1
2
3
4
5
6 package org.opensciencegrid.authz.client;
7
8 import java.net.URL;
9 import java.util.ArrayList;
10 import java.rmi.RemoteException;
11 import javax.xml.rpc.ServiceException;
12 import org.opensciencegrid.authz.common.GridId;
13 import org.opensciencegrid.authz.common.LocalId;
14 import org.opensciencegrid.authz.service.GRIDIdentityMappingService;
15 import org.opensciencegrid.authz.stubs.AuthorizationServiceLocator;
16 import org.opensciencegrid.authz.stubs.SAMLRequestPortType;
17 import org.opensciencegrid.authz.stubs.SAMLRequestType;
18 import org.opensciencegrid.authz.stubs.SAMLResponseType;
19 import org.opensaml.v1_0_1.SAMLSubject;
20 import org.opensaml.v1_0_1.SAMLAuthorizationDecisionStatement;
21 import org.apache.log4j.Category;
22
23
24 /*** Client for a GRID identity mapping service. It converts the GridId to a
25 * SAML request, contact the AuthZ service, and converts the SAML response to a
26 * LocalID.
27 *
28 * @author Markus Lorch, Gabriele Carcassi
29 */
30 public class GRIDIdentityMappingServiceClient extends SAMLAuthZClientBase implements GRIDIdentityMappingService {
31
32 URL serviceLocation;
33 static Category log = Category.getInstance(GRIDIdentityMappingServiceClient.class.getName());
34
35 public GRIDIdentityMappingServiceClient(URL serviceLocation) throws ServiceException {
36 this.serviceLocation = serviceLocation;
37 }
38
39
40 /*** returns null if no mapping could be retrieved */
41
42 public LocalId mapCredentials(GridId gridID) {
43
44 LocalId id = null;
45
46 if ((gridID.getUserFQAN() != null) && (gridID.getUserFQANIssuer() == null)) {
47 throw new RuntimeException("userFQAN and userFQANIssuer must both be set.");
48 }
49
50 try {
51
52 String requestedServiceName = gridID.getHostDN();
53 SAMLSubject samlSubject = getSAMLSubjectFromString(gridID.getUserDN());
54 ArrayList samlEvidence = createFQANEvidenceFromString(samlSubject, gridID.getUserFQANIssuer(), gridID.getUserFQAN());
55 ArrayList samlActions = createMappingActions();
56
57
58 SAMLAuthorizationDecisionStatement stmt = queryAuthZService( samlSubject,
59 samlEvidence,
60 samlActions,
61 requestedServiceName,
62 serviceLocation);
63
64 if(stmt!=null) {
65 id = processAuthzStmt(stmt, requestedServiceName, samlActions, samlSubject);
66 }
67
68 } catch (Exception e) {
69 log.error(e);
70 id=null;
71 }
72
73 return id;
74 }
75
76 }