ") for the referenced subject is not valid for this identity provider.");
99                 }
100
101                 Matcher matcher = regex.matcher(nameId.getName());
102                 matcher.find();
103                 String principal = matcher.group(1);
104                 if (principal == null) { throw new InvalidNameIdentifierException("Unable to map X509SubjectName ("
105                                 + nameId.getName() + ") to a local principal.", errorCodes); }
106                 return new LocalPrincipal(principal);
107         }
108
109         /*
110          * (non-Javadoc)
111          * 
112          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getNameIdentifier(edu.internet2.middleware.shibboleth.common.LocalPrincipal,
113          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
114          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
115          */
116         public SAMLNameIdentifier getNameIdentifier(LocalPrincipal principal, ServiceProvider sProv, IdentityProvider idProv)
117                         throws NameIdentifierMappingException {
118
119                 try {
120                         SAMLNameIdentifier nameid = SAMLNameIdentifier.getInstance(getNameIdentifierFormat().toString());
121                         nameid.setName(internalNameContext.replaceAll("%PRINCIPAL%", principal.getName()));
122                         nameid.setNameQualifier(qualifier);
123                         return nameid;
124                 } catch (SAMLException e) {
125                         throw new NameIdentifierMappingException("Unable to generate X509 SubjectName: " + e);
126                 }
127
128         }
129
130 }