package edu.internet2.middleware.shibboleth.common;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
public class AQHTest extends TestCase {
protected SecretKey goodKey;
+ protected URL testHs;
public AQHTest(String name) {
super(name);
}
} catch (NoSuchAlgorithmException e) {
fail("Could not generate fixture (secret key)");
}
+
+ try {
+ testHs = new URL("http://www.test.com/HS");
+ } catch (MalformedURLException e) {
+ fail("Error initializing test Hs URL.");
+ }
}
/**
* Tests the basic, creation, serialization, and unmarshalling of the <code>AttributeQueryHandle</code>
//Create an AQH
AttributeQueryHandle originalAQH =
- new AttributeQueryHandle("Walter", goodKey, 300000l);
+ new AttributeQueryHandle("Walter", goodKey, 300000l, testHs);
//Ensure that a unique id was generated
assertNotNull(
try {
AttributeQueryHandle aqh =
- new AttributeQueryHandle("Walter", goodKey, 1l);
+ new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
Thread.sleep(2);
assertTrue(
"AttributeQueryHandle failed to expire appropriately",
}
}
+
+ /**
+ * Ensue that all of our UUIDs are not identical
+ */
+
+ public void testDups() {
+
+ try {
+ AttributeQueryHandle aqh1 =
+ new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
+ AttributeQueryHandle aqh2 =
+ new AttributeQueryHandle("Walter", goodKey, 1l, testHs);
+ assertTrue("Reusing a UUID when creating new AQH", !aqh1.getHandleID().equals(aqh2.getHandleID()));
+ } catch (HandleException e) {
+ fail("Failed to create AttributeQueryHandle" + e);
+ }
+
+
+ }
}
\ No newline at end of file
package edu.internet2.middleware.shibboleth.common;
+import java.net.URL;
import java.util.StringTokenizer;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
+import org.doomdark.uuid.UUID;
import org.doomdark.uuid.UUIDGenerator;
/**
* Creates a new <code>AttributeQueryHandle</code>
* @param principal <code>String</code> representation of user that the handle should reference
* @param ticketLength Time in milliseconds for which the handle should be valid
+ * @param hsLocation URL of the Handle Service used to generate the AQH
+ * @param key Symmetric key used to encrypt the AQH upon serialization
*
*/
public AttributeQueryHandle(
String principal,
SecretKey key,
- long ticketLength)
+ long ticketLength,
+ URL hsLocation)
throws HandleException {
-
- UUIDGenerator uuidGen = UUIDGenerator.getInstance();
-//Need to create an actual UUID here
- handleID = "12345";
+
this.principal = principal;
this.creationTime = System.currentTimeMillis();
this.expirationTime = creationTime + ticketLength;
try {
+ UUIDGenerator uuidGen = UUIDGenerator.getInstance();
+ UUID nameSpaceUUID = new UUID(UUID.NAMESPACE_URL);
+ handleID =
+ uuidGen.generateNameBasedUUID(nameSpaceUUID, hsLocation.toString())+ ":" + uuidGen.generateTimeBasedUUID();
+
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
cipherTextHandle =
/**
* Returns a <code>String</code> representation of the user that the handle references.
- * @return Returns a String
*/
public String getPrincipal() {
/**
* Returns a <code>String</code> of ciphertext representing the <code>AttributeQueryHandle</code> instance.
- * @return Returns a String
*/
public String serialize() {
/**
* Returns a <code>String</code> representation of the unique identifier for this handle.
*/
+
public String getHandleID() {
return handleID;
}
import java.io.IOException;
import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.Security;
import java.util.Date;
private String hsConfigFileLocation;
private String log4jConfigFileLocation;
private SecretKey key;
+ private URL hsURL;
/**
* @see GenericServlet#init()
initSecretKey();
initAuthNFactory();
}
-
+
/**
* Initializes symmetric key for use in AQH creation
*/
private void initSecretKey() throws ServletException {
try {
-
-//Change this to work with any JCE
+
+ //Change this to work with any JCE
Security.addProvider(new BouncyCastleProvider());
- SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
+ SecretKeyFactory keyFactory =
+ SecretKeyFactory.getInstance("DESede");
DESedeKeySpec keySpec =
- new DESedeKeySpec(Base64.decode(HandleServiceConfig.getSecretKey()));
+ new DESedeKeySpec(
+ Base64.decode(HandleServiceConfig.getSecretKey()));
key = keyFactory.generateSecret(keySpec);
} catch (Exception t) {
log.fatal("Error reading Secret Key from configuration.", t);
private void loadInitParams() {
- hsConfigFileLocation = getServletConfig().getInitParameter("HSConfigFileLocation");
+ hsConfigFileLocation =
+ getServletConfig().getInitParameter("HSConfigFileLocation");
if (hsConfigFileLocation == null) {
hsConfigFileLocation = "/WEB-INF/conf/shibboleth.xml";
}
- log4jConfigFileLocation = getServletConfig().getInitParameter("log4jConfigFileLocation");
+ log4jConfigFileLocation =
+ getServletConfig().getInitParameter("log4jConfigFileLocation");
if (log4jConfigFileLocation == null) {
log4jConfigFileLocation = "/WEB-INF/conf/log4j.properties";
}
private void initConfig() throws ServletException {
- InputStream is = getServletContext().getResourceAsStream(hsConfigFileLocation);
+ InputStream is =
+ getServletContext().getResourceAsStream(hsConfigFileLocation);
HsConfigDigester digester = new HsConfigDigester();
try {
digester.parse(is);
} catch (SAXException se) {
log.fatal("Error parsing HS configuration file.", se);
- throw new ServletException("Error parsing HS configuration file.", se);
+ throw new ServletException(
+ "Error parsing HS configuration file.",
+ se);
} catch (IOException ioe) {
log.fatal("Error reading HS configuration file.", ioe);
- throw new ServletException("Error reading HS configuration file.", ioe);
+ throw new ServletException(
+ "Error reading HS configuration file.",
+ ioe);
+ }
+
+ try {
+ hsURL = new URL(HandleServiceConfig.getLocation());
+ } catch (MalformedURLException e) {
+ log.fatal("Error parsing HS location from configuration file.", e);
+ throw new ServletException(
+ "Error reading HS configuration file.",
+ e);
}
+
}
/**
getServletContext().setAttribute(
"hs_supportContact",
HandleServiceConfig.getSupportContact());
- getServletContext().setAttribute("hs_logoLocation", HandleServiceConfig.getLogoLocation());
- getServletContext().setAttribute("hs_helpText", HandleServiceConfig.getHelpText());
+ getServletContext().setAttribute(
+ "hs_logoLocation",
+ HandleServiceConfig.getLogoLocation());
+ getServletContext().setAttribute(
+ "hs_helpText",
+ HandleServiceConfig.getHelpText());
getServletContext().setAttribute(
"hs_detailedHelpURL",
HandleServiceConfig.getDetailedHelpURL());
try {
AABindingInfo[] binfo = new AABindingInfo[1];
binfo[0] =
- new AABindingInfo(AABindingInfo.SAML_SOAP_HTTPS, HandleServiceConfig.getAaURL());
+ new AABindingInfo(
+ AABindingInfo.SAML_SOAP_HTTPS,
+ HandleServiceConfig.getAaURL());
String[] policies = { Policies.POLICY_URI_CLUBSHIB };
factory =
SAMLAuthenticationAssertionFactory.getInstance(
* @param e The Exception to be handled
*/
- private void handleError(HttpServletRequest req, HttpServletResponse res, Exception e) {
+ private void handleError(
+ HttpServletRequest req,
+ HttpServletResponse res,
+ Exception e) {
log.info("Handle Service Failure: " + e);
try {
rd.forward(req, res);
} catch (IOException ioe) {
- log.error("Problem trying to display Handle Service error page: " + ioe);
+ log.error(
+ "Problem trying to display Handle Service error page: " + ioe);
} catch (ServletException se) {
- log.error("Problem trying to display Handle Service error page: " + se);
+ log.error(
+ "Problem trying to display Handle Service error page: " + se);
}
}
* @param assertion Base64 encoded SAML authN assertion
*/
- private void handleForm(HttpServletRequest req, HttpServletResponse res, byte[] assertion)
+ private void handleForm(
+ HttpServletRequest req,
+ HttpServletResponse res,
+ byte[] assertion)
throws HandleServiceException {
try {
log.info("POSTing assertion to SHIRE.");
rd.forward(req, res);
} catch (IOException ioe) {
- throw new HandleServiceException("Problem displaying Handle Service UI." + ioe);
+ throw new HandleServiceException(
+ "Problem displaying Handle Service UI." + ioe);
} catch (ServletException se) {
- throw new HandleServiceException("Problem displaying Handle Service UI." + se);
+ throw new HandleServiceException(
+ "Problem displaying Handle Service UI." + se);
}
}
new AttributeQueryHandle(
remoteUser,
key,
- Long.parseLong(HandleServiceConfig.getValidityPeriod()));
+ Long.parseLong(HandleServiceConfig.getValidityPeriod()),
+ hsURL);
log.info("Acquired Handle: " + aqh.getHandleID());
return factory
- .getAssertion(aqh.serialize(), shireURL, clientAddress, authType, new Date(), null)
+ .getAssertion(
+ aqh.serialize(),
+ shireURL,
+ clientAddress,
+ authType,
+ new Date(),
+ null)
.toBase64();
} catch (SAMLException se) {
- throw new HandleServiceException("Error creating SAML assertion: " + se);
+ throw new HandleServiceException(
+ "Error creating SAML assertion: " + se);
} catch (IOException ioe) {
- throw new HandleServiceException("Error creating SAML assertion: " + ioe);
+ throw new HandleServiceException(
+ "Error creating SAML assertion: " + ioe);
} catch (HandleException he) {
- throw new HandleServiceException("Error creating User Handle: " + he);
+ throw new HandleServiceException(
+ "Error creating User Handle: " + he);
}
}
* for generation of an <code>AttributeQueryHandle</code>.
*/
- private void validateRequestParameters(HttpServletRequest req) throws HandleServiceException {
+ private void validateRequestParameters(HttpServletRequest req)
+ throws HandleServiceException {
- if ((req.getParameter("shire") == null) || (req.getParameter("shire").equals(""))) {
+ if ((req.getParameter("shire") == null)
+ || (req.getParameter("shire").equals(""))) {
throw new HandleServiceException("Invalid data from SHIRE: No acceptance URL received.");
}
- if ((req.getParameter("target") == null) || (req.getParameter("target").equals(""))) {
+ if ((req.getParameter("target") == null)
+ || (req.getParameter("target").equals(""))) {
throw new HandleServiceException("Invalid data from SHIRE: No target URL received.");
}
- if ((req.getRemoteUser() == null) || (req.getRemoteUser().equals(""))) {
+ if ((req.getRemoteUser() == null)
+ || (req.getRemoteUser().equals(""))) {
throw new HandleServiceException("No authentication received from webserver.");
}
if ((req.getAuthType() == null) || (req.getAuthType().equals(""))) {
throw new HandleServiceException("Unable to ascertain authentication type.");
}
- if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) {
+ if ((req.getRemoteAddr() == null)
+ || (req.getRemoteAddr().equals(""))) {
throw new HandleServiceException("Unable to ascertain client address.");
}
}