Merge branch 'master' of ssh://git.openslx.org/openslx-ng/tutor-module

Conflicts:
	dozentenmodul/src/main/java/gui/intro/Login_GUI.java

4 files changed, 231 insertions, 95 deletions

diff --git a/dozentenmodul/src/main/java/App.java b/dozentenmodul/src/main/java/App.java
index 4b7a24ef..c7d25c43 100644
--- a/dozentenmodul/src/main/java/App.java
+++ b/dozentenmodul/src/main/java/App.java
@@ -3,6 +3,9 @@ import gui.intro.Login_GUI;
 import java.awt.EventQueue;
 import java.io.File;
 import java.io.IOException;
+import java.lang.reflect.Proxy;
+import java.net.ProxySelector;
+import java.net.URI;
 
 import javax.swing.JOptionPane;
 
@@ -10,8 +13,16 @@ import org.apache.log4j.BasicConfigurator;
 import org.apache.log4j.FileAppender;
 import org.apache.log4j.Logger;
 import org.apache.log4j.PatternLayout;
+import org.openslx.network.ProxyConfiguration;
 
+import com.btr.proxy.search.ProxySearch;
+import com.btr.proxy.search.ProxySearch.Strategy;
+import com.btr.proxy.search.wpad.WpadProxySearchStrategy;
+import com.btr.proxy.util.ProxyException;
+
+import util.ShibbolethECP;
 import config.Config;
+import config.ConfigProxy;
 
 
 public class App {
@@ -63,6 +74,13 @@ public class App {
 			return;
 		}
 
+		// initialise the proxy settings
+		try {
+			ConfigProxy.init();
+		} catch (IOException e) {
+			LOGGER.error("IOException when trying to initialise the proxy, see trace: ", e);
+		}
+
 		setupLogger();
 
 		// start the GUI
diff --git a/dozentenmodul/src/main/java/config/ConfigProxy.java b/dozentenmodul/src/main/java/config/ConfigProxy.java
new file mode 100644
index 00000000..515110bd
--- /dev/null
+++ b/dozentenmodul/src/main/java/config/ConfigProxy.java
@@ -0,0 +1,54 @@
+package config;
+
+
+import java.io.IOException;
+import java.net.ProxySelector;
+
+import org.apache.log4j.Logger;
+
+import com.btr.proxy.search.ProxySearch;
+import com.btr.proxy.search.wpad.WpadProxySearchStrategy;
+import com.btr.proxy.util.ProxyException;
+
+/**
+ * Configures the proxy
+ * 
+ * @author Jonathan Bauer
+ */
+
+public class ConfigProxy {
+
+	/**
+	 * Logger for this class
+	 */
+	private final static Logger LOGGER = Logger.getLogger(ConfigProxy.class);
+
+	/**
+	 * Initialization method.
+	 */
+	public static void init() throws IOException {
+		// try to find local proxy settings
+		// TODO: do we actually want to look for local settings rather
+		// than just forcing WPAD?
+		ProxySearch proxySearch = ProxySearch.getDefaultProxySearch();
+		ProxySelector myProxySelector = proxySearch.getProxySelector();
+		
+		if (myProxySelector == null) {
+			// didn't work, try WPAD detection
+			LOGGER.error("No suitable proxy settings found, trying WPAD...");
+			WpadProxySearchStrategy ss = new WpadProxySearchStrategy();
+			try {
+				myProxySelector = ss.getProxySelector();
+			} catch (ProxyException e) {
+				LOGGER.error("WPAD proxy error, see trace: ", e);
+			}
+		}
+		// final check to see if WPAD actually worked
+		if (myProxySelector != null) {
+			LOGGER.debug("Proxy initialised.");
+			ProxySelector.setDefault(myProxySelector);
+		} else {
+			LOGGER.error("Could not find a suitable proxy!");
+		}
+	}
+}
diff --git a/dozentenmodul/src/main/java/gui/intro/Login_GUI.java b/dozentenmodul/src/main/java/gui/intro/Login_GUI.java
index b875fb58..f11d6c6f 100644
--- a/dozentenmodul/src/main/java/gui/intro/Login_GUI.java
+++ b/dozentenmodul/src/main/java/gui/intro/Login_GUI.java
@@ -8,16 +8,20 @@ import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import java.awt.event.WindowAdapter;
 import java.awt.event.WindowEvent;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 
 import javax.swing.ButtonGroup;
+import javax.swing.DefaultComboBoxModel;
+import javax.swing.DefaultListCellRenderer;
 import javax.swing.ImageIcon;
 import javax.swing.JButton;
 import javax.swing.JCheckBox;
 import javax.swing.JComboBox;
 import javax.swing.JFrame;
 import javax.swing.JLabel;
+import javax.swing.JList;
 import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import javax.swing.JPasswordField;
@@ -36,14 +40,15 @@ import models.person;
 import org.apache.log4j.Logger;
 import org.apache.thrift.TException;
 import org.openslx.imagemaster.thrift.iface.ImageServer.Client;
+import org.openslx.imagemaster.thrift.iface.OrganizationData;
 import org.openslx.imagemaster.thrift.iface.UserInfo;
 
-//import server.generated.Server.Client;
 import thrift.MasterThriftConnection;
 import thrift.ThriftConnection;
 import util.GuiOrganizer;
 import util.ResourceLoader;
 import util.ShibbolethECP;
+
 import config.Config;
 
 @SuppressWarnings("serial")
@@ -84,8 +89,9 @@ public class Login_GUI extends JFrame {
 	private ActionListener loginTypeActionListener;
 	
 	// bwIDM label and dropdown
-	private JComboBox<String> choice;
+	private JComboBox<OrganizationData> idpChoice;
 	private JLabel lblIdp;
+	private List<OrganizationData> organizations;
 	
 	// Satellite IP label and text field
 	private JLabel lblSatellitenIp;
@@ -222,12 +228,11 @@ public class Login_GUI extends JFrame {
 		lblSatIP.setToolTipText("Bitte geben Sie die IP-Adresse des Satelliten ein.");
 		//panel.add(lblSatIP);
 
-		String organisations[] = { "https://testidp3-dev.aai.dfn.de/idp/profile/SAML2/SOAP/ECP" };
-		choice = new JComboBox<String>(organisations);
-		choice.setBounds(135, 35, 237, 20);
+		idpChoice = new JComboBox<OrganizationData>();
+		idpChoice.setBounds(135, 35, 237, 20);
 		//panel.add(choice);
 		
-		lblIdp = new JLabel("IDP:");
+		lblIdp = new JLabel("IdP:");
 		lblIdp.setBounds(25, 35, 82, 20);
 		//panel.add(lblIdp);
 	
@@ -271,6 +276,7 @@ public class Login_GUI extends JFrame {
 		rdbtnDirekteVerbindung.setBounds(32, 85, 244, 23);
 		rdbtnDirekteVerbindung.setActionCommand(LOGIN_TYPE_SATELLITE);
 		rdbtnDirekteVerbindung.addActionListener(loginTypeActionListener);
+		rdbtnDirekteVerbindung.setEnabled(false);
 		bgLoginType.add(rdbtnDirekteVerbindung);
 		panel_1.add(rdbtnDirekteVerbindung);
 		
@@ -289,8 +295,10 @@ public class Login_GUI extends JFrame {
 		LOGGER.info("Trying login of type: " + loginType);
 
 		
+
 		if (loginType == LOGIN_TYPE_BWLEHRPOOL) 
-		{	
+		{				
+
 			// start the authentication process against the masterserver
 			org.openslx.imagemaster.thrift.iface.SessionData result = null;
 			// Connect to Master
@@ -388,16 +396,14 @@ public class Login_GUI extends JFrame {
 				@Override
 				protected Boolean doInBackground() throws Exception {
 					publish("Info: Initialisiere Shibboleth-Client ...");
-					ShibbolethECP.init(choice.getSelectedItem().toString());
+					OrganizationData selectedOrg = (OrganizationData) idpChoice.getSelectedItem();
 					publish("Info: Überprüfe Zugangdaten über bwIDM ...");
-					return ShibbolethECP.doLogin(lblusername.getText().trim(), String.valueOf(lblpass.getPassword()));
+					return ShibbolethECP.doLogin(selectedOrg.getEcpUrl(), lblusername.getText().trim(), String.valueOf(lblpass.getPassword()));
 				}
 				protected void done() {
 					try {
 						if (get()) {
 							setStatus(Color.green, "Info: bwIDM-Login erfolgreich.", null);
-							// TODO: call showNextStep()
-							//showMainMenu();
 							JOptionPane.showMessageDialog(c, "Der Shibboleth-Login war erfolgreich! Der Rest ist noch in Entwicklung :)",
 									"bwIDM-Login erfolgreich", JOptionPane.PLAIN_MESSAGE);
 							// all done, show main menu
@@ -546,10 +552,11 @@ public class Login_GUI extends JFrame {
 		panel.setVisible(false);
 		switch(type) {
 			case LOGIN_TYPE_BWIDM:
+				initIdpList();
 				panel.remove(lblSatIP);
 				panel.remove(lblSatellitenIp);
+				panel.add(idpChoice);
 				panel.add(lblIdp);
-				panel.add(choice);
 				panel.add(LabelPass);
 				lblpass.setText("");
 				lblpass.setToolTipText("Bitte geben Sie Ihr bwIDM-Passwort ein.");
@@ -560,7 +567,7 @@ public class Login_GUI extends JFrame {
 				panel.setVisible(true);
 				break;
 			case LOGIN_TYPE_BWLEHRPOOL:
-				panel.remove(choice);
+				panel.remove(idpChoice);
 				panel.remove(lblIdp);
 				panel.remove(lblSatIP);
 				panel.remove(lblSatellitenIp);
@@ -573,7 +580,7 @@ public class Login_GUI extends JFrame {
 				panel.setVisible(true);
 				break;
 			case LOGIN_TYPE_SATELLITE:
-				panel.remove(choice);
+				panel.remove(idpChoice);
 				panel.remove(lblIdp);
 				panel.remove(LabelPass);
 				panel.remove(lblpass);
@@ -585,12 +592,91 @@ public class Login_GUI extends JFrame {
 				panel.revalidate();
 				panel.repaint();
 				panel.setVisible(true);
+				setStatus(Color.black, "Info: Bereit für bwIDM-Login", null);
 				break;
 			default:
-				LOGGER.error("Unknown action '" + type + "'. Ignoring.");
 				panel.setVisible(true);
 				return;
 		}
-		
+	}
+
+	/**
+	 * Request the list of identity providers from the masterserver and
+	 * display them in a combobox.
+	 */
+	private void initIdpList() {
+		// abort if we fetched the list already.
+		if (organizations != null) {
+			return;
+		} else {
+			organizations = new ArrayList<OrganizationData>();
+		}
+		LOGGER.info("Fetching list of identity providers from masterserver...");
+		SwingWorker<Boolean, String> worker = new SwingWorker<Boolean, String>(){
+			@Override
+			protected Boolean doInBackground() throws Exception {
+				publish("Info: Hole Liste von IdPs");
+				// if not then request it from the masterserver
+				MasterThriftConnection thrift = new MasterThriftConnection();
+				Client client = thrift.getMasterThriftConnection();
+				List<OrganizationData> tempOrgs = null;
+				try {
+					tempOrgs = client.getOrganizations();
+				} catch (TException e) {
+					LOGGER.error("Could not fetch list of identity providers from the masterserver, see trace: ", e);
+					return false;
+				}
+				// safety check to see if we got any organizations at all
+				if (tempOrgs != null) {
+					// now add those with an Ecp URL to the result list.
+					for (OrganizationData org : tempOrgs) {
+						if (org.getEcpUrl() != null && !org.getEcpUrl().isEmpty()) {
+							organizations.add(org);
+						}
+						LOGGER.debug("Valid IdP: " + org.toString());
+					}
+				} else {
+					LOGGER.error("Thrift call of 'getOrganizations()' seems to have worked, but 'organizations' is still null.");
+					LOGGER.error("Is the API of the masterserver working correctly?");
+					return false;
+				}
+				publish("Info: Liste von IdPs empfangen.");
+				return true;
+			}
+			protected void done() {
+				try {
+					if (get()) {
+						// fill the combobox with the IdPs returned from the masterserver
+						OrganizationData[] orgs = organizations.toArray(new OrganizationData[]{});
+						idpChoice.setModel(new DefaultComboBoxModel<OrganizationData>(orgs));
+						// now override the renderer, to show the display names of the organizations.
+						idpChoice.setRenderer(new DefaultListCellRenderer() {
+				      @Override
+				      public Component getListCellRendererComponent(JList list, Object value, int index, boolean isSelected, boolean cellHasFocus) {
+				          super.getListCellRendererComponent(list, value, index, isSelected, cellHasFocus);
+				          if (value instanceof OrganizationData){
+										OrganizationData org = (OrganizationData) value;
+										setText(org.getDisplayName());
+				          }
+				        	return this;
+				      }
+						});
+						setStatus(Color.black, "Info: Bereit für Login", null);
+					} else {
+						setStatus(Color.red, "Fehler: Vorbereitung für bwIDM-Login fehlgeschlagen!", null);
+					}
+				} catch (InterruptedException e) {
+					LOGGER.error("SwingWorker for 'getOrganizationsList' got interrupted, see trace: ", e);
+				} catch (ExecutionException e) {
+					LOGGER.error("Execution of SwingWorker for 'getOrganizationsList' failed, see trace: ", e);
+				}
+			}
+			@Override
+			protected void process(List<String> msgs) {
+				String currentMessage = msgs.get(msgs.size()-1);
+				setStatus(Color.black, currentMessage, null);
+			}
+		};
+		worker.execute();
 	}
 }// end class
diff --git a/dozentenmodul/src/main/java/util/ShibbolethECP.java b/dozentenmodul/src/main/java/util/ShibbolethECP.java
index 374e3a6e..78133425 100644
--- a/dozentenmodul/src/main/java/util/ShibbolethECP.java
+++ b/dozentenmodul/src/main/java/util/ShibbolethECP.java
@@ -1,108 +1,86 @@
 package util;
 
-import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.ResponseHandler;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.util.EntityUtils;
 import org.apache.log4j.Logger;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.xml.ConfigurationException;
 
-import de.tudarmstadt.ukp.shibhttpclient.ShibHttpClient;
+import edu.kit.scc.dei.ecplean.ECPAuthenticationException;
+import edu.kit.scc.dei.ecplean.ECPAuthenticator;
 
 
 public class ShibbolethECP {
 
-	// Logger
+	/**
+	 * Logger instance for this class
+	 */
 	private final static Logger LOGGER = Logger.getLogger(ShibbolethECP.class);
-	
-	// IdP URL
-	private static String identityProviderUrl;
 
-	public static void setIdentityProviderUrl(String identityProviderUrl) {
-		ShibbolethECP.identityProviderUrl = identityProviderUrl;
-	}
-	
-	public static boolean init(String idpUrl) {
+	/**
+	 * Static URI to the SP.
+	 */
+	private final static URI BWLP_SP;
+	static {
+		URI tmp;
 		try {
-			DefaultBootstrap.bootstrap();
-		} catch (ConfigurationException ce) {
-			ce.printStackTrace();
-			LOGGER.error("OpenSAML wrongly configured.");
-			return false;
+			tmp = new URI("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php");
+		} catch (URISyntaxException e) {
+			// should never happen!
+			LOGGER.error("Bad URI syntax of the service provider, see trace: ", e);
+			tmp = null;
 		}
-		
-		if (idpUrl != null) {
-			// TODO sanity check on the URL?
-			setIdentityProviderUrl(idpUrl);
-		} else {
-			// no IdP given
-			return false;
-		}
-		
-		// everything fine, return true
-		return true;
+		BWLP_SP = tmp;
 	}
 
-	public static Boolean doLogin(final String user, final String pass) {
-		
+	/**
+	 * Fetches the resource
+	 *
+	 * @param idpUrl
+	 *            URL of the identity provider to authenticate against, as String.
+	 * @param user
+	 *            Username as String.
+	 * @param pass
+	 *            Password as String.
+	 */
+	public static Boolean doLogin(final String idpUrl, final String user, final String pass) {
+
 		// first lets do some sanity checks
+		if (BWLP_SP == null) {
+			LOGGER.error("URI to service provider is not set. Check the initialization of 'BWLP_SP'.");
+			return false;
+		}
+		if (idpUrl == null) {
+			LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
+			return false;
+		}
 		if (user == null) {
 			LOGGER.error("No username given, aborting...");
 			return false;
 		}
-		
 		if (pass == null) {
 			LOGGER.error("No password given, aborting...");
 			return false;
 		}
-		
-		if (identityProviderUrl == null) {
-			LOGGER.error("Identity provider is not set, did you initialize this class correctly?");
-			return false;
-		}
-		
-		// The last argument indicates to accept any certificate
-		HttpClient client = new ShibHttpClient(identityProviderUrl, user, pass, true);
-		HttpGet req = new HttpGet("https://bwlp-masterserver.ruf.uni-freiburg.de/secure-all/test.php");
-		String res = null;
-		ResponseHandler<String> respHandler = new ResponseHandler<String>() {
-			public String handleResponse(final HttpResponse response) throws ClientProtocolException, IOException {
-					int status = response.getStatusLine().getStatusCode();
-					if (status == 200 || status == 302) {
-						HttpEntity entity = response.getEntity();
-						return entity != null ? EntityUtils.toString(entity) : null;
-					} else {
-						throw new ClientProtocolException("Unexpected response status: " + status);
-					}
-			}
-		};
+
+		// now init the authenticator for that idp and our static sp
+    ECPAuthenticator auth = null;
 		try {
-			res = client.execute(req, respHandler);
-		} catch (ClientProtocolException e) {
-			// this is thrown on http return code not 200 or 302, indicates wrong login
-			// TODO handle this with possible error causes: creds wrong, etc...
-			LOGGER.error("Fatal error requesting '" + req.getURI() + "':", e);
-			return false;
-		} catch (IOException e) {
-			LOGGER.error("Fatal protocol error requesting '" + req.getURI() + "':", e);
-			return false;
+			auth = new ECPAuthenticator(user, pass, new URI(idpUrl), BWLP_SP);
+		} catch (URISyntaxException e) {
+			LOGGER.error("Bad URI syntax, see trace: ", e);
 		}
-
-		// did we get a response?
-		if (res != null) {
-			LOGGER.info(res);
-			// return true, to signal a successful login
-			return true;
-		} else {
-			// we shouldn't actually reach this code...
-			LOGGER.error("Seems like the request worked, but the response is empty. Something is very wrong...");
+    if (auth == null) {
+			LOGGER.error("Initialising ECP authentication failed, aborting...");
 			return false;
-		}
+    }
+    try {
+			auth.authenticate();
+    } catch (ECPAuthenticationException e) {
+			LOGGER.error("ECP Authentication Exception, see trace: ", e);
+			return false;
+    }
+    // TODO: here we will need to parse the answer accordingly.
+    // no errors, meaning everything worked fine.
+    return true;
 	}
 }