Remove concept of "category" from attribute encoders.

  - Base decision on which encoders to use on type
  - Allows for a single attribute to be encoded in multiple ways within a single attribute statement
  - Fixes bug where SAML 1 and 2 name identifiers encoders could not have overlapping name formats within a single attribute scope

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2282 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
index b43902f..33abd91 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AbstractSAML1ProfileHandler.java
@@ -66,6 +66,7 @@ import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestExce
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncodingException;
+import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML1NameIdentifierEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML1AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAMLAttributeRequestContext;
 import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
@@ -432,34 +433,43 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
             log.debug("Supported name formats: " + supportedNameFormats);
         }
 
-        if (principalAttributes != null && supportedNameFormats != null) {
-            try {
-                AttributeEncoder<NameIdentifier> nameIdEncoder = null;
-                for (BaseAttribute attribute : principalAttributes.values()) {
-                    for (String nameFormat : supportedNameFormats) {
-                        nameIdEncoder = attribute.getEncoderByCategory(nameFormat);
-                        if (nameIdEncoder != null) {
+        if (principalAttributes == null || supportedNameFormats == null) {
+            log.error("No attributes for principal " + requestContext.getPrincipalName()
+                    + " support constructions of NameIdentifier");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                    "Unable to construct NameIdentifier"));
+            throw new ProfileException("No principal attributes support NameIdentifier construction");
+        }
+
+        try {
+            SAML1NameIdentifierEncoder nameIdEncoder;
+
+            for (BaseAttribute<?> attribute : principalAttributes.values()) {
+                for (AttributeEncoder encoder : attribute.getEncoders()) {
+                    if (encoder instanceof SAML1NameIdentifierEncoder) {
+                        nameIdEncoder = (SAML1NameIdentifierEncoder) encoder;
+                        if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
                             if (log.isDebugEnabled()) {
                                 log.debug("Using attribute " + attribute.getId() + " suppoting name format "
-                                        + nameFormat + " to create the NameIdentifier for principal "
+                                        + nameIdEncoder.getNameFormat()
+                                        + " to create the NameIdentifier for principal "
                                         + requestContext.getPrincipalName());
                             }
                             return nameIdEncoder.encode(attribute);
                         }
                     }
                 }
-            } catch (AttributeEncodingException e) {
-                log.error("Unable to construct NameIdentifier", e);
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
-                        "Unable to construct NameIdentifier"));
-                throw new ProfileException("Unable to encode NameIdentifier attribute", e);
             }
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+            "Unable to construct NameIdentifier"));
+            throw new ProfileException("No principal attribute supported encoding into the a supported name ID format.");
+        } catch (AttributeEncodingException e) {
+            log.error("Unable to construct NameIdentifier", e);
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                    "Unable to construct NameIdentifier"));
+            throw new ProfileException("Unable to encode NameIdentifier attribute", e);
         }
 
-        log.error("No attributes for principal " + requestContext.getPrincipalName() 
-                + " support constructions of NameIdentifier");
-        requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Unable to construct NameIdentifier"));
-        throw new ProfileException("No principal attributes support NameIdentifier construction");
     }
 
     /**
@@ -681,8 +691,8 @@ public abstract class AbstractSAML1ProfileHandler extends AbstractSAMLProfileHan
         if (requestContext.getSamlRequest() instanceof Request) {
             Request samlRequest = (Request) requestContext.getSamlRequest();
             queryContext = new ShibbolethSAMLAttributeRequestContext<NameIdentifier, AttributeQuery>(
-                    getMetadataProvider(), requestContext.getRelyingPartyConfiguration(),
-                    samlRequest.getAttributeQuery());
+                    getMetadataProvider(), requestContext.getRelyingPartyConfiguration(), samlRequest
+                            .getAttributeQuery());
         } else {
             queryContext = new ShibbolethSAMLAttributeRequestContext<NameIdentifier, AttributeQuery>(
                     getMetadataProvider(), requestContext.getRelyingPartyConfiguration(), null);

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
index e01d3df..f484610 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AbstractSAML2ProfileHandler.java
@@ -67,6 +67,7 @@ import edu.internet2.middleware.shibboleth.common.attribute.AttributeRequestExce
 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncodingException;
+import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDAttributeEncoder;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.SAML2AttributeAuthority;
 import edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAMLAttributeRequestContext;
 import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
@@ -539,7 +540,7 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             SAML2ProfileRequestContext requestContext) {
 
         ShibbolethSAMLAttributeRequestContext<NameID, AttributeQuery> queryContext;
-        
+
         queryContext = new ShibbolethSAMLAttributeRequestContext<NameID, AttributeQuery>(getMetadataProvider(),
                 requestContext.getRelyingPartyConfiguration(), (AttributeQuery) requestContext.getSamlRequest());
         queryContext.setAttributeRequester(requestContext.getAssertingPartyId());
@@ -715,32 +716,37 @@ public abstract class AbstractSAML2ProfileHandler extends AbstractSAMLProfileHan
             log.debug("Supported NameID formats: " + supportedNameFormats);
         }
 
-        if (principalAttributes != null && supportedNameFormats != null) {
-            try {
-                AttributeEncoder<NameID> nameIdEncoder = null;
-                for (BaseAttribute attribute : principalAttributes.values()) {
-                    for (String nameFormat : supportedNameFormats) {
-                        nameIdEncoder = attribute.getEncoderByCategory(nameFormat);
-                        if (nameIdEncoder != null) {
+        if (principalAttributes == null || supportedNameFormats == null) {
+            log.error("No attributes for principal " + requestContext.getPrincipalName() 
+                    + " support constructions of NameID");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.INVALID_NAMEID_POLICY_URI,
+                    "Unable to construct NameID"));
+            throw new ProfileException("No principal attributes support NameID construction");
+        }
+
+        try {
+            SAML2NameIDAttributeEncoder nameIdEncoder;
+            for (BaseAttribute<?> attribute : principalAttributes.values()) {
+                for (AttributeEncoder encoder : attribute.getEncoders()) {
+                    if (encoder instanceof SAML2NameIDAttributeEncoder) {
+                        nameIdEncoder = (SAML2NameIDAttributeEncoder) encoder;
+                        if (supportedNameFormats.contains(nameIdEncoder.getNameFormat())) {
                             if (log.isDebugEnabled()) {
                                 log.debug("Using attribute " + attribute.getId() + " suppoting NameID format "
-                                        + nameFormat + " to create the NameID for principal "
+                                        + nameIdEncoder.getNameFormat() + " to create the NameID for principal "
                                         + requestContext.getPrincipalName());
                             }
                             return nameIdEncoder.encode(attribute);
                         }
                     }
                 }
-            } catch (AttributeEncodingException e) {
-                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Unable to construct NameID"));
-                throw new ProfileException("Unable to encode NameID attribute", e);
             }
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Unable to construct NameID"));
+            throw new ProfileException("No principal attribute supported encoding into the a supported name ID format.");
+        } catch (AttributeEncodingException e) {
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Unable to construct NameID"));
+            throw new ProfileException("Unable to encode NameID attribute", e);
         }
-
-        requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.INVALID_NAMEID_POLICY_URI,
-                "Unable to construct NameID"));
-        throw new ProfileException("No principal attributes support NameID construction");
     }
 
     /**