View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.relyingparty.provider;
19  
20  import java.util.Collection;
21  
22  import org.opensaml.ws.security.SecurityPolicy;
23  import org.opensaml.xml.security.credential.Credential;
24  import org.opensaml.xml.util.LazySet;
25  
26  import edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration;
27  
28  /**
29   * Profile settings common to SAML 1 and SAML 2.
30   */
31  public abstract class AbstractSAMLProfileConfiguration implements ProfileConfiguration {
32      
33      /** Audiences for the assertion. */
34      private Collection<String> assertionAudiences;
35  
36      /** Life of the assertion in milliseconds. */
37      private long assertionLifetime;
38  
39      /** 2-byte artifact type used on outbound messages. */
40      private byte[] outboundArtifactType;
41  
42      /** Security policy for this profile. */
43      private SecurityPolicy profileSecurityPolicy;
44  
45      /** Whether to sign assertions. */
46      private CryptoOperationRequirementLevel signAssertions;
47  
48      /** Assertion signing credential. */
49      private Credential signingCredential;
50  
51      /** Whether to sign protocol requests. */
52      private CryptoOperationRequirementLevel signRequests;
53  
54      /** Whether to sign protocol responses. */
55      private CryptoOperationRequirementLevel signResponses;
56  
57      /** Constructor. */
58      protected AbstractSAMLProfileConfiguration() {
59          assertionAudiences = new LazySet<String>();
60      }
61  
62      /**
63       * Gets the list of audiences an assertion is intended for.
64       * 
65       * @return list of audiences an assertion is intended for
66       */
67      public Collection<String> getAssertionAudiences() {
68          return assertionAudiences;
69      }
70  
71      /**
72       * Gets the lifetime, in millisecond, for an issued assertion.
73       * 
74       * This value should be used to compute the NotOnOrAfter condition.
75       * 
76       * @return lifetime, in millisecond, for an issued assertion
77       */
78      public long getAssertionLifetime() {
79          return assertionLifetime;
80      }
81  
82      /**
83       * Gets the 2-byte artifact type used on outbound messages.
84       * 
85       * @return 2-byte artifact type used on outbound messages
86       */
87      public byte[] getOutboundArtifactType() {
88          return outboundArtifactType;
89      }
90  
91      /** {@inheritDoc} */
92      public SecurityPolicy getSecurityPolicy() {
93          return profileSecurityPolicy;
94      }
95  
96      /**
97       * Gets whether assertions should be signed.
98       * 
99       * @return whether assertions should be signed
100      */
101     public CryptoOperationRequirementLevel getSignAssertions() {
102         return signAssertions;
103     }
104 
105     /**
106      * Gets the credential that should be used to sign a message.
107      * 
108      * @return credential that should be used to sign a message
109      */
110     public Credential getSigningCredential() {
111         return signingCredential;
112     }
113 
114     /**
115      * Gets whether to sign protocol requests.
116      * 
117      * @return whether to sign protocol requests
118      */
119     public CryptoOperationRequirementLevel getSignRequests() {
120         return signRequests;
121     }
122 
123     /**
124      * Gets whether to sign protocol responses.
125      * 
126      * @return whether to sign protocol responses
127      */
128     public CryptoOperationRequirementLevel getSignResponses() {
129         return signResponses;
130     }
131 
132     /**
133      * Sets the list of audiences an assertion is intended for.
134      * 
135      * @param audiences list of audiences an assertion is intended for
136      */
137     public void setAssertionAudiences(Collection<String> audiences) {
138         assertionAudiences = audiences;
139     }
140 
141     /**
142      * Sets the lifetime, in millisecond, for an issued assertion.
143      * 
144      * @param lifetime lifetime, in millisecond, for an issued assertion
145      */
146     public void setAssertionLifetime(long lifetime) {
147         assertionLifetime = lifetime;
148     }
149 
150     /**
151      * Sets the 2-byte artifact type used on outbound messages.
152      * 
153      * @param type 2-byte artifact type used on outbound messages.
154      */
155     public void setOutboundArtifactType(byte[] type) {
156         outboundArtifactType = type;
157     }
158 
159     /**
160      * Sets the security policy for this profile.
161      * 
162      * @param policy security policy for this profile
163      */
164     public void setSecurityPolicy(SecurityPolicy policy) {
165         profileSecurityPolicy = policy;
166     }
167 
168     /**
169      * Sets whether assertions should be signed.
170      * 
171      * @param sign whether assertions should be signed
172      */
173     public void setSignAssertions(CryptoOperationRequirementLevel sign) {
174         signAssertions = sign;
175     }
176 
177     /**
178      * Gets the credential that should be used for sign a message. Credential <strong>MUST</strong> include a private
179      * key.
180      * 
181      * @param credential credential that should be used for sign a message
182      */
183     public void setSigningCredential(Credential credential) {
184         if (credential != null && credential.getPrivateKey() == null) {
185             throw new IllegalArgumentException("Credential does not contain a private key");
186         }
187         signingCredential = credential;
188     }
189 
190     /**
191      * Sets whether to sign protocol requests.
192      * 
193      * @param sign whether to sign protocol requests
194      */
195     public void setSignRequests(CryptoOperationRequirementLevel sign) {
196         signRequests = sign;
197     }
198 
199     /**
200      * Sets whether to sign protocol responses.
201      * 
202      * @param sign whether to sign protocol responses
203      */
204     public void setSignResponses(CryptoOperationRequirementLevel sign) {
205         signResponses = sign;
206     }
207 }