908aba184a8c6b751f84df3b01fcd9d8f3e6119a
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / hs / provider / X509SubjectNameNameIdentifierMapping.java
1
2 package edu.internet2.middleware.shibboleth.hs.provider;
3
4 import java.util.regex.Matcher;
5 import java.util.regex.Pattern;
6 import java.util.regex.PatternSyntaxException;
7
8 import org.apache.log4j.Logger;
9 import org.opensaml.QName;
10 import org.opensaml.SAMLException;
11 import org.opensaml.SAMLNameIdentifier;
12 import org.w3c.dom.Element;
13
14 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
15 import edu.internet2.middleware.shibboleth.common.BaseNameIdentifierMapping;
16 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
17 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
18 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
19 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
20 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
21
22 /**
23  * <code>HSNameIdentifierMapping</code> implementation that translates principal names to E-Auth compliant
24  * X509SubjectNames.
25  * 
26  * @author Walter Hoehn
27  */
28 public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements NameIdentifierMapping {
29
30         private static Logger log = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
31         private String regexTemplate = ".*uid=([^,/]+).*";
32         private Pattern regex;
33         private String qualifier;
34         private String internalNameContext;
35         private QName[] errorCodes = new QName[0];
36
37         public X509SubjectNameNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
38
39                 super(config);
40
41                 String rawRegex = ((Element) config).getAttribute("regex");
42                 if (rawRegex != null && !rawRegex.equals("")) {
43                         try {
44                                 regex = Pattern.compile(rawRegex);
45                         } catch (PatternSyntaxException e) {
46                                 log.error("Supplied (regex) attribute is not a valid regular expressions.  Using default value.");
47                                 regex = Pattern.compile(regexTemplate);
48                         }
49                 } else {
50                         regex = Pattern.compile(regexTemplate);
51                 }
52
53                 qualifier = ((Element) config).getAttribute("qualifier");
54                 if (qualifier == null || qualifier.equals("")) {
55                         log.error("The X509SubjectName NameMapping requires a (qualifier) attribute.");
56                         throw new NameIdentifierMappingException(
57                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
58                 }
59
60                 internalNameContext = ((Element) config).getAttribute("internalNameContext");
61                 if (internalNameContext == null || internalNameContext.equals("")) {
62                         log.error("The X509SubjectName NameMapping requires a (internalNameContext) attribute.");
63                         throw new NameIdentifierMappingException(
64                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
65                 }
66         }
67
68         /*
69          * (non-Javadoc)
70          * 
71          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getPrincipal(org.opensaml.SAMLNameIdentifier,
72          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
73          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
74          */
75
76         public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
77                         throws NameIdentifierMappingException, InvalidNameIdentifierException {
78
79                 if (!nameId.getNameQualifier().equals(qualifier)) {
80                         log.error("The name qualifier (" + nameId.getNameQualifier()
81                                         + ") for the referenced subject is not valid for this identity provider.");
82                         throw new NameIdentifierMappingException("The name qualifier (" + nameId.getNameQualifier()
83                                         + ") for the referenced subject is not valid for this identity provider.");
84                 }
85
86                 Matcher matcher = regex.matcher(nameId.getName());
87                 matcher.find();
88                 String principal = matcher.group(1);
89                 if (principal == null) { throw new InvalidNameIdentifierException("Unable to map X509SubjectName ("
90                                 + nameId.getName() + ") to a local principal.", errorCodes); }
91                 return new AuthNPrincipal(principal);
92         }
93
94         /*
95          * (non-Javadoc)
96          * 
97          * @see edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping#getNameIdentifierName(edu.internet2.middleware.shibboleth.common.AuthNPrincipal,
98          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
99          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
100          */
101         public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
102                         IdentityProvider idProv) throws NameIdentifierMappingException {
103
104                 try {
105                         return new SAMLNameIdentifier(internalNameContext.replaceAll("%PRINCIPAL%", principal.getName()),
106                                         qualifier, getNameIdentifierFormat().toString());
107                 } catch (SAMLException e) {
108                         throw new NameIdentifierMappingException("Unable to generate X509 SubjectName: " + e);
109                 }
110
111         }
112
113 }