import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
import edu.internet2.middleware.shibboleth.metadata.ScopedRoleDescriptor;
import edu.internet2.middleware.shibboleth.metadata.ScopedRoleDescriptor.Scope;
+import edu.internet2.middleware.shibboleth.serviceprovider.PluggableConfigurationComponent;
-public class XMLAAPProvider implements AAP {
+public class XMLAAPProvider implements AAP, PluggableConfigurationComponent {
private static Logger log = Logger.getLogger(XMLAAPProvider.class.getName());
private SortedMap /* <String,AttributeRule> */ attrmap = new TreeMap();
private boolean anyAttribute = false;
public XMLAAPProvider(Element e) throws MalformedException {
- if (!XML.isElementNamed(e,edu.internet2.middleware.shibboleth.common.XML.SHIB_NS,"AttributeAcceptancePolicy")) {
+ initialize(e);
+ }
+
+ public XMLAAPProvider() {} // must call initialize
+
+ public void initialize(Element e) throws MalformedException {
+ if (!XML.isElementNamed(e,edu.internet2.middleware.shibboleth.common.XML.SHIB_NS,"AttributeAcceptancePolicy")) {
log.error("Construction requires a valid AAP file: (shib:AttributeAcceptancePolicy as root element)");
throw new MalformedException("Construction requires a valid AAP file: (shib:AttributeAcceptancePolicy as root element)");
}
if (rule.getAlias() != null)
aliasmap.put(rule.getAlias(),rule);
}
- }
+ }
class XMLAttributeRule implements AttributeRule {
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509CRL;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xmlbeans.XmlException;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERString;
import org.opensaml.SAMLException;
import org.opensaml.SAMLSignedObject;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.KeyAuthority;
import edu.internet2.middleware.shibboleth.metadata.KeyDescriptor;
import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
+import edu.internet2.middleware.shibboleth.serviceprovider.PluggableConfigurationComponent;
/**
* <code>Trust</code> implementation that does PKIX validation against key authorities included in shibboleth-specific
*
* @author Walter Hoehn
*/
-public class ShibbolethTrust extends BasicTrust implements Trust {
+public class ShibbolethTrust extends BasicTrust implements Trust, PluggableConfigurationComponent {
private static Logger log = Logger.getLogger(ShibbolethTrust.class.getName());
private static final String CN_OID = "2.5.4.3";
}
}
+ public void initialize(Node dom) throws XmlException, ShibbolethConfigurationException {
+
+ }
+
+ public void initialize(Element dom) throws SAMLException, XmlException, ShibbolethConfigurationException {
+
+ }
+
}
\ No newline at end of file
import edu.internet2.middleware.shibboleth.common.Constants;
import edu.internet2.middleware.shibboleth.metadata.*;
+import edu.internet2.middleware.shibboleth.serviceprovider.PluggableConfigurationComponent;
/**
* @author Scott Cantor
*/
-public class XMLMetadataProvider implements Metadata {
+public class XMLMetadataProvider implements Metadata, PluggableConfigurationComponent {
private static Logger log = Logger.getLogger(XMLMetadataProvider.class.getName());
private Map /* <String,ArrayList<EntityDescriptor> > */ sites = new HashMap();
private XMLEntitiesDescriptor rootGroup = null;
public XMLMetadataProvider(Element e) throws SAMLException {
- if (XML.isElementNamed(e,edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"EntitiesDescriptor"))
+ initialize(e);
+ }
+
+ public XMLMetadataProvider() {} // Must call initialize
+
+ public void initialize(Element e) throws SAMLException {
+ if (XML.isElementNamed(e,edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"EntitiesDescriptor"))
rootGroup=new XMLEntitiesDescriptor(e,this, Long.MAX_VALUE, null);
else if (XML.isElementNamed(e,edu.internet2.middleware.shibboleth.common.XML.SAML2META_NS,"EntityDescriptor"))
rootProvider=new XMLEntityDescriptor(e,this, Long.MAX_VALUE, null);
package edu.internet2.middleware.shibboleth.serviceprovider;
import org.apache.xmlbeans.XmlException;
-import org.w3c.dom.Node;
-
+import org.opensaml.SAMLException;
+import org.w3c.dom.Element;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-interface PluggableConfigurationComponent {
+public interface PluggableConfigurationComponent {
public abstract void
- initialize(Node dom)
+ initialize(Element dom)
throws
+ SAMLException,
XmlException, // If there is a problem in the configuration data
ShibbolethConfigurationException; // for other problems
import x0.maceShibbolethTargetConfig1.PathDocument.Path;
import edu.internet2.middleware.shibboleth.aap.AAP;
import edu.internet2.middleware.shibboleth.aap.AttributeRule;
+import edu.internet2.middleware.shibboleth.aap.provider.XMLAAPProvider;
import edu.internet2.middleware.shibboleth.common.Credentials;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
import edu.internet2.middleware.shibboleth.common.Trust;
import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
import edu.internet2.middleware.shibboleth.metadata.Metadata;
import edu.internet2.middleware.shibboleth.metadata.RoleDescriptor;
+import edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataProvider;
import edu.internet2.middleware.shibboleth.xml.Parser;
/**
try {
Node fragment = pluggable.newDomNode(); // XML-Fragment node
Node pluggableNode = fragment.getFirstChild(); // PluggableType
- Node contentNode=pluggableNode.getFirstChild();// root element
+ Element contentNode=(Element) pluggableNode.getFirstChild();// root element
impl.initialize(contentNode);
} catch (Exception e) {
initlog.error("XML error " + e);
Document extdoc = Parser.loadDom(uri,true);
if (extdoc==null)
return null;
- impl.initialize(extdoc);
+ impl.initialize(extdoc.getDocumentElement());
} catch (Exception e) {
initlog.error("XML error " + e);
return null;
}
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- XMLMetadataImpl.class,
+ XMLMetadataProvider.class,
Metadata.class,
XMLFEDERATIONPROVIDERTYPE,
entityLocators);
Document sitedoc = Parser.loadDom(uri,true);
if (sitedoc==null)
return false;
- XMLMetadataImpl impl = new XMLMetadataImpl();
- impl.initialize(sitedoc);
+ XMLMetadataProvider impl = new XMLMetadataProvider();
+ impl.initialize(sitedoc.getDocumentElement());
addOrReplaceMetadataImplementor(uri,impl);
} catch (Exception e) {
initlog.error("Error while parsing Metadata file "+uri);
PluggableType[] pluggable = appinfo.getApplicationConfig().getAAPProviderArray();
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- XMLAAPImpl.class,
+ XMLAAPProvider.class,
AAP.class,
XMLAAPPROVIDERTYPE,
attributePolicies);
if (aapdoc==null)
return false;
AttributeAcceptancePolicyDocument aap = AttributeAcceptancePolicyDocument.Factory.parse(aapdoc);
- XMLAAPImpl impl = new XMLAAPImpl();
- impl.initialize(aapdoc);
+ XMLAAPProvider impl = new XMLAAPProvider();
+ impl.initialize(aapdoc.getDocumentElement());
addOrReplaceAAPImplementor(uri,impl);
} catch (Exception e) {
initlog.error("Error while parsing AAP file "+uri);
PluggableType[] pluggable = appinfo.getApplicationConfig().getTrustProviderArray();
for (int i = 0;i<pluggable.length;i++) {
String uri = processPluggable(pluggable[i],
- ShibbolethTrustPluggable.class,
+ ShibbolethTrust.class,
Trust.class,
XMLTRUSTPROVIDERTYPE,
certificateValidators);
+++ /dev/null
-package edu.internet2.middleware.shibboleth.serviceprovider;
-
-import org.apache.xmlbeans.XmlException;
-import org.w3c.dom.Node;
-
-import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-import edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust;
-
-public class ShibbolethTrustPluggable extends ShibbolethTrust implements
- PluggableConfigurationComponent {
-
- public void initialize(Node dom) throws XmlException,
- ShibbolethConfigurationException {
- }
-
-}
+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- * XMLAAPImpl.java
- *
- * Implement the AAP and AttributeRule interfaces using the XML Beans
- * generated from the <AttributeAcceptancePolicy> root element.
- *
- * If an external AAP file is changed and reparsed, then a new instance
- * of this object must be created from the new XMLBean to replace the
- * previous object in the Config Map of AAP interface implementing
- * objects key by its URI.
- *
- */
-package edu.internet2.middleware.shibboleth.serviceprovider;
-
-import java.util.Iterator;
-
-import org.opensaml.SAMLException;
-
-import edu.internet2.middleware.shibboleth.aap.provider.XMLAAPProvider;
-import edu.internet2.middleware.shibboleth.aap.AAP;
-import edu.internet2.middleware.shibboleth.aap.AttributeRule;
-import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * An XMLAAPImpl object implements the AAP interface by creating
- * and maintaining objects that implement the AttributeRule interface.
- * The real work is done in AttributeRule.apply() where a
- * SAML Attribute Assertion is compared to policy and invalid values
- * or assertions are removed.
- *
- * A new instance of this object should be created whenever the
- * AAP XML configuration file is changed and reparsed. The new object
- * should then replace the old object in the Map that ServiceProviderConfig
- * maintains keyed by file URI, holding implementors of the AAP interface.
- */
-public class XMLAAPImpl
- implements AAP,
- PluggableConfigurationComponent {
-
- XMLAAPProvider realObject = null;
-
- public void initialize(Node dom) throws ShibbolethConfigurationException {
- try {
- // Assuming this just gets a DOM tree containing the AAP,
- // hopefully this will "just work".
- realObject =
- new edu.internet2.middleware.shibboleth.aap.provider.XMLAAPProvider(
- (dom instanceof Element) ? (Element)dom : ((dom instanceof Document) ? ((Document)dom).getDocumentElement() : null)
- );
- }
- catch (SAMLException e) {
- throw new ShibbolethConfigurationException("Exception initializing AAP: " + e);
- }
- }
-
- public boolean anyAttribute() {
- return realObject.anyAttribute();
- }
-
- public AttributeRule lookup(String name, String namespace) {
- return realObject.lookup(name,namespace);
- }
-
- public AttributeRule lookup(String alias) {
- return realObject.lookup(alias);
- }
-
- public Iterator getAttributeRules() {
- return realObject.getAttributeRules();
- }
-
-}
+++ /dev/null
-/*
- * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/*
- *
- * Process Shibboleth 1.2 Metadata and present an EntityDescriptor
- * interface.
- *
- */
-package edu.internet2.middleware.shibboleth.serviceprovider;
-
-import org.apache.xmlbeans.XmlException;
-import org.opensaml.SAMLException;
-import org.opensaml.artifact.Artifact;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
-import edu.internet2.middleware.shibboleth.metadata.Metadata;
-import edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataProvider;
-
-
-/**
- * Wrap the metadata.provider.XMLMetadataProvider with a class that implements
- * the SP PluggableConfigurationComponent interface. Delegate all processing
- * calls to the wrapped object.
- *
- * <p>XMLMetadataProvider takes Node as a Constructor argument, but in the SP
- * a Pluggable has to be a Bean that can be created with a default constructor
- * and then be passed a Node to complete initialization.<p>
- */
-class XMLMetadataImpl
- implements
- Metadata,
- PluggableConfigurationComponent
- {
-
-
- XMLMetadataProvider realObject = null;
-
-
- public void initialize(Node dom)
- throws XmlException, ShibbolethConfigurationException {
- try {
- realObject =
- new edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataProvider(
- (dom instanceof Element) ?
- (Element)dom :
- ((dom instanceof Document) ?
- ((Document)dom).getDocumentElement() :
- null)
- );
- }
- catch (SAMLException e) {
- throw new ShibbolethConfigurationException("Exception initializing metadata: " + e);
- }
- }
-
- public EntityDescriptor lookup(String id) {
- return realObject.lookup(id);
- }
-
- public EntityDescriptor lookup(Artifact artifact) {
- return realObject.lookup(artifact);
- }
-}
\ No newline at end of file