View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.relyingparty.saml;
18  
19  import java.util.List;
20  import java.util.Map;
21  
22  import javax.xml.namespace.QName;
23  
24  import org.opensaml.xml.util.DatatypeHelper;
25  import org.opensaml.xml.util.LazyList;
26  import org.opensaml.xml.util.XMLHelper;
27  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
28  import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
29  import org.springframework.beans.factory.xml.ParserContext;
30  import org.w3c.dom.Element;
31  
32  import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
33  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
34  
35  /**
36   * Base Spring configuration parser for SAML profile configurations.
37   */
38  public abstract class AbstractSAMLProfileConfigurationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
39  
40      /** {@inheritDoc} */
41      protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
42          builder.setLazyInit(true);
43          Map<QName, List<Element>> children = XMLHelper.getChildElements(element);
44  
45          List<Element> audienceElems = children.get(new QName(SAMLRelyingPartyNamespaceHandler.NAMESPACE, "Audience"));
46          if (audienceElems != null && audienceElems.size() > 0) {
47              LazyList<String> audiences = new LazyList<String>();
48              for (Element audienceElem : audienceElems) {
49                  audiences.add(DatatypeHelper.safeTrimOrNullString(audienceElem.getTextContent()));
50              }
51              builder.addPropertyValue("audiences", audiences);
52          }
53  
54          String secCredRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "signingCredentialRef"));
55          if (secCredRef != null) {
56              builder.addDependsOn(secCredRef);
57              builder.addPropertyReference("signingCredential", secCredRef);
58          }
59  
60          long lifetime = 300000L;
61          if (element.hasAttributeNS(null, "assertionLifetime")) {
62              lifetime = SpringConfigurationUtils.parseDurationToMillis(
63                      "'assertionLifetime' on profile configuration of type " + XMLHelper.getXSIType(element),
64                      element.getAttributeNS(null, "assertionLifetime"), 0);
65          }
66          builder.addPropertyValue("assertionLifetime", lifetime);
67  
68          String artifactType = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "outboundArtifactType"));
69          if (artifactType != null) {
70              byte[] artifactTypeBytes = DatatypeHelper.intToByteArray(Integer.parseInt(artifactType));
71              byte[] trimmedArtifactTypeBytes = { artifactTypeBytes[2], artifactTypeBytes[3] };
72              builder.addPropertyValue("outboundArtifactType", trimmedArtifactTypeBytes);
73          }
74  
75          CryptoOperationRequirementLevel signRequests = CryptoOperationRequirementLevel.conditional;
76          if (element.hasAttributeNS(null, "signRequests")) {
77              signRequests = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signRequests"));
78          }
79          builder.addPropertyValue("signRequests", signRequests);
80  
81          CryptoOperationRequirementLevel signResponses = getSignResponsesDefault();
82          if (element.hasAttributeNS(null, "signResponses")) {
83              signResponses = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signResponses"));
84          }
85          builder.addPropertyValue("signResponses", signResponses);
86  
87          CryptoOperationRequirementLevel signAssertions = getSignAssertionsDefault();
88          if (element.hasAttributeNS(null, "signAssertions")) {
89              signAssertions = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signAssertions"));
90          }
91          builder.addPropertyValue("signAssertions", signAssertions);
92  
93          String secPolRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "securityPolicyRef"));
94          if (secPolRef != null) {
95              builder.addDependsOn(secPolRef);
96              builder.addPropertyReference("profileSecurityPolicy", secPolRef);
97          }
98      }
99  
100     /** {@inheritDoc} */
101     protected boolean shouldGenerateId() {
102         return true;
103     }
104 
105     /**
106      * Gets the default value for the signResponses property.
107      * 
108      * @return default value for the signResponses property
109      */
110     protected abstract CryptoOperationRequirementLevel getSignResponsesDefault();
111 
112     /**
113      * Gets the default value for the signAssertions property.
114      * 
115      * @return default value for the signAssertions property
116      */
117     protected abstract CryptoOperationRequirementLevel getSignAssertionsDefault();
118 }