From bee5dd259a4438d45ecd1bcc26dfba12875236d6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 26 Jun 2018 11:03:48 +0200
Subject: initial commit

---
 .../metadata/PVPEntityCategoryFilter.java          | 211 +++++++++++++++++++++
 1 file changed, 211 insertions(+)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java
new file mode 100644
index 00000000..e29fb145
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/PVPEntityCategoryFilter.java
@@ -0,0 +1,211 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.common.Extensions;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.samlext.saml2mdattr.EntityAttributes;
+import org.opensaml.xml.XMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPEntityCategoryFilter implements MetadataFilter {
+	private static final Logger log = LoggerFactory.getLogger(PVPEntityCategoryFilter.class);
+	
+	private boolean isUsed = false;
+	
+	/**
+	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
+	 * 
+	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
+	 * 
+	 */
+	public PVPEntityCategoryFilter(boolean isUsed) {
+		this.isUsed = isUsed;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+	 */
+	@Override
+	public void doFilter(XMLObject metadata) throws FilterException {
+		
+		if (isUsed) {
+			 log.trace("Map PVP EntityCategory to single PVP Attributes ... ");
+			String entityId = null;
+			try {
+				if (metadata instanceof EntitiesDescriptor) {
+					 log.trace("Find EnitiesDescriptor ... ");
+					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
+					if (entitiesDesc.getEntityDescriptors() != null) {
+						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
+							resolveEntityCategoriesToAttributes(el);
+						
+					}
+									
+				} else if (metadata instanceof EntityDescriptor) {
+					 log.trace("Find EntityDescriptor");
+					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
+					
+					
+				} else
+					throw new PVP2MetadataException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
+				
+				
+				
+			} catch (Exception e) {
+				 log.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
+				
+			}
+			
+		} else
+			 log.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
+		
+	}
+
+	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
+		 log.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
+		Extensions extensions = metadata.getExtensions();
+		if (extensions != null) {
+			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
+			if (listOfExt != null && !listOfExt.isEmpty()) {
+				 log.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
+				for (XMLObject el : listOfExt) {
+					 log.trace("Find ExtensionElement: " + el.getElementQName().toString());
+					if (el instanceof EntityAttributes) {
+						EntityAttributes entityAttrElem = (EntityAttributes)el;
+						if (entityAttrElem.getAttributes() != null) {
+							 log.trace("Find EntityAttributes. Start attribute processing ...");
+							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
+								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
+									if (!entityAttr.getAttributeValues().isEmpty()) {
+										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
+										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
+											 log.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+											addAttributesToEntityDescriptor(metadata, 
+													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
+													entityAttrValue);
+											
+																													
+										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
+											 log.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
+											addAttributesToEntityDescriptor(metadata, 
+													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
+													entityAttrValue);
+											
+										} else
+											 log.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
+																			
+									} else
+										 log.info("EntityAttribute: No attribute value");
+																		
+								} else 
+									 log.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
+								
+							}
+										
+						} else
+							 log.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
+						
+					}					
+				}
+				
+			} else
+				 log.trace("'Extension' element is 'null' or empty");
+			
+		} else
+			 log.trace("No 'Extension' element found");
+				
+	}
+	
+	/**
+	 * @param metadata
+	 * @param attrList
+	 */
+	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
+		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		if (spSSODesc != null) {
+			if (spSSODesc.getAttributeConsumingServices() == null || 
+					spSSODesc.getAttributeConsumingServices().isEmpty()) {
+				 log.trace("No 'AttributeConsumingServices' found. Added it ...");
+				
+				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
+				attributeService.setIndex(0);
+				attributeService.setIsDefault(true);
+				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+				serviceName.setName(new LocalizedString("Default Service", "en"));
+				attributeService.getNames().add(serviceName);
+				
+				if (attrList != null && !attrList.isEmpty()) {
+					attributeService.getRequestAttributes().addAll(attrList);
+					 log.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
+					
+				}
+				
+				spSSODesc.getAttributeConsumingServices().add(attributeService);
+				
+			} else {
+				 log.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
+				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
+					 log.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
+					
+					//load currently requested attributes
+					List<String> currentlyReqAttr = new ArrayList<String>();
+					for (RequestedAttribute reqAttr : el.getRequestAttributes())
+						currentlyReqAttr.add(reqAttr.getName());
+						
+
+					//check against EntityAttribute List
+					for (RequestedAttribute entityAttrListEl : attrList) {
+						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
+							el.getRequestAttributes().add(entityAttrListEl);
+							
+						} else
+							 log.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
+						
+					}
+					
+				}
+				
+			}
+			
+		} else
+			 log.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
+		
+	}
+
+	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
+		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+		for (Trible<String, String, Boolean> el : attrSet)
+			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
+					
+		return requestedAttributes;
+		
+		
+	}
+	 	
+}
-- 
cgit v1.2.3