Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: ccr/trunk/nhin-vista/projects/NHINC/Current/Product/Production/Examples/DynamicPolicyExample/TokenInfoManagerEJB/src/java/xwss/saml/SAMLValidator.java@ 507

Last change on this file since 507 was 507, checked in by George Lilly, 15 years ago
NHIN gateway and adaptor for use on linux with VistA EHR and RPMS
File size: 29.8 KB

Line
1	package xwss.saml;
2
3	import com.sun.xml.wss.XWSSecurityException;
4	import com.sun.xml.wss.saml.Assertion;
5	import com.sun.xml.wss.saml.SAMLAssertionFactory;
6	import com.sun.xml.wss.saml.SAMLException;
7	import com.sun.xml.wss.saml.internal.saml11.jaxb10.AttributeValue;
8	import com.sun.xml.wss.saml.internal.saml20.jaxb20.ActionType;
9	import com.sun.xml.wss.saml.internal.saml20.jaxb20.AssertionType;
10	import com.sun.xml.wss.saml.internal.saml20.jaxb20.AttributeStatementType;
11	import com.sun.xml.wss.saml.internal.saml20.jaxb20.AttributeType;
12	import com.sun.xml.wss.saml.internal.saml20.jaxb20.AuthnStatementType;
13	import com.sun.xml.wss.saml.internal.saml20.jaxb20.AuthzDecisionStatementType;
14	import com.sun.xml.wss.saml.internal.saml20.jaxb20.ConditionsType;
15	import com.sun.xml.wss.saml.internal.saml20.jaxb20.EvidenceType;
16	import com.sun.xml.wss.saml.internal.saml20.jaxb20.NameIDType;
17	import gov.hhs.fha.nhinc.token.InternalTokenMgr;
18	import java.io.PrintWriter;
19	import java.io.FileWriter;
20	import java.io.IOException;
21	import java.io.RandomAccessFile;
22	import java.text.SimpleDateFormat;
23	import java.util.ArrayList;
24	import java.util.HashMap;
25	import java.util.List;
26	import java.util.Map;
27	import java.util.NoSuchElementException;
28	import javax.xml.stream.XMLStreamReader;
29	import org.w3c.dom.*;
30	import java.util.PropertyResourceBundle;
31	import java.util.TreeSet;
32	import java.util.regex.Matcher;
33	import java.util.regex.Pattern;
34	import javax.security.auth.x500.X500Principal;
35	import javax.xml.bind.JAXBElement;
36	import javax.xml.datatype.XMLGregorianCalendar;
37	import org.apache.commons.logging.Log;
38	import org.apache.commons.logging.LogFactory;
39	import sun.security.x509.AVA;
40	import sun.security.x509.X500Name;
41
42	/**
43	* This class implements the Callback SAMLAssertionValidator which is invoked
44	* upon receiving an incoming message. It extracts the Assertion element and
45	* drills down into each sub-element extracting the information needed to
46	* reconstruct the Assertion object which is needed to pass along information to
47	* the Agencies or other services. The information obtained is written out to a
48	* configured file store for later retrieval.
49	*/
50	public class SAMLValidator implements com.sun.xml.wss.impl.callback.SAMLAssertionValidator {
51
52	private static Log log = LogFactory.getLog(SAMLValidator.class);
53	private static final String USER_ROLE_ID = "UserRole";
54	private static final String PURPOSE_ROLE_ID = "PurposeForUse";
55	//private static final String EMAIL_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
56	private static final String X509_FORMAT = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
57
58	/**
59	* This method is required by the SAMLAssertionValidator, but is not invoked.
60	* @param arg0 The Assertion element
61	* @throws com.sun.xml.wss.impl.callback.SAMLAssertionValidator.SAMLValidationException
62	*/
63	public void validate(Element arg0) throws SAMLValidationException {
64	log.info(" Entry to the validate Element block");
65	log.info(" Element: " + arg0);
66	}
67
68	/**
69	* This is the invoked implementation of the validation upon receipt of an
70	* incoming message needing SAML verification. It creates / opens the
71	* storage file and manages invocation of methods to extract and write out
72	* the needed information from the various sub-elements.
73	* @param reader Reader containing the SAML Assertion elements
74	* @throws com.sun.xml.wss.impl.callback.SAMLAssertionValidator.SAMLValidationException
75	*/
76	public void validate(XMLStreamReader reader) throws SAMLValidationException {
77	log.debug(" ************************** Entering SAML ValidatorCallback *********************");
78
79	PropertyResourceBundle prop = (PropertyResourceBundle) PropertyResourceBundle.getBundle(InternalTokenMgr.propFileName);
80	String fileName = prop.getString(InternalTokenMgr.dumpFileName);
81	RandomAccessFile raFile = null;
82	PrintWriter writeOut = null;
83
84	try {
85	SAMLAssertionFactory factory = SAMLAssertionFactory.newInstance(SAMLAssertionFactory.SAML2_0);
86	Assertion assertIn = factory.createAssertion(reader);
87
88	raFile = new RandomAccessFile(fileName, "rw");
89	raFile.setLength(0);
90	log.debug("Create: " + fileName);
91
92	writeOut = new PrintWriter(new FileWriter(fileName));
93
94	writeSubject(writeOut, assertIn);
95
96	List statements = assertIn.getStatements();
97	if (statements != null && !statements.isEmpty()) {
98	for (int idx = 0; idx < statements.size(); idx++) {
99	if (statements.get(idx) instanceof AttributeStatementType) {
100	AttributeStatementType statement = (AttributeStatementType) statements.get(idx);
101	writeAttributeInfo(writeOut, statement);
102	} else if (statements.get(idx) instanceof AuthzDecisionStatementType) {
103	AuthzDecisionStatementType statement = (AuthzDecisionStatementType) statements.get(idx);
104	writeDecisionInfo(writeOut, statement);
105	} else if (statements.get(idx) instanceof AuthnStatementType) {
106	// Currently nothing done for AuthnStatement
107	} else {
108	log.warn("Unknown statement type: " + statements.get(idx));
109	}
110	}
111	} else {
112	log.warn("Expected Attribute Statements are missing.");
113	}
114	log.debug(fileName + " write is complete");
115
116	} catch (SAMLException ex) {
117	log.error("SAMLException in validation: " + ex.getMessage());
118	ex.printStackTrace();
119	} catch (XWSSecurityException ex) {
120	log.error("XWSSecurityException in validation: " + ex.getMessage());
121	ex.printStackTrace();
122	} catch (IOException ex) {
123	log.error("IOException in validation: " + ex.getMessage());
124	ex.printStackTrace();
125	} finally {
126	// Close the file
127	if (writeOut != null) {
128	writeOut.close();
129	}
130	if (raFile != null) {
131	try {
132	raFile.close();
133	} catch (IOException ex) {
134	}
135	}
136	}
137	log.debug("************************** End SAML ValidatorCallback ************************");
138	}
139
140	/**
141	* The Subject element contains the user identification information. It is
142	* expected to follow an X509 format, but in the case that this is not
143	* proven out it will save the entire contents as being the userid.
144	* @param writeOut The writer for the storage file
145	* @param assertIn The Assertion element
146	*/
147	private void writeSubject(PrintWriter writeOut, Assertion assertIn) {
148	log.debug("SAMLValidator.writeSubject() -- Begin");
149	if (assertIn instanceof AssertionType) {
150	AssertionType assertType = (AssertionType) assertIn;
151	if (assertType.getSubject() != null) {
152	List<JAXBElement<?>> contents = assertType.getSubject().getContent();
153	if (contents != null && !contents.isEmpty()) {
154	for (JAXBElement jaxElem : contents) {
155	if (jaxElem.getValue() instanceof NameIDType) {
156	NameIDType nameId = (NameIDType) jaxElem.getValue();
157	String format = nameId.getFormat();
158	String nameVal = nameId.getValue();
159
160	// For X509 format the user identifier is extracted, for others content is taken as is
161	String userIdentifier = nameVal;
162	if (format != null && nameVal != null) {
163	if (format.trim().equals(X509_FORMAT)) {
164	String extractedUID = extract509(nameVal);
165	if (extractedUID != null) {
166	userIdentifier = extractedUID;
167	} else {
168	log.warn("X509 Formatted user identifier can not be extracted");
169	}
170	}
171	} else {
172	log.warn("Subject's NameId has an invalid format");
173	}
174	log.info(InternalTokenMgr.userNameAttrName + "=" + userIdentifier);
175	writeOut.println(InternalTokenMgr.userNameAttrName + "=" + userIdentifier);
176	}
177	}
178	} else {
179	log.warn("Expected Subject information is missing.");
180	}
181	} else {
182	log.warn("Subject element is missing.");
183	}
184	}
185	log.debug("SAMLValidator.writeSubject() -- End");
186	}
187
188	/**
189	* Extracts the value of the UID object identifier of the X509 formatted
190	* content. This method uses Sun proprietary classes to determine if the
191	* X509 is properly formed and to extract the value of the UID. The current
192	* specification for the string representation of a distinguished name is
193	* defined in <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>.
194	* @param in509 The X509 formatted string
195	* @return The extracted userid value, null if not defined.
196	*/
197	private String extract509(String in509) {
198	log.debug("SAMLValidator.extract509() " + in509 + " -- Begin");
199	String userVal = null;
200	if (in509 != null) {
201	try {
202	X500Principal prin = new X500Principal(in509);
203	X500Name name500 = X500Name.asX500Name(prin);
204	for (AVA ava : name500.allAvas()) {
205	if (X500Name.userid_oid == ava.getObjectIdentifier()) {
206	userVal = ava.getValueString();
207	} else {
208	log.warn("Construction of user identifier does not use: " + ava.toString());
209	}
210	}
211	} catch (IllegalArgumentException iae) {
212	log.warn("X509 NameId is improperly formed: " + iae.getMessage());
213	}
214	}
215	log.debug("SAMLValidator.extract509() " + userVal + " -- End");
216	return userVal;
217	}
218
219	/**
220	* This method is responsible to extract the information from both the
221	* AttributeStatements as found in the main Assertion element as well as the
222	* AttributeStatements found in the Evidence element. The permitted names
223	* of the Attributes in the Assertion element are: UserRole, PurposeForUse,
224	* UserName, UserOrganization. The permitted names of the Attributes in the
225	* Evidence element are: ContentReference, ContentType, and Content.
226	* @param writeOut The writer for the storage file
227	* @param statement The attribute statement to be extracted
228	*/
229	private void writeAttributeInfo(PrintWriter writeOut, AttributeStatementType statement) {
230	log.debug("SAMLValidator.writeAttributeInfo() -- Begin");
231	List attribs = statement.getAttributeOrEncryptedAttribute();
232	if (attribs != null && !attribs.isEmpty()) {
233	for (int idx = 0; idx < attribs.size(); idx++) {
234	if (attribs.get(idx) instanceof AttributeType) {
235	StringBuffer strBuf = new StringBuffer();
236	AttributeType attrib = (AttributeType) attribs.get(idx);
237	String nameAttr = attrib.getName();
238	if (nameAttr != null) {
239	if ("UserRole".equals(nameAttr)) {
240	parseRole(attrib, strBuf, USER_ROLE_ID);
241	} else if ("PurposeForUse".equals(nameAttr)) {
242	parseRole(attrib, strBuf, PURPOSE_ROLE_ID);
243	} else if (InternalTokenMgr.userNameAttrName.equals(nameAttr)) {
244	extractNameParts(attrib, strBuf);
245	} else if (InternalTokenMgr.userOrgAttrName.equals(nameAttr) \|\|
246	InternalTokenMgr.claimRefAttrName.equals(nameAttr) \|\|
247	InternalTokenMgr.claimFormAttrName.equals(nameAttr)) {
248	List attrVals = attrib.getAttributeValue();
249	if (attrVals != null && !attrVals.isEmpty()) {
250	strBuf.append(attrib.getName() + "=");
251	if (InternalTokenMgr.claimFormAttrName.equals(nameAttr)) {
252	for (int idxVal = 0; idxVal < attrVals.size(); idxVal++) {
253	Object formVal = attrVals.get(idxVal);
254	if (formVal instanceof byte[]) {
255	byte[] rawForm = (byte[]) attrVals.get(idxVal);
256	String strForm = new String(rawForm);
257	strBuf.append(strForm + " ");
258	} else {
259	strBuf.append(" ");
260	log.warn(nameAttr + " Attribute is not recognized as base64 binary");
261	}
262	}
263	} else {
264	for (int idxVal = 0; idxVal < attrVals.size(); idxVal++) {
265	strBuf.append(attrVals.get(idxVal) + " ");
266	}
267	}
268	} else {
269	log.warn("No values are provided for Attribute " + nameAttr);
270	}
271	} else if (InternalTokenMgr.claimFormTypeAttrName.equals(nameAttr)) {
272	log.info(nameAttr + " is set to default 'application\\pdf'.");
273	} else {
274	log.warn("Unrecognized Name Attribute: " + nameAttr);
275	}
276	} else {
277	log.warn("Improperly formed Name Attribute: " + nameAttr);
278	}
279	if (strBuf != null && strBuf.length() > 0) {
280	writeOut.println(strBuf.toString());
281	log.info(strBuf.toString());
282	}
283	}
284	}
285	} else {
286	log.warn("Expected Attributes are missing.");
287	}
288
289	log.debug("SAMLValidator.writeAttributeInfo() -- End");
290	}
291
292	/**
293	* The value of the UserName attribute is assumed to be a user's name in
294	* plain text. The name parts are extracted in this method as the first
295	* word constitutes the first name, the last word constitutes the last name
296	* and all other text in between these words constitute the middle name.
297	* @param attrib The Attribute that has the user name as its value
298	* @param strBuf The name parts are appended to this string buffer for later
299	* output to the storage file
300	*/
301	private void extractNameParts(AttributeType attrib, StringBuffer strBuf) {
302	log.debug("SAMLValidator.extractNameParts() -- Begin");
303	// Assumption is that before the 1st space reflects the first name,
304	// after the last space is the last name, anything between is the middle name
305	List attrVals = attrib.getAttributeValue();
306	if (attrVals != null && !attrVals.isEmpty()) {
307	for (int idxVal = 0; idxVal <
308	attrVals.size(); idxVal++) {
309	if (attrVals.get(idxVal) != null) {
310	String completeName = attrVals.get(idxVal).toString();
311	String[] nameTokens = completeName.split("\\s");
312	ArrayList<String> nameParts = new ArrayList<String>();
313	//remove blank tokens
314	for (String tok : nameTokens) {
315	if (tok.trim() != null && tok.trim().length() > 0) {
316	nameParts.add(tok);
317	}
318	}
319	if (nameParts.size() > 0) {
320	strBuf.append(InternalTokenMgr.userFirstNameAttrName + "=" + nameParts.get(0) + "\n");
321	nameParts.remove(0);
322	}
323
324	if (nameParts.size() > 0) {
325	strBuf.append(InternalTokenMgr.userLastNameAttrName + "=" + nameParts.get(nameParts.size() - 1) + "\n");
326	nameParts.remove(nameParts.size() - 1);
327	}
328
329	if (nameParts.size() > 0) {
330	strBuf.append(InternalTokenMgr.userMiddleNameAttrName + "=");
331	for (String name : nameParts) {
332	strBuf.append(name + " ");
333	}
334	// take off last blank character
335	strBuf.setLength(strBuf.length() - 1);
336	}
337	// take off last return char.
338	if (strBuf.toString().endsWith("\n")) {
339	int truncIdx = strBuf.lastIndexOf("\n");
340	strBuf.setLength(truncIdx);
341	}
342	// Once found break out of the loop
343	break;
344	}
345	}
346	} else {
347	log.warn("Expected User Name attribute is empty: " + attrVals);
348	}
349
350	log.debug("SAMLValidator.extractNameParts() -- End");
351	}
352
353	/**
354	* The value of the UserRole and PurposeForUse attributes are formatted
355	* according to the specifications of an nhin:CodedElement. This method
356	* parses that expected structure to obtain the code, codeSystem,
357	* codeSystemName, and the displayName attributes of that element.
358	* @param attrib The Attribute that has the UserRole or PurposeForUse as its
359	* value
360	* @param strBuf The coded element's attribute parts are appended to this
361	* string buffer for later output to the storage file
362	* @param id Identifies which coded element this is parsing
363	*/
364	private void parseRole(AttributeType attrib, StringBuffer strBuf, String id) {
365	log.debug("SAMLValidator.parseRole() for " + id + " -- Begin");
366
367	List attrVals = attrib.getAttributeValue();
368
369	if (attrVals != null && !attrVals.isEmpty()) {
370	for (int idxVal = 0; idxVal <
371	attrVals.size(); idxVal++) {
372	// With our current version of Metro the get(idxVal) gives us a null
373	// It was supposedly fixed by 9/30/08.
374	if (attrVals.get(idxVal) instanceof AttributeValue) {
375	AttributeValue attrVal = (AttributeValue) attrVals.get(idxVal);
376
377	String roleVal = attrVal.toString();
378	log.info("Role value: " + roleVal);
379	TreeSet<Integer> patStartRef = new TreeSet<Integer>();
380	Map<Integer, Integer> patStartEndXRef = new HashMap<Integer, Integer>();
381	Map<Integer, String> patStartNameXRef = new HashMap<Integer, String>();
382
383	Pattern codePat = Pattern.compile("[cC][oO][dD][eE]\\s*?=");
384	Matcher codeMatch = codePat.matcher(roleVal);
385	while (codeMatch.find()) {
386	patStartRef.add(codeMatch.start());
387	patStartEndXRef.put(codeMatch.start(), codeMatch.end());
388	if (USER_ROLE_ID.equals(id)) {
389	patStartNameXRef.put(codeMatch.start(), InternalTokenMgr.userRoleCodeAttrName + "=");
390	} else if (PURPOSE_ROLE_ID.equals(id)) {
391	patStartNameXRef.put(codeMatch.start(), InternalTokenMgr.purposeCodeAttrName + "=");
392	} else {
393	log.warn("Unrecognized item: " + id + " Can not parse 'code'.");
394	}
395
396	}
397
398	Pattern codeSysPat = Pattern.compile("[cC][oO][dD][eE][sS][yY][sS][tT][eE][mM]\\s*?=");
399	Matcher codeSysMatch = codeSysPat.matcher(roleVal);
400	while (codeSysMatch.find()) {
401	patStartRef.add(codeSysMatch.start());
402	patStartEndXRef.put(codeSysMatch.start(), codeSysMatch.end());
403	if (USER_ROLE_ID.equals(id)) {
404	patStartNameXRef.put(codeSysMatch.start(), InternalTokenMgr.userRoleCodeSystemAttrName + "=");
405	} else if (PURPOSE_ROLE_ID.equals(id)) {
406	patStartNameXRef.put(codeSysMatch.start(), InternalTokenMgr.purposeCodeSystemAttrName + "=");
407	} else {
408	log.warn("Unrecognized item: " + id + " Can not parse 'codeSystem'.");
409	}
410
411	}
412
413	Pattern codeSysNamePat = Pattern.compile("[cC][oO][dD][eE][sS][yY][sS][tT][eE][mM][nN][aA][mM][eE]\\s*?=");
414	Matcher codeSysNameMatch = codeSysNamePat.matcher(roleVal);
415	while (codeSysNameMatch.find()) {
416	patStartRef.add(codeSysNameMatch.start());
417	patStartEndXRef.put(codeSysNameMatch.start(), codeSysNameMatch.end());
418	if (USER_ROLE_ID.equals(id)) {
419	patStartNameXRef.put(codeSysNameMatch.start(), InternalTokenMgr.userRoleCodeSystemNameAttrName + "=");
420	} else if (PURPOSE_ROLE_ID.equals(id)) {
421	patStartNameXRef.put(codeSysNameMatch.start(), InternalTokenMgr.purposeCodeSystemNameAttrName + "=");
422	} else {
423	log.warn("Unrecognized item: " + id + " Can not parse 'codeSystemName'.");
424	}
425
426	}
427
428	Pattern dispNamePat = Pattern.compile("[dD][iI][sS][pP][lL][aA][yY][nN][aA][mM][eE]\\s*?=");
429	Matcher dispNameMatch = dispNamePat.matcher(roleVal);
430	while (dispNameMatch.find()) {
431	patStartRef.add(dispNameMatch.start());
432	patStartEndXRef.put(dispNameMatch.start(), dispNameMatch.end());
433	if (USER_ROLE_ID.equals(id)) {
434	patStartNameXRef.put(dispNameMatch.start(), InternalTokenMgr.userRoleDisplayAttrName + "=");
435	} else if (PURPOSE_ROLE_ID.equals(id)) {
436	patStartNameXRef.put(dispNameMatch.start(), InternalTokenMgr.purposeDisplayAttrName + "=");
437	} else {
438	log.warn("Unrecognized item: " + id + " Can not parse 'displayName'.");
439	}
440
441	}
442
443	while (!patStartRef.isEmpty()) {
444	// get substring from the end of this to the beginning of the next
445	int keyIdx = patStartRef.pollFirst();
446	int begSubIdx = patStartEndXRef.get(keyIdx);
447	int endSubIdx = roleVal.length();
448	try {
449	endSubIdx = patStartRef.first();
450	} catch (NoSuchElementException ne) {
451	}
452	String valSubstr = roleVal.substring(begSubIdx, endSubIdx).trim();
453
454	// value lies between the quotes
455	String extractedVal = valSubstr;
456	int valBeg = valSubstr.indexOf("\"");
457	int valEnd = valSubstr.lastIndexOf("\"");
458	if (valBeg != -1 && valEnd != -1 && valBeg <= valEnd) {
459	extractedVal = valSubstr.substring(valBeg + 1, valEnd).trim();
460	} else {
461	log.warn("Extracted Value is in an unrecognized form: " + valSubstr);
462	}
463
464	log.info("Parsed Value " + patStartNameXRef.get(keyIdx) + ": " + extractedVal);
465	strBuf.append(patStartNameXRef.get(keyIdx) + extractedVal + "\n");
466	}
467	// take off last return char.
468	if (strBuf.toString().endsWith("\n")) {
469	int truncIdx = strBuf.lastIndexOf("\n");
470	strBuf.setLength(truncIdx);
471	}
472
473	} else {
474	log.warn("Value for " + id + " attribute is not a proper AttributeValue.");
475	}
476	// Once found break out of the loop
477	break;
478	}
479	} else {
480	log.warn("Attributes for " + id + " are invalid: " + attrVals);
481	}
482
483	log.debug("SAMLValidator.parseRole() -- End");
484	}
485
486	/**
487	* The Authorization Decision Statement is used to convey a form authorizing
488	* access to medical records. It may embed the binary content of the
489	* authorization form as well describing the conditions of its validity.
490	* This method saves off all values associated with this Evidence.
491	* @param writeOut The writer for the storage file
492	* @param authzState The authorization decision element
493	*/
494	private void writeDecisionInfo(PrintWriter writeOut, AuthzDecisionStatementType authzState) {
495
496	log.debug("SAMLValidator.writeDecisionInfo() -- Begin");
497	writeOut.println(InternalTokenMgr.resourceAttrName + "=" + authzState.getResource());
498	log.info(InternalTokenMgr.resourceAttrName + "=" + authzState.getResource());
499
500	List<ActionType> actions = authzState.getAction();
501	StringBuffer actSb = new StringBuffer();
502	for (ActionType act : actions) {
503	actSb.append(act.getValue() + " ");
504	}
505
506	writeOut.println(InternalTokenMgr.actionAttrName + "=" + actSb.toString());
507	log.info(InternalTokenMgr.actionAttrName + "=" + actSb.toString());
508
509	EvidenceType evid = authzState.getEvidence();
510	List asserts = evid.getAssertionIDRefOrAssertionURIRefOrAssertion();
511	if (asserts != null && !asserts.isEmpty()) {
512	for (int idx = 0; idx <
513	asserts.size(); idx++) {
514	if (asserts.get(idx) instanceof JAXBElement) {
515	JAXBElement evElem = (JAXBElement) asserts.get(idx);
516	if (evElem.getValue() instanceof AssertionType) {
517	AssertionType evAss = (AssertionType) evElem.getValue();
518
519	writeConditionsInfo(writeOut, evAss.getConditions());
520
521	List statements = evAss.getStatementOrAuthnStatementOrAuthzDecisionStatement();
522	if (statements != null && !statements.isEmpty()) {
523	for (int idxState = 0; idxState <
524	statements.size(); idxState++) {
525	if (statements.get(idxState) instanceof AttributeStatementType) {
526	AttributeStatementType statement = (AttributeStatementType) statements.get(idxState);
527	writeAttributeInfo(writeOut, statement);
528	}
529
530	}
531	} else {
532	log.warn("Evidence Statements are missing.");
533	}
534	} else {
535	log.warn("Non-Assertion type element: " + evElem.getValue() + " is not processed");
536	}
537	} else {
538	log.warn("Evidence assertion is not recognized as a JAXB element");
539	}
540	}
541	} else {
542	log.warn("Evidence assertion is empty: " + asserts);
543	}
544
545	log.debug("SAMLValidator.writeDecisionInfo() -- End");
546	}
547
548	/**
549	* This method extracts the dates of validity for the Evidence's
550	* authorization form. These dates are contained in the Conditions element
551	* and are written out to the storage file by this method.
552	* @param writeOut The writer for the storage file
553	* @param conditions The Evidence's Conditions element
554	*/
555	private void writeConditionsInfo(PrintWriter writeOut, ConditionsType conditions) {
556	log.debug("SAMLValidator.writeConditionsInfo() -- Begin");
557	if (conditions != null) {
558	SimpleDateFormat dateForm = new SimpleDateFormat("MM/dd/yyyy HH:mm:ss");
559
560	XMLGregorianCalendar beginTime = conditions.getNotBefore();
561	if (beginTime != null && beginTime.toGregorianCalendar() != null && beginTime.toGregorianCalendar().getTime() != null) {
562	String formBegin = dateForm.format(beginTime.toGregorianCalendar().getTime());
563	writeOut.println(InternalTokenMgr.signDateAttrName + "=" + formBegin);
564	log.info(InternalTokenMgr.signDateAttrName + "=" + formBegin);
565	}
566
567	XMLGregorianCalendar endTime = conditions.getNotOnOrAfter();
568	if (endTime != null && endTime.toGregorianCalendar() != null && endTime.toGregorianCalendar().getTime() != null) {
569	String formEnd = dateForm.format(endTime.toGregorianCalendar().getTime());
570	writeOut.println(InternalTokenMgr.expireDateAttrName + "=" + formEnd);
571	log.info(InternalTokenMgr.expireDateAttrName + "=" + formEnd);
572	}
573
574	}
575	log.debug("SAMLValidator.writeConditionsInfo() -- End");
576	}
577	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: