Update to sync with interface.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / hs / provider / SharedMemoryShibHandle.java
1 /*
2  * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
3  * for Advanced Internet Development, Inc. All rights reserved
4  * 
5  * 
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  * 
9  * Redistributions of source code must retain the above copyright notice, this
10  * list of conditions and the following disclaimer.
11  * 
12  * Redistributions in binary form must reproduce the above copyright notice,
13  * this list of conditions and the following disclaimer in the documentation
14  * and/or other materials provided with the distribution, if any, must include
15  * the following acknowledgment: "This product includes software developed by
16  * the University Corporation for Advanced Internet Development
17  * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
18  * may appear in the software itself, if and wherever such third-party
19  * acknowledgments normally appear.
20  * 
21  * Neither the name of Shibboleth nor the names of its contributors, nor
22  * Internet2, nor the University Corporation for Advanced Internet Development,
23  * Inc., nor UCAID may be used to endorse or promote products derived from this
24  * software without specific prior written permission. For written permission,
25  * please contact shibboleth@shibboleth.org
26  * 
27  * Products derived from this software may not be called Shibboleth, Internet2,
28  * UCAID, or the University Corporation for Advanced Internet Development, nor
29  * may Shibboleth appear in their name, without prior written permission of the
30  * University Corporation for Advanced Internet Development.
31  * 
32  * 
33  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
34  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
35  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
36  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
37  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
38  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
39  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
40  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
41  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
44  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
45  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
46  */
47 package edu.internet2.middleware.shibboleth.hs.provider;
48
49 import java.util.HashMap;
50 import java.util.HashSet;
51 import java.util.Iterator;
52 import java.util.Map;
53 import java.util.Set;
54 import java.util.Map.Entry;
55
56 import org.apache.log4j.Logger;
57 import org.doomdark.uuid.UUIDGenerator;
58 import org.opensaml.SAMLException;
59 import org.opensaml.SAMLNameIdentifier;
60 import org.w3c.dom.Element;
61
62 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
63 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
64 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
65 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
66 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
67 import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
68
69 /**
70  * <code>HSNameIdentifierMapping</code> implementation that uses an in-memory
71  * cache to store mappings between principal names and Shibboleth Attribute Query Handles.
72  * 
73  * @author Walter Hoehn
74  */
75 public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements HSNameIdentifierMapping {
76
77         protected HandleCache cache = HandleCache.instance();
78         private static Logger log = Logger.getLogger(SharedMemoryShibHandle.class.getName());
79
80         public SharedMemoryShibHandle(Element config) throws NameIdentifierMappingException {
81                 super(config);
82         }
83
84         public SAMLNameIdentifier getNameIdentifierName(
85                 AuthNPrincipal principal,
86                 ServiceProvider sProv,
87                 IdentityProvider idProv)
88                 throws NameIdentifierMappingException {
89
90                 if (principal == null) {
91                         log.error("A principal must be supplied for Attribute Query Handle creation.");
92                         throw new IllegalArgumentException("A principal must be supplied for Attribute Query Handle creation.");
93                 }
94
95                 String handle = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
96                 log.debug("Assigning handle (" + handle + ") to principal (" + principal.getName() + ").");
97                 synchronized (cache.handleEntries) {
98                         cache.handleEntries.put(handle, createHandleEntry(principal));
99                 }
100
101                 try {
102                         return new SAMLNameIdentifier(handle, idProv.getProviderId(), getNameIdentifierFormat().toString());
103                 } catch (SAMLException e) {
104                         throw new NameIdentifierMappingException("Unable to generate Attribute Query Handle: " + e);
105                 }
106
107         }
108
109         public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
110                 throws NameIdentifierMappingException, InvalidNameIdentifierException {
111
112                 synchronized (cache.handleEntries) {
113                         if (!cache.handleEntries.containsKey(nameId.getName())) {
114                                 log.debug("The Name Mapping Cache does not contain an entry for this Attribute Query Handle.");
115                                 throw new NameIdentifierMappingException("The Name Mapping Cache does not contain an entry for this Attribute Query Handle.");
116                         }
117                 }
118
119                 HandleEntry handleEntry;
120                 synchronized (cache.handleEntries) {
121                         handleEntry = (HandleEntry) cache.handleEntries.get(nameId.getName());
122                 }
123
124                 if (handleEntry.isExpired()) {
125                         log.debug("Attribute Query Handle is expired.");
126                         synchronized (cache.handleEntries) {
127                                 cache.handleEntries.remove(nameId.getName());
128                         }
129                         throw new InvalidNameIdentifierException("Attribute Query Handle is expired.");
130                 } else {
131                         log.debug("Attribute Query Handle recognized.");
132                         return handleEntry.principal;
133                 }
134         }
135
136 }
137
138 class HandleCache {
139
140         protected Map handleEntries = new HashMap();
141         private static HandleCache instance;
142         protected MemoryRepositoryCleaner cleaner = new MemoryRepositoryCleaner();
143         private static Logger log = Logger.getLogger(HandleCache.class.getName());
144
145         protected HandleCache() {
146         }
147
148         public static synchronized HandleCache instance() {
149                 if (instance == null) {
150                         instance = new HandleCache();
151                         return instance;
152                 }
153                 return instance;
154         }
155         /**
156          * @see java.lang.Object#finalize()
157          */
158         protected void finalize() throws Throwable {
159                 super.finalize();
160                 synchronized (cleaner) {
161                         cleaner.shutdown = true;
162                         cleaner.interrupt();
163                 }
164         }
165
166         private class MemoryRepositoryCleaner extends Thread {
167
168                 private boolean shutdown = false;
169
170                 public MemoryRepositoryCleaner() {
171                         super();
172                         log.debug("Starting memory-based shib handle cache cleanup thread.");
173                         start();
174                 }
175
176                 public void run() {
177                         try {
178                                 sleep(1 * 60 * 1000);
179                         } catch (InterruptedException e) {
180                                 log.debug("Memory-based shib handle cache cleanup interrupted.");
181                         }
182                         while (true) {
183                                 try {
184                                         if (shutdown) {
185                                                 log.debug("Stopping Memory-based shib handle cache cleanup thread.");
186                                                 return;
187                                         }
188                                         Set needsDeleting = new HashSet();
189                                         synchronized (handleEntries) {
190                                                 Iterator iterator = handleEntries.entrySet().iterator();
191                                                 while (iterator.hasNext()) {
192                                                         Entry entry = (Entry) iterator.next();
193                                                         HandleEntry handleEntry = (HandleEntry) entry.getValue();
194                                                         if (handleEntry.isExpired()) {
195                                                                 needsDeleting.add(entry.getKey());
196                                                         }
197                                                 }
198                                                 //release the lock to be friendly
199                                                 Iterator deleteIterator = needsDeleting.iterator();
200                                                 while (deleteIterator.hasNext()) {
201                                                         synchronized (handleEntries) {
202                                                                 log.debug("Expiring an Attribute Query Handle from the memory cache.");
203                                                                 handleEntries.remove(deleteIterator.next());
204                                                         }
205                                                 }
206                                         }
207                                         sleep(1 * 60 * 1000);
208                                 } catch (InterruptedException e) {
209                                         log.debug("Memory-based shib handle cache cleanup interrupted.");
210                                 }
211                         }
212                 }
213         }
214
215 }