Service implemented

git-svn-id: https://svn.ihe-europe.net/gazelle/Maven/simulators/authentication-simulator/trunk@69230 356b4b1a-1d2b-0410-8bf1-ffa24008f01e

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/AuthnClientException.java

+package net.ihe.gazelle.simulators.authentication.renewal;
+
+public class AuthnClientException extends RuntimeException{
+
+    public AuthnClientException() {
+    }
+
+    public AuthnClientException(String message) {
+        super(message);
+    }
+
+    public AuthnClientException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public AuthnClientException(Throwable cause) {
+        super(cause);
+    }
+}

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/ExpiredAssertionException.java

+package net.ihe.gazelle.simulators.authentication.renewal;
+
+public class ExpiredAssertionException extends RuntimeException {
+    public ExpiredAssertionException(String s) {
+    }
+}

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/RenewalService.java

@@ -8,6 +8,13 @@ public interface RenewalService {
    String SAML_2_0_ASSERTION_NS = "urn:oasis:names:tc:SAML:2.0:assertion";
    String ASSERTION_ELEMENT_NAME = "Assertion";
 
+   String SAML_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion";
+
+   String ISSUER_TAGNAME = "Issuer";
+
+   String NAME_ID_TAGNAME = "NameID";
+
+
    Assertion renew(Assertion assertion);
 
 }

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/RenewalServiceImpl.java

@@ -4,20 +4,52 @@ import org.jboss.seam.annotations.AutoCreate;
 import org.jboss.seam.annotations.Name;
 import org.opensaml.saml2.core.Assertion;
 
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
 @Name("renewalService")
 @AutoCreate
 public class RenewalServiceImpl implements RenewalService {
-   @Override
-   public Assertion renew(Assertion assertion) {
-      // TODO to implement
-      // 1. verify Assertion is valid, throw IllegalArgumentException is not.
-      // 2. verify Assertion is not expired from more than 2 hours, throw unchecked exception such as
-      // ExpiredAssertionException if not.
-      // 3. extract Issuer, username (previously validated in (1)).
-      // 5. Generate ID request and IssueInstant (Should eventually be done in SAMLAuthClient, because those attributes
-      // belongs to the saml-protocol wrapper and not to the Assertion Renew business)
-      // 6. Call the SAMLAuthClient and return the new Assertion.
-      // 7. Catch eventual SAMLAuthClient known exceptions.
-      return assertion;
-   }
+
+    public final String SUBJECT_CONFIRMATION_DATA_TAGNAME = "SubjectConfirmationData";
+    public final String INVALID_REQUEST_ERROR_MESSAGE = "wst:InvalidRequest";
+
+    public final String EXPIRED_DATA_ERROR_MESSAGE = "wst:ExpiredData";
+    private final String NOT_ON_OR_AFTER_ATTRIBUTE_NAME = "NotOnOrAfter";
+    private SAML2AssertionMarshaller assertionMarshaller = new SAML2AssertionMarshaller();
+
+    @Override
+    public Assertion renew(Assertion assertion) {
+
+        // TODO to implement
+        // 1. verify Assertion is valid, throw IllegalArgumentException is not.
+
+        //TODO
+        if (assertion == null)
+            throw new IllegalArgumentException("Assertion must be defined or not null");
+
+        checkValidityTime(assertion);
+
+        // 3. extract Issuer, username (previously validated in (1)).
+        String issuer = assertion.getIssuer().getValue();
+        String username = assertion.getSubject().getNameID().getValue();
+
+        // 6. Call the SAMLAuthClient and return the new Assertion.
+        SAMLAuthnClient shibbolethClient = new ShibbolethAuthnClient();
+        return shibbolethClient.renew(issuer, username, "azerty");
+
+    }
+
+    private void checkValidityTime(Assertion assertion) {
+
+        Date expirationDate = assertion.getConditions().getNotOnOrAfter().toDate();
+        Date nowDate = new Date();
+
+        long diffInMillies = Math.abs(nowDate.getTime() - expirationDate.getTime());
+        long diff = TimeUnit.MINUTES.convert(diffInMillies, TimeUnit.MILLISECONDS);
+
+        if (diff > 120)
+            throw new ExpiredAssertionException("renewal is not allowed two hours beyond the assertion expiration");
+
+    }
 }

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/SAMLAuthnClient.java

@@ -5,6 +5,6 @@ import org.opensaml.saml2.core.Assertion;
 
 public interface SAMLAuthnClient {
 
-    Assertion renew(String issuer, String username, String password) throws IdpException;
+    Assertion renew(String issuer, String username, String password);
 
 }

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/SAMLAuthnRequest.java

-package net.ihe.gazelle.simulators.authentication.renewal;
-
-import java.util.Date;
-
-public class SAMLAuthnRequest {
-
-    private String issuer;
-    private String username;
-    private String password;
-    private String assertionId;
-    private Date issueInstant;
-
-    public SAMLAuthnRequest(String issuer, String username, String password, String assertionId, Date issueInstant) {
-        this.issuer = issuer;
-        this.username = username;
-        this.password = password;
-        this.assertionId = assertionId;
-        this.issueInstant = issueInstant;
-    }
-
-    public SAMLAuthnRequest() {
-    }
-
-    public String getIssuer() {
-        return issuer;
-    }
-
-    public void setIssuer(String issuer) {
-        this.issuer = issuer;
-    }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    public String getPassword() {
-        return password;
-    }
-
-    public void setPassword(String password) {
-        this.password = password;
-    }
-
-    public String getAssertionId() {
-        return assertionId;
-    }
-
-    public void setAssertionId(String assertionId) {
-        this.assertionId = assertionId;
-    }
-
-    public Date getIssueInstant() {
-        return issueInstant;
-    }
-
-    public void setIssueInstant(Date issueInstant) {
-        this.issueInstant = issueInstant;
-    }
-}

authentication-simulator-ejb/src/main/java/net/ihe/gazelle/simulators/authentication/renewal/ShibbolethAuthnClient.java

@@ -48,9 +48,7 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
 
     private static final String AUTHNREQUEST_TAGNAME = "AuthnRequest";
 
-    private static final String SAML_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion";
 
-    private static final String ISSUER_TAGNAME = "Issuer";
 
 
     private SAML2AssertionMarshaller assertionMarshaller;
@@ -60,7 +58,7 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
     }
 
     @Override
-    public Assertion renew(String issuer, String username, String password) throws IdpException {
+    public Assertion renew(String issuer, String username, String password) {
         try {
             String requestBody = completeRequestTemplate(issuer);
             HttpClient client = new DefaultHttpClient();
@@ -69,12 +67,8 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
 
             return parseResponse(response);
 
-        } catch (UnsupportedEncodingException e) {
-            throw new IdpException(INVALID_REQUEST_ERROR_MESSAGE);
         } catch (IOException e) {
-            throw new IdpException(UNABLE_TO_RENEW_ERROR_MESSAGE);
-        } catch (IdpException e) {
-            throw new IdpException(e);
+            throw new AuthnClientException(e);
         }
     }
 
@@ -87,10 +81,10 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
         return post;
     }
 
-    private Assertion parseResponse(HttpResponse response) throws IdpException {
+    private Assertion parseResponse(HttpResponse response) {
         try {
             if (response.getStatusLine().getStatusCode() != 200)
-                throw new IdpException(UNABLE_TO_RENEW_ERROR_MESSAGE);
+                throw new AuthnClientException(UNABLE_TO_RENEW_ERROR_MESSAGE);
 
             HttpEntity body = response.getEntity();
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
@@ -107,18 +101,18 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
 
         } catch (ParserConfigurationException | IOException | SAXException | UnmarshallingException |
                  TransformerException e) {
-            throw new IdpException(UNABLE_TO_RENEW_ERROR_MESSAGE);
+            throw new AuthnClientException(UNABLE_TO_RENEW_ERROR_MESSAGE);
         }
     }
 
-    private String completeRequestTemplate(String issuer) throws IdpException {
+    private String completeRequestTemplate(String issuer) {
 
         try {
             Document doc = getDocumentForRequest();
             injectRequestDataInDoc(issuer, doc);
             return printRequest(doc);
         } catch (ParserConfigurationException | IOException | SAXException | TransformerException e) {
-            throw new IdpException(UNABLE_TO_RENEW_ERROR_MESSAGE);
+            throw new AuthnClientException(UNABLE_TO_RENEW_ERROR_MESSAGE);
         }
     }
 
@@ -146,7 +140,7 @@ public class ShibbolethAuthnClient implements SAMLAuthnClient{
         SimpleDateFormat formatterIssueInstant= new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
         authnRequest.setAttribute("IssueInstant", formatterIssueInstant.format(issueInstant));
 
-        authnRequest.getElementsByTagNameNS(SAML_NAMESPACE,ISSUER_TAGNAME).item(0).setTextContent(issuer);
+        authnRequest.getElementsByTagNameNS(RenewalService.SAML_NAMESPACE, RenewalService.ISSUER_TAGNAME).item(0).setTextContent(issuer);
     }
 
     private static Document getDocumentForRequest() throws ParserConfigurationException, SAXException, IOException {