View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.relyingparty.saml;
19  
20  import java.util.List;
21  import java.util.Map;
22  
23  import javax.xml.namespace.QName;
24  
25  import org.opensaml.xml.util.DatatypeHelper;
26  import org.opensaml.xml.util.LazyList;
27  import org.opensaml.xml.util.XMLHelper;
28  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
29  import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
30  import org.springframework.beans.factory.xml.ParserContext;
31  import org.w3c.dom.Element;
32  
33  import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
34  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
35  
36  /**
37   * Base Spring configuration parser for SAML profile configurations.
38   */
39  public abstract class AbstractSAMLProfileConfigurationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
40  
41      /** {@inheritDoc} */
42      protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
43          builder.setLazyInit(true);
44          Map<QName, List<Element>> children = XMLHelper.getChildElements(element);
45  
46          List<Element> audienceElems = children.get(new QName(SAMLRelyingPartyNamespaceHandler.NAMESPACE, "Audience"));
47          if (audienceElems != null && audienceElems.size() > 0) {
48              LazyList<String> audiences = new LazyList<String>();
49              for (Element audienceElem : audienceElems) {
50                  audiences.add(DatatypeHelper.safeTrimOrNullString(audienceElem.getTextContent()));
51              }
52              builder.addPropertyValue("audiences", audiences);
53          }
54  
55          String secCredRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "signingCredentialRef"));
56          if (secCredRef != null) {
57              builder.addDependsOn(secCredRef);
58              builder.addPropertyReference("signingCredential", secCredRef);
59          }
60  
61          long lifetime = 300000L;
62          if (element.hasAttributeNS(null, "assertionLifetime")) {
63              lifetime = SpringConfigurationUtils.parseDurationToMillis(
64                      "'assertionLifetime' on profile configuration of type " + XMLHelper.getXSIType(element),
65                      element.getAttributeNS(null, "assertionLifetime"), 0);
66          }
67          builder.addPropertyValue("assertionLifetime", lifetime);
68  
69          String artifactType = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "outboundArtifactType"));
70          if (artifactType != null) {
71              byte[] artifactTypeBytes = DatatypeHelper.intToByteArray(Integer.parseInt(artifactType));
72              byte[] trimmedArtifactTypeBytes = { artifactTypeBytes[2], artifactTypeBytes[3] };
73              builder.addPropertyValue("outboundArtifactType", trimmedArtifactTypeBytes);
74          }
75  
76          CryptoOperationRequirementLevel signRequests = CryptoOperationRequirementLevel.conditional;
77          if (element.hasAttributeNS(null, "signRequests")) {
78              signRequests = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signRequests"));
79          }
80          builder.addPropertyValue("signRequests", signRequests);
81  
82          CryptoOperationRequirementLevel signResponses = getSignResponsesDefault();
83          if (element.hasAttributeNS(null, "signResponses")) {
84              signResponses = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signResponses"));
85          }
86          builder.addPropertyValue("signResponses", signResponses);
87  
88          CryptoOperationRequirementLevel signAssertions = getSignAssertionsDefault();
89          if (element.hasAttributeNS(null, "signAssertions")) {
90              signAssertions = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signAssertions"));
91          }
92          builder.addPropertyValue("signAssertions", signAssertions);
93  
94          String secPolRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "securityPolicyRef"));
95          if (secPolRef != null) {
96              builder.addDependsOn(secPolRef);
97              builder.addPropertyReference("profileSecurityPolicy", secPolRef);
98          }
99      }
100 
101     /** {@inheritDoc} */
102     protected boolean shouldGenerateId() {
103         return true;
104     }
105 
106     /**
107      * Gets the default value for the signResponses property.
108      * 
109      * @return default value for the signResponses property
110      */
111     protected abstract CryptoOperationRequirementLevel getSignResponsesDefault();
112 
113     /**
114      * Gets the default value for the signAssertions property.
115      * 
116      * @return default value for the signAssertions property
117      */
118     protected abstract CryptoOperationRequirementLevel getSignAssertionsDefault();
119 }