f41cbf67798a607653912968076865abbc445b72
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / hs / provider / X509SubjectNameNameIdentifierMapping.java
1
2 package edu.internet2.middleware.shibboleth.hs.provider;
3
4 import java.util.regex.Matcher;
5 import java.util.regex.Pattern;
6 import java.util.regex.PatternSyntaxException;
7
8 import org.apache.log4j.Logger;
9 import org.opensaml.QName;
10 import org.opensaml.SAMLException;
11 import org.opensaml.SAMLNameIdentifier;
12 import org.w3c.dom.Element;
13
14 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
15 import edu.internet2.middleware.shibboleth.common.BaseNameIdentifierMapping;
16 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
17 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
18 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
19 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
20 import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
21
22 /**
23  * <code>HSNameIdentifierMapping</code> implementation that translates principal names to E-Auth compliant
24  * X509SubjectNames.
25  * 
26  * @author Walter Hoehn
27  */
28 public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements HSNameIdentifierMapping {
29
30         private static Logger   log                             = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
31         private String                  regexTemplate   = ".*uid=([^,/]+).*";
32         private Pattern                 regex;
33         private String                  id;
34         private String                  qualifier;
35         private String                  internalNameContext;
36         private QName[]                 errorCodes              = new QName[0];
37
38         public X509SubjectNameNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
39                 super(config);
40
41                 String id = ((Element) config).getAttribute("id");
42                 if (id != null || !id.equals("")) {
43                         this.id = id;
44                 }
45
46                 String rawRegex = ((Element) config).getAttribute("regex");
47                 if (rawRegex != null && !rawRegex.equals("")) {
48                         try {
49                                 regex = Pattern.compile(rawRegex);
50                         } catch (PatternSyntaxException e) {
51                                 log.error("Supplied (regex) attribute is not a valid regular expressions.  Using default value.");
52                                 regex = Pattern.compile(regexTemplate);
53                         }
54                 } else {
55                         regex = Pattern.compile(regexTemplate);
56                 }
57
58                 qualifier = ((Element) config).getAttribute("qualifier");
59                 if (qualifier == null || qualifier.equals("")) {
60                         log.error("The X509SubjectName NameMapping requires a (qualifier) attribute.");
61                         throw new NameIdentifierMappingException(
62                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
63                 }
64
65                 internalNameContext = ((Element) config).getAttribute("internalNameContext");
66                 if (internalNameContext == null || internalNameContext.equals("")) {
67                         log.error("The X509SubjectName NameMapping requires a (internalNameContext) attribute.");
68                         throw new NameIdentifierMappingException(
69                                         "Invalid configuration.  Unable to initialize X509SubjectName Mapping.");
70                 }
71         }
72
73         /*
74          * (non-Javadoc)
75          * 
76          * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getPrincipal(org.opensaml.SAMLNameIdentifier,
77          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
78          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
79          */
80
81         public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
82                         throws NameIdentifierMappingException, InvalidNameIdentifierException {
83
84                 if (!nameId.getNameQualifier().equals(qualifier)) {
85                         log.error("The name qualifier (" + nameId.getNameQualifier()
86                                         + ") for the referenced subject is not valid for this identity provider.");
87                         throw new NameIdentifierMappingException("The name qualifier (" + nameId.getNameQualifier()
88                                         + ") for the referenced subject is not valid for this identity provider.");
89                 }
90
91                 Matcher matcher = regex.matcher(nameId.getName());
92                 matcher.find();
93                 String principal = matcher.group(1);
94                 if (principal == null) { throw new InvalidNameIdentifierException("Unable to map X509SubjectName ("
95                                 + nameId.getName() + ") to a local principal.", errorCodes); }
96                 return new AuthNPrincipal(principal);
97         }
98
99         /*
100          * (non-Javadoc)
101          * 
102          * @see edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping#getId()
103          */
104         public String getId() {
105                 return id;
106         }
107
108         /*
109          * (non-Javadoc)
110          * 
111          * @see edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping#getNameIdentifierName(edu.internet2.middleware.shibboleth.common.AuthNPrincipal,
112          *      edu.internet2.middleware.shibboleth.common.ServiceProvider,
113          *      edu.internet2.middleware.shibboleth.common.IdentityProvider)
114          */
115         public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
116                         IdentityProvider idProv) throws NameIdentifierMappingException {
117
118                 try {
119                         return new SAMLNameIdentifier(internalNameContext.replaceAll("%PRINCIPAL%", principal.getName()),
120                                         qualifier, getNameIdentifierFormat().toString());
121                 } catch (SAMLException e) {
122                         throw new NameIdentifierMappingException("Unable to generate X509 SubjectName: " + e);
123                 }
124
125         }
126
127 }