Fix usage of java.text.MessageFormat.
[java-idp.git] / src / main / java / edu / internet2 / middleware / shibboleth / idp / profile / saml2 / ArtifactResolution.java
index d4e4e95..e8ad217 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright [2006] [University Corporation for Advanced Internet Development, Inc.]
+ * Copyright 2006 University Corporation for Advanced Internet Development, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package edu.internet2.middleware.shibboleth.idp.profile.saml2;
 
+import java.text.MessageFormat;
+
 import org.joda.time.DateTime;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SAMLObjectBuilder;
@@ -89,40 +91,50 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
     public void processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) throws ProfileException {
         ArtifactResponse samlResponse;
 
-        ArtifactResolutionRequestContext requestContext = decodeRequest(inTransport, outTransport);
-
+        ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
         try {
+            decodeRequest(requestContext, inTransport, outTransport);
+
             if (requestContext.getProfileConfiguration() == null) {
-                log.error("SAML 2 Artifact Resolve profile is not configured for relying party "
-                        + requestContext.getInboundMessageIssuer());
-                requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
-                        "SAML 2 Artifact Resolve profile is not configured for relying party "
-                                + requestContext.getInboundMessageIssuer()));
-                throw new ProfileException("SAML 2 Artifact Resolve profile is not configured for relying party "
-                        + requestContext.getInboundMessageIssuer());
+                String msg = MessageFormat.format(
+                        "SAML 2 Artifact Resolve profile is not configured for relying party ''{0}''", requestContext
+                                .getInboundMessageIssuer());
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+                log.warn(msg);
+                throw new ProfileException(msg);
             }
 
             checkSamlVersion(requestContext);
 
             SAMLArtifactMapEntry artifactEntry = artifactMap.get(requestContext.getArtifact());
             if (artifactEntry == null || artifactEntry.isExpired()) {
-                log.error("Unknown artifact.");
-                requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
-                        "Unknown artifact."));
+                String msg = MessageFormat.format("Unknown artifact ''{0}'' from relying party ''{1}''", requestContext
+                        .getArtifact(), requestContext.getInboundMessageIssuer());
+                log.error(msg);
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
             }
 
             if (!artifactEntry.getIssuerId().equals(requestContext.getLocalEntityId())) {
-                log.error("Artifact issuer mismatch.  Artifact issued by " + artifactEntry.getIssuerId()
-                        + " but IdP has entity ID of " + requestContext.getLocalEntityId());
-                requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
-                        "Artifact issuer mismatch."));
+                String msg = MessageFormat.format(
+                        "Artifact issuer mismatch.  Artifact issued by ''{0}'' but IdP has entity ID of ''{1}''",
+                        artifactEntry.getIssuerId(), requestContext.getLocalEntityId());
+                log.warn(msg);
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+                return;
             }
 
             if (!artifactEntry.getRelyingPartyId().equals(requestContext.getInboundMessageIssuer())) {
-                log.error("Artifact requester mismatch.  Artifact was issued to " + artifactEntry.getRelyingPartyId()
-                        + " but was resolve request came from " + requestContext.getInboundMessageIssuer());
-                requestContext.setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI,
-                        "Artifact requester mismatch."));
+                String msg = MessageFormat
+                        .format(
+                                "Artifact requester mismatch. Artifact was issued to ''{0}'' but the resolve request came from ''{1}''",
+                                artifactEntry.getRelyingPartyId(), requestContext.getInboundMessageIssuer());
+                log.warn(msg);
+                requestContext
+                        .setFailureStatus(buildStatus(StatusCode.SUCCESS_URI, StatusCode.REQUEST_DENIED_URI, msg));
+                return;
             }
 
             // create the SAML response
@@ -145,16 +157,17 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      * 
      * @param inTransport inbound message transport
      * @param outTransport outbound message transport
-     * 
-     * @return the created request context
+     * @param requestContext request context to which decoded information should be added
      * 
      * @throws ProfileException throw if there is a problem decoding the request
      */
-    protected ArtifactResolutionRequestContext decodeRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
-            throws ProfileException {
-        log.debug("Decoding message with decoder binding {}", getInboundBinding());
+    protected void decodeRequest(ArtifactResolutionRequestContext requestContext, HTTPInTransport inTransport,
+            HTTPOutTransport outTransport) throws ProfileException {
+        if (log.isDebugEnabled()) {
+            log.debug("Decoding message with decoder binding '{}'",
+                    getInboundMessageDecoder(requestContext).getBindingURI());
+        }
 
-        ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
         requestContext.setCommunicationProfileId(getProfileId());
 
         MetadataProvider metadataProvider = getMetadataProvider();
@@ -169,20 +182,20 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
         try {
-            SAMLMessageDecoder decoder = getMessageDecoders().get(getInboundBinding());
+            SAMLMessageDecoder decoder = getInboundMessageDecoder(requestContext);
             requestContext.setMessageDecoder(decoder);
             decoder.decode(requestContext);
-            log.debug("Decoded request");
-            return requestContext;
+            log.debug("Decoded request from relying party '{}'", requestContext.getInboundMessageIssuer());
         } catch (MessageDecodingException e) {
-            log.error("Error decoding artifact resolve message", e);
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error decoding message"));
-            throw new ProfileException("Error decoding artifact resolve message");
+            String msg = "Error decoding artifact resolve message";
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, msg));
+            log.warn(msg, e);
+            throw new ProfileException(msg);
         } catch (SecurityException e) {
-            log.error("Message did not meet security requirements", e);
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI,
-                    "Message did not meet security requirements"));
-            throw new ProfileException("Message did not meet security requirements", e);
+            String msg = "Message did not meet security requirements";
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, StatusCode.REQUEST_DENIED_URI, msg));
+            log.warn(msg, e);
+            throw new ProfileException(msg, e);
         } finally {
             populateRequestContext(requestContext);
         }
@@ -226,7 +239,9 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      */
     protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) throws ProfileException {
         ArtifactResolve samlMessage = (ArtifactResolve) requestContext.getInboundSAMLMessage();
-        ((ArtifactResolutionRequestContext) requestContext).setArtifact(samlMessage.getArtifact().getArtifact());
+        if (samlMessage != null && samlMessage.getArtifact() != null) {
+            ((ArtifactResolutionRequestContext) requestContext).setArtifact(samlMessage.getArtifact().getArtifact());
+        }
     }
 
     /**
@@ -299,7 +314,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
         return samlResponse;
     }
 
-    /** Represents the internal state of a SAML 2.0 Artiface resolver request while it's being processed by the IdP. */
+    /** Represents the internal state of a SAML 2.0 Artifact resolver request while it's being processed by the IdP. */
     public class ArtifactResolutionRequestContext extends
             BaseSAML2ProfileRequestContext<ArtifactResolve, ArtifactResponse, ArtifactResolutionConfiguration>
             implements SAML2ArtifactMessageContext<ArtifactResolve, ArtifactResponse, NameID> {