moving cmu handle service files to hs tree
authorblk <blk@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 11 Jun 2002 19:53:08 +0000 (19:53 +0000)
committerblk <blk@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 11 Jun 2002 19:53:08 +0000 (19:53 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@62 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/hs/ClubShibSQLHandleRepository.java [new file with mode: 0755]
src/edu/internet2/middleware/shibboleth/hs/HandleEntry.java [new file with mode: 0755]
src/edu/internet2/middleware/shibboleth/hs/HandleException.java [new file with mode: 0755]
src/edu/internet2/middleware/shibboleth/hs/HandleRepositoryFactory.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/hs/HandleServiceSAML.java [new file with mode: 0755]
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java [new file with mode: 0644]

diff --git a/src/edu/internet2/middleware/shibboleth/hs/ClubShibSQLHandleRepository.java b/src/edu/internet2/middleware/shibboleth/hs/ClubShibSQLHandleRepository.java
new file mode 100755 (executable)
index 0000000..9b30cd9
--- /dev/null
@@ -0,0 +1,152 @@
+import java.util.*;
+import java.sql.*;
+import javax.servlet.http.*;
+
+public class ClubShibSQLHandleRepository extends HandleRepositoryFactory{
+
+    private Connection con;
+    String DBdriver;
+    String DBuser;
+    String DBpass;
+    String DBdomain;
+    String DBurl;
+    final static String db = "HandleService";
+
+    public ClubShibSQLHandleRepository(HttpServlet HS) 
+       throws HandleException 
+    {
+       DBdriver = HS.getInitParameter("DBdriver");
+       DBuser = HS.getInitParameter("DBuser");
+       DBpass = HS.getInitParameter("DBpass");
+       DBdomain = HS.getInitParameter("DBdomain");
+       DBurl = "jdbc:mysql://"+DBdomain+"/shib"+
+           "?user="+DBuser+"&password="+DBpass+"&autoReconnect=true";
+           
+       try {
+           Class.forName(DBdriver);
+       }
+       catch (Exception ex) {
+           throw new HandleException(HandleException.SQL, ex.getMessage());
+       }
+       try {
+           con = DriverManager.getConnection(DBurl);
+       } 
+       catch (Exception ex) {
+           throw new HandleException(HandleException.SQL, ex.getMessage());
+       }
+
+    }
+
+    public HandleEntry getHandleEntry( String handle )
+       throws HandleException
+    {
+       HandleEntry he = null;
+
+       if (handle == null){
+           throw new HandleException(HandleException.ERR, "ClubShibSQLHandleRepository() requires handle");
+       }
+
+        try{
+            Statement st = con.createStatement();
+            String query = "SELECT * FROM "+db+" WHERE handle=\""+handle+"\"";
+            ResultSet rs = st.executeQuery(query);
+
+           if(rs == null)
+               throw new HandleException(HandleException.ERR, "null result set for handle: "+handle);
+           
+           while (rs.next()) {
+               he = new HandleEntry( rs.getString("handle"), 
+                                     rs.getString("username"),
+                                     rs.getString("authType"),
+                                     rs.getLong("authInstant"),
+                                     rs.getLong("expInstant"));
+           }
+           st.close();
+       }
+       catch (SQLException e) {
+           throw new HandleException(HandleException.SQL, e.getMessage());
+        }
+       if ( he == null ) 
+           throw new HandleException(HandleException.ERR, "getHandleEntry() cannot find matching record for handle: "+handle);
+       else
+           return he;
+    }
+    
+
+    public void insertHandleEntry( HandleEntry he )
+       throws HandleException
+    {
+       if ( he == null ) { 
+           throw new HandleException(HandleException.ERR, "InsertHandle() requires HandleEntry arg");
+       }
+
+       String handle = he.getHandle();
+       String username = he.getUsername();
+       String authType = he.getAuthType();
+       long authInstant = he.getAuthInstant();
+       long expInstant = he.getExpInstant();
+
+        try{
+            Statement st = con.createStatement();
+            String update = "INSERT INTO " +db+
+                " VALUES ( \"" + handle +"\", \""+username+"\", \""+
+               authType+"\", \""+ authInstant +"\", \""+
+               expInstant+"\")";
+            st.executeUpdate(update);
+           st.close();
+        }
+        catch (SQLException e) {
+           throw new HandleException(HandleException.SQL, e.getMessage());
+        }
+    }
+
+    public String toHTMLString() 
+       throws HandleException
+    {
+       String HTMLString = new String();
+       
+        try{
+            Statement st = con.createStatement();
+            String query = "SELECT * FROM "+db;
+            ResultSet rs = st.executeQuery(query);
+            HTMLString = "Server = "+DBdomain+"<br>"+
+               "<table><tr><td><b>handle</b></td>"+
+               "<td><b>username</b></td>"+
+               "<td><b>authType</b></td>"+
+               "<td><b>authInstant</b></td>"+
+               "<td><b>expInstant</b></td></tr>";
+            while (rs.next()) {
+                String han = rs.getString(1);
+                String uid = rs.getString(2);
+                String authtype = rs.getString(3);
+                String date_in = rs.getString(4);
+                String date_exp = rs.getString(5);
+
+                HTMLString += "<tr><td>"+han+"</td><td>"+uid+"</td>" +
+               "<td>"+authtype+"</td>"+
+                "<td>"+date_in+"</td>"+
+                "<td>"+date_exp+"</td></tr>";
+            }
+           st.close();
+
+           HTMLString += "</table>";
+        }
+        catch (SQLException e) {
+           throw new HandleException(HandleException.SQL, e.getMessage());
+        }
+
+       return HTMLString;
+    }
+    public void destroy() 
+       throws HandleException
+    {
+       try {
+           con.close();
+       }
+       catch (SQLException e) {
+           throw new HandleException(HandleException.SQL, e.getMessage());
+       }
+
+    }  
+       
+}
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleEntry.java b/src/edu/internet2/middleware/shibboleth/hs/HandleEntry.java
new file mode 100755 (executable)
index 0000000..c20bd23
--- /dev/null
@@ -0,0 +1,108 @@
+import edu.internet2.middleware.shibboleth.*;
+import edu.internet2.middleware.shibboleth.common.*;
+import org.opensaml.*;
+import java.util.*;
+import HandleException;
+import org.doomdark.uuid.*;
+
+/**
+ *  Object all user information is kept in
+ *
+ * @author    Barbara Jensen
+ */
+public class HandleEntry {
+    /** opaque handle, based off MAC address and time */
+    protected String handle;
+    /** username, passed in from RemoteUser */
+    protected String username;
+    /** authentication type, passed from AuthType */
+    protected String authType;
+    /** instant of handle creation */
+    protected long authInstant;
+    /** instant of handle expiration, based on ticket length */
+    protected long expInstant;
+    
+    /**
+     *  HandleEntry object, created from HandleService
+     *
+     */
+    public HandleEntry ( String username, String authType, 
+                        long ticketLength ) 
+       throws HandleException
+    {
+       if (username == null || username.length() == 0) 
+           throw new HandleException(HandleException.ERR, "HandleEntry() requires username");
+       if (authType == null || authType.length() == 0)
+           throw new HandleException(HandleException.ERR, "HandleEntry() requires authType");
+
+       handle = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
+       this.username = username;
+       this.authType = authType;
+       this.authInstant= System.currentTimeMillis();
+       this.expInstant = authInstant+ticketLength;
+    }
+
+    /** 
+     *  HandleEntry object, created from all parts 
+     * 
+     */
+    public HandleEntry ( String handle, String username, String authType,
+                        long authInstant, long expInstant ) 
+       throws HandleException 
+    {
+       if (handle == null || handle.length() == 0) 
+           throw new HandleException(HandleException.ERR, "HandleEntry() requires handle");
+       if (username == null || username.length() == 0) 
+           throw new HandleException(HandleException.ERR, "HandleEntry() requires username");
+       if (authType == null || authType.length() == 0)
+           throw new HandleException(HandleException.ERR, "HandleEntry() requires authType");
+       
+       this.handle = handle;
+       this.username = username;
+       this.authType = authType;
+       this.authInstant = authInstant;
+       this.expInstant = expInstant;
+    }
+
+    /** 
+     *  Gets the HandleEntry's handle string 
+     * 
+     */
+    public String getHandle () {
+       return handle;
+    }
+    
+    /**
+     *  Gets the HandleEntry's username 
+     * 
+     */
+    public String getUsername () {
+       return username;
+    }
+
+    /**
+     *  Gets the HandleEntry's authentication type
+     * 
+     */
+    public String getAuthType () {
+       return authType;
+    } 
+
+    /**
+     *  Gets the HandleEntry's creation/authentication date
+     * 
+     */
+    public long getAuthInstant () {
+       return authInstant;
+    }
+
+    /**
+     *  Gets the HandleEntry's expiration date
+     * 
+     */
+    public long getExpInstant () {
+       return expInstant;
+    }
+
+}
+
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleException.java b/src/edu/internet2/middleware/shibboleth/hs/HandleException.java
new file mode 100755 (executable)
index 0000000..1fbe04c
--- /dev/null
@@ -0,0 +1,54 @@
+import edu.internet2.middleware.shibboleth.*;
+import edu.internet2.middleware.shibboleth.common.*;
+import java.util.StringTokenizer;
+
+/**
+ *  Indicates an error with the Handle Server
+ *
+ * @author     Barbara Jensen
+ * @created    March 6 2002
+ */
+
+public class HandleException extends Exception{
+    /** SQL failure status code */
+    public final static String SQL = "handle:SQL error";
+    
+    /** handle failure status code */
+    public final static String ERR = "handle:general error";
+    
+    /* will create more codes later to better handle things */
+
+    private String codes;
+
+    /**
+     *  Creates a new exception
+     *
+     * @param  codes  Zero or more dot-separated QNames
+     * @param  s      The error message
+     */
+    public HandleException (String codes, String msg)
+    {
+        super(msg);
+       this.codes = codes;
+    }
+
+    public  HandleException (String msg)
+    {
+        super(msg);
+       this.codes = ERR;
+    }
+
+    public String[] getCodes()
+    {
+        if (codes == null || codes.length() == 0)
+            return null;
+        StringTokenizer tk = new StringTokenizer(codes, ".", false);
+        int i = tk.countTokens();
+        String[] ret = new String[i];
+        for (i--; i >= 0; i--)
+            ret[i] = tk.nextToken();
+        return ret;
+    }
+
+}
+
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleRepositoryFactory.java b/src/edu/internet2/middleware/shibboleth/hs/HandleRepositoryFactory.java
new file mode 100644 (file)
index 0000000..4927918
--- /dev/null
@@ -0,0 +1,38 @@
+import javax.servlet.http.*;
+import edu.internet2.middleware.shibboleth.*;
+import edu.internet2.middleware.shibboleth.common.*;
+
+/**
+ *  Used by Shibboleth Handle Service and Attribute Authority to build a repository object
+ */
+public abstract class HandleRepositoryFactory
+{
+    /**  Array of policy URI(s) (HS and SHIRE) */
+    protected String[] policies;
+
+    public HandleRepositoryFactory()
+    {
+    }
+
+    public static HandleRepositoryFactory getInstance(String policy, 
+                                                     HttpServlet HS)
+        throws HandleException {
+
+       if(policy.equalsIgnoreCase( Constants.POLICY_CLUBSHIB )){
+           return new ClubShibSQLHandleRepository(HS);
+       }else{
+           throw new HandleException("Unsupported policy found.");
+       }
+    }
+
+    public abstract HandleEntry getHandleEntry(String handle)
+       throws HandleException;
+
+    public abstract  void insertHandleEntry(HandleEntry he)
+       throws HandleException;
+    
+    public abstract String toHTMLString()
+        throws HandleException;
+
+}
+
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleServiceSAML.java b/src/edu/internet2/middleware/shibboleth/hs/HandleServiceSAML.java
new file mode 100755 (executable)
index 0000000..447318b
--- /dev/null
@@ -0,0 +1,54 @@
+import java.io.*;
+import java.util.*;
+import edu.internet2.middleware.shibboleth.*;
+import edu.internet2.middleware.shibboleth.common.*;
+import org.opensaml.*;
+
+
+public class HandleServiceSAML {
+
+    protected String domain;
+    protected String AAurl;
+    public String[] policies = { Constants.POLICY_CLUBSHIB };
+    private ShibPOSTProfile spp;
+
+    public HandleServiceSAML( String domain, String AAurl, String issuer) 
+       throws SAMLException 
+    {
+       this.domain = domain;
+       this.AAurl = AAurl;
+       
+       spp = ShibPOSTProfileFactory.getInstance( policies, issuer );
+    }
+    
+    public byte[] prepare ( String handle, String shireURL, 
+    String clientAddress, String authMethod, Date authInstant ) 
+       throws HandleException {
+
+       try { 
+           SAMLAuthorityBinding[] bindings = new SAMLAuthorityBinding[1];
+           bindings[0] = new SAMLAuthorityBinding
+               ( SAMLBinding.SAML_SOAP_HTTPS, AAurl, 
+                 new QName(org.opensaml.XML.SAMLP_NS,"AttributeQuery") );
+           SAMLResponse r = spp.prepare 
+           ( shireURL, handle, domain, clientAddress, authMethod, 
+             authInstant, bindings, null, null, null, null
+             );
+           byte[] buf = r.toBase64();
+           
+           return buf;
+       }
+       catch (SAMLException ex) {
+           throw new HandleException( "Error creating SAML assertion: "+ex );
+       }
+       catch (IOException ex) {
+           throw new HandleException( "Error converting SAML assertion: "+ex);
+       }
+    }
+}
+                                     
+                               
+             
+                           
+
+    
diff --git a/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java b/src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
new file mode 100644 (file)
index 0000000..a1616ad
--- /dev/null
@@ -0,0 +1,169 @@
+import java.io.*;
+import java.text.*;
+import java.util.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+import edu.internet2.middleware.shibboleth.*;
+import edu.internet2.middleware.shibboleth.common.*;
+import org.opensaml.*;
+
+public class HandleServlet extends HttpServlet {
+
+    private HandleRepositoryFactory hrf;
+    private long ticketExp; 
+    private HandleServiceSAML hsSAML;
+
+    public void init(ServletConfig conf)
+       throws ServletException
+    {
+       super.init(conf);
+       getInitParams();
+
+       try {
+           hsSAML = new HandleServiceSAML( getInitParameter("domain"), 
+                                           getInitParameter("AAurl"),
+                                           getInitParameter("issuer") );
+           hrf = HandleRepositoryFactory.getInstance
+               ( Constants.POLICY_CLUBSHIB, this );
+       }
+       catch (SAMLException ex) {
+           throw new ServletException( "Error initializing SAML libraries: " + ex );
+       }
+       catch (HandleException ex) {
+           throw new ServletException( "Error initializing Handle Service: " +ex );
+       }
+       if (hsSAML == null) {
+           throw new ServletException( "Error initializing SAML libraries: No Profile created." );
+       }  
+    }
+    
+    private void getInitParams() throws ServletException {
+
+       String ticket = getInitParameter("ticket");
+       if (ticket == null) {
+           ticket = "1400000";
+       }
+       ticketExp = Long.parseLong(ticket);
+       if ( getInitParameter("domain") == null || 
+            getInitParameter("domain").equals("")) {
+           throw new ServletException("Cannot find host domain in init parameters");
+       }
+       if ( getInitParameter("AAurl") == null || 
+            getInitParameter("AAurl").equals("")) {
+           throw new ServletException("Cannot find host Attribute Authority location in init parameters");
+       }
+       
+
+    }
+
+    public void doGet(HttpServletRequest req, 
+                     HttpServletResponse res)
+       throws ServletException, IOException
+    {
+
+
+
+       HandleEntry he = null;
+
+       try {
+           checkRequestParams(req);
+
+           req.setAttribute("shire", req.getParameter("shire"));
+           req.setAttribute("target", req.getParameter("target"));
+
+           he = new HandleEntry( req.getRemoteUser(), req.getAuthType(), 
+                                 ticketExp );
+           hrf.insertHandleEntry( he );
+           
+           byte[] buf = hsSAML.prepare
+               ( he.getHandle(), req.getParameter("shire"), 
+                 req.getRemoteAddr(), he.getAuthType(), 
+                 new Date(he.getAuthInstant()));
+
+           createForm( req, res, buf );
+       }
+       catch (HandleException ex) {
+           handleError( req, res, ex );
+       }
+
+    }
+    
+    private void createForm( HttpServletRequest req, 
+                            HttpServletResponse res,
+                            byte[] buf )  
+       throws HandleException {
+       try {
+
+           res.setContentType("text/html");
+           PrintWriter out = res.getWriter();
+           out.println("<HTML><HEAD><TITLE>Handle Service</TITLE></HEAD>");
+           out.println("<BODY onLoad=\"document.forms[0].submit()\">");
+           out.println("<p><form name=\"shib\" " + "action=\"" +
+                       req.getParameter("shire")+"\" method=\"POST\">");
+           out.println("<input type=\"hidden\" name=\"TARGET\"" +
+                       " value=\"" + req.getParameter("target") + "\">");
+           out.println("<input type=\"hidden\" name=\"SAMLAssertion\""+
+                       "value=\"" + buf + "\">");
+           out.println("<input type=\"submit\" value=\"Transmit\">");
+           out.println("</form>");
+           
+           /**
+            * soon to implement forwarding to hs.jsp for submission
+             * 
+           //Hardcoded to ASCII to ensure Base64 encoding compatibility
+           req.setAttribute("assertion", new String(buf, "ASCII"));
+           RequestDispatcher rd = req.getRequestDispatcher("/hs.jsp");
+           rd.forward(req, res);
+           */
+       } catch (IOException ex) {
+           throw new HandleException
+               ("IO interruption while displaying Handle Service UI." + ex);
+       } 
+       /*
+         catch (ServletException ex) {
+           throw new HandleException
+               ("Problem displaying Handle Service UI." + ex);
+       }
+       */
+    }
+
+    private void handleError( HttpServletRequest req, 
+                            HttpServletResponse res,
+                            Exception e )  
+       throws ServletException, IOException {
+
+       req.setAttribute("errorText", e.toString());
+       //      req.setAttribute("requestURL", req.getRequestURL().toString());
+       RequestDispatcher rd = req.getRequestDispatcher("/hserror.jsp");
+       
+       rd.forward(req, res);
+       
+    }
+
+                    
+    private void checkRequestParams( HttpServletRequest req )
+       throws HandleException {
+
+       if ( req.getParameter("target") == null 
+            || req.getParameter("target").equals("")) {
+           throw new HandleException("Invalid data from SHIRE: no target URL received.");
+       }
+       if ((req.getParameter("shire") == null)
+           || (req.getParameter("shire").equals(""))) {
+           throw new HandleException("Invalid data from SHIRE: No acceptance URL received.");
+       }
+       if ((req.getRemoteUser() == null)
+           || (req.getRemoteUser().equals(""))) {
+           throw new HandleException("Unable to authenticate remote user");
+       }
+       if ((req.getAuthType() == null) || (req.getAuthType().equals(""))) {
+           throw new HandleException("Unable to obtain authentication type of user.");
+       }
+       if ((req.getRemoteAddr() == null)
+           || (req.getRemoteAddr().equals(""))) {
+           throw new HandleException("Unable to obtain client address.");
+       }    
+    }
+}
+    
+