Some small refactorings and cleanups.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 24 Mar 2005 04:08:58 +0000 (04:08 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 24 Mar 2005 04:08:58 +0000 (04:08 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1334 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/common/ShibBrowserProfile.java
src/edu/internet2/middleware/shibboleth/idp/provider/BaseHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/BaseServiceHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/SAMLv1_AttributeQueryHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/ShibbolethV1SSOHandler.java
tests/edu/internet2/middleware/shibboleth/aa/DNHostNameExtractionTests.java [deleted file]
tests/edu/internet2/middleware/shibboleth/aap/AAPTests.java
tests/edu/internet2/middleware/shibboleth/idp/provider/DNHostNameExtractionTests.java [new file with mode: 0644]

index 72204ec..b9448eb 100644 (file)
@@ -40,10 +40,7 @@ import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Vector;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.Vector;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 
-import javax.security.auth.x500.X500Principal;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
@@ -63,8 +60,6 @@ import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig
 import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderContext;
 import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig.ApplicationInfo;
 
 import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderContext;
 import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig.ApplicationInfo;
 
-// TODO: Do the cert extraction methods belong here? Probably not...
-
 // TODO: Suggest we implement a separation layer between the SP config pieces and the input needed
 // for this class. As long as metadata/etc. are shared, this should work.
 
 // TODO: Suggest we implement a separation layer between the SP config pieces and the input needed
 // for this class. As long as metadata/etc. are shared, this should work.
 
@@ -75,7 +70,7 @@ import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig
  */
 public class ShibBrowserProfile implements SAMLBrowserProfile {
 
  */
 public class ShibBrowserProfile implements SAMLBrowserProfile {
 
-       private static Pattern  regex           = Pattern.compile(".*?CN=([^,/]+).*");
+
 
        /** XML Signature algorithm to apply */
        protected String                algorithm       = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
 
        /** XML Signature algorithm to apply */
        protected String                algorithm       = XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
@@ -203,14 +198,7 @@ public class ShibBrowserProfile implements SAMLBrowserProfile {
         }
     }
 
         }
     }
 
-    public static String getHostNameFromDN(X500Principal dn) {
-               Matcher matches = regex.matcher(dn.getName(X500Principal.RFC2253));
-               if (!matches.find() || matches.groupCount() > 1) {
-                       log.error("Unable to extract host name name from certificate subject DN.");
-                       return null;
-               }
-               return matches.group(1);
-       }
+
 
     /**
      * @see org.opensaml.SAMLBrowserProfile#setVersion(int, int)
 
     /**
      * @see org.opensaml.SAMLBrowserProfile#setVersion(int, int)
index 0e82915..722082a 100644 (file)
@@ -28,6 +28,10 @@ package edu.internet2.middleware.shibboleth.idp.provider;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashSet;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashSet;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.security.auth.x500.X500Principal;
 
 import org.apache.log4j.Logger;
 import org.w3c.dom.Element;
 
 import org.apache.log4j.Logger;
 import org.w3c.dom.Element;
@@ -48,6 +52,8 @@ public abstract class BaseHandler implements IdPProtocolHandler {
        private static Logger log = Logger.getLogger(BaseHandler.class.getName());
        private HashSet locations = new HashSet();
 
        private static Logger log = Logger.getLogger(BaseHandler.class.getName());
        private HashSet locations = new HashSet();
 
+       private static Pattern regex = Pattern.compile(".*?CN=([^,/]+).*");
+
        /**
         * Required DOM-based constructor.
         */
        /**
         * Required DOM-based constructor.
         */
@@ -95,4 +101,14 @@ public abstract class BaseHandler implements IdPProtocolHandler {
                return (URI[]) locations.toArray(new URI[0]);
        }
 
                return (URI[]) locations.toArray(new URI[0]);
        }
 
-}
+       protected static String getHostNameFromDN(X500Principal dn) {
+
+               Matcher matches = regex.matcher(dn.getName(X500Principal.RFC2253));
+               if (!matches.find() || matches.groupCount() > 1) {
+                       log.error("Unable to extract host name name from certificate subject DN.");
+                       return null;
+               }
+               return matches.group(1);
+       }
+
+}
\ No newline at end of file
index 60c1f7c..9933e59 100644 (file)
@@ -39,7 +39,6 @@ import org.apache.xml.security.exceptions.XMLSecurityException;
 import org.apache.xml.security.keys.KeyInfo;
 import org.w3c.dom.Element;
 
 import org.apache.xml.security.keys.KeyInfo;
 import org.w3c.dom.Element;
 
-import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
@@ -75,7 +74,7 @@ public abstract class BaseServiceHandler extends BaseHandler implements IdPProto
                        log.info("Inappropriate metadata for provider.");
                        return false;
                }
                        log.info("Inappropriate metadata for provider.");
                        return false;
                }
-               // TODO figure out what to do about this role business here
+
                Iterator descriptors = sp.getKeyDescriptors();
                while (descriptors.hasNext()) {
                        KeyInfo keyInfo = ((KeyDescriptor) descriptors.next()).getKeyInfo();
                Iterator descriptors = sp.getKeyDescriptors();
                while (descriptors.hasNext()) {
                        KeyInfo keyInfo = ((KeyDescriptor) descriptors.next()).getKeyInfo();
@@ -101,10 +100,8 @@ public abstract class BaseServiceHandler extends BaseHandler implements IdPProto
                                                if (altNames != null) {
                                                        for (Iterator nameIterator = altNames.iterator(); nameIterator.hasNext();) {
                                                                List altName = (List) nameIterator.next();
                                                if (altNames != null) {
                                                        for (Iterator nameIterator = altNames.iterator(); nameIterator.hasNext();) {
                                                                List altName = (List) nameIterator.next();
-                                                               if (altName.get(0).equals(new Integer(2)) || altName.get(0).equals(new Integer(6))) { // 2 is
-                                                                       // DNS,
-                                                                       // 6 is
-                                                                       // URI
+                                                               if (altName.get(0).equals(new Integer(2)) || altName.get(0).equals(new Integer(6))) {
+                                                                       // 2 is DNS, 6 is URI
                                                                        if (altName.get(1).equals(keyInfo.itemKeyName(l).getKeyName())) {
                                                                                log.debug("Matched against SubjectAltName.");
                                                                                return true;
                                                                        if (altName.get(1).equals(keyInfo.itemKeyName(l).getKeyName())) {
                                                                                log.debug("Matched against SubjectAltName.");
                                                                                return true;
@@ -113,16 +110,13 @@ public abstract class BaseServiceHandler extends BaseHandler implements IdPProto
                                                        }
                                                }
                                        } catch (CertificateParsingException e1) {
                                                        }
                                                }
                                        } catch (CertificateParsingException e1) {
-                                               log
-                                                               .error("Encountered an problem trying to extract Subject Alternate Name from supplied certificate: "
-                                                                               + e1);
+                                               log.error("Encountered an problem trying to extract Subject Alternate "
+                                                               + "Name from supplied certificate: " + e1);
                                        }
 
                                        // If that doesn't work, try to match using
                                        // SSL-style hostname matching
                                        }
 
                                        // If that doesn't work, try to match using
                                        // SSL-style hostname matching
-
-                                       // TODO stop relying on this class
-                                       if (ShibBrowserProfile.getHostNameFromDN(certificate.getSubjectX500Principal()).equals(
+                                       if (getHostNameFromDN(certificate.getSubjectX500Principal()).equals(
                                                        keyInfo.itemKeyName(l).getKeyName())) {
                                                log.debug("Matched against hostname.");
                                                return true;
                                                        keyInfo.itemKeyName(l).getKeyName())) {
                                                log.debug("Matched against hostname.");
                                                return true;
index b366f25..3aca4ce 100644 (file)
@@ -61,7 +61,6 @@ import edu.internet2.middleware.shibboleth.aa.AAException;
 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
-import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
@@ -105,7 +104,7 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                        + credential.getSubjectX500Principal().getName(X500Principal.RFC2253) + ").");
                        // Mockup old requester name for requests from < 1.2 targets
                        if (fromLegacyProvider(req)) {
                                        + credential.getSubjectX500Principal().getName(X500Principal.RFC2253) + ").");
                        // Mockup old requester name for requests from < 1.2 targets
                        if (fromLegacyProvider(req)) {
-                               String legacyName = ShibBrowserProfile.getHostNameFromDN(credential.getSubjectX500Principal());
+                               String legacyName = getHostNameFromDN(credential.getSubjectX500Principal());
                                if (legacyName == null) {
                                        log.error("Unable to extract legacy requester name from certificate subject.");
                                }
                                if (legacyName == null) {
                                        log.error("Unable to extract legacy requester name from certificate subject.");
                                }
index e2f77cb..3192047 100644 (file)
@@ -67,7 +67,6 @@ import edu.internet2.middleware.shibboleth.aa.AAException;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
-import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
 import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolHandler;
 import edu.internet2.middleware.shibboleth.idp.IdPProtocolSupport;
@@ -408,8 +407,8 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                        if (relyingParty.getIdentityProvider().getSigningCredential() == null
                                        || relyingParty.getIdentityProvider().getSigningCredential().getX509Certificate() == null) { throw new SAMLException(
                                        "Cannot serve legacy style assertions without an X509 certificate"); }
                        if (relyingParty.getIdentityProvider().getSigningCredential() == null
                                        || relyingParty.getIdentityProvider().getSigningCredential().getX509Certificate() == null) { throw new SAMLException(
                                        "Cannot serve legacy style assertions without an X509 certificate"); }
-                       issuer = ShibBrowserProfile.getHostNameFromDN(relyingParty.getIdentityProvider().getSigningCredential()
-                                       .getX509Certificate().getSubjectX500Principal());
+                       issuer = getHostNameFromDN(relyingParty.getIdentityProvider().getSigningCredential().getX509Certificate()
+                                       .getSubjectX500Principal());
                        if (issuer == null || issuer.equals("")) { throw new SAMLException(
                                        "Error parsing certificate DN while determining legacy issuer name."); }
 
                        if (issuer == null || issuer.equals("")) { throw new SAMLException(
                                        "Error parsing certificate DN while determining legacy issuer name."); }
 
diff --git a/tests/edu/internet2/middleware/shibboleth/aa/DNHostNameExtractionTests.java b/tests/edu/internet2/middleware/shibboleth/aa/DNHostNameExtractionTests.java
deleted file mode 100644 (file)
index a5bb002..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
- * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
- * provided that the following conditions are met: Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
- * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2
- * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
- * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
- * products derived from this software without specific prior written permission. For written permission, please
- * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
- * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
- * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
- * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
- * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
- * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.aa;
-
-import javax.security.auth.x500.X500Principal;
-
-import junit.framework.TestCase;
-
-import org.apache.log4j.BasicConfigurator;
-import org.apache.log4j.Level;
-import org.apache.log4j.Logger;
-
-import edu.internet2.middleware.shibboleth.common.ShibBrowserProfile;
-
-/**
- * Validation suite for hack to pull hostnames out of a subject DN.
- * 
- * @author Walter Hoehn(wassa@columbia.edu)
- */
-public class DNHostNameExtractionTests extends TestCase {
-
-       //Basic
-       String  dn1     = "CN=wayf.internet2.edu,OU=TSG,O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
-
-       //lowercase CN
-       String  dn2     = "cn=wayf.internet2.edu,OU=TSG,O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
-
-       //Multiple CNs
-       String  dn4     = "CN=wayf.internet2.edu,OU=TSG, CN=foo, O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
-
-       public DNHostNameExtractionTests(String name) {
-               super(name);
-               BasicConfigurator.resetConfiguration();
-               BasicConfigurator.configure();
-               Logger.getRootLogger().setLevel(Level.OFF);
-       }
-
-       public static void main(String[] args) {
-               junit.textui.TestRunner.run(DNHostNameExtractionTests.class);
-               BasicConfigurator.configure();
-               Logger.getRootLogger().setLevel(Level.OFF);
-       }
-
-       protected void setUp() throws Exception {
-               super.setUp();
-
-       }
-
-       public void testBasicExtraction() {
-
-               try {
-                       assertEquals("Round-trip handle validation failed on DN.", ShibBrowserProfile
-                                       .getHostNameFromDN(new X500Principal(dn1)), "wayf.internet2.edu");
-
-               } catch (Exception e) {
-                       fail("Error in test specification: " + e.getMessage());
-               }
-       }
-
-       public void testExtractionWithLowerCaseAttrName() {
-
-               try {
-                       assertEquals("Round-trip handle validation failed on DN.", ShibBrowserProfile
-                                       .getHostNameFromDN(new X500Principal(dn2)), "wayf.internet2.edu");
-
-               } catch (Exception e) {
-                       fail("Error in test specification: " + e.getMessage());
-               }
-       }
-
-       public void testExtractionWithMultipleCNs() {
-
-               try {
-                       assertEquals("Round-trip handle validation failed on DN.", ShibBrowserProfile
-                                       .getHostNameFromDN(new X500Principal(dn4)), "wayf.internet2.edu");
-
-               } catch (Exception e) {
-                       fail("Error in test specification: " + e.getMessage());
-               }
-       }
-
-}
index ea1998a..2018586 100644 (file)
@@ -28,15 +28,12 @@ package edu.internet2.middleware.shibboleth.aap;
 
 import java.io.File;
 import java.io.FileInputStream;
 
 import java.io.File;
 import java.io.FileInputStream;
-import java.util.Arrays;
-import java.util.Iterator;
 
 import junit.framework.TestCase;
 
 import org.apache.log4j.BasicConfigurator;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
 
 import junit.framework.TestCase;
 
 import org.apache.log4j.BasicConfigurator;
 import org.apache.log4j.Level;
 import org.apache.log4j.Logger;
-
 import org.opensaml.SAMLAttribute;
 import org.opensaml.SAMLException;
 import org.opensaml.XML;
 import org.opensaml.SAMLAttribute;
 import org.opensaml.SAMLException;
 import org.opensaml.XML;
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/provider/DNHostNameExtractionTests.java b/tests/edu/internet2/middleware/shibboleth/idp/provider/DNHostNameExtractionTests.java
new file mode 100644 (file)
index 0000000..031171a
--- /dev/null
@@ -0,0 +1,106 @@
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.provider;
+
+import javax.security.auth.x500.X500Principal;
+
+import junit.framework.TestCase;
+
+import org.apache.log4j.BasicConfigurator;
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+/**
+ * Validation suite for hack to pull hostnames out of a subject DN.
+ * 
+ * @author Walter Hoehn(wassa@columbia.edu)
+ */
+public class DNHostNameExtractionTests extends TestCase {
+
+       //Basic
+       String dn1 = "CN=wayf.internet2.edu,OU=TSG,O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
+
+       //lowercase CN
+       String dn2 = "cn=wayf.internet2.edu,OU=TSG,O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
+
+       //Multiple CNs
+       String dn4 = "CN=wayf.internet2.edu,OU=TSG, CN=foo, O=University Corporation for Advanced Internet Development,L=Ann Arbor,ST=Michigan,C=US";
+
+       public DNHostNameExtractionTests(String name) {
+
+               super(name);
+               BasicConfigurator.resetConfiguration();
+               BasicConfigurator.configure();
+               Logger.getRootLogger().setLevel(Level.OFF);
+       }
+
+       public static void main(String[] args) {
+
+               junit.textui.TestRunner.run(DNHostNameExtractionTests.class);
+               BasicConfigurator.configure();
+               Logger.getRootLogger().setLevel(Level.OFF);
+       }
+
+       protected void setUp() throws Exception {
+
+               super.setUp();
+
+       }
+
+       public void testBasicExtraction() {
+
+               try {
+                       assertEquals("Round-trip handle validation failed on DN.", BaseHandler.getHostNameFromDN(new X500Principal(
+                                       dn1)), "wayf.internet2.edu");
+
+               } catch (Exception e) {
+                       fail("Error in test specification: " + e.getMessage());
+               }
+       }
+
+       public void testExtractionWithLowerCaseAttrName() {
+
+               try {
+                       assertEquals("Round-trip handle validation failed on DN.", BaseHandler.getHostNameFromDN(new X500Principal(
+                                       dn2)), "wayf.internet2.edu");
+
+               } catch (Exception e) {
+                       fail("Error in test specification: " + e.getMessage());
+               }
+       }
+
+       public void testExtractionWithMultipleCNs() {
+
+               try {
+                       assertEquals("Round-trip handle validation failed on DN.", BaseHandler.getHostNameFromDN(new X500Principal(
+                                       dn4)), "wayf.internet2.edu");
+
+               } catch (Exception e) {
+                       fail("Error in test specification: " + e.getMessage());
+               }
+       }
+
+}
\ No newline at end of file