Provide support for other SAML NameID formats.
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 12 Jul 2003 00:00:10 +0000 (00:00 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Sat, 12 Jul 2003 00:00:10 +0000 (00:00 +0000)
Add a Handle provider that supports non-privacy deployments.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@672 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/AASaml.java
src/edu/internet2/middleware/shibboleth/aa/AAServlet.java
src/edu/internet2/middleware/shibboleth/common/ClubShibPOSTProfile.java
src/edu/internet2/middleware/shibboleth/common/ShibPOSTProfile.java
src/edu/internet2/middleware/shibboleth/hs/HandleRepository.java
src/edu/internet2/middleware/shibboleth/hs/HandleServlet.java
src/edu/internet2/middleware/shibboleth/hs/provider/BaseHandleRepository.java
src/edu/internet2/middleware/shibboleth/hs/provider/CryptoHandleRepository.java
src/edu/internet2/middleware/shibboleth/hs/provider/IdentityHandleRepository.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/hs/provider/MemoryHandleRepository.java

index f62192e..ad7ed03 100755 (executable)
@@ -112,19 +112,23 @@ public class AASaml {
     }
 
     public String getHandle(){
-       return aquery.getSubject().getName();
+        return aquery.getSubject().getName();
+    }
+
+    public String getFormat(){
+        return aquery.getSubject().getFormat();
     }
 
     public String getResource(){
-       return aquery.getResource();
+        return aquery.getResource();
     }
 
     public String getShar(){
-       return sharName.toString();
+        return sharName.toString();
     }
     
     public Iterator getDesignators() {
-       return aquery.getDesignators();
+        return aquery.getDesignators();
     }
 
  
index a3618e9..f5c60ec 100755 (executable)
@@ -245,7 +245,7 @@ public class AAServlet extends HttpServlet {
                                // for testing
                                principal = new AuthNPrincipal("test-handle");
                        } else {
-                               principal = handleRepository.getPrincipal(saml.getHandle());
+                               principal = handleRepository.getPrincipal(saml.getHandle(),saml.getFormat());
                        }
 
                        URL resource = null;
index eb6c042..7312578 100755 (executable)
@@ -114,6 +114,7 @@ public class ClubShibPOSTProfile extends ShibPOSTProfile
      * @param  recipient          URL of intended consumer
      * @param  name               Name of subject
      * @param  nameQualifier      Federates or qualifies subject name (optional)
+     * @param  nameFormat         Format URI of name (optional)
      * @param  subjectIP          Client address of subject (optional)
      * @param  authMethod         URI of authentication method being asserted
      * @param  authInstant        Date and time of authentication being asserted
@@ -134,6 +135,7 @@ public class ClubShibPOSTProfile extends ShibPOSTProfile
     public SAMLResponse prepare(String recipient,
                                 String name,
                                 String nameQualifier,
+                                String nameFormat,
                                 String subjectIP,
                                 String authMethod,
                                 Date authInstant,
@@ -152,6 +154,7 @@ public class ClubShibPOSTProfile extends ShibPOSTProfile
             recipient,
             name,
             nameQualifier,
+            nameFormat,
             subjectIP,
             authMethod,
             authInstant,
index bf66a3a..3e7580c 100755 (executable)
@@ -281,6 +281,7 @@ public class ShibPOSTProfile
      * @param  recipient          URL of intended consumer
      * @param  name               Name of subject
      * @param  nameQualifier      Federates or qualifies subject name (optional)
+     * @param  nameFormat         URI identifying format of name
      * @param  subjectIP          Client address of subject (optional)
      * @param  authMethod         URI of authentication method being asserted
      * @param  authInstant        Date and time of authentication being asserted
@@ -301,6 +302,7 @@ public class ShibPOSTProfile
     public SAMLResponse prepare(String recipient,
                                 String name,
                                 String nameQualifier,
+                                String nameFormat,
                                 String subjectIP,
                                 String authMethod,
                                 Date authInstant,
@@ -323,7 +325,7 @@ public class ShibPOSTProfile
             policies,
             name,
             nameQualifier,
-            Constants.SHIB_NAMEID_FORMAT_URI,
+            nameFormat,
             subjectIP,
             authMethod,
             authInstant,
index 8b9d9aa..6166ad0 100644 (file)
@@ -64,7 +64,7 @@ public interface HandleRepository {
         * used in attribute requests for the given <code>AuthNPrincipal</code>.
         * @throws HandleRepositoryException if a Attribute Query Handle could not be created.
         */
-       public String getHandle(AuthNPrincipal principal) throws HandleRepositoryException;
+       public String getHandle(AuthNPrincipal principal, StringBuffer format) throws HandleRepositoryException;
 
        /**
         * Finds the <code>AuthNPrincipal</code> associated with a given opaque identifier.
@@ -72,6 +72,6 @@ public interface HandleRepository {
         * be resolved to a <code>AuthNPrincipal</code>
         * @throws HandleRepositoryException if the <code>HandleRepository</code> encounters an internal error
         */
-       public AuthNPrincipal getPrincipal(String handle) throws HandleRepositoryException, InvalidHandleException;
+       public AuthNPrincipal getPrincipal(String handle, String format) throws HandleRepositoryException, InvalidHandleException;
 
 }
index b6d9493..0950c39 100644 (file)
@@ -300,12 +300,14 @@ public class HandleServlet extends HttpServlet {
                        String header = configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username");
                        String username = header.equalsIgnoreCase("REMOTE_USER") ? req.getRemoteUser() : req.getHeader(header);
 
-                       String handle = handleRepository.getHandle(new AuthNPrincipal(username));
+            StringBuffer format = new StringBuffer();
+                       String handle = handleRepository.getHandle(new AuthNPrincipal(username), format);
                        log.info("Issued Handle (" + handle + ") to (" + username + ")");
 
                        byte[] buf =
                                generateAssertion(
                                        handle,
+                    format.toString(),
                                        req.getParameter("shire"),
                                        req.getRemoteAddr(),
                                        configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod"));
@@ -328,7 +330,7 @@ public class HandleServlet extends HttpServlet {
 
        }
 
-       protected byte[] generateAssertion(String handle, String shireURL, String clientAddress, String authType)
+       protected byte[] generateAssertion(String handle, String format, String shireURL, String clientAddress, String authType)
                throws SAMLException, IOException {
 
                SAMLAuthorityBinding binding =
@@ -342,6 +344,7 @@ public class HandleServlet extends HttpServlet {
                                shireURL,
                                handle,
                                configuration.getProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName"),
+                format,
                                clientAddress,
                                authType,
                                new Date(System.currentTimeMillis()),
index e305d4f..95e645c 100644 (file)
@@ -91,7 +91,6 @@ public abstract class BaseHandleRepository implements HandleRepository {
                                "Value for (edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL) must be a long integer.");
                        throw new HandleRepositoryException("Value for (edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL) must be a long integer.");
                }
-
        }
        
        protected HandleEntry createHandleEntry(AuthNPrincipal principal) {
index 4e34d86..20e01e4 100644 (file)
@@ -77,6 +77,7 @@ import org.apache.log4j.Logger;
 import sun.misc.BASE64Decoder;
 import sun.misc.BASE64Encoder;
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
+import edu.internet2.middleware.shibboleth.common.Constants;
 import edu.internet2.middleware.shibboleth.common.ShibResource;
 import edu.internet2.middleware.shibboleth.hs.HandleRepository;
 import edu.internet2.middleware.shibboleth.hs.HandleRepositoryException;
@@ -211,11 +212,11 @@ public class CryptoHandleRepository extends BaseHandleRepository implements Hand
        /**
         * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getHandle(Principal)
         */
-       public String getHandle(AuthNPrincipal principal) throws HandleRepositoryException {
+       public String getHandle(AuthNPrincipal principal, StringBuffer format) throws HandleRepositoryException {
                try {
-                       if (principal == null) {
-                               log.error("A principal must be supplied for Attribute Query Handle creation.");
-                               throw new IllegalArgumentException("A principal must be supplied for Attribute Query Handle creation.");
+                       if (principal == null || format == null) {
+                               log.error("A principal and format buffer must be supplied for Attribute Query Handle creation.");
+                               throw new IllegalArgumentException("A principal and format buffer must be supplied for Attribute Query Handle creation.");
                        }
 
                        HandleEntry handleEntry = createHandleEntry(principal);
@@ -233,6 +234,10 @@ public class CryptoHandleRepository extends BaseHandleRepository implements Hand
                        outStream.close();
 
                        String handle = new BASE64Encoder().encode(cipherTextHandle);
+            
+            format.setLength(0);
+            format.append(Constants.SHIB_NAMEID_FORMAT_URI);
+
                        return handle.replaceAll(System.getProperty("line.separator"), "");
 
                } catch (KeyException e) {
@@ -250,7 +255,11 @@ public class CryptoHandleRepository extends BaseHandleRepository implements Hand
        /**
         * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getPrincipal(String)
         */
-       public AuthNPrincipal getPrincipal(String handle) throws HandleRepositoryException, InvalidHandleException {
+       public AuthNPrincipal getPrincipal(String handle, String format) throws HandleRepositoryException, InvalidHandleException {
+        if (!Constants.SHIB_NAMEID_FORMAT_URI.equals(format)) {
+            log.debug("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+            throw new InvalidHandleException("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+        }
 
                try {
                        Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
diff --git a/src/edu/internet2/middleware/shibboleth/hs/provider/IdentityHandleRepository.java b/src/edu/internet2/middleware/shibboleth/hs/provider/IdentityHandleRepository.java
new file mode 100644 (file)
index 0000000..771ad4d
--- /dev/null
@@ -0,0 +1,113 @@
+/* 
+ * The Shibboleth License, Version 1. 
+ * Copyright (c) 2002 
+ * University Corporation for Advanced Internet Development, Inc. 
+ * All rights reserved
+ * 
+ * 
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice, this 
+ * list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice, 
+ * this list of conditions and the following disclaimer in the documentation 
+ * and/or other materials provided with the distribution, if any, must include 
+ * the following acknowledgment: "This product includes software developed by 
+ * the University Corporation for Advanced Internet Development 
+ * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
+ * may appear in the software itself, if and wherever such third-party 
+ * acknowledgments normally appear.
+ * 
+ * Neither the name of Shibboleth nor the names of its contributors, nor 
+ * Internet2, nor the University Corporation for Advanced Internet Development, 
+ * Inc., nor UCAID may be used to endorse or promote products derived from this 
+ * software without specific prior written permission. For written permission, 
+ * please contact shibboleth@shibboleth.org
+ * 
+ * Products derived from this software may not be called Shibboleth, Internet2, 
+ * UCAID, or the University Corporation for Advanced Internet Development, nor 
+ * may Shibboleth appear in their name, without prior written permission of the 
+ * University Corporation for Advanced Internet Development.
+ * 
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
+ * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
+ * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
+ * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
+ * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
+ * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.hs.provider;
+
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+
+import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
+import edu.internet2.middleware.shibboleth.common.Constants;
+import edu.internet2.middleware.shibboleth.hs.HandleRepository;
+import edu.internet2.middleware.shibboleth.hs.HandleRepositoryException;
+import edu.internet2.middleware.shibboleth.hs.InvalidHandleException;
+
+/**
+ * <code>HandleRepository</code> implementation that employs the use of a shard secret
+ * in order to transmit identity information.
+ * 
+ * @author Walter Hoehn (wassa@columbia.edu)
+ */
+public class IdentityHandleRepository extends BaseHandleRepository implements HandleRepository {
+
+       private static Logger log = Logger.getLogger(IdentityHandleRepository.class.getName());
+    
+    private String format;
+
+       public IdentityHandleRepository(Properties properties) throws HandleRepositoryException {
+               super(properties);
+        if (properties.getProperty("edu.internet2.middleware.shibboleth.hs.IdentityHandleRepository.formatURI")
+            != null) {
+            format = properties.getProperty(
+                        "edu.internet2.middleware.shibboleth.hs.IdentityHandleRepository.formatURI",
+                        null);
+            if (format == null)
+                format = Constants.SHIB_NAMEID_FORMAT_URI;
+        }
+        log.debug("Attribute Query Handle TTL set to (" + handleTTL + ") milliseconds.");
+       }
+
+       /**
+        * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getHandle(Principal)
+        */
+       public String getHandle(AuthNPrincipal principal, StringBuffer format) throws HandleRepositoryException {
+               if (principal == null || format == null) {
+                       log.error("A principal and format buffer must be supplied for Attribute Query Handle creation.");
+                       throw new IllegalArgumentException("A principal and format buffer must be supplied for Attribute Query Handle creation.");
+               }
+
+        format.setLength(0);
+        format.append(this.format);
+
+               return principal.getName();
+       }
+
+       /**
+        * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getPrincipal(String)
+        */
+       public AuthNPrincipal getPrincipal(String handle, String format) throws HandleRepositoryException, InvalidHandleException {
+        if (!this.format.equals(format)) {
+            log.debug("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+            throw new InvalidHandleException("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+        }
+        
+        return new AuthNPrincipal(handle);
+       }
+}
index 32941bb..ddb707b 100644 (file)
@@ -61,6 +61,7 @@ import org.apache.log4j.Logger;
 import org.doomdark.uuid.UUIDGenerator;
 
 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
+import edu.internet2.middleware.shibboleth.common.Constants;
 import edu.internet2.middleware.shibboleth.hs.HandleRepository;
 import edu.internet2.middleware.shibboleth.hs.HandleRepositoryException;
 import edu.internet2.middleware.shibboleth.hs.InvalidHandleException;
@@ -83,11 +84,11 @@ public class MemoryHandleRepository extends BaseHandleRepository implements Hand
        /**
         * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getHandle(Principal)
         */
-       public String getHandle(AuthNPrincipal principal) throws HandleRepositoryException {
+       public String getHandle(AuthNPrincipal principal, StringBuffer format) throws HandleRepositoryException {
 
-               if (principal == null) {
-                       log.error("A principal must be supplied for Attribute Query Handle creation.");
-                       throw new IllegalArgumentException("A principal must be supplied for Attribute Query Handle creation.");
+               if (principal == null || format == null) {
+                       log.error("A principal and format buffer must be supplied for Attribute Query Handle creation.");
+                       throw new IllegalArgumentException("A principal and format buffer must be supplied for Attribute Query Handle creation.");
                }
 
                String handle = UUIDGenerator.getInstance().generateRandomBasedUUID().toString();
@@ -95,13 +96,21 @@ public class MemoryHandleRepository extends BaseHandleRepository implements Hand
                synchronized (cache.handleEntries) {
                        cache.handleEntries.put(handle, createHandleEntry(principal));
                }
+        
+        format.setLength(0);
+        format.append(Constants.SHIB_NAMEID_FORMAT_URI);
+
                return handle;
        }
 
        /**
         * @see edu.internet2.middleware.shibboleth.hs.HandleRepository#getPrincipal(String)
         */
-       public AuthNPrincipal getPrincipal(String handle) throws InvalidHandleException {
+       public AuthNPrincipal getPrincipal(String handle, String format) throws InvalidHandleException {
+        if (!Constants.SHIB_NAMEID_FORMAT_URI.equals(format)) {
+            log.debug("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+            throw new InvalidHandleException("This Repository does not understand handles with a format URI of " + (format==null ? "null" : format));
+        }
                synchronized (cache.handleEntries) {
                        if (!cache.handleEntries.containsKey(handle)) {
                                log.debug("The Repository does not contain an entry for this Attribute Query Handle.");