SubjectGenerator.java

/*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 


package org.maxkey.authz.saml20.provider.xml;


import org.apache.commons.lang3.StringUtils;
import org.maxkey.authz.saml.service.TimeService;
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.AppsSAML20Details;
import org.maxkey.web.WebContext;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml2.core.impl.SubjectBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml2.core.impl.SubjectConfirmationDataBuilder;

public class SubjectGenerator {

	//private final XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
	private final TimeService timeService;
		
	public SubjectGenerator(TimeService timeService) {
		super();
		this.timeService = timeService;
	}

	public Subject generateSubject( AppsSAML20Details saml20Details,
							String assertionConsumerURL, 
							String inResponseTo, 
							int validInSeconds) {
		UserInfo userInfo = WebContext.getUserInfo();
		String nameIdValue = userInfo.getUsername();
		if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {
		    
		}else if(saml20Details.getNameidFormat().equalsIgnoreCase("transient")) {
            
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("unspecified")) {
            
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("emailAddress")) {
            if(userInfo.getEmail()!=null && !userInfo.getEmail().equals("")) {
                nameIdValue = userInfo.getEmail();
            }
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("X509SubjectName")) {
            
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("WindowsDomainQualifiedName")) {
            if(userInfo.getWindowsAccount()!=null && !userInfo.getWindowsAccount().equals("")) {
                nameIdValue = userInfo.getWindowsAccount();
            }
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("entity")) {
            
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("custom")) {
            
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("Mobile")) {
            if(userInfo.getMobile()!=null && !userInfo.getMobile().equals("")) {
                nameIdValue = userInfo.getMobile();
            }
        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("EmployeeNumber")) {
            if(userInfo.getEmployeeNumber()!=null && !userInfo.getEmployeeNumber().equals("")) {
                nameIdValue = userInfo.getEmployeeNumber();
            }
        }
		
		if(!StringUtils.isEmpty(saml20Details.getNameIdSuffix())) {
		    nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
		}
		
		if(saml20Details.getNameIdConvert()==0) {
		    
		}else if(saml20Details.getNameIdConvert()==1) {
		    nameIdValue = nameIdValue.toUpperCase();
        }else if(saml20Details.getNameIdConvert()==1) {
            nameIdValue = nameIdValue.toLowerCase();
        }
		
		NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
		Subject subject =builderSubject(nameID);
		
		String clientAddress=WebContext.getRequestIpAddress(WebContext.getRequest());
		SubjectConfirmation subjectConfirmation =builderSubjectConfirmation(
								assertionConsumerURL,
								inResponseTo,
								validInSeconds,
								clientAddress);

		subject.getSubjectConfirmations().add(subjectConfirmation);
		
		return subject;
	}
	
	public NameID builderNameID(String value,String strSPNameQualifier){
		//Response/Assertion/Subject/NameID	
		NameID nameID = new NameIDBuilder().buildObject();
		nameID.setValue(value);
		//nameID.setFormat(NameIDType.PERSISTENT);
		nameID.setFormat(NameIDType.UNSPECIFIED);
		//nameID.setSPNameQualifier(strSPNameQualifier);
		
		return nameID;
	}
	
	public Subject builderSubject (NameID nameID){
		//Response/Assertion/Subject
		Subject subject = new SubjectBuilder().buildObject();
		subject.setNameID(nameID);
		return subject;
	}
	
	public SubjectConfirmation builderSubjectConfirmation(String recipient,String inResponseTo,int validInSeconds,String clientAddress){
		//SubjectConfirmationBuilder subjectConfirmationBuilder = (SubjectConfirmationBuilder)builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
		SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
		
		//SubjectConfirmationDataBuilder subjectConfirmationDataBuilder = (SubjectConfirmationDataBuilder)builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
		SubjectConfirmationData subjectConfirmationData = new SubjectConfirmationDataBuilder().buildObject();
		
		subjectConfirmationData.setRecipient(recipient);
		//if idp-init not need inResponseTo
		if(null!=inResponseTo){
			subjectConfirmationData.setInResponseTo(inResponseTo);
		}
		subjectConfirmationData.setNotOnOrAfter(timeService.getCurrentDateTime().plusSeconds(validInSeconds));
		subjectConfirmationData.setAddress(clientAddress);
		
		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
		
		return subjectConfirmation;
	}
	
}