[client] reworked bwIDM login to use the ecp-client-lean

1 files changed, 57 insertions, 79 deletions

diff --git a/dozentenmodul/src/main/java/util/ShibbolethECP.java b/dozentenmodul/src/main/java/util/ShibbolethECP.java
index 374e3a6e..78133425 100644
--- a/dozentenmodul/src/main/java/util/ShibbolethECP.java
+++ b/dozentenmodul/src/main/java/util/ShibbolethECP.java
@@ -1,108 +1,86 @@
 package util;
 
-import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.ResponseHandler;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.util.EntityUtils;
 import org.apache.log4j.Logger;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.ConfigurationException;
 
-import de.tudarmstadt.ukp.shibhttpclient.ShibHttpClient;
+import edu.kit.scc.dei.ecplean.ECPAuthenticationException;
+import edu.kit.scc.dei.ecplean.ECPAuthenticator;
 
 
 public class ShibbolethECP {
 
-	// Logger
+	/**
+	 * Logger instance for this class
+	 */
 	private final static Logger LOGGER = Logger.getLogger(ShibbolethECP.class);
-	
-	// IdP URL
-	private static String identityProviderUrl;
 
-	public static void setIdentityProviderUrl(String identityProviderUrl) {
-		ShibbolethECP.identityProviderUrl = identityProviderUrl;
-	}
-	
-	public static boolean init(String idpUrl) {
+	/**
+	 * Static URI to the SP.
+	 */
+	private final static URI BWLP_SP;
+	static {
+		URI tmp;
 		try {
-			DefaultBootstrap.bootstrap();
-		} catch (ConfigurationException ce) {
-			ce.printStackTrace();
-			LOGGER.error("OpenSAML wrongly configured.");
-			return false;
+			tmp = new URI("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php");
+		} catch (URISyntaxException e) {
+			// should never happen!
+			LOGGER.error("Bad URI syntax of the service provider, see trace: ", e);
+			tmp = null;
 		}
-		
-		if (idpUrl != null) {
-			// TODO sanity check on the URL?
-			setIdentityProviderUrl(idpUrl);
-		} else {
-			// no IdP given
-			return false;
-		}
-		
-		// everything fine, return true
-		return true;
+		BWLP_SP = tmp;
 	}
 
-	public static Boolean doLogin(final String user, final String pass) {
-		
+	/**
+	 * Fetches the resource
+	 *
+	 * @param idpUrl
+	 *            URL of the identity provider to authenticate against, as String.
+	 * @param user
+	 *            Username as String.
+	 * @param pass
+	 *            Password as String.
+	 */
+	public static Boolean doLogin(final String idpUrl, final String user, final String pass) {
+
 		// first lets do some sanity checks
+		if (BWLP_SP == null) {
+			LOGGER.error("URI to service provider is not set. Check the initialization of 'BWLP_SP'.");
+			return false;
+		}
+		if (idpUrl == null) {
+			LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
+			return false;
+		}
 		if (user == null) {
 			LOGGER.error("No username given, aborting...");
 			return false;
 		}
-		
 		if (pass == null) {
 			LOGGER.error("No password given, aborting...");
 			return false;
 		}
-		
-		if (identityProviderUrl == null) {
-			LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
-			return false;
-		}
-		
-		// The last argument indicates to accept any certificate
-		HttpClient client = new ShibHttpClient(identityProviderUrl, user, pass, true);
-		HttpGet req = new HttpGet("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php");
-		String res = null;
-		ResponseHandler<String> respHandler = new ResponseHandler<String>() {
-			public String handleResponse(final HttpResponse response) throws ClientProtocolException, IOException {
-					int status = response.getStatusLine().getStatusCode();
-					if (status == 200 || status == 302) {
-						HttpEntity entity = response.getEntity();
-						return entity != null ? EntityUtils.toString(entity) : null;
-					} else {
-						throw new ClientProtocolException("Unexpected response status: " + status);
-					}
-			}
-		};
+
+		// now init the authenticator for that idp and our static sp
+    ECPAuthenticator auth = null;
 		try {
-			res = client.execute(req, respHandler);
-		} catch (ClientProtocolException e) {
-			// this is thrown on http return code not 200 or 302, indicates wrong login
-			// TODO handle this with possible error causes: creds wrong, etc...
-			LOGGER.error("Fatal error requesting '" + req.getURI() + "':", e);
-			return false;
-		} catch (IOException e) {
-			LOGGER.error("Fatal protocol error requesting '" + req.getURI() + "':", e);
-			return false;
+			auth = new ECPAuthenticator(user, pass, new URI(idpUrl), BWLP_SP);
+		} catch (URISyntaxException e) {
+			LOGGER.error("Bad URI syntax, see trace: ", e);
 		}
-
-		// did we get a response?
-		if (res != null) {
-			LOGGER.info(res);
-			// return true, to signal a successful login
-			return true;
-		} else {
-			// we shouldn't actually reach this code...
-			LOGGER.error("Seems like the request worked, but the response is empty. Something is very wrong...");
+    if (auth == null) {
+			LOGGER.error("Initialising ECP authentication failed, aborting...");
 			return false;
-		}
+    }
+    try {
+			auth.authenticate();
+    } catch (ECPAuthenticationException e) {
+			LOGGER.error("ECP Authentication Exception, see trace: ", e);
+			return false;
+    }
+    // TODO: here we will need to parse the answer accordingly.
+    // no errors, meaning everything worked fine.
+    return true;
 	}
 }