Errors from requests with invalid subjects are now implementation specific.
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / hs / provider / SharedMemoryShibHandle.java
1 /*
2  * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
3  * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
4  * provided that the following conditions are met: Redistributions of source code must retain the above copyright
5  * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
6  * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
7  * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
8  * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2
9  * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
10  * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
11  * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
12  * products derived from this software without specific prior written permission. For written permission, please
13  * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
14  * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
15  * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
16  * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
17  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
18  * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
19  * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
20  * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
23  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24  * POSSIBILITY OF SUCH DAMAGE.
25  */
26
27 package edu.internet2.middleware.shibboleth.hs.provider;
28
29 import java.util.HashMap;
30 import java.util.HashSet;
31 import java.util.Iterator;
32 import java.util.Map;
33 import java.util.Set;
34 import java.util.Map.Entry;
35
36 import org.apache.log4j.Logger;
37 import org.doomdark.uuid.UUIDGenerator;
38 import org.opensaml.SAMLException;
39 import org.opensaml.SAMLNameIdentifier;
40 import org.w3c.dom.Element;
41
42 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
43 import edu.internet2.middleware.shibboleth.common.IdentityProvider;
44 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
45 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
46 import edu.internet2.middleware.shibboleth.common.ServiceProvider;
47 import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
48
49 /**
50  * {@link HSNameIdentifierMapping}implementation that uses an in-memory cache to store mappings between principal
51  * names and Shibboleth Attribute Query Handles.
52  * 
53  * @author Walter Hoehn
54  */
55 public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements HSNameIdentifierMapping {
56
57         protected HandleCache   cache   = HandleCache.instance();
58         private static Logger   log             = Logger.getLogger(SharedMemoryShibHandle.class.getName());
59
60         public SharedMemoryShibHandle(Element config) throws NameIdentifierMappingException {
61                 super(config);
62         }
63
64         public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
65                         IdentityProvider idProv) throws NameIdentifierMappingException {
66
67                 if (principal == null) {
68                         log.error("A principal must be supplied for Attribute Query Handle creation.");
69                         throw new IllegalArgumentException("A principal must be supplied for Attribute Query Handle creation.");
70                 }
71
72                 String handle = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
73                 log.debug("Assigning handle (" + handle + ") to principal (" + principal.getName() + ").");
74                 synchronized (cache.handleEntries) {
75                         cache.handleEntries.put(handle, createHandleEntry(principal));
76                 }
77
78                 try {
79                         return new SAMLNameIdentifier(handle, idProv.getProviderId(), getNameIdentifierFormat().toString());
80                 } catch (SAMLException e) {
81                         throw new NameIdentifierMappingException("Unable to generate Attribute Query Handle: " + e);
82                 }
83
84         }
85
86         public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
87                         throws NameIdentifierMappingException, InvalidNameIdentifierException {
88
89                 synchronized (cache.handleEntries) {
90                         if (!cache.handleEntries.containsKey(nameId.getName())) {
91                                 log.debug("The Name Mapping Cache does not contain an entry for this Attribute Query Handle.");
92                                 throw new InvalidNameIdentifierException(
93                                                 "The Name Mapping Cache does not contain an entry for this Attribute Query Handle.", errorCodes);
94                         }
95                 }
96
97                 HandleEntry handleEntry;
98                 synchronized (cache.handleEntries) {
99                         handleEntry = (HandleEntry) cache.handleEntries.get(nameId.getName());
100                 }
101
102                 if (handleEntry.isExpired()) {
103                         log.debug("Attribute Query Handle is expired.");
104                         synchronized (cache.handleEntries) {
105                                 cache.handleEntries.remove(nameId.getName());
106                         }
107                         throw new InvalidNameIdentifierException("Attribute Query Handle is expired.", errorCodes);
108                 } else {
109                         log.debug("Attribute Query Handle recognized.");
110                         return handleEntry.principal;
111                 }
112         }
113
114         public void destroy() {
115                 cache.destroy();
116         }
117
118 }
119
120 class HandleCache {
121
122         protected Map                                           handleEntries   = new HashMap();
123         private static HandleCache                      instance;
124         protected MemoryRepositoryCleaner       cleaner                 = new MemoryRepositoryCleaner();
125         private static Logger                           log                             = Logger.getLogger(HandleCache.class.getName());
126
127         protected HandleCache() {}
128
129         public static synchronized HandleCache instance() {
130                 if (instance == null) {
131                         instance = new HandleCache();
132                         return instance;
133                 }
134                 return instance;
135         }
136
137         protected void finalize() throws Throwable {
138                 super.finalize();
139                 destroy();
140         }
141
142         protected void destroy() {
143                 synchronized (cleaner) {
144                         if (cleaner != null) {
145                                 cleaner.shutdown = true;
146                                 cleaner.interrupt();
147                         }
148                 }
149         }
150
151         private class MemoryRepositoryCleaner extends Thread {
152
153                 private boolean shutdown        = false;
154                 private Thread  master;
155
156                 public MemoryRepositoryCleaner() {
157                         super(
158                                         "edu.internet2.middleware.shibboleth.hs.provider.SharedMemoryShibHandle.HandleCache.MemoryRepositoryCleaner");
159                         this.master = Thread.currentThread();
160                         setDaemon(true);
161                         if (getPriority() > Thread.MIN_PRIORITY) {
162                                 setPriority(getPriority() - 1);
163                         }
164                         log.debug("Starting memory-based shib handle cache cleanup thread.");
165                         start();
166                 }
167
168                 public void run() {
169                         try {
170                                 sleep(60 * 1000); //one minute
171                         } catch (InterruptedException e) {
172                                 log.debug("Memory-based shib handle cache cleanup interrupted.");
173                         }
174                         while (true) {
175                                 try {
176                                         if (!master.isAlive()) {
177                                                 shutdown = true;
178                                                 log.debug("Memory-based shib handle cache cleaner is orphaned.");
179                                         }
180                                         if (shutdown) {
181                                                 log.debug("Stopping Memory-based shib handle cache cleanup thread.");
182                                                 return;
183                                         }
184                                         log.debug("Memory cache handle cache cleanup thread searching for stale entries.");
185                                         Set needsDeleting = new HashSet();
186                                         synchronized (handleEntries) {
187                                                 Iterator iterator = handleEntries.entrySet().iterator();
188                                                 while (iterator.hasNext()) {
189                                                         Entry entry = (Entry) iterator.next();
190                                                         HandleEntry handleEntry = (HandleEntry) entry.getValue();
191                                                         if (handleEntry.isExpired()) {
192                                                                 needsDeleting.add(entry.getKey());
193                                                         }
194                                                 }
195                                                 //release the lock to be friendly
196                                                 Iterator deleteIterator = needsDeleting.iterator();
197                                                 while (deleteIterator.hasNext()) {
198                                                         synchronized (handleEntries) {
199                                                                 log.debug("Expiring an Attribute Query Handle from the memory cache.");
200                                                                 handleEntries.remove(deleteIterator.next());
201                                                         }
202                                                 }
203                                         }
204                                         sleep(60 * 1000); //one minute
205                                 } catch (InterruptedException e) {
206                                         log.debug("Memory-based shib handle cache cleanup interrupted.");
207                                 }
208                         }
209                 }
210         }
211
212 }