samltokendirector.java

开源的OpenId的一个java实现

package org.wso2.solutions.identity.sts.saml;

import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
import org.opensaml.DefaultBootstrap;
import org.opensaml.xml.ConfigurationException;
import org.w3c.dom.Element;
import org.wso2.solutions.identity.IdentityProviderConstants;
import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.i18n.Messages;
import org.wso2.solutions.identity.persistence.IPPersistenceManager;
import org.wso2.solutions.identity.persistence.dataobject.PPIDValueDO;
import org.wso2.solutions.identity.persistence.dataobject.RelyingPartyDO;
import org.wso2.solutions.identity.sts.IdentityProviderData;
import org.wso2.solutions.identity.sts.IdentityProviderUtil;

public class SAMLTokenDirector {

    private final static Log log = LogFactory.getLog(SAMLTokenDirector.class); 
    private final static Messages messages = Messages
            .getInstance(IdentityProviderConstants.RESOURCES);
    
    private SAMLTokenBuilder builder = null;
    private RahasData rahasData = null;
    private IdentityProviderData ipData = null;

    static {
        try {
            DefaultBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            log.error(messages.getMessage("SAMLTokenDirectorBootstrapError"), e);
            throw new RuntimeException(e);
        }
    }

    public SAMLTokenDirector(SAMLTokenBuilder builder, RahasData rData,
            IdentityProviderData iData) throws IdentityProviderException {
        this.builder = builder;
        this.rahasData = rData;
        this.ipData = iData;
    }

    public Element createSAMLToken(DateTime notBefore, DateTime notAfter,
            String assertionId) throws IdentityProviderException {

        SignKeyDataHolder keyDataHolder = SignKeyDataHolder.getInstance();
        String signatureAlgorithm = keyDataHolder.getSignatureAlgorithm();

        Element elem = null;
        builder.createStatement(ipData, rahasData);
        builder.createSAMLAssertion(notAfter, notBefore, assertionId);
        builder.setSignature(signatureAlgorithm, keyDataHolder);
        builder.marshellAndSign();
        elem = builder.getSAMLasDOM();

        return elem;

    }

    /**
     * Obtain the ppid for the given user for the given rp.
     * If this is the first time user requesting for a token then a new PPID
     * value will be created. 
     * 
     * @param rahasData
     *            WS-Trust information in the issue request.
     * @param name
     *            Name of the user/subject.
     * @param appliesToEpr
     *            EPR element in wst:AppliesTo element.
     * @return PPID value. If there's already an issued token then the ppid
     *         value will be reused.
     * @throws IdentityProviderException
     */
    public static String getPPID(RahasData rahasData, String name,
            OMElement appliesToEpr) throws IdentityProviderException {

        String appliesToHostName = IdentityProviderUtil
                .getAppliesToHostName(rahasData);
        IPPersistenceManager db = IPPersistenceManager.getPersistanceManager();
        PPIDValueDO[] ppidValueDOs = db.getPPIDValuesForUser(name);
        PPIDValueDO ppidValueDO = null;
        for (int i = 0; i < ppidValueDOs.length; i++) {
            String hostName = null;
            if (ppidValueDOs[i].getRelyingParty() != null) {
                hostName = ppidValueDOs[i].getRelyingParty().getHostName();
            } else if (ppidValueDOs[i].getPersonalRelyingParty() != null) {
                hostName = ppidValueDOs[i].getPersonalRelyingParty()
                        .getIdentifier().getHostName();
            }

            //hostName is not-null on both globally trusted relying parties and
            //user trusted relying parties 

            //Check whether the host name matches
            if (appliesToHostName.equals(hostName)) {
                ppidValueDO = ppidValueDOs[i];
            }
        }

        if (ppidValueDO != null) {
            // If we have already issued a PPID
            // Then return that value
            return ppidValueDO.getPpid();
        } else {
            // A new request targeted for a new RP
            String newPpid = Base64.encode(UUIDGenerator.getUUID().getBytes());
            ppidValueDO = new PPIDValueDO();
            ppidValueDO.setUserId(name);
            ppidValueDO.setPpid(newPpid);

            // If the host is globally trusted
            RelyingPartyDO rp = db.getRelyingParty(appliesToHostName);
            if (rp != null) {
                ppidValueDO.setRelyingParty(rp);
            } else {
                // Else the host MUST be personally trusted
                ppidValueDO.setPersonalRelyingParty(db.getPersonalRelyingParty(
                        name, appliesToHostName));
            }

            db.create(ppidValueDO);

            return newPpid;
        }
    }

}