Started to implement config settings based on Relying Party.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@852 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/common/RelyingParty.java b/src/edu/internet2/middleware/shibboleth/common/RelyingParty.java
index 5b4fa30..46d5c90 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/common/RelyingParty.java
+++ b/src/edu/internet2/middleware/shibboleth/common/RelyingParty.java
@@ -47,85 +47,18 @@
 
 package edu.internet2.middleware.shibboleth.common;
 
-import java.util.Properties;
-
-import org.w3c.dom.Element;
-
 /**
  * @author Walter Hoehn
  */
-public class RelyingParty implements ServiceProvider {
-
-       private ShibbolethOriginConfig originConfig;
-       private Properties partyOverrides = new Properties();
-       //TODO stub
-       private String id = "test:id";
-       private RelyingPartyIdentityProvider identityProvider;
-
-       public RelyingParty(Element partyConfig, ShibbolethOriginConfig globalConfig, Credentials credentials) {
-               this.originConfig = globalConfig;
-               //TODO setup things
-
-               //TODO this is just a stub... has to come from configuration
-               partyOverrides.setProperty(
-                       "edu.internet2.middleware.shibboleth.hs.HandleServlet.responseSigningCredential",
-                       "foo");
-
-               identityProvider =
-                       new RelyingPartyIdentityProvider(
-                               getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
-                               credentials.getCredential(
-                                       getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.responseSigningCredential")));
-       }
-
-       public String getProviderId() {
-               return id;
-       }
-
-       public String getName() {
-               return id;
-       }
-
-       public String getConfigProperty(String key) {
-               if (partyOverrides.containsKey(key)) {
-                       return partyOverrides.getProperty(key);
-               }
-               return originConfig.getConfigProperty(key);
-       }
-
-       public boolean isLegacyProvider() {
-               //TODO implement
-               return true;
-       }
-
-       public String getHSNameFormatId() {
-               return null;
-       }
-
-       public RelyingPartyIdentityProvider getIdentityProvider() {
-               return identityProvider;
-       }
-}
-
-class RelyingPartyIdentityProvider implements IdentityProvider {
+public interface RelyingParty extends ServiceProvider {
 
-       private String providerId;
-       private Credential responseSigningCredential;
+       public String getName();
 
-       RelyingPartyIdentityProvider(String providerId, Credential responseSigningCred) {
-               this.providerId = providerId;
-               this.responseSigningCredential = responseSigningCred;
-       }
-       public String getProviderId() {
-               return providerId;
-       }
+       public String getConfigProperty(String key);
 
-       public Credential getResponseSigningCredential() {
-               return responseSigningCredential;
-       }
+       public boolean isLegacyProvider();
 
-       public Credential getAssertionSigningCredential() {
-               return null;
-       }
+       public String getHSNameFormatId();
 
+       public IdentityProvider getIdentityProvider();
 }

diff --git a/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java b/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
new file mode 100644 (file)
index 0000000..db7f049
--- /dev/null
+++ b/src/edu/internet2/middleware/shibboleth/common/ServiceProviderMapper.java
@@ -0,0 +1,246 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
+ * for Advanced Internet Development, Inc. All rights reserved
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear.
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
+ * please contact shibboleth@shibboleth.org
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
+ * University Corporation for Advanced Internet Development.
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package edu.internet2.middleware.shibboleth.common;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.w3c.dom.Element;
+
+/**
+ * @author Walter Hoehn
+ *  
+ */
+public class ServiceProviderMapper {
+
+       ShibbolethOriginConfig configuration;
+       Credentials credentials;
+       Map relyingParties = new HashMap();
+       Map relyingPartyGroups = new HashMap();
+
+       public ServiceProviderMapper(ShibbolethOriginConfig configuration, Credentials credentials) {
+               this.configuration = configuration;
+               this.credentials = credentials;
+       }
+
+       public void addRelyingParty(Element e) {
+               if (e.getLocalName().equals("RelyingParty")) {
+                       RelyingParty party = new RelyingPartyImpl(e, configuration, credentials);
+                       relyingParties.put(party.getName(), party);
+               } else if (e.getLocalName().equals("RelyingPartyGroup")) {
+                       RelyingParty party = new RelyingPartyImpl(e, configuration, credentials);
+                       relyingPartyGroups.put(party.getName(), party);
+               } else {
+                       //TODO throw exception here
+               }
+       }
+
+       public RelyingParty getRelyingParty(String providerIdFromTarget) {
+
+               //If the target did not send a Provider Id, then assume it is a Shib
+               // 1.1 or older target
+               if (providerIdFromTarget == null || providerIdFromTarget.equals("")) {
+                       return new LegacyWrapper(getDefaultRelyingPatry());
+               }
+
+               if (!relyingParties.containsKey(providerIdFromTarget)) {
+                       return getDefaultRelyingPatry();
+               }
+               //TODO do secondary lookup for groups (metadata)
+               return (RelyingParty) relyingParties.get(providerIdFromTarget);
+       }
+
+       private RelyingParty getDefaultRelyingPatry() {
+
+               return (RelyingParty) relyingParties.get(
+                       configuration.getConfigProperty(
+                               "edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty"));
+               // TODO look for groups too, probably first
+       }
+       class RelyingPartyImpl implements RelyingParty {
+
+               protected ShibbolethOriginConfig originConfig;
+               protected Properties partyOverrides = new Properties();
+               protected RelyingPartyIdentityProvider identityProvider;
+               protected String id = "test:id";
+
+               public RelyingPartyImpl(Element partyConfig, ShibbolethOriginConfig globalConfig, Credentials credentials) {
+
+                       this.originConfig = globalConfig;
+                       
+                       
+                       //TODO this is just a stub... has to come from configuration
+                       partyOverrides.setProperty(
+                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.responseSigningCredential",
+                               "foo");
+
+                       identityProvider =
+                               new RelyingPartyIdentityProvider(
+                                       getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
+                                       credentials.getCredential(
+                                               getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.responseSigningCredential")));
+                       //TODO stub
+
+               }
+
+               public String getProviderId() {
+                       return id;
+               }
+
+               public String getName() {
+                       return id;
+               }
+
+               public boolean isLegacyProvider() {
+                       return false;
+               }
+
+               public String getConfigProperty(String key) {
+                       if (partyOverrides.containsKey(key)) {
+                               return partyOverrides.getProperty(key);
+                       }
+                       return originConfig.getConfigProperty(key);
+               }
+
+               public String getHSNameFormatId() {
+                       return null;
+               }
+               public IdentityProvider getIdentityProvider() {
+                       return identityProvider;
+               }
+               class RelyingPartyIdentityProvider implements IdentityProvider {
+
+                       private String providerId;
+                       private Credential responseSigningCredential;
+
+                       RelyingPartyIdentityProvider(String providerId, Credential responseSigningCred) {
+                               this.providerId = providerId;
+                               this.responseSigningCredential = responseSigningCred;
+                       }
+                       
+                       public String getProviderId() {
+                               return providerId;
+                       }
+
+                       public Credential getResponseSigningCredential() {
+                               return responseSigningCredential;
+                       }
+
+                       public Credential getAssertionSigningCredential() {
+                               return null;
+                       }
+
+               }
+       }
+       class RelyingPartyGroupWrapper implements RelyingParty {
+
+               private RelyingParty wrapped;
+               private String providerId;
+
+               RelyingPartyGroupWrapper(RelyingPartyImpl wrapped, String providerId) {
+                       this.wrapped = wrapped;
+                       this.providerId = providerId;
+               }
+
+               public String getName() {
+                       return wrapped.getName();
+               }
+
+               public String getConfigProperty(String key) {
+                       return wrapped.getConfigProperty(key);
+               }
+
+               public boolean isLegacyProvider() {
+                       return true;
+               }
+
+               public String getHSNameFormatId() {
+                       return wrapped.getHSNameFormatId();
+               }
+
+               public IdentityProvider getIdentityProvider() {
+                       return wrapped.getIdentityProvider();
+               }
+
+               public String getProviderId() {
+                       return providerId;
+               }
+       }
+
+       class LegacyWrapper implements RelyingParty {
+               private RelyingParty wrapped;
+
+               LegacyWrapper(RelyingParty wrapped) {
+                       this.wrapped = wrapped;
+               }
+
+               public String getName() {
+                       return wrapped.getName();
+               }
+
+               public String getConfigProperty(String key) {
+                       return wrapped.getConfigProperty(key);
+               }
+
+               public boolean isLegacyProvider() {
+                       return true;
+               }
+
+               public String getHSNameFormatId() {
+                       return wrapped.getHSNameFormatId();
+               }
+
+               public IdentityProvider getIdentityProvider() {
+                       return wrapped.getIdentityProvider();
+               }
+
+               public String getProviderId() {
+                       return wrapped.getProviderId();
+               }
+       }
+}

diff --git a/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java b/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
index 293f7b0..69d126e 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ShibbolethOriginConfig.java
@@ -59,10 +59,12 @@ import edu.internet2.middleware.shibboleth.hs.HSConfigurationException;
 
 /**
  * @author Walter Hoehn
- *
+ *  
  */
 public class ShibbolethOriginConfig {
 
+       public static final String originConfigNamespace = "urn:mace:shibboleth:origin:1.0";
+
        private static Logger log = Logger.getLogger(ShibbolethOriginConfig.class.getName());
        protected Properties properties = new Properties();
 
@@ -92,6 +94,13 @@ public class ShibbolethOriginConfig {
                        throw new HSConfigurationException("Required configuration not specified.");
                }
                properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId", attribute);
+               
+               attribute = ((Element) config).getAttribute("defaultRelyingParty");
+               if (attribute == null || attribute.equals("")) {
+                       log.error("Global providerId not set.  Add a (defaultRelyingParty) attribute to <ShibbolethOriginConfig>.");
+                       throw new HSConfigurationException("Required configuration not specified.");
+               }
+               properties.setProperty("edu.internet2.middleware.shibboleth.common.RelyingParty.defaultRelyingParty", attribute);
 
                attribute = ((Element) config).getAttribute("AAUrl");
                if (attribute == null || attribute.equals("")) {

diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java b/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
index 70b3da1..168e435 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
+++ b/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
@@ -81,10 +81,10 @@ import org.xml.sax.SAXParseException;
 import sun.misc.BASE64Decoder;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.Credentials;
-import edu.internet2.middleware.shibboleth.common.IdentityProvider;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
+import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
 import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
@@ -97,7 +97,7 @@ public class HandleServlet extends HttpServlet {
        private Credentials credentials;
        private HSNameMapper nameMapper;
        private ShibPOSTProfile postProfile = new ShibPOSTProfile();
-       private ServiceProviderMapper targetMapper = new ServiceProviderMapper();
+       private ServiceProviderMapper targetMapper;
 
        protected void loadConfiguration() throws HSConfigurationException {
 
@@ -152,6 +152,27 @@ public class HandleServlet extends HttpServlet {
                                log.error("Name Identifier mapping could not be loaded: " + e);
                        }
                }
+
+               //Load relying party config
+               targetMapper = new ServiceProviderMapper(configuration, credentials);
+               
+               itemElements =
+                       parser.getDocument().getDocumentElement().getElementsByTagNameNS(
+                               ShibbolethOriginConfig.originConfigNamespace,
+                               "RelyingParty");
+
+               for (int i = 0; i < itemElements.getLength(); i++) {
+                       targetMapper.addRelyingParty((Element) itemElements.item(i));
+               }
+
+               itemElements =
+                       parser.getDocument().getDocumentElement().getElementsByTagNameNS(
+                               ShibbolethOriginConfig.originConfigNamespace,
+                               "RelyingPartyGroup");
+
+               for (int i = 0; i < itemElements.getLength(); i++) {
+                       targetMapper.addRelyingParty((Element) itemElements.item(i));
+               }
        }
 
        private DOMParser loadParser(boolean schemaChecking) throws HSConfigurationException {
@@ -397,16 +418,5 @@ public class HandleServlet extends HttpServlet {
                        notify();
                }
        }
-       //TODO This is just a stub... and should be moved out when meat is added
-       class ServiceProviderMapper {
 
-               /**
-                * @param providerIdFromTarget
-                * @return
-                */
-               public RelyingParty getRelyingParty(String providerIdFromTarget) {
-
-                       return new RelyingParty(null, configuration, credentials);
-               }
-       }
 }