+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import java.util.*;
-import java.sql.*;
-import javax.servlet.*;
-import javax.servlet.http.*;
-
-public class ClubShibSQLHandleRepository extends HandleRepositoryFactory{
-
- private Connection con;
- String DBdriver;
- String DBuser;
- String DBpass;
- String DBdomain;
- String DBurl;
- final static String db = "HandleService";
-
- public ClubShibSQLHandleRepository(HttpServlet HS)
- throws HandleException
- {
- ServletConfig sc = HS.getServletConfig();
- ServletContext sctx = sc.getServletContext();
- DBdriver = sctx.getInitParameter("DBdriver");
- DBuser = sctx.getInitParameter("DBuser");
- DBpass = sctx.getInitParameter("DBpass");
- DBdomain = sctx.getInitParameter("DBdomain");
- DBurl = "jdbc:mysql://"+DBdomain+"/shib"+
- "?user="+DBuser+"&password="+DBpass+"&autoReconnect=true";
-
- try {
- Class.forName(DBdriver);
- }
- catch (Exception ex) {
- throw new HandleException(HandleException.SQL, ex.getMessage());
- }
- try {
- con = DriverManager.getConnection(DBurl);
- }
- catch (Exception ex) {
- throw new HandleException(HandleException.SQL, ex.getMessage());
- }
-
- }
-
- public HandleEntry getHandleEntry( String handle )
- throws HandleException
- {
- HandleEntry he = null;
-
- if (handle == null){
- throw new HandleException(HandleException.ERR, "ClubShibSQLHandleRepository() requires handle");
- }
-
- try{
- Statement st = con.createStatement();
- String query = "SELECT * FROM "+db+" WHERE handle=\""+handle+"\"";
- ResultSet rs = st.executeQuery(query);
-
- if(rs == null)
- throw new HandleException("null result set for handle: "+handle);
-
- while (rs.next()) {
- he = new HandleEntry( rs.getString("handle"),
- rs.getString("username"),
- rs.getString("authType"),
- rs.getLong("authInstant"),
- rs.getLong("expInstant"));
- }
- st.close();
- }
- catch (SQLException ex) {
- throw new HandleException(ex.getMessage());
- }
- if ( he == null )
- throw new HandleException("getHandleEntry() cannot find matching record for handle: "+handle);
- else
- return he;
- }
-
-
- public void insertHandleEntry( HandleEntry he )
- throws HandleException
- {
- if ( he == null ) {
- throw new HandleException(HandleException.ERR, "InsertHandle() requires HandleEntry arg");
- }
-
- String handle = he.getHandle();
- String username = he.getUsername();
- String authType = he.getAuthType();
- long authInstant = he.getAuthInstant();
- long expInstant = he.getExpInstant();
-
- try{
- Statement st = con.createStatement();
- String update = "INSERT INTO " +db+
- " VALUES ( \"" + handle +"\", \""+username+"\", \""+
- authType+"\", \""+ authInstant +"\", \""+
- expInstant+"\")";
- st.executeUpdate(update);
- st.close();
- }
- catch (SQLException e) {
- throw new HandleException(e.getMessage());
- }
- }
-
- public String toHTMLString()
- throws HandleException
- {
- String HTMLString = new String();
-
- try{
- Statement st = con.createStatement();
- String query = "SELECT * FROM "+db;
- ResultSet rs = st.executeQuery(query);
- HTMLString = "Server = "+DBdomain+"<br>"+
- "<table><tr><td><b>handle</b></td>"+
- "<td><b>username</b></td>"+
- "<td><b>authType</b></td>"+
- "<td><b>authInstant</b></td>"+
- "<td><b>expInstant</b></td></tr>";
- while (rs.next()) {
- String han = rs.getString(1);
- String uid = rs.getString(2);
- String authtype = rs.getString(3);
- String date_in = rs.getString(4);
- String date_exp = rs.getString(5);
-
- HTMLString += "<tr><td>"+han+"</td><td>"+uid+"</td>" +
- "<td>"+authtype+"</td>"+
- "<td>"+date_in+"</td>"+
- "<td>"+date_exp+"</td></tr>";
- }
- st.close();
-
- HTMLString += "</table>";
- }
- catch (SQLException e) {
- throw new HandleException(HandleException.SQL, e.getMessage());
- }
-
- return HTMLString;
- }
- public void destroy()
- throws HandleException
- {
- try {
- con.close();
- }
- catch (SQLException e) {
- throw new HandleException(HandleException.SQL, e.getMessage());
- }
-
- }
-
-}
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
+/*
+ * The Shibboleth License, Version 1.
+ * Copyright (c) 2002
+ * University Corporation for Advanced Internet Development, Inc.
* All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
+ *
+ * Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution, if any, must include
+ * the following acknowledgment: "This product includes software developed by
+ * the University Corporation for Advanced Internet Development
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
+ * may appear in the software itself, if and wherever such third-party
* acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
+ *
+ * Neither the name of Shibboleth nor the names of its contributors, nor
+ * Internet2, nor the University Corporation for Advanced Internet Development,
+ * Inc., nor UCAID may be used to endorse or promote products derived from this
+ * software without specific prior written permission. For written permission,
* please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
+ *
+ * Products derived from this software may not be called Shibboleth, Internet2,
+ * UCAID, or the University Corporation for Advanced Internet Development, nor
+ * may Shibboleth appear in their name, without prior written permission of the
* University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ *
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.hs;
-import java.util.*;
-import javax.servlet.http.*;
-
-public class ClubShibInMemoryHandleRepository extends HandleRepositoryFactory{
-
- final static String db = "HandleService";
- Hashtable handleHash;
-
- public ClubShibInMemoryHandleRepository(HttpServlet HS)
- throws HandleException
- {
- handleHash = new Hashtable();
- }
-
-
- public HandleEntry getHandleEntry( String handle )
- throws HandleException
- {
- HandleEntry he = null;
-
- if (handle == null){
- throw new HandleException(HandleException.ERR, "ClubShibInMemoryHandleRepository().getHandleEntry requires handle");
- }
-
- he = (HandleEntry)handleHash.get( handle );
-
- if ( he == null )
- throw new HandleException("getHandleEntry() cannot find matching record for handle: "+handle);
- else
- return he;
- }
-
-
- public void insertHandleEntry( HandleEntry he )
- throws HandleException
- {
- if ( he == null ) {
- throw new HandleException(HandleException.ERR, "InsertHandle() requires HandleEntry arg");
+/**
+ * Signals that the Handle Service has been given insufficient or improper runtime
+ * configuration paramerts.
+ *
+ * @author Walter Hoehn (wassa@columbia.edu)
+ */
+public class HSConfigurationException extends Exception {
+ public HSConfigurationException(String message) {
+ super(message);
}
-
- String handle = he.getHandle();
-
- handleHash.put( handle, he );
-
- }
-
- public String toHTMLString()
- throws HandleException
- {
- String HTMLString = new String();
-
- return HTMLString;
- }
-
}
+
+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import edu.internet2.middleware.shibboleth.*;
-import edu.internet2.middleware.shibboleth.common.*;
-import org.opensaml.*;
-import java.util.*;
-import org.doomdark.uuid.*;
-
-/**
- * Object all user information is kept in
- *
- * @author Barbara Jensen
- */
-public class HandleEntry {
- /** opaque handle, based off MAC address and time */
- protected String handle;
- /** username, passed in from RemoteUser */
- protected String username;
- /** authentication type, passed from AuthType */
- protected String authType;
- /** instant of handle creation */
- protected long authInstant;
- /** instant of handle expiration, based on ticket length */
- protected long expInstant;
-
- /**
- * HandleEntry object, created from HandleService
- *
- */
- public HandleEntry ( String username, String authType,
- long ticketLength )
- throws HandleException
- {
- if (username == null || username.length() == 0)
- throw new HandleException(HandleException.ERR, "HandleEntry() requires username");
- if (authType == null || authType.length() == 0)
- authType = "unknown";
-
- handle = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
- this.username = username;
- this.authType = authType;
- this.authInstant= System.currentTimeMillis();
- this.expInstant = authInstant+ticketLength;
- }
-
- /**
- * HandleEntry object, created from all parts
- *
- */
- public HandleEntry ( String handle, String username, String authType,
- long authInstant, long expInstant )
- throws HandleException
- {
- if (handle == null || handle.length() == 0)
- throw new HandleException(HandleException.ERR, "HandleEntry() requires handle");
- if (username == null || username.length() == 0)
- throw new HandleException(HandleException.ERR, "HandleEntry() requires username");
- if (authType == null || authType.length() == 0)
- authType = "unknown";
-
- this.handle = handle;
- this.username = username;
- this.authType = authType;
- this.authInstant = authInstant;
- this.expInstant = expInstant;
- }
-
- /**
- * Gets the HandleEntry's handle string
- *
- */
- public String getHandle () {
- return handle;
- }
-
- /**
- * Gets the HandleEntry's username
- *
- */
- public String getUsername () {
- return username;
- }
-
- /**
- * Gets the HandleEntry's authentication type
- *
- */
- public String getAuthType () {
- return authType;
- }
-
- /**
- * Gets the HandleEntry's creation/authentication date
- *
- */
- public long getAuthInstant () {
- return authInstant;
- }
-
- /**
- * Gets the HandleEntry's expiration date
- *
- */
- public long getExpInstant () {
- return expInstant;
- }
-
-}
-
+++ /dev/null
-/*
- * The Shibboleth License, Version 1.
- * Copyright (c) 2002
- * University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import java.io.*;
-import java.util.*;
-import java.security.*;
-import java.security.cert.*;
-import edu.internet2.middleware.shibboleth.*;
-import edu.internet2.middleware.shibboleth.common.*;
-import org.opensaml.*;
-
-public class HandleServiceSAML {
-
- protected String domain;
- protected String AAurl;
- public String[] policies = { Constants.POLICY_CLUBSHIB };
- private ShibPOSTProfile spp;
- PrivateKey privateKey;
- java.security.cert.Certificate[] certs;
-
- public HandleServiceSAML( String domain, String AAurl, String HSname,
- String KSpass, String KSkeyalias,
- String KSkeypass, String certalias,
- InputStream is )
- throws SAMLException, KeyStoreException, IOException, Exception
- {
- this.domain = domain;
- this.AAurl = AAurl;
-
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load( is, KSpass.toCharArray());
- privateKey = (PrivateKey)ks.getKey(KSkeyalias, KSkeypass.toCharArray());
- certs = ks.getCertificateChain(certalias);
-
- spp = ShibPOSTProfileFactory.getInstance( Arrays.asList(policies), HSname );
- }
-
- public byte[] prepare ( String handle, String shireURL,
- String clientAddress, String authMethod, Date authInstant )
- throws HandleException {
-
- try {
- SAMLAuthorityBinding binding =
- new SAMLAuthorityBinding(SAMLBinding.SAML_SOAP_HTTPS, AAurl,
- new QName(org.opensaml.XML.SAMLP_NS,"AttributeQuery")
- );
- SAMLResponse r = spp.prepare
- ( shireURL, handle, domain, clientAddress, authMethod,
- authInstant, Collections.singleton(binding), privateKey, Arrays.asList(certs), null, null
- );
- byte[] buf = r.toBase64();
-
- return buf;
- }
- catch (SAMLException ex) {
- throw new HandleException( "Error creating SAML assertion: "+ex );
- }
- catch (IOException ex) {
- throw new HandleException( "Error converting SAML assertion: "+ex);
- }
- }
-}
-
-
-
-
-
-
package edu.internet2.middleware.shibboleth.hs;
-import java.io.*;
-import java.text.*;
-import java.util.*;
-import javax.servlet.*;
-import javax.servlet.http.*;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Properties;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.UnavailableException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
-import edu.internet2.middleware.shibboleth.aa.arp.AAPrincipal;
-import edu.internet2.middleware.shibboleth.common.*;
-import org.opensaml.*;
-import sun.misc.BASE64Decoder;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;
import org.doomdark.uuid.UUIDGenerator;
+import org.opensaml.QName;
+import org.opensaml.SAMLAuthorityBinding;
+import org.opensaml.SAMLBinding;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLResponse;
+import sun.misc.BASE64Decoder;
+
+import edu.internet2.middleware.shibboleth.aa.arp.AAPrincipal;
+import edu.internet2.middleware.shibboleth.common.Constants;
+import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
+import edu.internet2.middleware.shibboleth.common.ShibPOSTProfileFactory;
public class HandleServlet extends HttpServlet {
protected Properties configuration;
protected HandleRepository handleRepository;
- private HandleServiceSAML hsSAML;
- private String username;
- private String rep;
+ protected ShibPOSTProfile postProfile;
private static Logger log = Logger.getLogger(HandleServlet.class.getName());
- ;
-
+ private Certificate[] certificates;
+ private PrivateKey privateKey;
protected Properties loadConfiguration() throws HandleException {
//Set defaults
defaultProps.setProperty(
"edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation",
"edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository");
- defaultProps.setProperty("edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL", "1800000");
- defaultProps.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer", "shib2.internet2.edu");
+ defaultProps.setProperty(
+ "edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL",
+ "1800000");
+ defaultProps.setProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer",
+ "shib2.internet2.edu");
//Load from file
Properties properties = new Properties(defaultProps);
PrintStream debugPrinter = new PrintStream(debugStream);
properties.list(debugPrinter);
log.debug(
- "Runtime configuration parameters: " + System.getProperty("line.separator") + debugStream.toString());
+ "Runtime configuration parameters: "
+ + System.getProperty("line.separator")
+ + debugStream.toString());
}
return properties;
}
public void init() throws ServletException {
-
+ super.init();
MDC.put("serviceId", "[HS Core]");
try {
+ log.info("Initializing Handle Service.");
configuration = loadConfiguration();
- ServletConfig sc = getServletConfig();
- ServletContext sctx = sc.getServletContext();
+ edu.internet2.middleware.eduPerson.Init.init();
- getInitParams();
- log.info("HS: Loading init params");
+ initPKI();
+
+ postProfile =
+ ShibPOSTProfileFactory.getInstance(
+ Arrays.asList(new String[] { Constants.POLICY_CLUBSHIB }),
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer"));
- edu.internet2.middleware.eduPerson.Init.init();
- InputStream is = sctx.getResourceAsStream(getInitParameter("KSpath"));
- hsSAML =
- new HandleServiceSAML(
- getInitParameter("domain"),
- getInitParameter("AAurl"),
- configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer"),
- getInitParameter("KSpass"),
- getInitParameter("KSkeyalias"),
- getInitParameter("KSkeypass"),
- getInitParameter("certalias"),
- is);
-
- log.info("HS: Initializing Handle Repository with " + rep + " repository type.");
handleRepository = HandleRepositoryFactory.getInstance(configuration);
-
+ log.info("Handle Service initialization complete.");
+
} catch (SAMLException ex) {
log.fatal("Error initializing SAML libraries: " + ex);
- throw new ServletException("Error initializing SAML libraries: " + ex);
- } catch (java.security.KeyStoreException ex) {
- log.fatal("Error initializing private KeyStore: " + ex);
- throw new ServletException("Error initializing private KeyStore: " + ex);
- } catch (RuntimeException ex) {
- log.fatal("Error initializing eduPerson.Init: " + ex);
- throw new ServletException("Error initializing eduPerson.Init: " + ex);
- } catch (HandleException ex) {
- log.fatal("Error initializing Handle Service: " + ex);
- throw new ServletException("Error initializing Handle Service: " + ex);
+ throw new UnavailableException("Handle Service failed to initialize.");
+ } catch (HSConfigurationException ex) {
+ log.fatal(
+ "Handle Service runtime configuration error. Please fix and re-initialize. Cause: " + ex);
+ throw new UnavailableException("Handle Service failed to initialize.");
+ } catch (HandleRepositoryException ex) {
+ log.fatal("Unable to load Handle Repository: " + ex);
+ throw new UnavailableException("Handle Service failed to initialize.");
} catch (Exception ex) {
log.fatal("Error in initialization: " + ex);
- throw new ServletException("Error in initialization: " + ex);
+ throw new ServletException("Handle Service could not be initialized.");
}
-
- if (hsSAML == null) {
- log.fatal("Error initializing SAML libraries: No Profile created.");
- throw new ServletException("Error initializing SAML libraries: No Profile created.");
- }
-
}
- private void getInitParams() throws ServletException {
-
- username = getInitParameter("username");
-
- if (getInitParameter("domain") == null || getInitParameter("domain").equals("")) {
- throw new ServletException("Cannot find host domain in init parameters");
- }
- if (getInitParameter("AAurl") == null || getInitParameter("AAurl").equals("")) {
- throw new ServletException("Cannot find host Attribute Authority location in init parameters");
- }
- if (getInitParameter("KSpath") == null || getInitParameter("KSpath").equals("")) {
- throw new ServletException("Cannot find path to KeyStore file in init parameters");
- }
- if (getInitParameter("KSpass") == null || getInitParameter("KSpass").equals("")) {
- throw new ServletException("Cannot find password to KeyStore in init parameters");
- }
- if (getInitParameter("KSkeyalias") == null || getInitParameter("KSkeyalias").equals("")) {
- throw new ServletException("Cannot find private key alias to KeyStore in init parameters");
- }
- if (getInitParameter("KSkeypass") == null || getInitParameter("KSkeypass").equals("")) {
- throw new ServletException("Cannot find private key password to Keystore in init parameters");
- }
- if (getInitParameter("certalias") == null || getInitParameter("certalias").equals("")) {
- throw new ServletException("Cannot find certificate alias in init parameters");
- }
- rep = getInitParameter("repository");
- if (rep == null || rep.equals("")) {
- rep = "MEMORY";
+ protected void initPKI() throws HSConfigurationException {
+ try {
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+
+ keyStore.load(
+ getServletContext().getResourceAsStream(
+ configuration.getProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath")),
+ configuration
+ .getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword")
+ .toCharArray());
+
+ privateKey =
+ (PrivateKey) keyStore.getKey(
+ configuration.getProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias"),
+ configuration
+ .getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword")
+ .toCharArray());
+
+ if (configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias")
+ != null) {
+ certificates =
+ keyStore.getCertificateChain(
+ configuration.getProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias"));
+ } else {
+ certificates =
+ keyStore.getCertificateChain(
+ configuration.getProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias"));
+ }
+ } catch (KeyStoreException e) {
+ throw new HSConfigurationException("An error occurred while accessing the java keystore: " + e);
+ } catch (NoSuchAlgorithmException e) {
+ throw new HSConfigurationException(
+ "Appropriate JCE provider not found in the java environment: " + e);
+ } catch (CertificateException e) {
+ throw new HSConfigurationException(
+ "The java keystore contained a certificate that could not be loaded: " + e);
+ } catch (IOException e) {
+ throw new HSConfigurationException("An error occurred while reading the java keystore: " + e);
+ } catch (UnrecoverableKeyException e) {
+ throw new HSConfigurationException(
+ "An error occurred while attempting to load the key from the java keystore: " + e);
}
}
-
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
log.debug("Recieved a request.");
req.setAttribute("shire", req.getParameter("shire"));
req.setAttribute("target", req.getParameter("target"));
- String localUsername =
- (username == null || username.equalsIgnoreCase("REMOTE_USER"))
- ? req.getRemoteUser()
- : req.getHeader(username);
- String handle = handleRepository.getHandle(new AAPrincipal(localUsername));
- log.info("Issued Handle (" + handle + ") to (" + localUsername + ")");
+ String handle = handleRepository.getHandle(new AAPrincipal(req.getRemoteUser()));
+ log.info("Issued Handle (" + handle + ") to (" + req.getRemoteUser() + ")");
byte[] buf =
- hsSAML.prepare(
- handle,
- req.getParameter("shire"),
- req.getRemoteAddr(),
- req.getAuthType(),
- new Date(System.currentTimeMillis()));
+ generateAssertion(handle, req.getParameter("shire"), req.getRemoteAddr(), req.getAuthType());
createForm(req, res, buf);
+
} catch (HandleException ex) {
log.error(ex);
handleError(req, res, ex);
+ } catch (SAMLException ex) {
+ log.error(ex);
+ handleError(req, res, ex);
}
}
- private void createForm(HttpServletRequest req, HttpServletResponse res, byte[] buf) throws HandleException {
+ protected byte[] generateAssertion(String handle, String shireURL, String clientAddress, String authType)
+ throws SAMLException, IOException {
+
+ SAMLAuthorityBinding binding =
+ new SAMLAuthorityBinding(
+ SAMLBinding.SAML_SOAP_HTTPS,
+ configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl"),
+ new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery"));
+
+ SAMLResponse r =
+ postProfile.prepare(
+ shireURL,
+ handle,
+ configuration.getProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.authenticationDomain"),
+ clientAddress,
+ authType,
+ new Date(System.currentTimeMillis()),
+ Collections.singleton(binding),
+ privateKey,
+ Arrays.asList(certificates),
+ null,
+ null);
+ return r.toBase64();
+ }
+
+ protected void createForm(HttpServletRequest req, HttpServletResponse res, byte[] buf)
+ throws HandleException {
try {
/**
* forwarding to hs.jsp for submission
}
- private void handleError(HttpServletRequest req, HttpServletResponse res, Exception e)
+ protected void handleError(HttpServletRequest req, HttpServletResponse res, Exception e)
throws ServletException, IOException {
req.setAttribute("errorText", e.toString());
}
- private void checkRequestParams(HttpServletRequest req) throws HandleException {
+ protected void checkRequestParams(HttpServletRequest req) throws HandleException {
if (req.getParameter("target") == null || req.getParameter("target").equals("")) {
throw new HandleException("Invalid data from SHIRE: no target URL received.");
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
- <context-param>
- <param-name>repository</param-name>
- <param-value>MEMORY</param-value>
- </context-param>
-
<servlet>
<servlet-name>Logging Service</servlet-name>
<servlet-class>edu.internet2.middleware.shibboleth.log.LogServ</servlet-class>
<servlet-name>HS</servlet-name>
<display-name>Shibboleth Handle Service</display-name>
<servlet-class>edu.internet2.middleware.shibboleth.hs.HandleServlet</servlet-class>
- <init-param>
- <param-name>domain</param-name>
- <param-value>shibdev.edu</param-value>
- </init-param>
- <init-param>
- <param-name>AAurl</param-name>
- <param-value>https://shib2.internet2.edu/shibboleth-origin/servlet/AA</param-value>
- </init-param>
- <init-param>
- <param-name>KSpath</param-name>
- <param-value>/WEB-INF/conf/keystore.jks</param-value>
- </init-param>
- <init-param>
- <param-name>KSpass</param-name>
- <param-value>shibhs</param-value>
- </init-param>
- <init-param>
- <param-name>KSkeyalias</param-name>
- <param-value>shibhs</param-value>
- </init-param>
- <init-param>
- <param-name>KSkeypass</param-name>
- <param-value>shibhs</param-value>
- </init-param>
- <init-param>
- <param-name>certalias</param-name>
- <param-value>shibhs</param-value>
- </init-param>
- <init-param>
- <param-name>username</param-name>
- <param-value>REMOTE_USER</param-value>
- </init-param>
</servlet>
<servlet>
<servlet-name>AA</servlet-name>
edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository
edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL = 1800000
-edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer = shib2.internet2.edu
\ No newline at end of file
+edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer = shib2.internet2.edu
+edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath = /WEB-INF/conf/keystore.jks
+edu.internet2.middleware.shibboleth.hs.HandleServlet.authenticationDomain = shibdev.edu
+edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl = http://66.108.96.194/shibboleth/AA
+edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword = shibhs
+edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias = shibhs
+edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword = shibhs
+#default is to use key alias
+#edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias = shibhs
+
+
projects / java-idp.git / commitdiff