1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package edu.internet2.middleware.shibboleth.common.relyingparty.provider;
18
19 import java.util.Collection;
20 import java.util.HashSet;
21
22 import org.opensaml.ws.security.SecurityPolicy;
23 import org.opensaml.xml.security.credential.Credential;
24
25 import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
26
27 /**
28 * Profile settings common to SAML 1 and SAML 2.
29 */
30 public abstract class AbstractSAMLProfileConfiguration implements ProfileConfiguration {
31
32 /** Audiences for the assertion. */
33 private Collection<String> assertionAudiences;
34
35 /** Life of the assertion in milliseconds. */
36 private long assertionLifetime;
37
38 /** 2-byte artifact type used on outbound messages. */
39 private byte[] outboundArtifactType;
40
41 /** Security policy for this profile. */
42 private SecurityPolicy profileSecurityPolicy;
43
44 /** Whether to sign assertions. */
45 private CryptoOperationRequirementLevel signAssertions;
46
47 /** Assertion signing credential. */
48 private Credential signingCredential;
49
50 /** Whether to sign protocol requests. */
51 private CryptoOperationRequirementLevel signRequests;
52
53 /** Whether to sign protocol responses. */
54 private CryptoOperationRequirementLevel signResponses;
55
56 /** Constructor. */
57 protected AbstractSAMLProfileConfiguration() {
58 assertionAudiences = new HashSet<String>();
59 }
60
61 /**
62 * Gets the list of audiences an assertion is intended for.
63 *
64 * @return list of audiences an assertion is intended for
65 */
66 public Collection<String> getAssertionAudiences() {
67 return assertionAudiences;
68 }
69
70 /**
71 * Gets the lifetime, in millisecond, for an issued assertion.
72 *
73 * This value should be used to compute the NotOnOrAfter condition.
74 *
75 * @return lifetime, in millisecond, for an issued assertion
76 */
77 public long getAssertionLifetime() {
78 return assertionLifetime;
79 }
80
81 /**
82 * Gets the 2-byte artifact type used on outbound messages.
83 *
84 * @return 2-byte artifact type used on outbound messages
85 */
86 public byte[] getOutboundArtifactType() {
87 return outboundArtifactType;
88 }
89
90 /** {@inheritDoc} */
91 public SecurityPolicy getSecurityPolicy() {
92 return profileSecurityPolicy;
93 }
94
95 /**
96 * Gets whether assertions should be signed.
97 *
98 * @return whether assertions should be signed
99 */
100 public CryptoOperationRequirementLevel getSignAssertions() {
101 return signAssertions;
102 }
103
104 /**
105 * Gets the credential that should be used to sign a message.
106 *
107 * @return credential that should be used to sign a message
108 */
109 public Credential getSigningCredential() {
110 return signingCredential;
111 }
112
113 /**
114 * Gets whether to sign protocol requests.
115 *
116 * @return whether to sign protocol requests
117 */
118 public CryptoOperationRequirementLevel getSignRequests() {
119 return signRequests;
120 }
121
122 /**
123 * Gets whether to sign protocol responses.
124 *
125 * @return whether to sign protocol responses
126 */
127 public CryptoOperationRequirementLevel getSignResponses() {
128 return signResponses;
129 }
130
131 /**
132 * Sets the list of audiences an assertion is intended for.
133 *
134 * @param audiences list of audiences an assertion is intended for
135 */
136 public void setAssertionAudiences(Collection<String> audiences) {
137 assertionAudiences = audiences;
138 }
139
140 /**
141 * Sets the lifetime, in millisecond, for an issued assertion.
142 *
143 * @param lifetime lifetime, in millisecond, for an issued assertion
144 */
145 public void setAssertionLifetime(long lifetime) {
146 assertionLifetime = lifetime;
147 }
148
149 /**
150 * Sets the 2-byte artifact type used on outbound messages.
151 *
152 * @param type 2-byte artifact type used on outbound messages.
153 */
154 public void setOutboundArtifactType(byte[] type) {
155 outboundArtifactType = type;
156 }
157
158 /**
159 * Sets the security policy for this profile.
160 *
161 * @param policy security policy for this profile
162 */
163 public void setSecurityPolicy(SecurityPolicy policy) {
164 profileSecurityPolicy = policy;
165 }
166
167 /**
168 * Sets whether assertions should be signed.
169 *
170 * @param sign whether assertions should be signed
171 */
172 public void setSignAssertions(CryptoOperationRequirementLevel sign) {
173 signAssertions = sign;
174 }
175
176 /**
177 * Gets the credential that should be used for sign a message. Credential <strong>MUST</strong> include a private
178 * key.
179 *
180 * @param credential credential that should be used for sign a message
181 */
182 public void setSigningCredential(Credential credential) {
183 if (credential != null && credential.getPrivateKey() == null) {
184 throw new IllegalArgumentException("Credential does not contain a private key");
185 }
186 signingCredential = credential;
187 }
188
189 /**
190 * Sets whether to sign protocol requests.
191 *
192 * @param sign whether to sign protocol requests
193 */
194 public void setSignRequests(CryptoOperationRequirementLevel sign) {
195 signRequests = sign;
196 }
197
198 /**
199 * Sets whether to sign protocol responses.
200 *
201 * @param sign whether to sign protocol responses
202 */
203 public void setSignResponses(CryptoOperationRequirementLevel sign) {
204 signResponses = sign;
205 }
206 }