Updated stale javadoc. Bugzilla #315.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / common / provider / X509SubjectNameNameIdentifierMapping.java
1
2 package edu.internet2.middleware.shibboleth.common.provider;
3
4 import java.util.regex.Matcher;
5 import java.util.regex.Pattern;
6 import java.util.regex.PatternSyntaxException;
7
8 import org.apache.log4j.Logger;
9 import javax.xml.namespace.QName;
10 import org.opensaml.SAMLException;
11 import org.opensaml.SAMLNameIdentifier;
12 import org.w3c.dom.Element;
13
14 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
15 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
16 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
17 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
18 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
19 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
20
21 /**
22  * <code>NameIdentifierMapping</code> implementation that translates principal names to E-Auth compliant
23  * X509SubjectNames.
24  * 
25  * @author Walter Hoehn
26  */
27 public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements NameIdentifierMapping {
28
29         private static Logger log = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
30         private String regexTemplate = ".*uid=([^,/]+).*";
31         private Pattern regex;
32         private String qualifier;
33         private String internalNameContext;
34         private QName[] errorCodes = new QName[0];
35
36         public X509SubjectNameNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
37
38                 super(config);
39
40                 String rawRegex = ((Element) config).getAttribute("regex");
41                 if (rawRegex != null && !rawRegex.equals("")) {
42                         try {
43                                 regex = Pattern.compile(rawRegex);
44                         } catch (PatternSyntaxException e) {
45                                 log.error("Supplied (regex) attribute is not a valid regular expressions.  Using default value.");
46                                 regex = Pattern.compile(regexTemplate);
47                         }
48                 } else {
49                         regex = Pattern.compile(regexTemplate);
50                 }
51
52                 qualifier = ((Element) config).getAttribute("qualifier");
53                 if (qualifier == null || qualifier.equals("")) {
54                         log.error("The X509SubjectName NameMapping requires a (qualifier) attribute.");
55                         throw new NameIdentifierMappingException(
56                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
57                 }
58
59                 internalNameContext = ((Element) config).getAttribute("internalNameContext");
60                 if (internalNameContext == null || internalNameContext.equals("")) {
61                         log.error("The X509SubjectName NameMapping requires a (internalNameContext) attribute.");
62                         throw new NameIdentifierMappingException(
63                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
64                 }
65         }
66
67         /*
68          * (non-Javadoc)
69          * 
70          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getPrincipal(org.opensaml.SAMLNameIdentifier,
71          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
72          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
73          */
74         public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
75                         throws NameIdentifierMappingException, InvalidNameIdentifierException {
76
77                 if (!nameId.getNameQualifier().equals(qualifier)) {
78                         log.error("The name qualifier (" + nameId.getNameQualifier()
79                                         + ") for the referenced subject is not valid for this identity provider.");
80                         throw new NameIdentifierMappingException("The name qualifier (" + nameId.getNameQualifier()
81                                         + ") for the referenced subject is not valid for this identity provider.");
82                 }
83
84                 Matcher matcher = regex.matcher(nameId.getName());
85                 matcher.find();
86                 String principal = matcher.group(1);
87                 if (principal == null) { throw new InvalidNameIdentifierException("Unable to map X509SubjectName ("
88                                 + nameId.getName() + ") to a local principal.", errorCodes); }
89                 return new AuthNPrincipal(principal);
90         }
91
92         /*
93          * (non-Javadoc)
94          * 
95          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getNameIdentifier(edu.internet2.middleware.shibboleth.common.AuthNPrincipal,
96          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
97          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
98          */
99         public SAMLNameIdentifier getNameIdentifier(AuthNPrincipal principal, ServiceProvider sProv, IdentityProvider idProv)
100                         throws NameIdentifierMappingException {
101
102                 try {
103                         return new SAMLNameIdentifier(internalNameContext.replaceAll("%PRINCIPAL%", principal.getName()),
104                                         qualifier, getNameIdentifierFormat().toString());
105                 } catch (SAMLException e) {
106                         throw new NameIdentifierMappingException("Unable to generate X509 SubjectName: " + e);
107                 }
108
109         }
110
111 }