Rationalized support for artifact lookup in the union IdP.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 9 Jan 2005 06:35:08 +0000 (06:35 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sun, 9 Jan 2005 06:35:08 +0000 (06:35 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1209 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapper.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapping.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/artifact/provider/BaseArtifactMapper.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/artifact/provider/MemoryArtifactMapper.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/idp/IdPResponder.java

diff --git a/src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapper.java b/src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapper.java
new file mode 100644 (file)
index 0000000..892d8e4
--- /dev/null
@@ -0,0 +1,57 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.artifact;
+
+import org.opensaml.SAMLAssertion;
+
+import edu.internet2.middleware.shibboleth.hs.HSRelyingParty;
+
+/**
+ * Translates back and forth between SAML assertions and mapping strings (artifacts) needed for the SAML artifact
+ * profile.
+ * 
+ * @author Walter Hoehn
+ */
+public interface ArtifactMapper {
+
+       /**
+        * Generates an artifact from a SAML assertion.
+        * 
+        * @param assertion
+        *            the SAML assertion
+        * @param relyingParty
+        *            the relying party on behalf of which the artifact is being created
+        * @return the artifact
+        */
+       public String generateArtifact(SAMLAssertion assertion, HSRelyingParty relyingParty);
+
+       /**
+        * @param artifact
+        * @return
+        */
+
+       public ArtifactMapping recoverAssertion(String artifact);
+}
\ No newline at end of file
diff --git a/src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapping.java b/src/edu/internet2/middleware/shibboleth/artifact/ArtifactMapping.java
new file mode 100644 (file)
index 0000000..76bba7f
--- /dev/null
@@ -0,0 +1,81 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.artifact;
+
+import org.opensaml.SAMLAssertion;
+
+import edu.internet2.middleware.shibboleth.common.ServiceProvider;
+
+/**
+ * Encapsulates internal data/functionality that is tied to a SAML artifact.
+ * 
+ * @author Walter Hoehn
+ */
+public class ArtifactMapping {
+
+       private String                  assertionHandle;
+       private long                    expirationTime;
+       private SAMLAssertion   assertion;
+       private String                  serviceProviderId;
+
+       public ArtifactMapping(String assertionHandle, SAMLAssertion assertion, ServiceProvider sp) {
+               this.assertionHandle = assertionHandle;
+               this.assertion = assertion;
+               expirationTime = System.currentTimeMillis() + (1000 * 60 * 5); //in 5 minutes
+               serviceProviderId = sp.getProviderId();
+       }
+
+       /**
+        * Boolean indication of whether the artifact is expired.
+        */
+       public boolean isExpired() {
+               if (System.currentTimeMillis() > expirationTime) { return true; }
+               return false;
+       }
+
+       /**
+        * Boolean indication of whether the artifact was created on behalf of a specified SP.
+        */
+       public boolean isCorrectProvider(ServiceProvider sp) {
+               if (sp.getProviderId().equals(serviceProviderId)) { return true; }
+               return false;
+       }
+
+       /**
+        * Retrieves the SAML assertion associated with the artifact.
+        */
+       public SAMLAssertion getAssertion() {
+               return assertion;
+       }
+
+       /**
+        * Retrieves the SP on behalf of which the artifact was originally created.
+        */
+       public String getServiceProviderId() {
+               return serviceProviderId;
+       }
+
+}
\ No newline at end of file
diff --git a/src/edu/internet2/middleware/shibboleth/artifact/provider/BaseArtifactMapper.java b/src/edu/internet2/middleware/shibboleth/artifact/provider/BaseArtifactMapper.java
new file mode 100644 (file)
index 0000000..0121a84
--- /dev/null
@@ -0,0 +1,147 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.artifact.provider;
+
+import java.io.IOException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import org.apache.log4j.Logger;
+import org.opensaml.SAMLAssertion;
+
+import sun.misc.BASE64Decoder;
+import sun.misc.BASE64Encoder;
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapper;
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapping;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
+import edu.internet2.middleware.shibboleth.hs.HSRelyingParty;
+
+/**
+ * Functionality common to most <code>ArtifactMapper</code> implementations, including creation and basic
+ * encoding/decoding of arifiacts. Defers storage and lookup to subclasses.
+ * 
+ * @author Walter Hoehn
+ */
+public abstract class BaseArtifactMapper implements ArtifactMapper {
+
+       private static Logger   log                     = Logger.getLogger(BaseArtifactMapper.class.getName());
+       private static byte[]   typeCode        = {0, 1};
+
+       private SecureRandom    random          = new SecureRandom();
+       private MessageDigest   md;
+
+       public BaseArtifactMapper() throws ShibbolethConfigurationException {
+               try {
+                       md = MessageDigest.getInstance("SHA-1");
+               } catch (NoSuchAlgorithmException e) {
+                       log.error("No support found for SHA-1 digest algorithm: " + e);
+                       throw new ShibbolethConfigurationException(
+                                       "The IdP Artifact Mapper requires JCE support for the SHA-1 digest algorithm.");
+               }
+
+       }
+
+       public ArtifactMapping recoverAssertion(String artifact) {
+
+               try {
+                       //Decode the artifact
+                       byte[] decoded = new BASE64Decoder().decodeBuffer(artifact);
+                       if (decoded.length != 42) {
+                               log.error("Invalid artifact length.");
+                               return null;
+                       }
+
+                       //Check the type
+                       if (decoded[0] != typeCode[0] || decoded[1] != typeCode[1]) {
+                               log.error("Incorrect artifact type code.");
+                               return null;
+                       }
+
+                       //Grab the assertion handle
+                       byte[] assertionHandle = new byte[20];
+                       for (int assertionHandleCount = 0, decodedCount = 22; assertionHandleCount < assertionHandle.length; assertionHandleCount++, decodedCount++) {
+                               assertionHandle[assertionHandleCount] = decoded[decodedCount];
+                       }
+                       String stringHandle = new String(assertionHandle);
+
+                       //delegate recovery to extenders
+                       return recoverAssertionImpl(stringHandle);
+
+               } catch (IOException e) {
+                       log.error("Artifact not properly Base64 encoded.");
+                       return null;
+               }
+       }
+
+       public String generateArtifact(SAMLAssertion assertion, HSRelyingParty relyingParty) {
+
+               byte[] allArtifactComponents = new byte[42];
+
+               // Add typecode
+               allArtifactComponents[0] = typeCode[0];
+               allArtifactComponents[1] = typeCode[1];
+
+               // Add SourceID
+               byte[] sourceID = new byte[20];
+               synchronized (md) {
+                       sourceID = md.digest(relyingParty.getIdentityProvider().getProviderId().getBytes());
+               }
+               for (int sourceIdCount = 0, allComponentCount = 2; sourceIdCount < sourceID.length; sourceIdCount++, allComponentCount++) {
+                       allArtifactComponents[allComponentCount] = sourceID[sourceIdCount];
+               }
+
+               // Add Asserton Handle
+               byte[] buffer = new byte[20];
+               random.nextBytes(buffer);
+               for (int assertionHandleCount = 0, allComponentCount = 22; assertionHandleCount < buffer.length; assertionHandleCount++, allComponentCount++) {
+                       allArtifactComponents[allComponentCount] = buffer[assertionHandleCount];
+               }
+
+               // Cache the assertion handle
+               String assertionHandle = new String(buffer);
+
+               // Delegate adding to extenders
+               addAssertionImpl(assertionHandle, new ArtifactMapping(assertionHandle, assertion, relyingParty));
+
+               // Return the encoded artifact
+               return new BASE64Encoder().encode(allArtifactComponents);
+       }
+
+       /**
+        * Subclasses should implement artifact storage with this method.
+        */
+       protected abstract void addAssertionImpl(String assertionHandle, ArtifactMapping mapping);
+
+       /**
+        * Subclasses should implement artifact lookup with this method.
+        * 
+        * @param stringHandle
+        *            the artifact string
+        */
+       protected abstract ArtifactMapping recoverAssertionImpl(String artifact);
+
+}
\ No newline at end of file
diff --git a/src/edu/internet2/middleware/shibboleth/artifact/provider/MemoryArtifactMapper.java b/src/edu/internet2/middleware/shibboleth/artifact/provider/MemoryArtifactMapper.java
new file mode 100644 (file)
index 0000000..e28b526
--- /dev/null
@@ -0,0 +1,77 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.artifact.provider;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapper;
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapping;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
+
+/**
+ * <code>ArtifactMapper</code> implementation that saves queryable artifacts in memory.
+ * 
+ * @author Walter Hoehn
+ */
+public class MemoryArtifactMapper extends BaseArtifactMapper implements ArtifactMapper {
+
+       public MemoryArtifactMapper() throws ShibbolethConfigurationException {
+               super();
+       }
+
+       //TODO need to cleanup stale artifacts
+       private static Logger   log                     = Logger.getLogger(MemoryArtifactMapper.class.getName());
+       private static Map              mappings        = Collections.synchronizedMap(new HashMap());
+
+       /*
+        * (non-Javadoc)
+        * 
+        * @see edu.internet2.middleware.shibboleth.artifact.provider.BaseArtifactMapper#recoverAssertionImpl(java.lang.String)
+        */
+       protected ArtifactMapping recoverAssertionImpl(String stringHandle) {
+
+               //Load the assertion from memory
+               ArtifactMapping mapping = (ArtifactMapping) mappings.get(stringHandle);
+               mappings.remove(stringHandle);
+               if (mapping == null || mapping.isExpired()) { return null; }
+               return mapping;
+       }
+
+       /*
+        * (non-Javadoc)
+        * 
+        * @see edu.internet2.middleware.shibboleth.artifact.provider.BaseArtifactMapper#addAssertionImpl(java.lang.String,
+        *      edu.internet2.middleware.shibboleth.artifact.ArtifactMapping)
+        */
+       protected void addAssertionImpl(String assertionHandle, ArtifactMapping mapping) {
+               mappings.put(assertionHandle, mapping);
+       }
+
+}
\ No newline at end of file
index a73c813..4c1f59a 100644 (file)
@@ -79,6 +79,9 @@ import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver;
 import edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolverException;
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapper;
+import edu.internet2.middleware.shibboleth.artifact.ArtifactMapping;
+import edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper;
 import edu.internet2.middleware.shibboleth.common.Credential;
 import edu.internet2.middleware.shibboleth.common.Credentials;
 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
@@ -88,13 +91,11 @@ import edu.internet2.middleware.shibboleth.common.NameMapper;
 import edu.internet2.middleware.shibboleth.common.OriginConfig;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.SAMLBindingFactory;
-import edu.internet2.middleware.shibboleth.common.ServiceProvider;
 import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
 import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
 import edu.internet2.middleware.shibboleth.common.TargetFederationComponent;
-import edu.internet2.middleware.shibboleth.hs.HSRelyingParty;
 import edu.internet2.middleware.shibboleth.metadata.AttributeConsumerRole;
 import edu.internet2.middleware.shibboleth.metadata.KeyDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.Provider;
@@ -113,21 +114,13 @@ public class IdPResponder extends TargetFederationComponent {
        // servlet
 
        private static Logger                   transactionLog  = Logger.getLogger("Shibboleth-TRANSACTION");
-
        private static Logger                   log                             = Logger.getLogger(IdPResponder.class.getName());
-
        private SAMLBinding                             binding;
-
-       //TODO Need to init
-       private ArtifactRepository              artifactRepository;
+       private ArtifactMapper                  artifactMapper;
 
        //TODO Obviously this has got to be unified
        private AAConfig                                configuration;
-
-       //TODO Need to init
        private NameMapper                              nameMapper;
-
-       //TODO Need to init
        private AAServiceProviderMapper targetMapper;
 
        //TODO Need to rename, rework, and init
@@ -142,6 +135,8 @@ public class IdPResponder extends TargetFederationComponent {
                try {
                        binding = SAMLBindingFactory.getInstance(SAMLBinding.SAML_SOAP_HTTPS);
                        nameMapper = new NameMapper();
+                       // TODO this needs to be pluggable
+                       artifactMapper = new MemoryArtifactMapper();
                        loadConfiguration();
                        log.info("Identity Provider initialization complete.");
 
@@ -433,6 +428,7 @@ public class IdPResponder extends TargetFederationComponent {
                // Pull credential from request
                X509Certificate credential = getCredentialFromProvider(request);
                if (credential == null || credential.getSubjectX500Principal().getName(X500Principal.RFC2253).equals("")) {
+                       //The spec says that mutual authentication is required for the artifact profile
                        log.info("Request is from an unauthenticated service provider.");
                        throw new SAMLException(SAMLException.REQUESTER,
                                        "SAML Artifacts cannot be dereferenced for unauthenticated requesters.");
@@ -445,14 +441,12 @@ public class IdPResponder extends TargetFederationComponent {
                Iterator artifacts = samlRequest.getArtifacts();
 
                int queriedArtifacts = 0;
-               StringBuffer dereferencedArtifacts = new StringBuffer(); //for
-               // transaction
-               // log
+               StringBuffer dereferencedArtifacts = new StringBuffer(); //for transaction log
                while (artifacts.hasNext()) {
                        queriedArtifacts++;
                        String artifact = (String) artifacts.next();
                        log.debug("Attempting to dereference artifact: (" + artifact + ").");
-                       ArtifactMapping mapping = artifactRepository.recoverAssertion(artifact);
+                       ArtifactMapping mapping = artifactMapper.recoverAssertion(artifact);
                        if (mapping != null) {
                                SAMLAssertion assertion = mapping.getAssertion();
 
@@ -482,10 +476,11 @@ public class IdPResponder extends TargetFederationComponent {
 
                //The spec requires that if any artifacts are dereferenced, they must
                // all be dereferenced
-               if (assertions.size() > 0 & assertions.size() != queriedArtifacts) { throw new SAMLException(
+               if (assertions.size() > 0 && assertions.size() != queriedArtifacts) { throw new SAMLException(
                                SAMLException.REQUESTER, "Unable to successfully dereference all artifacts."); }
 
                //Create and send response
+               // The spec says that we should send "success" in the case where no artifacts match
                SAMLResponse samlResponse = new SAMLResponse(samlRequest.getId(), null, assertions, null);
 
                if (log.isDebugEnabled()) {
@@ -504,13 +499,6 @@ public class IdPResponder extends TargetFederationComponent {
                binding.respond(response, samlResponse, null);
 
                transactionLog.info("Succesfully dereferenced the following artifacts: " + dereferencedArtifacts.toString());
-               //TODO make sure we can delete this junk below
-               /*
-                * } catch (Exception e) { log.error("Error while processing request: " + e); try { sendFailure(res,
-                * samlRequest, new SAMLException(SAMLException.RESPONDER, "General error processing request.")); return; }
-                * catch (Exception ee) { log.fatal("Could not construct a SAML error response: " + ee); throw new
-                * ServletException("Handle Service response failure."); } }
-                */
        }
 
        public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
@@ -806,49 +794,4 @@ public class IdPResponder extends TargetFederationComponent {
                }
        }
 
-       abstract class ArtifactRepository {
-
-               // TODO figure out what to do about this interface long term
-               abstract String addAssertion(SAMLAssertion assertion, HSRelyingParty relyingParty);
-
-               abstract ArtifactMapping recoverAssertion(String artifact);
-       }
-
-       class ArtifactMapping {
-
-               //TODO figure out what to do about this interface long term
-               private String                  assertionHandle;
-
-               private long                    expirationTime;
-
-               private SAMLAssertion   assertion;
-
-               private String                  serviceProviderId;
-
-               ArtifactMapping(String assertionHandle, SAMLAssertion assertion, ServiceProvider sp) {
-                       this.assertionHandle = assertionHandle;
-                       this.assertion = assertion;
-                       expirationTime = System.currentTimeMillis() + (1000 * 60 * 5); //in 5
-                       // minutes
-                       serviceProviderId = sp.getProviderId();
-               }
-
-               boolean isExpired() {
-                       if (System.currentTimeMillis() > expirationTime) { return true; }
-                       return false;
-               }
-
-               boolean isCorrectProvider(ServiceProvider sp) {
-                       if (sp.getProviderId().equals(serviceProviderId)) { return true; }
-                       return false;
-               }
-
-               SAMLAssertion getAssertion() {
-                       return assertion;
-               }
-
-               String getServiceProviderId() {
-                       return serviceProviderId;
-               }
-       }
 }
\ No newline at end of file