From d6c7784ca84200e177fbeb6cc5f6b7b5666ff95e Mon Sep 17 00:00:00 2001
From: Misagh Moayyed <mmoayyed@unicon.net>
Date: Tue, 12 May 2015 11:14:35 -0700
Subject: [PATCH] initial commit

---
 .gitignore                                    |   3 +
 build.xml                                     |  94 ++++++
 pom.xml                                       | 271 ++++++++++++++++++
 .../profile/logic/AuthnClassPredicate.java    |  69 +++++
 4 files changed, 437 insertions(+)
 create mode 100644 build.xml
 create mode 100644 pom.xml
 create mode 100644 src/main/java/net/shibboleth/idp/profile/logic/AuthnClassPredicate.java

diff --git a/.gitignore b/.gitignore
index 32858aa..5f91013 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,6 @@
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
+.idea
+target/
+*.iml
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..abce644
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to Apereo under one or more contributor license
+    agreements. See the NOTICE file distributed with this work
+    for additional information regarding copyright ownership.
+    Apereo licenses this file to you under the Apache License,
+    Version 2.0 (the "License"); you may not use this file
+    except in compliance with the License.  You may obtain a
+    copy of the License at the following location:
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<project name="idp" default="deploy" basedir=".">
+
+    <taskdef resource="net/sf/antcontrib/antcontrib.properties" />
+
+    <!-- ******************* PROPERTIES ************************* -->
+    <property environment="env" />
+    <property name="build.target.dir" value="target" />
+    <property name="catalina.home" value="${env.CATALINA_HOME}" />
+    <property name="jetty.home" value="${env.JETTY_HOME}" />
+    <property name="tomcat.log.patterns" value="**/*.log" />
+	<property name="useJetty" value="false"/>
+
+    <!-- ******************* MAVEN PROPERTIES******************** -->
+    <condition property="mavenExecutableFile" value="mvn.cmd" else="mvn">
+		<os family="windows" />
+	</condition>
+	<var name="mavenExecutable" value="${env.M2_HOME}\bin\${mavenExecutableFile}"/>
+	<available file="${mavenExecutable}"  property="maven.exec.exists" />
+
+	<if>
+		<not>
+			<isset property="${maven.exec.exists}" />
+		</not>
+		<then>
+			<var name="mavenExecutable" value="${env.MAVEN_HOME}\bin\${mavenExecutableFile}"/>
+			<available file="${mavenExecutable}"  property="maven.exec.exists" />
+		</then>
+	</if>
+	<fail unless="${maven.exec.exists}" message="Cannot determine the maven location ${mavenExecutable} through M2_HOME/MAVEN_HOME env vars."/>
+		
+	<!-- ********************* TARGETS *************************** -->
+
+	<target name="clean" description="Clean deployed artifacts and logs">
+		<exec dir="${basedir}" executable="${mavenExecutable}">
+			<arg value="clean" />
+		</exec>
+		
+	</target>
+
+	<target name="compile" description="Compile artifacts" depends="clean">
+		<exec dir="${basedir}" executable="${mavenExecutable}">
+      		<arg value="compile" />
+		</exec>
+	</target>
+
+	<target name="copy" depends="package">
+		<copy overwrite="true"
+			  todir="/opt/shibboleth-idp/webapp/WEB-INF/lib"
+			  file="target/shib-extensions.jar"
+			  verbose="true"
+				/>
+		<copy overwrite="true"
+			  todir="${env.CATALINA_HOME}/webapps/idp/WEB-INF/lib"
+			  file="target/shib-extensions.jar"
+			  verbose="true"
+				/>
+
+	</target>
+
+	<target name="package" description="Package src artifacts and prepare for deployment" depends="clean">
+		<exec dir="${basedir}" executable="${mavenExecutable}">
+			<arg value="install" />
+		</exec>
+	</target>
+
+	<target name="deploy" depends="copy" description="Clean, package and deploy artifacts" />
+
+	<target name="help" description="Prints instructions on how to run the build.">
+		<echo message="Use 'ant -projecthelp' to see all available commands" />
+	</target>
+
+</project>
+
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..4f69330
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,271 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>edu.uchicago.identity</groupId>
+    <artifactId>shibidp-extensions</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>${maven.plugin.compiler}</version>
+                <configuration>
+                    <source>${project.build.sourceVersion}</source>
+                    <target>${project.build.targetVersion}</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>${maven.plugin.jar}</version>
+                <configuration>
+                    <finalName>shib-extensions</finalName>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-core</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-messaging-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-messaging-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-profile-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-profile-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-saml-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-saml-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-security-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-security-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-soap-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-soap-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-storage-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-storage-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-xmlsec-api</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.opensaml</groupId>
+            <artifactId>opensaml-xmlsec-impl</artifactId>
+            <version>${opensaml.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-filter-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-filter-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-resolver-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-resolver-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-resolver-spring</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-attribute-filter-spring</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-authn-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-authn-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-cas-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-cas-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-profile-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-profile-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-profile-spring</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-saml-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-saml-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-session-api</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-session-impl</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-ui</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-core</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-consent</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-schema</artifactId>
+            <version>${idp.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>${guava.version}</version>
+        </dependency>
+    </dependencies>
+
+    <properties>
+        <idp.version>3.1.1</idp.version>
+        <guava.version>18.0</guava.version>
+        <opensaml.version>3.1.1</opensaml.version>
+        <maven.plugin.jar>2.6</maven.plugin.jar>
+        <maven.plugin.compiler>3.3</maven.plugin.compiler>
+        <project.build.sourceVersion>1.8</project.build.sourceVersion>
+        <project.build.targetVersion>1.8</project.build.targetVersion>
+    </properties>
+
+    <repositories>
+        <repository>
+            <id>shib-release</id>
+            <url>https://build.shibboleth.net/nexus/content/groups/public</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+            <releases>
+                <enabled>true</enabled>
+            </releases>
+        </repository>
+        <repository>
+            <id>shib-snapshot</id>
+            <url>https://build.shibboleth.net/nexus/content/repositories/snapshots</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>true</enabled>
+            </snapshots>
+        </repository>
+        <repository>
+            <id>central</id>
+            <url>http://repo1.maven.org/maven2</url>
+            <releases>
+                <enabled>false</enabled>
+            </releases>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+</project>
diff --git a/src/main/java/net/shibboleth/idp/profile/logic/AuthnClassPredicate.java b/src/main/java/net/shibboleth/idp/profile/logic/AuthnClassPredicate.java
new file mode 100644
index 0000000..769d149
--- /dev/null
+++ b/src/main/java/net/shibboleth/idp/profile/logic/AuthnClassPredicate.java
@@ -0,0 +1,69 @@
+package net.shibboleth.idp.profile.logic;
+
+import net.shibboleth.idp.authn.context.AuthenticationContext;
+import net.shibboleth.idp.authn.context.RequestedPrincipalContext;
+import org.opensaml.profile.context.ProfileRequestContext;
+import com.google.common.base.Predicate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Set;
+
+/**
+ * @author Misagh Moayyed
+ */
+public final class AuthnClassPredicate implements Predicate<ProfileRequestContext> {
+    private final Logger log = LoggerFactory.getLogger(AuthnClassPredicate.class);
+
+    private Set<String> authnClassesToMatch;
+
+    private Predicate<ProfileRequestContext> predicateToDelegate;
+
+    public AuthnClassPredicate(Set<String> authnClassesToMatch, Predicate<ProfileRequestContext> predicateToDelegate) {
+        this.authnClassesToMatch = authnClassesToMatch;
+        this.predicateToDelegate = predicateToDelegate;
+    }
+
+    @Override
+    public boolean apply(ProfileRequestContext profileRequestContext) {
+        log.debug("Evaluating profile request context for authn class...");
+
+        log.debug("Getting authn context from the profile request context...");
+        final AuthenticationContext authnContext = profileRequestContext.getSubcontext(AuthenticationContext.class);
+
+        log.debug("Getting requested principal from the authn context...");
+        final RequestedPrincipalContext principalContext = authnContext.getSubcontext(RequestedPrincipalContext.class);
+
+        if (principalContext == null) {
+            log.debug("No principal context was requested. predicate wil ignore the context");
+            return true;
+        }
+
+        log.debug("Getting matching principal from the principal context...");
+        final Principal principal = principalContext.getMatchingPrincipal();
+        final String principalName = principal.getName();
+        log.debug("Matching principal name is {}", principalName);
+
+        if (this.authnClassesToMatch.contains(principalName)) {
+            log.debug("Found matching principal name {} for the requested authn class. Calling delegate...",
+                    principalName);
+
+            boolean delegateResult = this.predicateToDelegate.apply(profileRequestContext);
+            if (delegateResult) {
+                log.debug("Delegate {} returned true. Moving on...", this.predicateToDelegate.getClass().getSimpleName());
+                return true;
+            } else {
+                log.debug("Delegate could not evaluate the context. Failing...");
+                return false;
+            }
+
+        }
+        log.debug("Could not match the requested authn principal {} against {}",
+                principalName, Arrays.toString(this.authnClassesToMatch.toArray()));
+        return false;
+    }
+
+
+}