1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.relyingparty.saml;
18
19 import java.util.List;
20 import java.util.Map;
21
22 import javax.xml.namespace.QName;
23
24 import org.opensaml.xml.util.DatatypeHelper;
25 import org.opensaml.xml.util.LazyList;
26 import org.opensaml.xml.util.XMLHelper;
27 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
28 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
29 import org.springframework.beans.factory.xml.ParserContext;
30 import org.w3c.dom.Element;
31
32 import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
33 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
34
35
36
37
38 public abstract class AbstractSAMLProfileConfigurationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
39
40
41 protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
42 builder.setLazyInit(true);
43 Map<QName, List<Element>> children = XMLHelper.getChildElements(element);
44
45 List<Element> audienceElems = children.get(new QName(SAMLRelyingPartyNamespaceHandler.NAMESPACE, "Audience"));
46 if (audienceElems != null && audienceElems.size() > 0) {
47 LazyList<String> audiences = new LazyList<String>();
48 for (Element audienceElem : audienceElems) {
49 audiences.add(DatatypeHelper.safeTrimOrNullString(audienceElem.getTextContent()));
50 }
51 builder.addPropertyValue("audiences", audiences);
52 }
53
54 String secCredRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "signingCredentialRef"));
55 if (secCredRef != null) {
56 builder.addDependsOn(secCredRef);
57 builder.addPropertyReference("signingCredential", secCredRef);
58 }
59
60 long lifetime = 300000L;
61 if (element.hasAttributeNS(null, "assertionLifetime")) {
62 lifetime = SpringConfigurationUtils.parseDurationToMillis(
63 "'assertionLifetime' on profile configuration of type " + XMLHelper.getXSIType(element),
64 element.getAttributeNS(null, "assertionLifetime"), 0);
65 }
66 builder.addPropertyValue("assertionLifetime", lifetime);
67
68 String artifactType = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "outboundArtifactType"));
69 if (artifactType != null) {
70 byte[] artifactTypeBytes = DatatypeHelper.intToByteArray(Integer.parseInt(artifactType));
71 byte[] trimmedArtifactTypeBytes = { artifactTypeBytes[2], artifactTypeBytes[3] };
72 builder.addPropertyValue("outboundArtifactType", trimmedArtifactTypeBytes);
73 }
74
75 CryptoOperationRequirementLevel signRequests = CryptoOperationRequirementLevel.conditional;
76 if (element.hasAttributeNS(null, "signRequests")) {
77 signRequests = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signRequests"));
78 }
79 builder.addPropertyValue("signRequests", signRequests);
80
81 CryptoOperationRequirementLevel signResponses = getSignResponsesDefault();
82 if (element.hasAttributeNS(null, "signResponses")) {
83 signResponses = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signResponses"));
84 }
85 builder.addPropertyValue("signResponses", signResponses);
86
87 CryptoOperationRequirementLevel signAssertions = getSignAssertionsDefault();
88 if (element.hasAttributeNS(null, "signAssertions")) {
89 signAssertions = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signAssertions"));
90 }
91 builder.addPropertyValue("signAssertions", signAssertions);
92
93 String secPolRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "securityPolicyRef"));
94 if (secPolRef != null) {
95 builder.addDependsOn(secPolRef);
96 builder.addPropertyReference("profileSecurityPolicy", secPolRef);
97 }
98 }
99
100
101 protected boolean shouldGenerateId() {
102 return true;
103 }
104
105
106
107
108
109
110 protected abstract CryptoOperationRequirementLevel getSignResponsesDefault();
111
112
113
114
115
116
117 protected abstract CryptoOperationRequirementLevel getSignAssertionsDefault();
118 }