+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import edu.internet2.middleware.shibboleth.*;
-import edu.internet2.middleware.shibboleth.common.*;
-import java.util.StringTokenizer;
-
-/**
- * Indicates an error with the Handle Server
- *
- * @author Barbara Jensen
- * @created March 6 2002
- */
-
-public class HandleException extends Exception{
- /** SQL failure status code */
- public final static String SQL = "handle:SQL error";
-
- /** handle failure status code */
- public final static String ERR = "handle:general error";
-
- /* will create more codes later to better handle things */
-
- private String codes;
-
- /**
- * Creates a new exception
- *
- * @param codes Zero or more dot-separated QNames
- * @param s The error message
- */
- public HandleException (String codes, String msg)
- {
- super(msg);
- this.codes = codes;
- }
-
- public HandleException (String msg)
- {
- super(msg);
- this.codes = ERR;
- }
-
- public String[] getCodes()
- {
- if (codes == null || codes.length() == 0)
- return null;
- StringTokenizer tk = new StringTokenizer(codes, ".", false);
- int i = tk.countTokens();
- String[] ret = new String[i];
- for (i--; i >= 0; i--)
- ret[i] = tk.nextToken();
- return ret;
- }
-
-}
-
private static Logger log = Logger.getLogger(HandleServlet.class.getName());
private Certificate[] certificates;
private PrivateKey privateKey;
- protected Properties loadConfiguration() throws HandleException {
+ protected Properties loadConfiguration() throws HSConfigurationException {
//Set defaults
Properties defaultProps = new Properties();
defaultProps.setProperty(
"edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation",
"edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository");
- defaultProps.setProperty(
- "edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL",
- "1800000");
- defaultProps.setProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer",
- "shib2.internet2.edu");
+ defaultProps.setProperty("edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL", "1800000");
+ defaultProps.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer", "shib2.internet2.edu");
defaultProps.setProperty(
"edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePath",
getServletContext().getRealPath("/WEB-INF/conf/handle.jks"));
properties.load(getServletContext().getResourceAsStream(propertiesFileLocation));
} catch (IOException e) {
log.error("Could not load HS servlet configuration: " + e);
- throw new HandleException("Could not load HS servlet configuration.");
+ throw new HSConfigurationException("Could not load HS servlet configuration.");
}
if (log.isDebugEnabled()) {
PrintStream debugPrinter = new PrintStream(debugStream);
properties.list(debugPrinter);
log.debug(
- "Runtime configuration parameters: "
- + System.getProperty("line.separator")
- + debugStream.toString());
+ "Runtime configuration parameters: " + System.getProperty("line.separator") + debugStream.toString());
}
return properties;
log.fatal("Error initializing SAML libraries: " + ex);
throw new UnavailableException("Handle Service failed to initialize.");
} catch (HSConfigurationException ex) {
- log.fatal(
- "Handle Service runtime configuration error. Please fix and re-initialize. Cause: " + ex);
+ log.fatal("Handle Service runtime configuration error. Please fix and re-initialize. Cause: " + ex);
throw new UnavailableException("Handle Service failed to initialize.");
} catch (HandleRepositoryException ex) {
log.fatal("Unable to load Handle Repository: " + ex);
throw new UnavailableException("Handle Service failed to initialize.");
- } catch (Exception ex) {
- log.fatal("Error in initialization: " + ex);
- throw new ServletException("Handle Service could not be initialized.");
}
}
keyStore.load(
getServletContext().getResourceAsStream(
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath")),
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath")),
configuration
.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword")
.toCharArray());
privateKey =
(PrivateKey) keyStore.getKey(
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias"),
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias"),
configuration
.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword")
.toCharArray());
- if (configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias")
- != null) {
+ if (configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias") != null) {
certificates =
keyStore.getCertificateChain(
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias"));
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias"));
} else {
certificates =
keyStore.getCertificateChain(
} catch (KeyStoreException e) {
throw new HSConfigurationException("An error occurred while accessing the java keystore: " + e);
} catch (NoSuchAlgorithmException e) {
- throw new HSConfigurationException(
- "Appropriate JCE provider not found in the java environment: " + e);
+ throw new HSConfigurationException("Appropriate JCE provider not found in the java environment: " + e);
} catch (CertificateException e) {
throw new HSConfigurationException(
"The java keystore contained a certificate that could not be loaded: " + e);
log.error(ex);
handleError(req, res, ex);
return;
- } catch (HandleException ex) {
+ } catch (InvalidClientDataException ex) {
log.error(ex);
handleError(req, res, ex);
return;
postProfile.prepare(
shireURL,
handle,
- configuration.getProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.authenticationDomain"),
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.authenticationDomain"),
clientAddress,
authType,
new Date(System.currentTimeMillis()),
Arrays.asList(certificates),
null,
null);
+
return r.toBase64();
}
protected void createForm(HttpServletRequest req, HttpServletResponse res, byte[] buf)
- throws HandleException {
- try {
- /**
- * forwarding to hs.jsp for submission
- */
- //Hardcoded to ASCII to ensure Base64 encoding compatibility
- req.setAttribute("assertion", new String(buf, "ASCII"));
-
- if (log.isDebugEnabled()) {
- try {
- log.debug(
- "Dumping generated SAML Response:"
- + System.getProperty("line.separator")
- + new String(new BASE64Decoder().decodeBuffer(new String(buf, "ASCII")), "UTF8"));
- } catch (IOException e) {
- log.error("Encountered an error while decoding SAMLReponse for logging purposes.");
- }
- }
+ throws IOException, ServletException {
- RequestDispatcher rd = req.getRequestDispatcher("/hs.jsp");
- rd.forward(req, res);
+ //Hardcoded to ASCII to ensure Base64 encoding compatibility
+ req.setAttribute("assertion", new String(buf, "ASCII"));
- } catch (IOException ex) {
- throw new HandleException("IO interruption while displaying Handle Service UI." + ex);
- } catch (ServletException ex) {
- throw new HandleException("Problem displaying Handle Service UI." + ex);
+ if (log.isDebugEnabled()) {
+ try {
+ log.debug(
+ "Dumping generated SAML Response:"
+ + System.getProperty("line.separator")
+ + new String(new BASE64Decoder().decodeBuffer(new String(buf, "ASCII")), "UTF8"));
+ } catch (IOException e) {
+ log.error("Encountered an error while decoding SAMLReponse for logging purposes.");
+ }
}
+ RequestDispatcher rd = req.getRequestDispatcher("/hs.jsp");
+ rd.forward(req, res);
}
protected void handleError(HttpServletRequest req, HttpServletResponse res, Exception e)
}
- protected void checkRequestParams(HttpServletRequest req) throws HandleException {
+ protected void checkRequestParams(HttpServletRequest req) throws InvalidClientDataException {
if (req.getParameter("target") == null || req.getParameter("target").equals("")) {
- throw new HandleException("Invalid data from SHIRE: no target URL received.");
+ throw new InvalidClientDataException("Invalid data from SHIRE: no target URL received.");
}
if ((req.getParameter("shire") == null) || (req.getParameter("shire").equals(""))) {
- throw new HandleException("Invalid data from SHIRE: No acceptance URL received.");
+ throw new InvalidClientDataException("Invalid data from SHIRE: No acceptance URL received.");
}
if ((req.getRemoteUser() == null) || (req.getRemoteUser().equals(""))) {
- throw new HandleException("Unable to authenticate remote user");
+ throw new InvalidClientDataException("Unable to authenticate remote user");
}
if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) {
- throw new HandleException("Unable to obtain client address.");
+ throw new InvalidClientDataException("Unable to obtain client address.");
}
}
+ class InvalidClientDataException extends Exception {
+ public InvalidClientDataException(String message) {
+ super(message);
+ }
+ }
}
+