IdentityProviderData.java

/*
 * Copyright (c) 2005-2006, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *  WSO2 Inc. licenses this file to you under the Apache License,
 *  Version 2.0 (the "License"); you may not use this file except
 *  in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.wso2.carbon.identity.provider;

import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.opensaml.SAMLAssertion;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.user.core.claim.Claim;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

import javax.xml.namespace.QName;
import java.util.Vector;

/**
 * Meta-data collection of related to CardSpace required for token issuance.
 */
public class IdentityProviderData extends GenericIdentityProviderData {
    private static final Log log = LogFactory.getLog(IdentityProviderData.class);
    private SAMLAssertion assertion;

    public IdentityProviderData(RahasData data) throws IdentityProviderException, ClassNotFoundException {
        super(data);
    }

    /**
     * @param rst
     * @throws IdentityProviderException
     */
    @Override
    protected void processInfoCardReference(OMElement rst) throws IdentityProviderException {
        OMElement infoCardRef = null;
        OMElement omCardID = null;

        if (log.isDebugEnabled()) {
            log.debug("Processing information card reference");
        }

        infoCardRef = rst.getFirstChildWithName(new QName(IdentityConstants.NS,
                                                          IdentityConstants.LocalNames.INFO_CARD_REFERENCE));

        omCardID = infoCardRef.getFirstChildWithName(new QName(IdentityConstants.NS,
                                                               IdentityConstants.LocalNames.CARD_ID));

        this.cardID = omCardID.getText();
    }

    /**
     * @param data
     * @throws IdentityProviderException
     */
    @Override
    protected void readAuthenticationMechanism(RahasData data) throws IdentityProviderException {
        MessageContext inContext = null;
        Vector results = null;

        if (log.isDebugEnabled()) {
            log.debug("Reading authentication mechanism");
        }

        inContext = data.getInMessageContext();

        if ((results = (Vector) inContext.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
            log.error("Missing authentication mechanism");
            throw new IdentityProviderException("Missing authentication mechanism");
        } else {
            for (int i = 0; i < results.size(); i++) {
                WSHandlerResult rResult = (WSHandlerResult) results.get(i);
                Vector wsSecEngineResults = rResult.getResults();

                for (int j = 0; j < wsSecEngineResults.size(); j++) {
                    WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults.get(j);
                    int action = ((Integer) wser.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
                    if (action == WSConstants.ST_UNSIGNED) {

                        this.authMechanism = IdentityConstants.AUTH_TYPE_SELF_ISSUED;
                        this.assertion = (SAMLAssertion) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                    } else if (action == WSConstants.UT && wser.get(WSSecurityEngineResult.TAG_PRINCIPAL) != null) {
                        this.authMechanism = IdentityConstants.AUTH_TYPE_USERNAME_TOKEN;
                    }
                }
            }
        }
    }

    @Override
    public String getUserIdentifier() {
        return userIdentifier;
    }

    public void setUserIdentifier(String userIdentifier) {
        this.userIdentifier = userIdentifier;
    }

    @Override
    public String getTenantDomain() throws IdentityProviderException {
        if (this.authMechanism == IdentityConstants.AUTH_TYPE_SELF_ISSUED) { //only for tenant 0
            return null;
        }

        if (userIdentifier == null) {
            // auth type is not self issued and still the user identifier is null. 
            // this is a invalid case
            throw new IllegalStateException("User identifier must NOT be null");
        }

        String domain = null;
        domain = MultitenantUtils.getTenantDomain(userIdentifier);
        return domain;
    }

    /**
     * @param uri
     * @return
     */
    @Override
    public String getDisplayName(String uri) {
        Claim claim = null;

        if (log.isDebugEnabled()) {
            log.debug("");
        }

        claim = supportedClaims.get(uri);
        if (claim != null) {
            if (IdentityConstants.CLAIM_PPID.equals(claim.getClaimUri())) {
                return IdentityConstants.PPID_DISPLAY_VALUE;
            }
            return claim.getDisplayTag();
        }
        return null;
    }

    @Override
    public String getCardID() {
        return cardID;
    }

    @Override
    public String getDisplayTokenLang() {
        return displayTokenLang;
    }

}