Added creation of a true UUID to the Attribute Query Handle, updated tests and HS...
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 28 May 2002 19:29:02 +0000 (19:29 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 28 May 2002 19:29:02 +0000 (19:29 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@5 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

.classpath
src/edu/internet2/middleware/shibboleth/common/AQHTest.java
src/edu/internet2/middleware/shibboleth/common/AttributeQueryHandle.java
src/edu/internet2/middleware/shibboleth/hs/HandleService.java

index b453034..b9f75e7 100644 (file)
@@ -11,8 +11,7 @@
     <classpathentry kind="lib" path="webApplication/WEB-INF/lib/commons-digester.jar"/>
     <classpathentry kind="lib"
         path="webApplication/WEB-INF/lib/jce-bc.jar" sourcepath="/ShibTest/buildlibs/jce-bc-src.jar"/>
-    <classpathentry kind="lib" path="buildlibs/junit.jar" sourcepath="/ShibTest/buildlibs/junit-src.jar"/>
-    <classpathentry kind="lib" path="webApplication/WEB-INF/lib/jug.jar"
-        rootpath="" sourcepath="/ShibTest/buildlibs/jug-src.jar"/>
+    <classpathentry kind="lib" path="buildlibs/junit.jar" rootpath="" sourcepath="/shib-java/buildlibs/junit-src.jar"/>
+    <classpathentry kind="lib" path="webApplication/WEB-INF/lib/jug.jar" sourcepath="/shib-java/webApplication/WEB-INF/lib/jug-src.jar"/>
     <classpathentry kind="output" path="webApplication\WEB-INF\classes"/>
 </classpath>
index 69b3401..f6b38c5 100755 (executable)
@@ -1,4 +1,6 @@
 package edu.internet2.middleware.shibboleth.common;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.Security;
@@ -17,6 +19,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 public class AQHTest extends TestCase {
        protected SecretKey goodKey;
+       protected URL testHs;
        public AQHTest(String name) {
                super(name);
        }
@@ -32,6 +35,12 @@ public class AQHTest extends TestCase {
                } catch (NoSuchAlgorithmException e) {
                        fail("Could not generate fixture (secret key)");
                }
+               
+               try {
+                       testHs = new URL("http://www.test.com/HS");
+               } catch (MalformedURLException e) {
+                       fail("Error initializing test Hs URL.");
+               }
        }
        /**
         * Tests the basic, creation, serialization, and unmarshalling of the <code>AttributeQueryHandle</code>
@@ -41,7 +50,7 @@ public class AQHTest extends TestCase {
 
                        //Create an AQH
                        AttributeQueryHandle originalAQH =
-                               new AttributeQueryHandle("Walter", goodKey, 300000l);
+                               new AttributeQueryHandle("Walter", goodKey, 300000l, testHs);
 
                        //Ensure that a unique id was generated 
                        assertNotNull(
@@ -96,7 +105,7 @@ public class AQHTest extends TestCase {
 
                try {
                        AttributeQueryHandle aqh =
-                               new AttributeQueryHandle("Walter", goodKey, 1l);
+                               new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
                        Thread.sleep(2);
                        assertTrue(
                                "AttributeQueryHandle failed to expire appropriately",
@@ -107,4 +116,23 @@ public class AQHTest extends TestCase {
                }
 
        }
+       
+       /**
+        * Ensue that all of our UUIDs are not identical
+        */
+       
+       public void testDups() {
+               
+               try {
+                       AttributeQueryHandle aqh1 =
+                                       new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
+                       AttributeQueryHandle aqh2 =
+                               new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
+               assertTrue("Reusing a UUID when creating new AQH", !aqh1.getHandleID().equals(aqh2.getHandleID()));
+               } catch (HandleException e) {
+                       fail("Failed to create AttributeQueryHandle" + e);
+               }
+               
+               
+       }
 }
\ No newline at end of file
index ae53c55..ef98665 100755 (executable)
@@ -1,9 +1,11 @@
 package edu.internet2.middleware.shibboleth.common;
 
+import java.net.URL;
 import java.util.StringTokenizer;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
+import org.doomdark.uuid.UUID;
 import org.doomdark.uuid.UUIDGenerator;
 
 /**
@@ -52,23 +54,28 @@ public class AttributeQueryHandle {
         * Creates a new <code>AttributeQueryHandle</code>
         * @param principal <code>String</code> representation of user that the handle should reference
         * @param ticketLength Time in milliseconds for which the handle should be valid
+        * @param hsLocation URL of the Handle Service used to generate the AQH
+        * @param key Symmetric key used to encrypt the AQH upon serialization
         * 
         */
 
        public AttributeQueryHandle(
                String principal,
                SecretKey key,
-               long ticketLength)
+               long ticketLength,
+               URL hsLocation)
                throws HandleException {
-                       
-               UUIDGenerator uuidGen = UUIDGenerator.getInstance();
-//Need to create an actual UUID here
-               handleID = "12345";
+
                this.principal = principal;
                this.creationTime = System.currentTimeMillis();
                this.expirationTime = creationTime + ticketLength;
 
                try {
+                       UUIDGenerator uuidGen = UUIDGenerator.getInstance();
+                       UUID nameSpaceUUID = new UUID(UUID.NAMESPACE_URL);
+                       handleID =
+                       uuidGen.generateNameBasedUUID(nameSpaceUUID, hsLocation.toString())+ ":" + uuidGen.generateTimeBasedUUID();
+                       
                        Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
                        cipher.init(Cipher.ENCRYPT_MODE, key);
                        cipherTextHandle =
@@ -85,7 +92,6 @@ public class AttributeQueryHandle {
 
        /**
         * Returns a <code>String</code> representation of the user that the handle references.
-        * @return Returns a String
         */
 
        public String getPrincipal() {
@@ -94,7 +100,6 @@ public class AttributeQueryHandle {
 
        /**
         * Returns a <code>String</code> of ciphertext representing the <code>AttributeQueryHandle</code> instance.
-        * @return Returns a String
         */
 
        public String serialize() {
@@ -120,6 +125,7 @@ public class AttributeQueryHandle {
        /**
         * Returns a <code>String</code> representation of the unique identifier for this handle.
         */
+       
        public String getHandleID() {
                return handleID;
        }
index 2ef5c62..a4d7c0d 100755 (executable)
@@ -2,6 +2,8 @@ package edu.internet2.middleware.shibboleth.hs;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.security.Security;
 import java.util.Date;
 
@@ -44,6 +46,7 @@ public class HandleService extends HttpServlet {
        private String hsConfigFileLocation;
        private String log4jConfigFileLocation;
        private SecretKey key;
+       private URL hsURL;
 
        /**
         * @see GenericServlet#init()
@@ -59,7 +62,7 @@ public class HandleService extends HttpServlet {
                initSecretKey();
                initAuthNFactory();
        }
-       
+
        /**
         * Initializes symmetric key for use in AQH creation
         */
@@ -67,12 +70,14 @@ public class HandleService extends HttpServlet {
        private void initSecretKey() throws ServletException {
 
                try {
-                       
-//Change this to work with any JCE
+
+                       //Change this to work with any JCE
                        Security.addProvider(new BouncyCastleProvider());
-                       SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
+                       SecretKeyFactory keyFactory =
+                               SecretKeyFactory.getInstance("DESede");
                        DESedeKeySpec keySpec =
-                               new DESedeKeySpec(Base64.decode(HandleServiceConfig.getSecretKey()));
+                               new DESedeKeySpec(
+                                       Base64.decode(HandleServiceConfig.getSecretKey()));
                        key = keyFactory.generateSecret(keySpec);
                } catch (Exception t) {
                        log.fatal("Error reading Secret Key from configuration.", t);
@@ -87,11 +92,13 @@ public class HandleService extends HttpServlet {
 
        private void loadInitParams() {
 
-               hsConfigFileLocation = getServletConfig().getInitParameter("HSConfigFileLocation");
+               hsConfigFileLocation =
+                       getServletConfig().getInitParameter("HSConfigFileLocation");
                if (hsConfigFileLocation == null) {
                        hsConfigFileLocation = "/WEB-INF/conf/shibboleth.xml";
                }
-               log4jConfigFileLocation = getServletConfig().getInitParameter("log4jConfigFileLocation");
+               log4jConfigFileLocation =
+                       getServletConfig().getInitParameter("log4jConfigFileLocation");
                if (log4jConfigFileLocation == null) {
                        log4jConfigFileLocation = "/WEB-INF/conf/log4j.properties";
                }
@@ -104,17 +111,32 @@ public class HandleService extends HttpServlet {
 
        private void initConfig() throws ServletException {
 
-               InputStream is = getServletContext().getResourceAsStream(hsConfigFileLocation);
+               InputStream is =
+                       getServletContext().getResourceAsStream(hsConfigFileLocation);
                HsConfigDigester digester = new HsConfigDigester();
                try {
                        digester.parse(is);
                } catch (SAXException se) {
                        log.fatal("Error parsing HS configuration file.", se);
-                       throw new ServletException("Error parsing HS configuration file.", se);
+                       throw new ServletException(
+                               "Error parsing HS configuration file.",
+                               se);
                } catch (IOException ioe) {
                        log.fatal("Error reading HS configuration file.", ioe);
-                       throw new ServletException("Error reading HS configuration file.", ioe);
+                       throw new ServletException(
+                               "Error reading HS configuration file.",
+                               ioe);
+               }
+               
+               try {
+                       hsURL = new URL(HandleServiceConfig.getLocation());
+               } catch (MalformedURLException e) {
+                       log.fatal("Error parsing HS location from configuration file.", e);
+                       throw new ServletException(
+                               "Error reading HS configuration file.",
+                               e);
                }
+
        }
 
        /**
@@ -137,8 +159,12 @@ public class HandleService extends HttpServlet {
                getServletContext().setAttribute(
                        "hs_supportContact",
                        HandleServiceConfig.getSupportContact());
-               getServletContext().setAttribute("hs_logoLocation", HandleServiceConfig.getLogoLocation());
-               getServletContext().setAttribute("hs_helpText", HandleServiceConfig.getHelpText());
+               getServletContext().setAttribute(
+                       "hs_logoLocation",
+                       HandleServiceConfig.getLogoLocation());
+               getServletContext().setAttribute(
+                       "hs_helpText",
+                       HandleServiceConfig.getHelpText());
                getServletContext().setAttribute(
                        "hs_detailedHelpURL",
                        HandleServiceConfig.getDetailedHelpURL());
@@ -157,7 +183,9 @@ public class HandleService extends HttpServlet {
                try {
                        AABindingInfo[] binfo = new AABindingInfo[1];
                        binfo[0] =
-                               new AABindingInfo(AABindingInfo.SAML_SOAP_HTTPS, HandleServiceConfig.getAaURL());
+                               new AABindingInfo(
+                                       AABindingInfo.SAML_SOAP_HTTPS,
+                                       HandleServiceConfig.getAaURL());
                        String[] policies = { Policies.POLICY_URI_CLUBSHIB };
                        factory =
                                SAMLAuthenticationAssertionFactory.getInstance(
@@ -208,7 +236,10 @@ public class HandleService extends HttpServlet {
         * @param e The Exception to be handled
         */
 
-       private void handleError(HttpServletRequest req, HttpServletResponse res, Exception e) {
+       private void handleError(
+               HttpServletRequest req,
+               HttpServletResponse res,
+               Exception e) {
 
                log.info("Handle Service Failure: " + e);
 
@@ -218,9 +249,11 @@ public class HandleService extends HttpServlet {
                try {
                        rd.forward(req, res);
                } catch (IOException ioe) {
-                       log.error("Problem trying to display Handle Service error page: " + ioe);
+                       log.error(
+                               "Problem trying to display Handle Service error page: " + ioe);
                } catch (ServletException se) {
-                       log.error("Problem trying to display Handle Service error page: " + se);
+                       log.error(
+                               "Problem trying to display Handle Service error page: " + se);
                }
        }
 
@@ -230,7 +263,10 @@ public class HandleService extends HttpServlet {
         * @param assertion Base64 encoded SAML authN assertion
         */
 
-       private void handleForm(HttpServletRequest req, HttpServletResponse res, byte[] assertion)
+       private void handleForm(
+               HttpServletRequest req,
+               HttpServletResponse res,
+               byte[] assertion)
                throws HandleServiceException {
 
                try {
@@ -240,9 +276,11 @@ public class HandleService extends HttpServlet {
                        log.info("POSTing assertion to SHIRE.");
                        rd.forward(req, res);
                } catch (IOException ioe) {
-                       throw new HandleServiceException("Problem displaying Handle Service UI." + ioe);
+                       throw new HandleServiceException(
+                               "Problem displaying Handle Service UI." + ioe);
                } catch (ServletException se) {
-                       throw new HandleServiceException("Problem displaying Handle Service UI." + se);
+                       throw new HandleServiceException(
+                               "Problem displaying Handle Service UI." + se);
                }
        }
 
@@ -263,20 +301,30 @@ public class HandleService extends HttpServlet {
                                new AttributeQueryHandle(
                                        remoteUser,
                                        key,
-                                       Long.parseLong(HandleServiceConfig.getValidityPeriod()));
+                                       Long.parseLong(HandleServiceConfig.getValidityPeriod()),
+                                       hsURL);
 
                        log.info("Acquired Handle: " + aqh.getHandleID());
 
                        return factory
-                               .getAssertion(aqh.serialize(), shireURL, clientAddress, authType, new Date(), null)
+                               .getAssertion(
+                                       aqh.serialize(),
+                                       shireURL,
+                                       clientAddress,
+                                       authType,
+                                       new Date(),
+                                       null)
                                .toBase64();
 
                } catch (SAMLException se) {
-                       throw new HandleServiceException("Error creating SAML assertion: " + se);
+                       throw new HandleServiceException(
+                               "Error creating SAML assertion: " + se);
                } catch (IOException ioe) {
-                       throw new HandleServiceException("Error creating SAML assertion: " + ioe);
+                       throw new HandleServiceException(
+                               "Error creating SAML assertion: " + ioe);
                } catch (HandleException he) {
-                       throw new HandleServiceException("Error creating User Handle: " + he);
+                       throw new HandleServiceException(
+                               "Error creating User Handle: " + he);
                }
        }
 
@@ -285,21 +333,26 @@ public class HandleService extends HttpServlet {
         * for generation of an <code>AttributeQueryHandle</code>.
         */
 
-       private void validateRequestParameters(HttpServletRequest req) throws HandleServiceException {
+       private void validateRequestParameters(HttpServletRequest req)
+               throws HandleServiceException {
 
-               if ((req.getParameter("shire") == null) || (req.getParameter("shire").equals(""))) {
+               if ((req.getParameter("shire") == null)
+                       || (req.getParameter("shire").equals(""))) {
                        throw new HandleServiceException("Invalid data from SHIRE: No acceptance URL received.");
                }
-               if ((req.getParameter("target") == null) || (req.getParameter("target").equals(""))) {
+               if ((req.getParameter("target") == null)
+                       || (req.getParameter("target").equals(""))) {
                        throw new HandleServiceException("Invalid data from SHIRE: No target URL received.");
                }
-               if ((req.getRemoteUser() == null) || (req.getRemoteUser().equals(""))) {
+               if ((req.getRemoteUser() == null)
+                       || (req.getRemoteUser().equals(""))) {
                        throw new HandleServiceException("No authentication received from webserver.");
                }
                if ((req.getAuthType() == null) || (req.getAuthType().equals(""))) {
                        throw new HandleServiceException("Unable to ascertain authentication type.");
                }
-               if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) {
+               if ((req.getRemoteAddr() == null)
+                       || (req.getRemoteAddr().equals(""))) {
                        throw new HandleServiceException("Unable to ascertain client address.");
                }
        }