Attempt to fix some NPEs when information is not available from the decoder or metada...

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2444 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
index 126fb31..9ee2469 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ArtifactResolution.java
@@ -38,6 +38,7 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -169,35 +170,43 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            try {
-                String relyingPartyId = requestContext.getInboundMessageIssuer();
-                RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-                requestContext.setRelyingPartyConfiguration(rpConfig);
-                requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-                String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-                requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
-                requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
-                        .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
-
-                ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
-                        .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if(profileConfig != null){
-                    requestContext.setProfileConfiguration(profileConfig);
-                    if (profileConfig.getSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-                    } else if (rpConfig.getDefaultSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
-                    }
+            String relyingPartyId = requestContext.getInboundMessageIssuer();
+            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+            if (rpConfig == null) {
+                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                        + relyingPartyId);
+            }
+            requestContext.setRelyingPartyConfiguration(rpConfig);
+
+            ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
+                    .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
+            if (profileConfig != null) {
+                requestContext.setProfileConfiguration(profileConfig);
+                if (profileConfig.getSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+                } else if (rpConfig.getDefaultSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
                 }
+            }
+
+            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
+            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
+            requestContext.setLocalEntityId(assertingPartyId);
+            try {
+                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (localEntityDescriptor != null) {
+                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
+                }
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
-                requestContext
-                        .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
-                throw new ProfileException("Error locating party metadata");
+                log.error("Unable to locate metadata for asserting party");
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                        "Error locating asserting party metadata"));
+                throw new ProfileException("Error locating asserting party metadata");
             }
         }
     }
@@ -261,7 +270,7 @@ public class ArtifactResolution extends AbstractSAML1ProfileHandler {
             artifactMap.remove(assertionArtifact.getAssertionArtifact());
             assertions.add((Assertion) artifactEntry.getSamlMessage());
         }
-        
+
         requestContext.setReferencedAssertions(assertions);
     }
 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
index e022522..ee98375 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/AttributeQueryProfileHandler.java
@@ -30,6 +30,7 @@ import org.opensaml.saml1.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -81,15 +82,15 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
                         "SAML 1 Attribute Query profile is not configured for relying party "
                                 + requestContext.getInboundMessageIssuer()));
                 samlResponse = buildErrorResponse(requestContext);
-            }else{
+            } else {
                 resolvePrincipal(requestContext);
                 resolveAttributes(requestContext);
                 requestContext.setReleasedAttributes(requestContext.getPrincipalAttributes().keySet());
-    
+
                 ArrayList<Statement> statements = new ArrayList<Statement>();
-                statements.add(buildAttributeStatement(requestContext, 
-                        "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"));
-    
+                statements
+                        .add(buildAttributeStatement(requestContext, "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"));
+
                 samlResponse = buildResponse(requestContext, statements);
             }
         } catch (ProfileException e) {
@@ -151,40 +152,52 @@ public class AttributeQueryProfileHandler extends AbstractSAML1ProfileHandler {
             throw new ProfileException("Message did not meet security policy requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            try {
-                Request request = requestContext.getInboundSAMLMessage();
-                AttributeQuery query = request.getAttributeQuery();
-                requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
-
-                String relyingPartyId = requestContext.getInboundMessageIssuer();
-                RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-                requestContext.setRelyingPartyConfiguration(rpConfig);
-                requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-                String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-                requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
-                requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
-                        .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
-
-                AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
-                        .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-                if (profileConfig != null) {
-                    requestContext.setProfileConfiguration(profileConfig);
-                    requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-                    if (profileConfig.getSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-                    } else if (rpConfig.getDefaultSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
-                    }
+
+            Request request = requestContext.getInboundSAMLMessage();
+            if (request == null) {
+                log.error("Decoder did not contain an attribute query, an error occured decoding the message");
+                throw new ProfileException("Unable to decode message.");
+            }
+            AttributeQuery query = request.getAttributeQuery();
+            requestContext.setSubjectNameIdentifier(query.getSubject().getNameIdentifier());
+
+            String relyingPartyId = requestContext.getInboundMessageIssuer();
+            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+            if (rpConfig == null) {
+                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                        + relyingPartyId);
+            }
+            requestContext.setRelyingPartyConfiguration(rpConfig);
+
+            AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
+                    .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
+            if (profileConfig != null) {
+                requestContext.setProfileConfiguration(profileConfig);
+                requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
+                if (profileConfig.getSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+                } else if (rpConfig.getDefaultSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
                 }
+            }
+            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
+            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
+            requestContext.setLocalEntityId(assertingPartyId);
+            try {
+                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (localEntityDescriptor != null) {
+                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML11P_NS));
+                }
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
-                requestContext
-                        .setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
-                throw new ProfileException("Error locating party metadata");
+                log.error("Unable to locate metadata for asserting party");
+                requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                        "Error locating asserting party metadata"));
+                throw new ProfileException("Error locating asserting party metadata");
             }
         }
     }

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
index 8e9f61b..6206b79 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml1/ShibbolethSSOProfileHandler.java
@@ -179,12 +179,12 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
         ShibbolethSSORequestContext requestContext = new ShibbolethSSORequestContext();
         requestContext.setMetadataProvider(getMetadataProvider());
         requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
-        
+
         requestContext.setCommunicationProfileId(ShibbolethSSOConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
-        requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);        
+        requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-        
+
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML11P_NS);
 
@@ -275,57 +275,79 @@ public class ShibbolethSSOProfileHandler extends AbstractSAML1ProfileHandler {
             HTTPInTransport in, HTTPOutTransport out) throws ProfileException {
         ShibbolethSSORequestContext requestContext = new ShibbolethSSORequestContext();
 
+        requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
+
+        requestContext.setLoginContext(loginContext);
+        requestContext.setPrincipalName(loginContext.getPrincipalName());
+        requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
+        requestContext.setUserSession(getUserSession(in));
+        requestContext.setRelayState(loginContext.getSpTarget());
+
+        requestContext.setInboundMessageTransport(in);
+        requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
+
+        requestContext.setOutboundMessageTransport(out);
+        requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+
+        MetadataProvider metadataProvider = getMetadataProvider();
+        requestContext.setMetadataProvider(metadataProvider);
+
+        String relyingPartyId = loginContext.getRelyingPartyId();
+        requestContext.setInboundMessageIssuer(relyingPartyId);
+
         try {
-            requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
-            
-            requestContext.setLoginContext(loginContext);
-            requestContext.setPrincipalName(loginContext.getPrincipalName());
-            requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
-            requestContext.setUserSession(getUserSession(in));
-            requestContext.setRelayState(loginContext.getSpTarget());
-
-            requestContext.setInboundMessageTransport(in);
-            requestContext.setInboundSAMLProtocol(ShibbolethConstants.SHIB_SSO_PROFILE_URI);
-
-            MetadataProvider metadataProvider = getMetadataProvider();
-            requestContext.setMetadataProvider(metadataProvider);
-
-            String relyingPartyId = loginContext.getRelyingPartyId();
-            requestContext.setInboundMessageIssuer(relyingPartyId);
             EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            requestContext.setPeerEntityMetadata(relyingPartyMetadata);
-            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML11P_NS));
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            requestContext.setRelyingPartyConfiguration(rpConfig);
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = rpConfig.getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-            requestContext.setLocalEntityMetadata(assertingPartyMetadata);
-            requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-            requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
-                    .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
-
-            requestContext.setOutboundMessageTransport(out);
-            requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
-            ShibbolethSSOConfiguration profileConfig = (ShibbolethSSOConfiguration) rpConfig
-                    .getProfileConfiguration(ShibbolethSSOConfiguration.PROFILE_ID);
-            requestContext.setProfileConfiguration(profileConfig);
-            requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-            if (profileConfig.getSigningCredential() != null) {
-                requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-            } else if (rpConfig.getDefaultSigningCredential() != null) {
-                requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
+            if (relyingPartyMetadata != null) {
+                requestContext.setPeerEntityMetadata(relyingPartyMetadata);
+                requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+                requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata
+                        .getSPSSODescriptor(SAMLConstants.SAML11P_NS));
             }
+        } catch (MetadataProviderException e) {
+            log.error("Unable to locate metadata for relying party");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                    "Error locating relying party metadata"));
+            throw new ProfileException("Error locating relying party metadata");
+        }
+
+        RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+        if (rpConfig == null) {
+            log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+            throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                    + relyingPartyId);
+        }
+        requestContext.setRelyingPartyConfiguration(rpConfig);
+
+        ShibbolethSSOConfiguration profileConfig = (ShibbolethSSOConfiguration) rpConfig
+                .getProfileConfiguration(ShibbolethSSOConfiguration.PROFILE_ID);
+        requestContext.setProfileConfiguration(profileConfig);
+        requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
+        if (profileConfig.getSigningCredential() != null) {
+            requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+        } else if (rpConfig.getDefaultSigningCredential() != null) {
+            requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
+        }
+
+        requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
-            return requestContext;
+        String assertingPartyId = rpConfig.getProviderId();
+        requestContext.setLocalEntityId(assertingPartyId);
+        try {
+            EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+            if (localEntityDescriptor != null) {
+                requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+                requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                        .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
+            }
         } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for asserting or relying party");
-            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null, "Error locating party metadata"));
-            throw new ProfileException("Error locating party metadata");
+            log.error("Unable to locate metadata for asserting party");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER, null,
+                    "Error locating asserting party metadata"));
+            throw new ProfileException("Error locating asserting party metadata");
         }
+
+        return requestContext;
     }
 
     /**

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
index 5d87c80..c48b7ce 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/ArtifactResolution.java
@@ -33,6 +33,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -60,7 +61,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
 
     /** Artifact response object builder. */
     private SAMLObjectBuilder<ArtifactResponse> responseBuilder;
-    
+
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -71,9 +72,9 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
      */
     public ArtifactResolution(SAMLArtifactMap map) {
         super();
-        
+
         artifactMap = map;
-        
+
         responseBuilder = (SAMLObjectBuilder<ArtifactResponse>) getBuilderFactory().getBuilder(
                 ArtifactResponse.DEFAULT_ELEMENT_NAME);
         acsEndpointBuilder = (SAMLObjectBuilder<AssertionConsumerService>) getBuilderFactory().getBuilder(
@@ -161,12 +162,12 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
         ArtifactResolutionRequestContext requestContext = new ArtifactResolutionRequestContext();
         requestContext.setMetadataProvider(metadataProvider);
         requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
-        
+
         requestContext.setCommunicationProfileId(ArtifactResolutionConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-        
+
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -187,37 +188,45 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
-            try {
-                requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
-                
-                String relyingPartyId = requestContext.getInboundMessageIssuer();
-                RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-                requestContext.setRelyingPartyConfiguration(rpConfig);
-                requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-                String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-                requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
-                requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
-                        .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
-
-                ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
-                        .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
-                if(profileConfig != null){
-                    requestContext.setProfileConfiguration(profileConfig);
-                    if (profileConfig.getSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-                    } else if (rpConfig.getDefaultSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
-                    }
+            requestContext.setArtifact(requestContext.getInboundSAMLMessage().getArtifact().getArtifact());
+
+            String relyingPartyId = requestContext.getInboundMessageIssuer();
+            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+            if (rpConfig == null) {
+                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                        + relyingPartyId);
+            }
+            requestContext.setRelyingPartyConfiguration(rpConfig);
+
+            ArtifactResolutionConfiguration profileConfig = (ArtifactResolutionConfiguration) rpConfig
+                    .getProfileConfiguration(ArtifactResolutionConfiguration.PROFILE_ID);
+            if (profileConfig != null) {
+                requestContext.setProfileConfiguration(profileConfig);
+                if (profileConfig.getSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+                } else if (rpConfig.getDefaultSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
                 }
+            }
+
+            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
 
+            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
+            requestContext.setLocalEntityId(assertingPartyId);
+            try {
+                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (localEntityDescriptor != null) {
+                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
+                }
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error("Unable to locate metadata for asserting party");
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Error locating party metadata"));
-                throw new ProfileException("Error locating party metadata");
+                        "Error locating asserting party metadata"));
+                throw new ProfileException("Error locating asserting party metadata");
             }
         }
     }
@@ -245,7 +254,7 @@ public class ArtifactResolution extends AbstractSAML2ProfileHandler {
             endpointSelector.getSupportedIssuerBindings().addAll(getSupportedOutboundBindings());
             endpoint = endpointSelector.selectEndpoint();
         }
-        
+
         return endpoint;
     }
 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
index 720f9f2..85c6417 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/AttributeQueryProfileHandler.java
@@ -29,6 +29,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
 import org.opensaml.saml2.metadata.Endpoint;
+import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -48,7 +49,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
 
     /** Class logger. */
     private static Logger log = LoggerFactory.getLogger(AttributeQueryProfileHandler.class);
-    
+
     /** Builder of assertion consumer service endpoints. */
     private SAMLObjectBuilder<AssertionConsumerService> acsEndpointBuilder;
 
@@ -79,7 +80,7 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
                         "SAML 2 Attribute Query profile is not configured for relying party "
                                 + requestContext.getInboundMessageIssuer()));
                 throw new ProfileException("SAML 2 Attribute Query profile is not configured for relying party "
-                                + requestContext.getInboundMessageIssuer());
+                        + requestContext.getInboundMessageIssuer());
             }
 
             checkSamlVersion(requestContext);
@@ -126,13 +127,12 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
         AttributeQueryContext requestContext = new AttributeQueryContext();
         requestContext.setMetadataProvider(metadataProvider);
         requestContext.setSecurityPolicyResolver(getSecurityPolicyResolver());
-        
+
         requestContext.setCommunicationProfileId(AttributeQueryConfiguration.PROFILE_ID);
         requestContext.setInboundMessageTransport(inTransport);
         requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
         requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
 
-        
         requestContext.setOutboundMessageTransport(outTransport);
         requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
@@ -153,42 +153,51 @@ public class AttributeQueryProfileHandler extends AbstractSAML2ProfileHandler {
             throw new ProfileException("Message did not meet security requirements", e);
         } finally {
             // Set as much information as can be retrieved from the decoded message
+            AttributeQuery query = requestContext.getInboundSAMLMessage();
+            requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
+
+            String relyingPartyId = requestContext.getInboundMessageIssuer();
+            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+            if (rpConfig == null) {
+                log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                        + relyingPartyId);
+            }
+            requestContext.setRelyingPartyConfiguration(rpConfig);
+
+            AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
+                    .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
+            if (profileConfig != null) {
+                requestContext.setProfileConfiguration(profileConfig);
+                requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
+                if (profileConfig.getSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+                } else if (rpConfig.getDefaultSigningCredential() != null) {
+                    requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
+                }
+            }
+
+            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
+
+            String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
+            requestContext.setLocalEntityId(assertingPartyId);
             try {
-                AttributeQuery query = requestContext.getInboundSAMLMessage();
-                requestContext.setSubjectNameIdentifier(query.getSubject().getNameID());
-                
-                String relyingPartyId = requestContext.getInboundMessageIssuer();
-                RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-                requestContext.setRelyingPartyConfiguration(rpConfig);
-                requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-                String assertingPartyId = requestContext.getRelyingPartyConfiguration().getProviderId();
-                requestContext.setLocalEntityId(assertingPartyId);
-                requestContext.setLocalEntityMetadata(metadataProvider.getEntityDescriptor(assertingPartyId));
-                requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
-                requestContext.setLocalEntityRoleMetadata(requestContext.getLocalEntityMetadata()
-                        .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
-
-                AttributeQueryConfiguration profileConfig = (AttributeQueryConfiguration) rpConfig
-                        .getProfileConfiguration(AttributeQueryConfiguration.PROFILE_ID);
-                if(profileConfig != null){
-                    requestContext.setProfileConfiguration(profileConfig);
-                    requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-                    if (profileConfig.getSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-                    } else if (rpConfig.getDefaultSigningCredential() != null) {
-                        requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
-                    }
+                EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+                if (localEntityDescriptor != null) {
+                    requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                    requestContext.setLocalEntityRole(AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
+                    requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                            .getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS));
                 }
             } catch (MetadataProviderException e) {
-                log.error("Unable to locate metadata for asserting or relying party");
+                log.error("Unable to locate metadata for asserting party");
                 requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
-                        "Error locating party metadata"));
-                throw new ProfileException("Error locating party metadata");
+                        "Error locating asserting party metadata"));
+                throw new ProfileException("Error locating asserting party metadata");
             }
         }
     }
-    
+
     /**
      * Selects the appropriate endpoint for the relying party and stores it in the request context.
      * 

diff --git a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
index f267c3e..4dca8d1 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
+++ b/src/edu/internet2/middleware/shibboleth/idp/profile/saml2/SSOProfileHandler.java
@@ -289,66 +289,89 @@ public class SSOProfileHandler extends AbstractSAML2ProfileHandler {
             HTTPOutTransport out) throws ProfileException {
         SSORequestContext requestContext = new SSORequestContext();
 
-        try {
-            requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
+        requestContext.setMessageDecoder(getMessageDecoders().get(getInboundBinding()));
+
+        requestContext.setLoginContext(loginContext);
+        requestContext.setPrincipalName(loginContext.getPrincipalName());
+        requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
+        requestContext.setUserSession(getUserSession(in));
+        requestContext.setRelayState(loginContext.getRelayState());
 
-            requestContext.setLoginContext(loginContext);
-            requestContext.setPrincipalName(loginContext.getPrincipalName());
-            requestContext.setPrincipalAuthenticationMethod(loginContext.getAuthenticationMethod());
-            requestContext.setUserSession(getUserSession(in));
-            requestContext.setRelayState(loginContext.getRelayState());
+        requestContext.setInboundMessageTransport(in);
+        requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
 
-            requestContext.setInboundMessageTransport(in);
-            requestContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+        try {
             requestContext.setInboundMessage(loginContext.getAuthenticationRequest());
             requestContext.setInboundSAMLMessage(loginContext.getAuthenticationRequest());
             requestContext.setInboundSAMLMessageId(loginContext.getAuthenticationRequest().getID());
-
-            MetadataProvider metadataProvider = getMetadataProvider();
-            requestContext.setMetadataProvider(metadataProvider);
-
-            String relyingPartyId = loginContext.getRelyingPartyId();
-            requestContext.setInboundMessageIssuer(relyingPartyId);
-            EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
-            requestContext.setPeerEntityMetadata(relyingPartyMetadata);
-            requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-            requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS));
-            RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
-            requestContext.setRelyingPartyConfiguration(rpConfig);
-            requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
-
-            String assertingPartyId = rpConfig.getProviderId();
-            requestContext.setLocalEntityId(assertingPartyId);
-            EntityDescriptor assertingPartyMetadata = metadataProvider.getEntityDescriptor(assertingPartyId);
-            requestContext.setLocalEntityMetadata(assertingPartyMetadata);
-            requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-            requestContext.setLocalEntityRoleMetadata(assertingPartyMetadata
-                    .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
-
-            requestContext.setOutboundMessageTransport(out);
-            requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
-            SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
-                    .getProfileConfiguration(SSOConfiguration.PROFILE_ID);
-            requestContext.setProfileConfiguration(profileConfig);
-            requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
-            if (profileConfig.getSigningCredential() != null) {
-                requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
-            } else if (rpConfig.getDefaultSigningCredential() != null) {
-                requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
-            }
-
-            return requestContext;
         } catch (UnmarshallingException e) {
             log.error("Unable to unmarshall authentication request context");
             requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
                     "Error recovering request state"));
             throw new ProfileException("Error recovering request state", e);
+        }
+
+        requestContext.setOutboundMessageTransport(out);
+        requestContext.setOutboundSAMLProtocol(SAMLConstants.SAML20P_NS);
+
+        MetadataProvider metadataProvider = getMetadataProvider();
+        requestContext.setMetadataProvider(metadataProvider);
+
+        String relyingPartyId = loginContext.getRelyingPartyId();
+        requestContext.setInboundMessageIssuer(relyingPartyId);
+        try {
+            EntityDescriptor relyingPartyMetadata = metadataProvider.getEntityDescriptor(relyingPartyId);
+            if (relyingPartyMetadata != null) {
+                requestContext.setPeerEntityMetadata(relyingPartyMetadata);
+                requestContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+                requestContext.setPeerEntityRoleMetadata(relyingPartyMetadata
+                        .getSPSSODescriptor(SAMLConstants.SAML20P_NS));
+            }
         } catch (MetadataProviderException e) {
-            log.error("Unable to locate metadata for asserting or relying party");
-            requestContext
-                    .setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null, "Error locating party metadata"));
-            throw new ProfileException("Error locating party metadata");
+            log.error("Unable to locate metadata for relying party");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
+                    "Error locating relying party metadata"));
+            throw new ProfileException("Error locating relying party metadata");
         }
+
+        RelyingPartyConfiguration rpConfig = getRelyingPartyConfiguration(relyingPartyId);
+        if (rpConfig == null) {
+            log.error("Unable to retrieve relying party configuration data for entity with ID {}", relyingPartyId);
+            throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID "
+                    + relyingPartyId);
+        }
+        requestContext.setRelyingPartyConfiguration(rpConfig);
+
+        SSOConfiguration profileConfig = (SSOConfiguration) rpConfig
+                .getProfileConfiguration(SSOConfiguration.PROFILE_ID);
+        requestContext.setProfileConfiguration(profileConfig);
+        requestContext.setOutboundMessageArtifactType(profileConfig.getOutboundArtifactType());
+        if (profileConfig.getSigningCredential() != null) {
+            requestContext.setOutboundSAMLMessageSigningCredential(profileConfig.getSigningCredential());
+        } else if (rpConfig.getDefaultSigningCredential() != null) {
+            requestContext.setOutboundSAMLMessageSigningCredential(rpConfig.getDefaultSigningCredential());
+        }
+        requestContext.setPeerEntityEndpoint(selectEndpoint(requestContext));
+
+        String assertingPartyId = rpConfig.getProviderId();
+        requestContext.setLocalEntityId(assertingPartyId);
+
+        try {
+            EntityDescriptor localEntityDescriptor = metadataProvider.getEntityDescriptor(assertingPartyId);
+            if (localEntityDescriptor != null) {
+                requestContext.setLocalEntityMetadata(localEntityDescriptor);
+                requestContext.setLocalEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+                requestContext.setLocalEntityRoleMetadata(localEntityDescriptor
+                        .getIDPSSODescriptor(SAMLConstants.SAML20P_NS));
+            }
+        } catch (MetadataProviderException e) {
+            log.error("Unable to locate metadata for asserting party");
+            requestContext.setFailureStatus(buildStatus(StatusCode.RESPONDER_URI, null,
+                    "Error locating asserting party metadata"));
+            throw new ProfileException("Error locating asserting party metadata");
+        }
+
+        return requestContext;
     }
 
     /**