Code cleanups in preparation for 2.0 work.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 28 Apr 2006 21:57:47 +0000 (21:57 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 28 Apr 2006 21:57:47 +0000 (21:57 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1932 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/aa/arp/ArpEngine.java
src/edu/internet2/middleware/shibboleth/idp/IdPProtocolSupport.java
src/edu/internet2/middleware/shibboleth/idp/provider/ADFS_SSOHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/SAMLv1_AttributeQueryHandler.java
src/edu/internet2/middleware/shibboleth/idp/provider/ShibbolethV1SSOHandler.java
src/edu/internet2/middleware/shibboleth/utils/ResolverTest.java

index 0cffac7..675cb96 100755 (executable)
@@ -257,7 +257,7 @@ public class ArpEngine {
         * 
         * @return the attributes to be released
         */
         * 
         * @return the attributes to be released
         */
-       public void filterAttributes(Collection<ArpAttribute> attributes, Principal principal, String requester,
+       public void filterAttributes(Collection<? extends ArpAttribute> attributes, Principal principal, String requester,
                        URL resource) throws ArpProcessingException {
 
                if (attributes.isEmpty()) {
                        URL resource) throws ArpProcessingException {
 
                if (attributes.isEmpty()) {
@@ -268,14 +268,14 @@ public class ArpEngine {
                log.info("Applying Attribute Release Policies.");
                if (log.isDebugEnabled()) {
                        log.debug("Processing the following attributes:");
                log.info("Applying Attribute Release Policies.");
                if (log.isDebugEnabled()) {
                        log.debug("Processing the following attributes:");
-                       for (Iterator<ArpAttribute> attrIterator = attributes.iterator(); attrIterator.hasNext();) {
+                       for (Iterator<? extends ArpAttribute> attrIterator = attributes.iterator(); attrIterator.hasNext();) {
                                log.debug("Attribute: (" + attrIterator.next().getName() + ")");
                        }
                }
 
                // Gather all applicable ARP attribute specifiers
                Set<String> attributeNames = new HashSet<String>();
                                log.debug("Attribute: (" + attrIterator.next().getName() + ")");
                        }
                }
 
                // Gather all applicable ARP attribute specifiers
                Set<String> attributeNames = new HashSet<String>();
-               for (Iterator<ArpAttribute> nameIterator = attributes.iterator(); nameIterator.hasNext();) {
+               for (Iterator<? extends ArpAttribute> nameIterator = attributes.iterator(); nameIterator.hasNext();) {
                        attributeNames.add(nameIterator.next().getName());
                }
                Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
                        attributeNames.add(nameIterator.next().getName());
                }
                Rule[] rules = createEffectiveArp(principal, requester, resource).getAllRules();
@@ -294,7 +294,7 @@ public class ArpEngine {
                                .toArray(new Rule.Attribute[0]));
 
                // Filter
                                .toArray(new Rule.Attribute[0]));
 
                // Filter
-               for (Iterator<ArpAttribute> returnIterator = attributes.iterator(); returnIterator.hasNext();) {
+               for (Iterator<? extends ArpAttribute> returnIterator = attributes.iterator(); returnIterator.hasNext();) {
 
                        ArpAttribute arpAttribute = returnIterator.next();
                        Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(arpAttribute.getName());
 
                        ArpAttribute arpAttribute = returnIterator.next();
                        Rule.Attribute attribute = (Rule.Attribute) arpAttributeSpecs.get(arpAttribute.getName());
index 9d92d7c..04e1c08 100644 (file)
@@ -14,7 +14,10 @@ import java.net.URL;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Iterator;
+import java.util.Map;
 
 import org.apache.log4j.Logger;
 import org.apache.xml.security.signature.XMLSignature;
 
 import org.apache.log4j.Logger;
 import org.apache.xml.security.signature.XMLSignature;
@@ -27,7 +30,6 @@ import org.opensaml.artifact.Artifact;
 import org.w3c.dom.Element;
 
 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
 import org.w3c.dom.Element;
 
 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
 import edu.internet2.middleware.shibboleth.aa.AAException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
 import edu.internet2.middleware.shibboleth.aa.AAException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
@@ -43,8 +45,8 @@ import edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust;
 import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.Metadata;
 import edu.internet2.middleware.shibboleth.metadata.EntitiesDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.EntityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.Metadata;
-import edu.internet2.middleware.shibboleth.metadata.MetadataProviderFactory;
 import edu.internet2.middleware.shibboleth.metadata.MetadataException;
 import edu.internet2.middleware.shibboleth.metadata.MetadataException;
+import edu.internet2.middleware.shibboleth.metadata.MetadataProviderFactory;
 
 /**
  * Delivers core IdP functionality (Attribute resolution, ARP filtering, Metadata lookup, Signing, Mapping between local &
 
 /**
  * Delivers core IdP functionality (Attribute resolution, ARP filtering, Metadata lookup, Signing, Mapping between local &
@@ -218,11 +220,12 @@ public class IdPProtocolSupport implements Metadata {
                return null;
        }
 
                return null;
        }
 
-       public SAMLAttribute[] getReleaseAttributes(Principal principal, RelyingParty relyingParty, String requester,
-                       URL resource) throws AAException {
+       public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
+                       String requester, URL resource) throws AAException {
 
                try {
 
                try {
-                       URI[] potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester, resource);
+                       Collection<URI> potentialAttributes = arpEngine.listPossibleReleaseAttributes(principal, requester,
+                                       resource);
                        return getReleaseAttributes(principal, relyingParty, requester, resource, potentialAttributes);
 
                } catch (ArpProcessingException e) {
                        return getReleaseAttributes(principal, relyingParty, requester, resource, potentialAttributes);
 
                } catch (ArpProcessingException e) {
@@ -232,25 +235,24 @@ public class IdPProtocolSupport implements Metadata {
                }
        }
 
                }
        }
 
-       public SAMLAttribute[] getReleaseAttributes(Principal principal, RelyingParty relyingParty, String requester,
-                       URL resource, URI[] attributeNames) throws AAException {
+       public Collection<? extends SAMLAttribute> getReleaseAttributes(Principal principal, RelyingParty relyingParty,
+                       String requester, URL resource, Collection<URI> attributeNames) throws AAException {
 
                try {
 
                try {
-                       AAAttributeSet attributeSet = new AAAttributeSet();
-                       for (int i = 0; i < attributeNames.length; i++) {
+                       Map<String, AAAttribute> attributes = new HashMap<String, AAAttribute>();
+                       for (URI name : attributeNames) {
 
                                AAAttribute attribute = null;
                                if (relyingParty.wantsSchemaHack()) {
 
                                AAAttribute attribute = null;
                                if (relyingParty.wantsSchemaHack()) {
-                                       attribute = new AAAttribute(attributeNames[i].toString(), true);
+                                       attribute = new AAAttribute(name.toString(), true);
                                } else {
                                } else {
-                                       attribute = new AAAttribute(attributeNames[i].toString(), false);
+                                       attribute = new AAAttribute(name.toString(), false);
                                }
                                }
-
-                               attributeSet.add(attribute);
+                               attributes.put(attribute.getName(), attribute);
                        }
 
                        return resolveAttributes(principal, requester, relyingParty.getIdentityProvider().getProviderId(),
                        }
 
                        return resolveAttributes(principal, requester, relyingParty.getIdentityProvider().getProviderId(),
-                                       resource, attributeSet);
+                                       resource, attributes);
 
                } catch (SAMLException e) {
                        log.error("An error occurred while creating attributes for principal (" + principal.getName() + ") :"
 
                } catch (SAMLException e) {
                        log.error("An error occurred while creating attributes for principal (" + principal.getName() + ") :"
@@ -264,19 +266,19 @@ public class IdPProtocolSupport implements Metadata {
                }
        }
 
                }
        }
 
-       public SAMLAttribute[] resolveAttributes(Principal principal, String requester, String responder, URL resource,
-                       AAAttributeSet attributeSet) throws ArpProcessingException {
+       public Collection<? extends SAMLAttribute> resolveAttributes(Principal principal, String requester,
+                       String responder, URL resource, Map<String, AAAttribute> attributeSet) throws ArpProcessingException {
 
                resolver.resolveAttributes(principal, requester, responder, attributeSet);
 
                resolver.resolveAttributes(principal, requester, responder, attributeSet);
-               arpEngine.filterAttributes(attributeSet, principal, requester, resource);
-               return attributeSet.getAttributes();
+               arpEngine.filterAttributes(attributeSet.values(), principal, requester, resource);
+               return attributeSet.values();
        }
 
        }
 
-       public SAMLAttribute[] resolveAttributesNoPolicies(Principal principal, String requester, String responder,
-                       AAAttributeSet attributeSet) {
+       public Collection<? extends SAMLAttribute> resolveAttributesNoPolicies(Principal principal, String requester,
+                       String responder, Map<String, AAAttribute> attributeSet) {
 
                resolver.resolveAttributes(principal, requester, responder, attributeSet);
 
                resolver.resolveAttributes(principal, requester, responder, attributeSet);
-               return attributeSet.getAttributes();
+               return attributeSet.values();
        }
 
        /**
        }
 
        /**
index fa84f4b..aa2c63f 100644 (file)
@@ -32,6 +32,7 @@ import org.opensaml.SAMLAttribute;
 import org.opensaml.SAMLAttributeStatement;
 import org.opensaml.SAMLAudienceRestrictionCondition;
 import org.opensaml.SAMLAuthenticationStatement;
 import org.opensaml.SAMLAttributeStatement;
 import org.opensaml.SAMLAudienceRestrictionCondition;
 import org.opensaml.SAMLAuthenticationStatement;
+import org.opensaml.SAMLCondition;
 import org.opensaml.SAMLConfig;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLNameIdentifier;
 import org.opensaml.SAMLConfig;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLNameIdentifier;
@@ -226,22 +227,22 @@ public class ADFS_SSOHandler extends SSOHandler implements IdPProtocolHandler {
                        SAMLAssertion assertion, HttpServletRequest request) throws SAMLException {
 
                try {
                        SAMLAssertion assertion, HttpServletRequest request) throws SAMLException {
 
                try {
-                       SAMLAttribute[] attributes = support.getReleaseAttributes(principal, relyingParty, relyingParty
-                                       .getProviderId(), null);
-                       log.info("Found " + attributes.length + " attribute(s) for " + principal.getName());
+                       Collection<? extends SAMLAttribute> attributes = support.getReleaseAttributes(principal, relyingParty,
+                                       relyingParty.getProviderId(), null);
+                       log.info("Found " + attributes.size() + " attribute(s) for " + principal.getName());
 
                        // Bail if we didn't get any attributes
 
                        // Bail if we didn't get any attributes
-                       if (attributes == null || attributes.length < 1) {
+                       if (attributes == null || attributes.size() < 1) {
                                log.info("No attributes resolved.");
                                return;
                        }
 
                        // The ADFS spec recommends that all attributes have this URI, but it doesn't require it
                                log.info("No attributes resolved.");
                                return;
                        }
 
                        // The ADFS spec recommends that all attributes have this URI, but it doesn't require it
-                       for (int i = 0; i < attributes.length; i++) {
-                               if (!attributes[i].getNamespace().equals(CLAIMS_URI)) {
+                       for (SAMLAttribute attribute : attributes) {
+                               if (!attribute.getNamespace().equals(CLAIMS_URI)) {
                                        log.warn("It is recommended that all attributes sent via the ADFS SSO handler "
                                        log.warn("It is recommended that all attributes sent via the ADFS SSO handler "
-                                                       + "have a namespace of (" + CLAIMS_URI + ").  The attribute (" + attributes[i].getName()
-                                                       + ") has a namespace of (" + attributes[i].getNamespace() + ").");
+                                                       + "have a namespace of (" + CLAIMS_URI + ").  The attribute (" + attribute.getName()
+                                                       + ") has a namespace of (" + attribute.getNamespace() + ").");
                                }
                        }
 
                                }
                        }
 
@@ -274,11 +275,11 @@ public class ADFS_SSOHandler extends SSOHandler implements IdPProtocolHandler {
                subject.addConfirmationMethod(SAMLSubject.CONF_BEARER);
 
                // ADFS spec requires a single audience of the SP
                subject.addConfirmationMethod(SAMLSubject.CONF_BEARER);
 
                // ADFS spec requires a single audience of the SP
-               ArrayList audiences = new ArrayList();
+               ArrayList<String> audiences = new ArrayList<String>();
                if (relyingParty.getProviderId() != null) {
                        audiences.add(relyingParty.getProviderId());
                }
                if (relyingParty.getProviderId() != null) {
                        audiences.add(relyingParty.getProviderId());
                }
-               Vector conditions = new Vector(1);
+               Vector<SAMLCondition> conditions = new Vector<SAMLCondition>(1);
                if (audiences != null && audiences.size() > 0) conditions.add(new SAMLAudienceRestrictionCondition(audiences));
 
                // Determine the correct issuer
                if (audiences != null && audiences.size() > 0) conditions.add(new SAMLAudienceRestrictionCondition(audiences));
 
                // Determine the correct issuer
index ef372c1..1fb2aaf 100644 (file)
@@ -23,6 +23,7 @@ import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
@@ -87,31 +88,29 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
 
        private String authenticateAs(String assertedId, X509Certificate[] chain, IdPProtocolSupport support)
                        throws InvalidProviderCredentialException {
 
        private String authenticateAs(String assertedId, X509Certificate[] chain, IdPProtocolSupport support)
                        throws InvalidProviderCredentialException {
+
                // See if we have metadata for this provider
                EntityDescriptor provider = support.lookup(assertedId);
                if (provider == null) {
                        log.info("No metadata found for providerId: (" + assertedId + ").");
                        return null;
                // See if we have metadata for this provider
                EntityDescriptor provider = support.lookup(assertedId);
                if (provider == null) {
                        log.info("No metadata found for providerId: (" + assertedId + ").");
                        return null;
-               }
-               else {
+               } else {
                        log.info("Metadata found for providerId: (" + assertedId + ").");
                }
                RoleDescriptor ar_role = provider.getAttributeRequesterDescriptor(XML.SAML11_PROTOCOL_ENUM);
                RoleDescriptor sp_role = provider.getSPSSODescriptor(XML.SAML11_PROTOCOL_ENUM);
                if (ar_role == null && sp_role == null) {
                        log.info("Metadata found for providerId: (" + assertedId + ").");
                }
                RoleDescriptor ar_role = provider.getAttributeRequesterDescriptor(XML.SAML11_PROTOCOL_ENUM);
                RoleDescriptor sp_role = provider.getSPSSODescriptor(XML.SAML11_PROTOCOL_ENUM);
                if (ar_role == null && sp_role == null) {
-                       log.info("SPSSO and Stand-Alone Requester roles not found in metadata for provider: ("
-                                       + assertedId + ").");
+                       log.info("SPSSO and Stand-Alone Requester roles not found in metadata for provider: (" + assertedId + ").");
                        return null;
                }
 
                // Make sure that the supplied credential is valid for the selected provider role.
                        return null;
                }
 
                // Make sure that the supplied credential is valid for the selected provider role.
-               if ((ar_role != null && support.getTrust().validate(chain[0], chain, ar_role)) ||
-                       (sp_role != null &&     support.getTrust().validate(chain[0], chain, sp_role))) {
+               if ((ar_role != null && support.getTrust().validate(chain[0], chain, ar_role))
+                               || (sp_role != null && support.getTrust().validate(chain[0], chain, sp_role))) {
                        log.info("Supplied credentials validated for this provider.");
                        return assertedId;
                } else {
                        log.info("Supplied credentials validated for this provider.");
                        return assertedId;
                } else {
-                       log.error("Supplied credentials ("
-                                       + chain[0].getSubjectX500Principal().getName(X500Principal.RFC2253)
+                       log.error("Supplied credentials (" + chain[0].getSubjectX500Principal().getName(X500Principal.RFC2253)
                                        + ") are NOT valid for provider (" + assertedId + ").");
                        throw new InvalidProviderCredentialException("Invalid credentials.");
                }
                                        + ") are NOT valid for provider (" + assertedId + ").");
                        throw new InvalidProviderCredentialException("Invalid credentials.");
                }
@@ -125,7 +124,8 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
                        SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException {
 
        public SAMLResponse processRequest(HttpServletRequest request, HttpServletResponse response,
                        SAMLRequest samlRequest, IdPProtocolSupport support) throws SAMLException, IOException, ServletException {
 
-               if (samlRequest == null || samlRequest.getQuery() == null || !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
+               if (samlRequest == null || samlRequest.getQuery() == null
+                               || !(samlRequest.getQuery() instanceof SAMLAttributeQuery)) {
                        log.error("Protocol Handler can only respond to SAML Attribute Queries.");
                        throw new SAMLException("General error processing request.");
                }
                        log.error("Protocol Handler can only respond to SAML Attribute Queries.");
                        throw new SAMLException("General error processing request.");
                }
@@ -137,16 +137,16 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                String effectiveName = null;
 
                // Log the physical credential supplied, if any.
                String effectiveName = null;
 
                // Log the physical credential supplied, if any.
-               X509Certificate[] credentials = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
-               if (credentials == null || credentials.length == 0 ||
-                               credentials[0].getSubjectX500Principal().getName(X500Principal.RFC2253).equals("")) {
+               X509Certificate[] credentials = (X509Certificate[]) request
+                               .getAttribute("javax.servlet.request.X509Certificate");
+               if (credentials == null || credentials.length == 0
+                               || credentials[0].getSubjectX500Principal().getName(X500Principal.RFC2253).equals("")) {
                        log.info("Request contained no credentials, treating as an unauthenticated service provider.");
                        log.info("Request contained no credentials, treating as an unauthenticated service provider.");
-               }
-               else {
+               } else {
                        log.info("Request contains credentials: ("
                                        + credentials[0].getSubjectX500Principal().getName(X500Principal.RFC2253) + ").");
 
                        log.info("Request contains credentials: ("
                                        + credentials[0].getSubjectX500Principal().getName(X500Principal.RFC2253) + ").");
 
-                       // Try and authenticate the requester as any of the potentially relevant identifiers we know.                   
+                       // Try and authenticate the requester as any of the potentially relevant identifiers we know.
                        try {
                                if (attributeQuery.getResource() != null) {
                                        log.info("Remote provider has identified itself as: (" + attributeQuery.getResource() + ").");
                        try {
                                if (attributeQuery.getResource() != null) {
                                        log.info("Remote provider has identified itself as: (" + attributeQuery.getResource() + ").");
@@ -154,7 +154,8 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                }
 
                                if (effectiveName == null) {
                                }
 
                                if (effectiveName == null) {
-                                       log.info("Remote provider not yet identified, attempting to derive requesting provider from credentials.");
+                                       log
+                                                       .info("Remote provider not yet identified, attempting to derive requesting provider from credentials.");
 
                                        // Try the additional candidates.
                                        String[] candidateNames = getCredentialNames(credentials[0]);
 
                                        // Try the additional candidates.
                                        String[] candidateNames = getCredentialNames(credentials[0]);
@@ -166,15 +167,14 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                throw new SAMLException(SAMLException.REQUESTER, "Invalid credentials for request.");
                        }
                }
                                throw new SAMLException(SAMLException.REQUESTER, "Invalid credentials for request.");
                        }
                }
-               
+
                if (effectiveName == null) {
                        log.info("Unable to locate metadata about provider, treating as an unauthenticated service provider.");
                        relyingParty = support.getServiceProviderMapper().getRelyingParty(null);
                if (effectiveName == null) {
                        log.info("Unable to locate metadata about provider, treating as an unauthenticated service provider.");
                        relyingParty = support.getServiceProviderMapper().getRelyingParty(null);
-            if(log.isDebugEnabled()) {
-                log.debug("Using default Relying Party, " + relyingParty.getName() + " for unauthenticated provider.");
-            }
-               }
-               else {
+                       if (log.isDebugEnabled()) {
+                               log.debug("Using default Relying Party, " + relyingParty.getName() + " for unauthenticated provider.");
+                       }
+               } else {
                        // Identify a Relying Party
                        log.debug("Mapping authenticated provider (" + effectiveName + ") to Relying Party.");
                        relyingParty = support.getServiceProviderMapper().getRelyingParty(effectiveName);
                        // Identify a Relying Party
                        log.debug("Mapping authenticated provider (" + effectiveName + ") to Relying Party.");
                        relyingParty = support.getServiceProviderMapper().getRelyingParty(effectiveName);
@@ -190,13 +190,10 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                        String method = (String) iterator.next();
                        log.info("Request contains SAML Subject Confirmation method: (" + method + ").");
                        hasConfirmationMethod = true;
                        String method = (String) iterator.next();
                        log.info("Request contains SAML Subject Confirmation method: (" + method + ").");
                        hasConfirmationMethod = true;
-                       if (!method.equals(SAMLSubject.CONF_BEARER))
-                               hasOnlyBearer = false;
-               }
-               if (hasConfirmationMethod && !hasOnlyBearer) {
-                       throw new SAMLException(SAMLException.REQUESTER,
-                               "This SAML authority cannot honor requests containing the supplied SAML Subject Confirmation Method(s).");
+                       if (!method.equals(SAMLSubject.CONF_BEARER)) hasOnlyBearer = false;
                }
                }
+               if (hasConfirmationMethod && !hasOnlyBearer) { throw new SAMLException(SAMLException.REQUESTER,
+                               "This SAML authority cannot honor requests containing the supplied SAML Subject Confirmation Method(s)."); }
 
                // Map Subject to local principal
                Principal principal = null;
 
                // Map Subject to local principal
                Principal principal = null;
@@ -220,11 +217,11 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                        log.info("Request is for principal (" + principal.getName() + ").");
 
                        // Get attributes from resolver
                        log.info("Request is for principal (" + principal.getName() + ").");
 
                        // Get attributes from resolver
-                       SAMLAttribute[] attrs;
+                       Collection<? extends SAMLAttribute> attrs;
                        Iterator requestedAttrsIterator = attributeQuery.getDesignators();
                        if (requestedAttrsIterator.hasNext()) {
                                log.info("Request designates specific attributes, resolving this set.");
                        Iterator requestedAttrsIterator = attributeQuery.getDesignators();
                        if (requestedAttrsIterator.hasNext()) {
                                log.info("Request designates specific attributes, resolving this set.");
-                               ArrayList requestedAttrs = new ArrayList();
+                               ArrayList<URI> requestedAttrs = new ArrayList<URI>();
                                while (requestedAttrsIterator.hasNext()) {
                                        SAMLAttributeDesignator attribute = (SAMLAttributeDesignator) requestedAttrsIterator.next();
                                        try {
                                while (requestedAttrsIterator.hasNext()) {
                                        SAMLAttributeDesignator attribute = (SAMLAttributeDesignator) requestedAttrsIterator.next();
                                        try {
@@ -236,20 +233,19 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                        }
                                }
 
                                        }
                                }
 
-                               attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null,
-                                               (URI[]) requestedAttrs.toArray(new URI[0]));
+                               attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null, requestedAttrs);
                        } else {
                                log.info("Request does not designate specific attributes, resolving all available.");
                                attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null);
                        }
 
                        } else {
                                log.info("Request does not designate specific attributes, resolving all available.");
                                attrs = support.getReleaseAttributes(principal, relyingParty, effectiveName, null);
                        }
 
-                       log.info("Found " + attrs.length + " attribute(s) for " + principal.getName());
+                       log.info("Found " + attrs.size() + " attribute(s) for " + principal.getName());
 
                        // Put attributes names in the transaction log when it is set to DEBUG
 
                        // Put attributes names in the transaction log when it is set to DEBUG
-                       if (support.getTransactionLog().isDebugEnabled() && attrs.length > 0) {
+                       if (support.getTransactionLog().isDebugEnabled() && attrs.size() > 0) {
                                StringBuffer attrNameBuffer = new StringBuffer();
                                StringBuffer attrNameBuffer = new StringBuffer();
-                               for (int i = 0; i < attrs.length; i++) {
-                                       attrNameBuffer.append("(" + attrs[i].getName() + ")");
+                               for (SAMLAttribute attr : attrs) {
+                                       attrNameBuffer.append("(" + attr.getName() + ")");
                                }
                                support.getTransactionLog()
                                                .debug(
                                }
                                support.getTransactionLog()
                                                .debug(
@@ -260,7 +256,7 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
 
                        SAMLResponse samlResponse = null;
 
 
                        SAMLResponse samlResponse = null;
 
-                       if (attrs == null || attrs.length == 0) {
+                       if (attrs == null || attrs.size() == 0) {
                                // No attribute found
                                samlResponse = new SAMLResponse(samlRequest.getId(), null, null, null);
 
                                // No attribute found
                                samlResponse = new SAMLResponse(samlRequest.getId(), null, null, null);
 
@@ -268,7 +264,7 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
                                // Reference requested subject
                                SAMLSubject rSubject = (SAMLSubject) attributeQuery.getSubject().clone();
 
                                // Reference requested subject
                                SAMLSubject rSubject = (SAMLSubject) attributeQuery.getSubject().clone();
 
-                               ArrayList audiences = new ArrayList();
+                               ArrayList<String> audiences = new ArrayList<String>();
                                if (relyingParty.getProviderId() != null) {
                                        audiences.add(relyingParty.getProviderId());
                                }
                                if (relyingParty.getProviderId() != null) {
                                        audiences.add(relyingParty.getProviderId());
                                }
@@ -283,9 +279,9 @@ public class SAMLv1_AttributeQueryHandler extends BaseServiceHandler implements
 
                                // Set assertion expiration to longest attribute expiration
                                long max = 0;
 
                                // Set assertion expiration to longest attribute expiration
                                long max = 0;
-                               for (int i = 0; i < attrs.length; i++) {
-                                       if (max < attrs[i].getLifetime()) {
-                                               max = attrs[i].getLifetime();
+                               for (SAMLAttribute attr : attrs) {
+                                       if (max < attr.getLifetime()) {
+                                               max = attr.getLifetime();
                                        }
                                }
                                Date now = new Date();
                                        }
                                }
                                Date now = new Date();
index 081e678..60e4540 100644 (file)
@@ -21,6 +21,7 @@ import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Iterator;
@@ -194,7 +195,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                        SAMLSubject authNSubject) throws SAMLException, IOException, UnsupportedEncodingException {
 
                log.debug("Responding with Artifact profile.");
                        SAMLSubject authNSubject) throws SAMLException, IOException, UnsupportedEncodingException {
 
                log.debug("Responding with Artifact profile.");
-               ArrayList assertions = new ArrayList();
+               ArrayList<SAMLAssertion> assertions = new ArrayList<SAMLAssertion>();
 
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_ARTIFACT);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
 
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_ARTIFACT);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
@@ -221,7 +222,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                }
 
                // Create artifacts for each assertion
                }
 
                // Create artifacts for each assertion
-               ArrayList artifacts = new ArrayList();
+               ArrayList<Artifact> artifacts = new ArrayList<Artifact>();
                for (int i = 0; i < assertions.size(); i++) {
                        SAMLAssertion assertion = (SAMLAssertion) assertions.get(i);
                        Artifact artifact = support.getArtifactMapper().generateArtifact(assertion, relyingParty);
                for (int i = 0; i < assertions.size(); i++) {
                        SAMLAssertion assertion = (SAMLAssertion) assertions.get(i);
                        Artifact artifact = support.getArtifactMapper().generateArtifact(assertion, relyingParty);
@@ -271,15 +272,15 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                                                + nameId.getFormat() + ").");
        }
 
                                                + nameId.getFormat() + ").");
        }
 
-    public static boolean pushAttributeDefault = false;
-    
+       public static boolean pushAttributeDefault = false;
+
        private void respondWithPOST(HttpServletRequest request, HttpServletResponse response, IdPProtocolSupport support,
                        LocalPrincipal principal, RelyingParty relyingParty, EntityDescriptor descriptor, String acceptanceURL,
                        SAMLNameIdentifier nameId, String authenticationMethod, SAMLSubject authNSubject) throws SAMLException,
                        IOException, ServletException {
 
                log.debug("Responding with POST profile.");
        private void respondWithPOST(HttpServletRequest request, HttpServletResponse response, IdPProtocolSupport support,
                        LocalPrincipal principal, RelyingParty relyingParty, EntityDescriptor descriptor, String acceptanceURL,
                        SAMLNameIdentifier nameId, String authenticationMethod, SAMLSubject authNSubject) throws SAMLException,
                        IOException, ServletException {
 
                log.debug("Responding with POST profile.");
-               ArrayList assertions = new ArrayList();
+               ArrayList<SAMLAssertion> assertions = new ArrayList<SAMLAssertion>();
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_BEARER);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
                                getAuthNTime(request), authNSubject));
                authNSubject.addConfirmationMethod(SAMLSubject.CONF_BEARER);
                assertions.add(generateAuthNAssertion(request, relyingParty, descriptor, nameId, authenticationMethod,
                                getAuthNTime(request), authNSubject));
@@ -331,15 +332,15 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
        }
 
        private void generateAttributes(IdPProtocolSupport support, LocalPrincipal principal, RelyingParty relyingParty,
        }
 
        private void generateAttributes(IdPProtocolSupport support, LocalPrincipal principal, RelyingParty relyingParty,
-                       ArrayList assertions, HttpServletRequest request) throws SAMLException {
+                       ArrayList<SAMLAssertion> assertions, HttpServletRequest request) throws SAMLException {
 
                try {
 
                try {
-                       SAMLAttribute[] attributes = support.getReleaseAttributes(principal, relyingParty, relyingParty
-                                       .getProviderId(), null);
-                       log.info("Found " + attributes.length + " attribute(s) for " + principal.getName());
+                       Collection<? extends SAMLAttribute> attributes = support.getReleaseAttributes(principal, relyingParty,
+                                       relyingParty.getProviderId(), null);
+                       log.info("Found " + attributes.size() + " attribute(s) for " + principal.getName());
 
                        // Bail if we didn't get any attributes
 
                        // Bail if we didn't get any attributes
-                       if (attributes == null || attributes.length < 1) {
+                       if (attributes == null || attributes.size() < 1) {
                                log.info("No attributes resolved.");
                                return;
                        }
                                log.info("No attributes resolved.");
                                return;
                        }
@@ -360,7 +361,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                                                        + assertions.get(0).toString());
                                }
                        } else {
                                                        + assertions.get(0).toString());
                                }
                        } else {
-                               ArrayList audiences = new ArrayList();
+                               ArrayList<String> audiences = new ArrayList<String>();
                                if (relyingParty.getProviderId() != null) {
                                        audiences.add(relyingParty.getProviderId());
                                }
                                if (relyingParty.getProviderId() != null) {
                                        audiences.add(relyingParty.getProviderId());
                                }
@@ -379,9 +380,9 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
 
                                // Set assertion expiration to longest attribute expiration
                                long max = 0;
 
                                // Set assertion expiration to longest attribute expiration
                                long max = 0;
-                               for (int i = 0; i < attributes.length; i++) {
-                                       if (max < attributes[i].getLifetime()) {
-                                               max = attributes[i].getLifetime();
+                               for (SAMLAttribute attribute : attributes) {
+                                       if (max < attribute.getLifetime()) {
+                                               max = attribute.getLifetime();
                                        }
                                }
                                Date now = new Date();
                                        }
                                }
                                Date now = new Date();
@@ -410,7 +411,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                        SAMLSubject subject) throws SAMLException, IOException {
 
                // Determine the correct audiences
                        SAMLSubject subject) throws SAMLException, IOException {
 
                // Determine the correct audiences
-               ArrayList audiences = new ArrayList();
+               ArrayList<String> audiences = new ArrayList<String>();
                if (relyingParty.getProviderId() != null) {
                        audiences.add(relyingParty.getProviderId());
                }
                if (relyingParty.getProviderId() != null) {
                        audiences.add(relyingParty.getProviderId());
                }
@@ -440,7 +441,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                }
 
                // For compatibility with pre-1.2 shibboleth targets, include a pointer to the AA
                }
 
                // For compatibility with pre-1.2 shibboleth targets, include a pointer to the AA
-               ArrayList bindings = new ArrayList();
+               ArrayList<SAMLAuthorityBinding> bindings = new ArrayList<SAMLAuthorityBinding>();
                if (relyingParty.isLegacyProvider()) {
 
                        SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SOAP, relyingParty.getAAUrl()
                if (relyingParty.isLegacyProvider()) {
 
                        SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SOAP, relyingParty.getAAUrl()
@@ -449,7 +450,7 @@ public class ShibbolethV1SSOHandler extends SSOHandler implements IdPProtocolHan
                }
 
                // Create the assertion
                }
 
                // Create the assertion
-               Vector conditions = new Vector(1);
+               Vector<SAMLCondition> conditions = new Vector<SAMLCondition>(1);
                if (audiences != null && audiences.size() > 0) conditions.add(new SAMLAudienceRestrictionCondition(audiences));
 
                SAMLStatement[] statements = {new SAMLAuthenticationStatement(subject, authenticationMethod, authTime, request
                if (audiences != null && audiences.size() > 0) conditions.add(new SAMLAudienceRestrictionCondition(audiences));
 
                SAMLStatement[] statements = {new SAMLAuthenticationStatement(subject, authenticationMethod, authTime, request
index 4f61d6c..2b68464 100644 (file)
@@ -18,12 +18,15 @@ package edu.internet2.middleware.shibboleth.utils;
 
 import jargs.gnu.CmdLineParser;
 
 
 import jargs.gnu.CmdLineParser;
 
-import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.io.PrintWriter;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.Principal;
 import java.io.PrintStream;
 import java.io.PrintWriter;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.Principal;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
 
 import org.apache.log4j.ConsoleAppender;
 import org.apache.log4j.Level;
 
 import org.apache.log4j.ConsoleAppender;
 import org.apache.log4j.Level;
@@ -36,8 +39,6 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
 import org.w3c.dom.NodeList;
 
 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
-import edu.internet2.middleware.shibboleth.aa.AAAttributeSet.ShibAttributeIterator;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpEngine;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpException;
 import edu.internet2.middleware.shibboleth.aa.arp.ArpProcessingException;
@@ -72,15 +73,15 @@ public class ResolverTest {
 
                parseCommandLine(args);
                initializeResolver();
 
                parseCommandLine(args);
                initializeResolver();
-               AAAttributeSet attributeSet = createAttributeSet();
+               Map<String, AAAttribute> attributeSet = createAttributeSet();
                resolveAttributes(attributeSet);
 
                System.out.println("Received the following from the Attribute Resolver:");
                System.out.println();
                resolveAttributes(attributeSet);
 
                System.out.println("Received the following from the Attribute Resolver:");
                System.out.println();
-               printAttributes(System.out, attributeSet);
+               printAttributes(System.out, attributeSet.values());
        }
 
        }
 
-       private static void resolveAttributes(AAAttributeSet attributeSet) {
+       private static void resolveAttributes(Map<String, AAAttribute> attributeSet) {
 
                Principal principal = new LocalPrincipal(user);
 
 
                Principal principal = new LocalPrincipal(user);
 
@@ -88,7 +89,7 @@ public class ResolverTest {
 
                try {
                        if (arpEngine != null) {
 
                try {
                        if (arpEngine != null) {
-                               arpEngine.filterAttributes(attributeSet, principal, requester, resourceUrl);
+                               arpEngine.filterAttributes(attributeSet.values(), principal, requester, resourceUrl);
                        }
                } catch (ArpProcessingException e) {
                        System.err.println("Error applying Attribute Release Policy: " + e.getMessage());
                        }
                } catch (ArpProcessingException e) {
                        System.err.println("Error applying Attribute Release Policy: " + e.getMessage());
@@ -165,16 +166,16 @@ public class ResolverTest {
                }
        }
 
                }
        }
 
-       private static AAAttributeSet createAttributeSet() {
+       private static Map<String, AAAttribute> createAttributeSet() {
 
 
-               String[] attributes = resolver.listRegisteredAttributeDefinitionPlugIns();
-               AAAttributeSet attributeSet = new AAAttributeSet();
+               Collection<String> attributes = resolver.listRegisteredAttributeDefinitionPlugIns();
+               Map<String, AAAttribute> attributeSet = new HashMap<String, AAAttribute>();
 
 
-               for (int i = 0; i < attributes.length; i++) {
+               for (String attrName : attributes) {
                        try {
                        try {
-                               attributeSet.add(new AAAttribute(attributes[i]));
+                               attributeSet.put(attrName, new AAAttribute(attrName));
                        } catch (SAMLException e) {
                        } catch (SAMLException e) {
-                               System.err.println("Error creating AAAttribute (" + attributes[i] + "): " + e.getMessage());
+                               System.err.println("Error creating AAAttribute (" + attrName + "): " + e.getMessage());
                                System.exit(1);
                        }
                }
                                System.exit(1);
                        }
                }
@@ -232,14 +233,13 @@ public class ResolverTest {
                }
        }
 
                }
        }
 
-       private static void printAttributes(PrintStream out, AAAttributeSet attributeSet) {
+       private static void printAttributes(PrintStream out, Collection<AAAttribute> attributeSet) {
 
                try {
 
                try {
-                       for (ShibAttributeIterator iterator = attributeSet.shibAttributeIterator(); iterator.hasNext();) {
-                               AAAttribute attribute = iterator.nextShibAttribute();
+                       for (Iterator<AAAttribute> iterator = attributeSet.iterator(); iterator.hasNext();) {
+                               AAAttribute attribute = iterator.next();
                                Node node = attribute.toDOM();
 
                                Node node = attribute.toDOM();
 
-                               ByteArrayOutputStream xml = new ByteArrayOutputStream();
                                if (!(node instanceof Element)) {
                                        System.err.println("Received bad Element data from SAML library.");
                                        System.exit(1);
                                if (!(node instanceof Element)) {
                                        System.err.println("Received bad Element data from SAML library.");
                                        System.exit(1);