HandleServlet uses new POSTProfile method.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 22 Jan 2004 06:44:54 +0000 (06:44 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 22 Jan 2004 06:44:54 +0000 (06:44 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@838 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java

index 4c83474..12bfe93 100644 (file)
@@ -1,69 +1,55 @@
-/* 
- * The Shibboleth License, Version 1. 
- * Copyright (c) 2002 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
+ * for Advanced Internet Development, Inc. All rights reserved
  * 
  * 
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  * 
- * Redistributions of source code must retain the above copyright notice, this 
+ * Redistributions of source code must retain the above copyright notice, this
  * list of conditions and the following disclaimer.
  * 
- * Redistributions in binary form must reproduce the above copyright notice, 
- * this list of conditions and the following disclaimer in the documentation 
- * and/or other materials provided with the distribution, if any, must include 
- * the following acknowledgment: "This product includes software developed by 
- * the University Corporation for Advanced Internet Development 
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
- * may appear in the software itself, if and wherever such third-party 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
  * acknowledgments normally appear.
  * 
- * Neither the name of Shibboleth nor the names of its contributors, nor 
- * Internet2, nor the University Corporation for Advanced Internet Development, 
- * Inc., nor UCAID may be used to endorse or promote products derived from this 
- * software without specific prior written permission. For written permission, 
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
  * please contact shibboleth@shibboleth.org
  * 
- * Products derived from this software may not be called Shibboleth, Internet2, 
- * UCAID, or the University Corporation for Advanced Internet Development, nor 
- * may Shibboleth appear in their name, without prior written permission of the 
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
  * University Corporation for Advanced Internet Development.
  * 
  * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 package edu.internet2.middleware.shibboleth.hs;
 
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.PrintStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.Date;
-import java.util.Enumeration;
-import java.util.Properties;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -77,7 +63,6 @@ import org.apache.log4j.MDC;
 import org.apache.xerces.parsers.DOMParser;
 import org.doomdark.uuid.UUIDGenerator;
 import org.opensaml.QName;
-import org.opensaml.SAMLAuthenticationStatement;
 import org.opensaml.SAMLAuthorityBinding;
 import org.opensaml.SAMLBinding;
 import org.opensaml.SAMLException;
@@ -89,31 +74,28 @@ import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
 import sun.misc.BASE64Decoder;
-import edu.internet2.middleware.shibboleth.common.AuditLevel;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
 import edu.internet2.middleware.shibboleth.common.Credentials;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
 import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
-import edu.internet2.middleware.shibboleth.common.NameMapper;
 import edu.internet2.middleware.shibboleth.common.RelyingParty;
 import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
-import edu.internet2.middleware.shibboleth.common.ShibPOSTProfileFactory;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
 import edu.internet2.middleware.shibboleth.common.ShibResource.ResourceNotAvailableException;
 
 public class HandleServlet extends HttpServlet {
 
-
        private static Logger log = Logger.getLogger(HandleServlet.class.getName());
        private Semaphore throttle;
        private ShibbolethOriginConfig configuration;
        private Credentials credentials;
        private HSNameMapper nameMapper = new HSNameMapper();
-       
+       private ShibPOSTProfile postProfile = new ShibPOSTProfile();
+
        //TODO this is temporary, until we have the mapper
        private RelyingParty relyingParty;
-       
+
        protected void loadConfiguration() throws HSConfigurationException {
 
                //TODO This should be setup to do schema checking
@@ -170,7 +152,7 @@ public class HandleServlet extends HttpServlet {
 
                //TODO this is temporary, until we have the mapper
                relyingParty = new RelyingParty(null, configuration);
-               
+
        }
 
        public void init() throws ServletException {
@@ -178,7 +160,7 @@ public class HandleServlet extends HttpServlet {
                MDC.put("serviceId", "[HS] Core");
                try {
                        log.info("Initializing Handle Service.");
-                       
+
                        loadConfiguration();
 
                        throttle =
@@ -208,7 +190,8 @@ public class HandleServlet extends HttpServlet {
                        req.setAttribute("shire", req.getParameter("shire"));
                        req.setAttribute("target", req.getParameter("target"));
 
-                       //TODO this is temporary, the first thing to do here is to lookup the relyingParty
+                       //TODO this is temporary, the first thing to do here is to lookup
+                       // the relyingParty
 
                        String header =
                                relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username");
@@ -219,7 +202,8 @@ public class HandleServlet extends HttpServlet {
                                nameMapper.getNameIdentifierName(null, new AuthNPrincipal(username), relyingParty, null);
 
                        //Print out something better here
-                       //log.info("Issued Handle (" + handle + ") to (" + username + ")");
+                       //log.info("Issued Handle (" + handle + ") to (" + username +
+                       // ")");
 
                        byte[] buf =
                                generateAssertion(
@@ -258,37 +242,26 @@ public class HandleServlet extends HttpServlet {
                String authType)
                throws SAMLException, IOException {
 
-//TODO hmmm... maybe audiences should change here based on relying party
-               ShibPOSTProfile postProfile =
-                       ShibPOSTProfileFactory.getInstance(
-                               Arrays.asList(
-                                       relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.audiences").replaceAll(
-                                               "\\s",
-                                               "").split(
-                                               ",")),
-                               relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer"));
-
                SAMLAuthorityBinding binding =
                        new SAMLAuthorityBinding(
                                SAMLBinding.SAML_SOAP_HTTPS,
                                relyingParty.getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl"),
                                new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery"));
 
-               //Find out right property name  for provider id and credential
-
+               //TODO Scott mentioned the clientAddress should be optional at some
+               // point
                SAMLResponse r =
                        postProfile.prepare(
                                shireURL,
+                               relyingParty,
                                nameId,
-                               //TODO Scott mentioned this should be optional at some point
                                clientAddress,
                                authType,
                                new Date(System.currentTimeMillis()),
                                Collections.singleton(binding),
                                credentials.getCredential(
                                        relyingParty.getConfigProperty(
-                                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.credentialName")),
-                               null,
+                                               "edu.internet2.middleware.shibboleth.hs.HandleServlet.responseCredential")),
                                null);
 
                return r.toBase64();
@@ -367,7 +340,3 @@ public class HandleServlet extends HttpServlet {
                }
        }
 }
-
-
-    
-