Updated OpenSAML library.

Moved around some common components.
Converted HS to use the new OpenSAML. (with useless random response key)

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@37 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/.classpath b/.classpath
index 96e7faa..e9c2694 100644 (file)
--- a/.classpath
+++ b/.classpath
@@ -2,7 +2,6 @@
 <classpath>
     <classpathentry kind="var" path="JRE_LIB" rootpath="JRE_SRCROOT" sourcepath="JRE_SRC"/>
     <classpathentry kind="src" path="source"/>
-    <classpathentry kind="lib" path="webApplication/WEB-INF/lib/shibboleth.jar"/>
     <classpathentry kind="lib" path="buildlibs/servlet.jar" sourcepath="/shib-java/buildlibs/servlet-src.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/log4j-1.2.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/commons-beanutils.jar"/>
@@ -14,8 +13,11 @@
     <classpathentry kind="lib" path="buildlibs/xmlParserAPIs.jar" sourcepath="/shib-java/buildlibs/xerces-src.jar"/>
     <classpathentry kind="lib" path="buildlibs/xalan.jar"/>
     <classpathentry kind="lib" path="buildlibs/xml-apis.jar"/>
-    <classpathentry kind="lib" path="webApplication/WEB-INF/lib/bc-jce-jdk13-112.jar"/>
+    <classpathentry kind="lib"
+        path="webApplication/WEB-INF/lib/bc-jce-jdk13-112.jar"
+        rootpath="" sourcepath="/Shibboleth/buildlibs/jce-bc-src.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/struts.jar"/>
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/xmlsec.jar"/>
+    <classpathentry kind="lib" path="webApplication/WEB-INF/lib/opensaml.jar"/>
     <classpathentry kind="output" path="webApplication\WEB-INF\classes"/>
 </classpath>

diff --git a/src/edu/internet2/middleware/eduPerson/Init.java b/src/edu/internet2/middleware/eduPerson/Init.java
index d52867f..18a997a 100755 (executable)
--- a/src/edu/internet2/middleware/eduPerson/Init.java
+++ b/src/edu/internet2/middleware/eduPerson/Init.java
@@ -20,7 +20,7 @@ public class Init
 
         initialized = true;
         
-        edu.internet2.middleware.shibboleth.Init.init();
+        edu.internet2.middleware.shibboleth.common.Init.init();
         try
         {
             org.opensaml.XML.parserPool.registerExtension(XML.EDUPERSON_NS, XML.EDUPERSON_SCHEMA_ID, new XML.SchemaResolver());

diff --git a/src/edu/internet2/middleware/shibboleth/ClubShibPOSTProfile.java b/src/edu/internet2/middleware/shibboleth/common/ClubShibPOSTProfile.java
similarity index 97%
rename from src/edu/internet2/middleware/shibboleth/ClubShibPOSTProfile.java
rename to src/edu/internet2/middleware/shibboleth/common/ClubShibPOSTProfile.java
index f544550..656e47f 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/ClubShibPOSTProfile.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ClubShibPOSTProfile.java
@@ -1,4 +1,4 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import java.util.Date;
 import java.security.Key;
@@ -10,6 +10,9 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.*;
 import org.w3c.dom.*;
 
+import edu.internet2.middleware.shibboleth.common.*;
+import edu.internet2.middleware.shibboleth.shire.*;
+
 /**
  *  ClubShib-specific POST browser profile implementation
  *

diff --git a/src/edu/internet2/middleware/shibboleth/Constants.java b/src/edu/internet2/middleware/shibboleth/common/Constants.java
similarity index 90%
rename from src/edu/internet2/middleware/shibboleth/Constants.java
rename to src/edu/internet2/middleware/shibboleth/common/Constants.java
index 79a7cea..c7f8524 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/Constants.java
+++ b/src/edu/internet2/middleware/shibboleth/common/Constants.java
@@ -1,4 +1,4 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 /**
  *  Collection of Shibboleth constants

diff --git a/src/edu/internet2/middleware/shibboleth/Init.java b/src/edu/internet2/middleware/shibboleth/common/Init.java
similarity index 86%
rename from src/edu/internet2/middleware/shibboleth/Init.java
rename to src/edu/internet2/middleware/shibboleth/common/Init.java
index f597a52..700fd91 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/Init.java
+++ b/src/edu/internet2/middleware/shibboleth/common/Init.java
@@ -1,7 +1,9 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import javax.xml.parsers.ParserConfigurationException;
 
+import edu.internet2.middleware.shibboleth.common.XML.SchemaResolver;
+
 /**
  *  Handles one-time library initialization
  *

diff --git a/src/edu/internet2/middleware/shibboleth/OriginSiteMapper.java b/src/edu/internet2/middleware/shibboleth/common/OriginSiteMapper.java
old mode 100755 (executable)
new mode 100644 (file)
similarity index 97%
rename from src/edu/internet2/middleware/shibboleth/OriginSiteMapper.java
rename to src/edu/internet2/middleware/shibboleth/common/OriginSiteMapper.java
index e557884..a175c83
--- a/src/edu/internet2/middleware/shibboleth/OriginSiteMapper.java
+++ b/src/edu/internet2/middleware/shibboleth/common/OriginSiteMapper.java
@@ -1,4 +1,4 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import java.security.Key;
 import java.security.KeyStore;

diff --git a/src/edu/internet2/middleware/shibboleth/SAMLBindingFactory.java b/src/edu/internet2/middleware/shibboleth/common/SAMLBindingFactory.java
similarity index 91%
rename from src/edu/internet2/middleware/shibboleth/SAMLBindingFactory.java
rename to src/edu/internet2/middleware/shibboleth/common/SAMLBindingFactory.java
index 7ea919f..2116e2a 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/SAMLBindingFactory.java
+++ b/src/edu/internet2/middleware/shibboleth/common/SAMLBindingFactory.java
@@ -1,8 +1,10 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import org.opensaml.SAMLBinding;
 import org.opensaml.SAMLSOAPBinding;
 
+import edu.internet2.middleware.shibboleth.common.*;
+
 /**
  *  Used by Shibboleth SHAR/AA to locate a SAML binding implementation
  *

diff --git a/src/edu/internet2/middleware/shibboleth/ShibPOSTProfile.java b/src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfile.java
similarity index 99%
rename from src/edu/internet2/middleware/shibboleth/ShibPOSTProfile.java
rename to src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfile.java
index 747682d..4140937 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/ShibPOSTProfile.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfile.java
@@ -1,4 +1,4 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.KeyStore;
@@ -18,6 +18,7 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.*;
 import org.w3c.dom.*;
 
+
 /**
  *  Basic Shibboleth POST browser profile implementation with basic support for
  *  signing

diff --git a/src/edu/internet2/middleware/shibboleth/ShibPOSTProfileFactory.java b/src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfileFactory.java
similarity index 97%
rename from src/edu/internet2/middleware/shibboleth/ShibPOSTProfileFactory.java
rename to src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfileFactory.java
index 04cfc68..a7edf54 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/ShibPOSTProfileFactory.java
+++ b/src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfileFactory.java
@@ -1,9 +1,10 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import java.security.Key;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLPOSTProfile;
 
+
 /**
  *  Used by Shibboleth HS/SHIRE to locate a Shibboleth POST profile
  *  implementation

diff --git a/src/edu/internet2/middleware/shibboleth/XML.java b/src/edu/internet2/middleware/shibboleth/common/XML.java
similarity index 97%
rename from src/edu/internet2/middleware/shibboleth/XML.java
rename to src/edu/internet2/middleware/shibboleth/common/XML.java
index 13063d9..93efada 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/XML.java
+++ b/src/edu/internet2/middleware/shibboleth/common/XML.java
@@ -1,4 +1,4 @@
-package edu.internet2.middleware.shibboleth;
+package edu.internet2.middleware.shibboleth.common;
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;

diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleService.java b/src/edu/internet2/middleware/shibboleth/hs/HandleService.java
index c6eb78e..a7794c1 100755 (executable)
--- a/src/edu/internet2/middleware/shibboleth/hs/HandleService.java
+++ b/src/edu/internet2/middleware/shibboleth/hs/HandleService.java
@@ -2,6 +2,9 @@ package edu.internet2.middleware.shibboleth.hs;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
 import java.security.Security;
 import java.util.Date;
 
@@ -17,15 +20,15 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.log4j.Logger;
 import org.apache.log4j.PropertyConfigurator;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.opensaml.SAMLException;
 import org.xml.sax.SAXException;
 
-import edu.internet2.middleware.shibboleth.AABindingInfo;
-import edu.internet2.middleware.shibboleth.Policies;
-import edu.internet2.middleware.shibboleth.SAMLAuthenticationAssertionFactory;
-import edu.internet2.middleware.shibboleth.SAMLException;
 import edu.internet2.middleware.shibboleth.common.AttributeQueryHandle;
 import edu.internet2.middleware.shibboleth.common.Base64;
+import edu.internet2.middleware.shibboleth.common.Constants;
 import edu.internet2.middleware.shibboleth.common.HandleException;
+import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
+import edu.internet2.middleware.shibboleth.common.ShibPOSTProfileFactory;
 
 /**
  * 
@@ -42,10 +45,11 @@ import edu.internet2.middleware.shibboleth.common.HandleException;
 public class HandleService extends HttpServlet {
 
        private static Logger log = Logger.getLogger(HandleService.class.getName());
-       private SAMLAuthenticationAssertionFactory assertionFactory;
+       private ShibPOSTProfile assertionFactory;
        private String hsConfigFileLocation;
        private String log4jConfigFileLocation;
-       private SecretKey key;
+       private SecretKey handleKey;
+       private PrivateKey responseKey;
 
        /**
         * @see GenericServlet#init()
@@ -58,30 +62,40 @@ public class HandleService extends HttpServlet {
                initLogger();
                initConfig();
                initViewConfig();
-               initSecretKey();
+               initSecretKeys();
                initAuthNFactory();
        }
 
        /**
-        * Initializes symmetric key for use in AQH creation
+        * Initializes symmetric handleKey for use in AQH creation
         */
 
-       private void initSecretKey() throws ServletException {
+       private void initSecretKeys() throws ServletException {
 
+               //Currently hardcoded to use Bouncy Castle
+               //Decide to change this or not based on overall shibboleth policy
+               Security.addProvider(new BouncyCastleProvider());
                try {
 
-                       //Currently hardcoded to use Bouncy Castle
-                       //Decide to change this or not based on overall shibboleth policy
-                       Security.addProvider(new BouncyCastleProvider());
                        SecretKeyFactory keyFactory =
                                SecretKeyFactory.getInstance("DESede");
                        DESedeKeySpec keySpec =
                                new DESedeKeySpec(
                                        Base64.decode(HandleServiceConfig.getSecretKey()));
-                       key = keyFactory.generateSecret(keySpec);
+                       handleKey = keyFactory.generateSecret(keySpec);
                } catch (Exception t) {
-                       log.fatal("Error reading Secret Key from configuration.", t);
-                       throw new ServletException("Error reading Key from configuration.");
+                       log.fatal("Error reading Handle Key from configuration.", t);
+                       throw new ServletException("Error reading Handle Key from configuration.");
+               }
+               try {
+                       
+                       KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
+                       gen.initialize(1024, new SecureRandom());
+                       responseKey = gen.generateKeyPair().getPrivate();
+
+               } catch (Exception t) {
+                       log.fatal("Error reading Response Key from configuration.", t);
+                       throw new ServletException("Error reading Response Key from configuration.");
                }
 
        }
@@ -171,20 +185,9 @@ public class HandleService extends HttpServlet {
 
        private void initAuthNFactory() throws ServletException {
                try {
-                       AABindingInfo[] binfo = new AABindingInfo[1];
-                       binfo[0] =
-                               new AABindingInfo(
-                                       AABindingInfo.SAML_SOAP_HTTPS,
-                                       HandleServiceConfig.getAaURL());
-                       String[] policies = { Policies.POLICY_URI_CLUBSHIB };
-                       assertionFactory =
-                               SAMLAuthenticationAssertionFactory.getInstance(
-                                       policies,
-                                       HandleServiceConfig.getIssuer(),
-                                       HandleServiceConfig.getDomain(),
-                                       binfo,
-                                       null,
-                                       null);
+                       
+                       String[] policies={Constants.POLICY_CLUBSHIB};
+                       assertionFactory=ShibPOSTProfileFactory.getInstance(policies, HandleServiceConfig.getIssuer());
 
                } catch (SAMLException se) {
                        log.fatal("Error initializing SAML library: ", se);
@@ -301,21 +304,20 @@ public class HandleService extends HttpServlet {
                        AttributeQueryHandle aqh =
                                new AttributeQueryHandle(
                                        remoteUser,
-                                       key,
+                                       handleKey,
                                        Long.parseLong(HandleServiceConfig.getValidityPeriod()),
                                        hsURL);
 
                        log.info("Acquired Handle: " + aqh.getHandleID());
-
-                       return assertionFactory
-                               .getAssertion(
-                                       new String(aqh.serialize(), "ASCII"),
-                                       shireURL,
-                                       clientAddress,
-                                       authType,
-                                       new Date(),
-                                       null)
-                               .toBase64();
+                                       
+                       return assertionFactory.prepare(
+                               shireURL,
+                               new String(aqh.serialize(), "ASCII"),
+                               HandleServiceConfig.getDomain(),
+                               clientAddress,
+                               authType,
+                               new Date(),
+                               null, responseKey, null, null, null).toBase64();
 
                } catch (SAMLException se) {
                        throw new HandleServiceException(

diff --git a/webApplication/WEB-INF/lib/opensaml.jar b/webApplication/WEB-INF/lib/opensaml.jar
new file mode 100644 (file)
index 0000000..a91ce6b
Binary files /dev/null and b/webApplication/WEB-INF/lib/opensaml.jar differ

diff --git a/webApplication/WEB-INF/lib/shibboleth.jar b/webApplication/WEB-INF/lib/shibboleth.jar
deleted file mode 100644 (file)
index 66f5b05..0000000
Binary files a/webApplication/WEB-INF/lib/shibboleth.jar and /dev/null differ