View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.relyingparty.provider;
18  
19  import java.util.Collection;
20  
21  import org.opensaml.ws.security.SecurityPolicy;
22  import org.opensaml.xml.security.credential.Credential;
23  import org.opensaml.xml.util.LazySet;
24  
25  import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
26  
27  /**
28   * Profile settings common to SAML 1 and SAML 2.
29   */
30  public abstract class AbstractSAMLProfileConfiguration implements ProfileConfiguration {
31      
32      /** Audiences for the assertion. */
33      private Collection<String> assertionAudiences;
34  
35      /** Life of the assertion in milliseconds. */
36      private long assertionLifetime;
37  
38      /** 2-byte artifact type used on outbound messages. */
39      private byte[] outboundArtifactType;
40  
41      /** Security policy for this profile. */
42      private SecurityPolicy profileSecurityPolicy;
43  
44      /** Whether to sign assertions. */
45      private CryptoOperationRequirementLevel signAssertions;
46  
47      /** Assertion signing credential. */
48      private Credential signingCredential;
49  
50      /** Whether to sign protocol requests. */
51      private CryptoOperationRequirementLevel signRequests;
52  
53      /** Whether to sign protocol responses. */
54      private CryptoOperationRequirementLevel signResponses;
55  
56      /** Constructor. */
57      protected AbstractSAMLProfileConfiguration() {
58          assertionAudiences = new LazySet<String>();
59      }
60  
61      /**
62       * Gets the list of audiences an assertion is intended for.
63       * 
64       * @return list of audiences an assertion is intended for
65       */
66      public Collection<String> getAssertionAudiences() {
67          return assertionAudiences;
68      }
69  
70      /**
71       * Gets the lifetime, in millisecond, for an issued assertion.
72       * 
73       * This value should be used to compute the NotOnOrAfter condition.
74       * 
75       * @return lifetime, in millisecond, for an issued assertion
76       */
77      public long getAssertionLifetime() {
78          return assertionLifetime;
79      }
80  
81      /**
82       * Gets the 2-byte artifact type used on outbound messages.
83       * 
84       * @return 2-byte artifact type used on outbound messages
85       */
86      public byte[] getOutboundArtifactType() {
87          return outboundArtifactType;
88      }
89  
90      /** {@inheritDoc} */
91      public SecurityPolicy getSecurityPolicy() {
92          return profileSecurityPolicy;
93      }
94  
95      /**
96       * Gets whether assertions should be signed.
97       * 
98       * @return whether assertions should be signed
99       */
100     public CryptoOperationRequirementLevel getSignAssertions() {
101         return signAssertions;
102     }
103 
104     /**
105      * Gets the credential that should be used to sign a message.
106      * 
107      * @return credential that should be used to sign a message
108      */
109     public Credential getSigningCredential() {
110         return signingCredential;
111     }
112 
113     /**
114      * Gets whether to sign protocol requests.
115      * 
116      * @return whether to sign protocol requests
117      */
118     public CryptoOperationRequirementLevel getSignRequests() {
119         return signRequests;
120     }
121 
122     /**
123      * Gets whether to sign protocol responses.
124      * 
125      * @return whether to sign protocol responses
126      */
127     public CryptoOperationRequirementLevel getSignResponses() {
128         return signResponses;
129     }
130 
131     /**
132      * Sets the list of audiences an assertion is intended for.
133      * 
134      * @param audiences list of audiences an assertion is intended for
135      */
136     public void setAssertionAudiences(Collection<String> audiences) {
137         assertionAudiences = audiences;
138     }
139 
140     /**
141      * Sets the lifetime, in millisecond, for an issued assertion.
142      * 
143      * @param lifetime lifetime, in millisecond, for an issued assertion
144      */
145     public void setAssertionLifetime(long lifetime) {
146         assertionLifetime = lifetime;
147     }
148 
149     /**
150      * Sets the 2-byte artifact type used on outbound messages.
151      * 
152      * @param type 2-byte artifact type used on outbound messages.
153      */
154     public void setOutboundArtifactType(byte[] type) {
155         outboundArtifactType = type;
156     }
157 
158     /**
159      * Sets the security policy for this profile.
160      * 
161      * @param policy security policy for this profile
162      */
163     public void setSecurityPolicy(SecurityPolicy policy) {
164         profileSecurityPolicy = policy;
165     }
166 
167     /**
168      * Sets whether assertions should be signed.
169      * 
170      * @param sign whether assertions should be signed
171      */
172     public void setSignAssertions(CryptoOperationRequirementLevel sign) {
173         signAssertions = sign;
174     }
175 
176     /**
177      * Gets the credential that should be used for sign a message. Credential <strong>MUST</strong> include a private
178      * key.
179      * 
180      * @param credential credential that should be used for sign a message
181      */
182     public void setSigningCredential(Credential credential) {
183         if (credential != null && credential.getPrivateKey() == null) {
184             throw new IllegalArgumentException("Credential does not contain a private key");
185         }
186         signingCredential = credential;
187     }
188 
189     /**
190      * Sets whether to sign protocol requests.
191      * 
192      * @param sign whether to sign protocol requests
193      */
194     public void setSignRequests(CryptoOperationRequirementLevel sign) {
195         signRequests = sign;
196     }
197 
198     /**
199      * Sets whether to sign protocol responses.
200      * 
201      * @param sign whether to sign protocol responses
202      */
203     public void setSignResponses(CryptoOperationRequirementLevel sign) {
204         signResponses = sign;
205     }
206 }