src/edu/internet2/middleware/shibboleth/common/AttributeQueryHandle.java

   1 package edu.internet2.middleware.shibboleth.common;
   2
   3 import java.util.StringTokenizer;
   4
   5 import javax.crypto.Cipher;
   6 import javax.crypto.SecretKey;
   7 import org.doomdark.uuid.UUID;
   8 import org.doomdark.uuid.UUIDGenerator;
   9
  10 /**
  11  * A Shibboleth Attribute Query Handle.
  12  *
  13  * @author Walter Hoehn wassa&#064;columbia.edu
  14  *
  15  */
  16
  17 public class AttributeQueryHandle {
  18
  19         private String principal;
  20         private long creationTime;
  21         private long expirationTime;
  22         private byte[] cipherTextHandle;
  23         private String handleID;
  24
  25         /**
  26          * Unmarshalls an <code>AttributeQueryHandle</code> based on the results of the serialize() method
  27          * of an existing <code>AttributeQueryHandle</code>.  Requires a key identical to the one used
  28          * in the creation of the original <code>AttributeQueryHandle</code>.
  29          *
  30          */
  31
  32         public AttributeQueryHandle(byte[] handle, SecretKey key)
  33                 throws HandleException {
  34
  35                 try {
  36                         Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
  37                         cipher.init(Cipher.DECRYPT_MODE, key);
  38                         StringTokenizer tokenizer =
  39                                 new StringTokenizer(
  40                                         new String(cipher.doFinal(Base64.decode(handle)), "UTF-8"),
  41                                         "||",
  42                                         false);
  43                         principal =
  44                                 new String(
  45                                         Base64.decode(tokenizer.nextToken().getBytes("ASCII")),
  46                                         "UTF-8");
  47                         expirationTime = new Long(tokenizer.nextToken()).longValue();
  48                         handleID = tokenizer.nextToken();
  49                 } catch (Exception e) {
  50                         throw new HandleException("Error unmarshalling handle: " + e);
  51                 }
  52
  53         }
  54
  55         /**
  56          * Creates a new <code>AttributeQueryHandle</code>
  57          * @param principal <code>String</code> representation of user that the handle should reference
  58          * @param validityPeriod Time in milliseconds for which the handle should be valid
  59          * @param hsLocation URL of the Handle Service used to generate the AQH
  60          * @param key Symmetric key used to encrypt the AQH upon serialization
  61          *
  62          */
  63
  64         public AttributeQueryHandle(
  65                 String principal,
  66                 SecretKey key,
  67                 long validityPeriod,
  68                 String hsLocation)
  69                 throws HandleException {
  70
  71                 this.principal = principal;
  72                 this.creationTime = System.currentTimeMillis();
  73                 this.expirationTime = creationTime + validityPeriod;
  74
  75                 try {
  76                         //create a unique id based on the url of the HS and the current time
  77                         UUIDGenerator uuidGen = UUIDGenerator.getInstance();
  78                         UUID nameSpaceUUID = new UUID(UUID.NAMESPACE_URL);
  79                         handleID =
  80                                 uuidGen.generateNameBasedUUID(nameSpaceUUID, hsLocation)
  81                                         + ":"
  82                                         + uuidGen.generateTimeBasedUUID();
  83
  84                         Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
  85                         cipher.init(Cipher.ENCRYPT_MODE, key);
  86                         cipherTextHandle =
  87                                 cipher.doFinal(
  88                                         (
  89                                                 new String(
  90                                                         Base64.encode(principal.getBytes("UTF-8")),
  91                                                         "ASCII")
  92                                                         + "||"
  93                                                         + expirationTime
  94                                                         + "||"
  95                                                         + handleID).getBytes(
  96                                                 "UTF-8"));
  97
  98                 } catch (Exception e) {
  99                         throw new HandleException("Error creating handle: " + e);
 100
 101                 }
 102
 103         }
 104
 105         /**
 106          * Returns a <code>String</code> representation of the user that the handle references.
 107          */
 108
 109         public String getPrincipal() {
 110                 return principal;
 111         }
 112
 113         /**
 114          * Returns bytes of ciphertext representing the <code>AttributeQueryHandle</code> instance.
 115          */
 116
 117         public byte[] serialize() {
 118
 119                 return Base64.encode(cipherTextHandle);
 120         }
 121
 122         /**
 123          * Boolean result indicates whether the validity of this <code>AttributeQueryHandle</code>
 124          * has lapsed.
 125          */
 126
 127         public boolean isExpired() {
 128
 129                 if (System.currentTimeMillis() >= expirationTime) {
 130                         return true;
 131                 } else {
 132                         return false;
 133                 }
 134
 135         }
 136
 137         /**
 138          * Returns a <code>String</code> representation of the unique identifier for this handle.
 139          */
 140
 141         public String getHandleID() {
 142                 return handleID;
 143         }
 144
 145 }