private ArpEngine arpEngine;
private AttributeResolver resolver;
private ArtifactMapper artifactMapper;
+ private Semaphore throttle;
IdPProtocolSupport(IdPConfig config, Logger transactionLog, NameMapper nameMapper, ServiceProviderMapper spMapper,
ArpEngine arpEngine, AttributeResolver resolver) throws ShibbolethConfigurationException {
this.resolver = resolver;
// TODO make this pluggable... and clean up memory impl
artifactMapper = new MemoryArtifactMapper();
+
+ // Load a semaphore that throttles how many requests the IdP will handle at once
+ throttle = new Semaphore(config.getMaxThreads());
}
public static void validateEngineData(HttpServletRequest req) throws InvalidClientDataException {
return spMapper;
}
- public static void signAssertions(SAMLAssertion[] assertions, RelyingParty relyingParty)
- throws InvalidCryptoException, SAMLException {
+ public void signAssertions(SAMLAssertion[] assertions, RelyingParty relyingParty) throws InvalidCryptoException,
+ SAMLException {
if (relyingParty.getIdentityProvider().getSigningCredential() == null
|| relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey() == null) {
"The Shibboleth IdP currently only supports signing with RSA and DSA keys.");
}
- assertions[i].sign(assertionAlgorithm, relyingParty.getIdentityProvider().getSigningCredential()
- .getPrivateKey(), Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential()
- .getX509CertificateChain()));
+ try {
+ throttle.enter();
+ assertions[i].sign(assertionAlgorithm, relyingParty.getIdentityProvider().getSigningCredential()
+ .getPrivateKey(), Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential()
+ .getX509CertificateChain()));
+ } finally {
+ throttle.exit();
+ }
}
}
- public static void signResponse(SAMLResponse response, RelyingParty relyingParty) throws SAMLException {
+ public void signResponse(SAMLResponse response, RelyingParty relyingParty) throws SAMLException {
// Make sure we have an appropriate credential
if (relyingParty.getIdentityProvider().getSigningCredential() == null
throw new InvalidCryptoException(SAMLException.RESPONDER,
"The Shibboleth IdP currently only supports signing with RSA and DSA keys.");
}
-
- response.sign(responseAlgorithm, relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey(),
- Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential().getX509CertificateChain()));
+ try {
+ throttle.enter();
+ response.sign(responseAlgorithm, relyingParty.getIdentityProvider().getSigningCredential().getPrivateKey(),
+ Arrays.asList(relyingParty.getIdentityProvider().getSigningCredential().getX509CertificateChain()));
+ } finally {
+ throttle.exit();
+ }
}
protected void addFederationProvider(Element element) {
return artifactMapper;
}
+
+ private class Semaphore {
+
+ private int value;
+
+ public Semaphore(int value) {
+
+ this.value = value;
+ }
+
+ public synchronized void enter() {
+
+ --value;
+ if (value < 0) {
+ try {
+ wait();
+ } catch (InterruptedException e) {
+ // squelch and continue
+ }
+ }
+ }
+
+ public synchronized void exit() {
+
+ ++value;
+ notify();
+ }
+ }
}
\ No newline at end of file
private static Logger log = Logger.getLogger(IdPResponder.class.getName());
private static Random idgen = new Random();
private SAMLBinding binding;
- private Semaphore throttle;
+
private IdPConfig configuration;
private HashMap protocolHandlers = new HashMap();
private IdPProtocolSupport protocolSupport;
// Load global configuration properties
configuration = new IdPConfig(originConfig.getDocumentElement());
- // Load a semaphore that throttles how many requests the IdP will handle at once
- throttle = new Semaphore(configuration.getMaxThreads());
-
// Load name mappings
NameMapper nameMapper = new NameMapper();
NodeList itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(
log.debug("Recieved a request via GET for location (" + request.getRequestURL() + ").");
try {
- // TODO this throttle should probably just wrap signing operations...
- throttle.enter();
-
// Determine which protocol we are responding to (at this point normally Shibv1 vs. EAuth)
IdPProtocolHandler activeHandler = (IdPProtocolHandler) protocolHandlers.get(request.getRequestURL()
.toString());
log.error(ex);
displayBrowserError(request, response, ex);
return;
- } finally {
- throttle.exit();
}
}
rd.forward(req, res);
}
- private class Semaphore {
-
- private int value;
-
- public Semaphore(int value) {
-
- this.value = value;
- }
-
- public synchronized void enter() {
-
- --value;
- if (value < 0) {
- try {
- wait();
- } catch (InterruptedException e) {
- // squelch and continue
- }
- }
- }
-
- public synchronized void exit() {
-
- ++value;
- notify();
- }
- }
-
}
class FederationProviderFactory {
}
}
if (relyingParty.wantsAssertionsSigned() || metaDataIndicatesSignAssertions) {
- IdPProtocolSupport.signAssertions((SAMLAssertion[]) assertions.toArray(new SAMLAssertion[0]), relyingParty);
+ support.signAssertions((SAMLAssertion[]) assertions.toArray(new SAMLAssertion[0]), relyingParty);
}
// Create artifacts for each assertion
}
}
if (relyingParty.wantsAssertionsSigned() || metaDataIndicatesSignAssertions) {
- IdPProtocolSupport.signAssertions((SAMLAssertion[]) assertions.toArray(new SAMLAssertion[0]), relyingParty);
+ support.signAssertions((SAMLAssertion[]) assertions.toArray(new SAMLAssertion[0]), relyingParty);
}
// Set attributes needed by form
SAMLResponse samlResponse = new SAMLResponse(null, acceptanceURL, assertions, null);
- IdPProtocolSupport.signResponse(samlResponse, relyingParty);
+ support.signResponse(samlResponse, relyingParty);
createPOSTForm(request, response, samlResponse.toBase64());
projects / java-idp.git / commitdiff