View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.relyingparty.saml;
19  
20  import java.util.List;
21  
22  import org.opensaml.ws.security.SecurityPolicy;
23  import org.opensaml.xml.security.credential.Credential;
24  import org.springframework.beans.factory.config.AbstractFactoryBean;
25  
26  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.AbstractSAMLProfileConfiguration;
27  import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
28  
29  /**
30   * Base Spring factory bean for creating SAML profile configurations.
31   */
32  public abstract class AbstractSAMLProfileConfigurationFactoryBean extends AbstractFactoryBean {
33  
34      /** Audiences of issued assertions. */
35      private List<String> audiences;
36  
37      /** Amount of time before an issued assertion expires. */
38      private long assertionLifetime;
39  
40      /** 2-byte artifact type used for outbound messages. */
41      private byte[] outboundArtifactType;
42  
43      /** Whether assertions should be signed. */
44      private CryptoOperationRequirementLevel signAssertions;
45  
46      /** Whether to sign protocol requests. */
47      private CryptoOperationRequirementLevel signRequests;
48  
49      /** Whether to sign protocol responses. */
50      private CryptoOperationRequirementLevel signResponses;
51  
52      /** Credential used to sign assertions. */
53      private Credential signingCredential;
54      
55      /** Security policy for this profile. */
56      private SecurityPolicy profileSecurityPolicy;
57      
58      /**
59       * Gets the amount of time, in milliseconds, before an issued assertion expires. A negative value indicates the
60       * assertion never expires.
61       * 
62       * @return amount of time before an issued assertion expires
63       */
64      public long getAssertionLifetime() {
65          return assertionLifetime;
66      }
67      
68      /**
69       * Gets the audiences of issued assertions.
70       * 
71       * @return audiences of issued assertions
72       */
73      public List<String> getAudiences() {
74          return audiences;
75      }
76  
77      /**
78       * Gets the 2-byte artifact type used for outbound messages.
79       * 
80       * @return 2-byte artifact type used for outbound messages
81       */
82      public  byte[] getOutboundArtifactType() {
83          return outboundArtifactType;
84      }
85  
86      /**
87       * Gets the security policy for this profile.
88       * 
89       * @return security policy for this profile
90       */
91      public SecurityPolicy getProfileSecurityPolicy() {
92          return profileSecurityPolicy;
93      }
94  
95      /**
96       * Gets whether assertions should be signed.
97       * 
98       * @return whether assertions should be signed
99       */
100     public CryptoOperationRequirementLevel getSignAssertions() {
101         return signAssertions;
102     }
103 
104     /**
105      * Gets the credential used to sign assertions.
106      * 
107      * @return credential used to sign assertions
108      */
109     public Credential getSigningCredential() {
110         return signingCredential;
111     }
112 
113     /**
114      * Gets whether to sign protocol requests.
115      * 
116      * @return whether to sign protocol requests
117      */
118     public CryptoOperationRequirementLevel getSignRequests() {
119         return signRequests;
120     }
121 
122     /**
123      * Gets whether to sign protocol responses.
124      * 
125      * @return whether to sign protocol responses
126      */
127     public CryptoOperationRequirementLevel getSignResposnes() {
128         return signResponses;
129     }
130 
131     /**
132      * Sets the amount of time before an issued assertion expires.
133      * 
134      * @param lifetime amount of time before an issued assertion expires
135      */
136     public void setAssertionLifetime(long lifetime) {
137         assertionLifetime = lifetime;
138     }
139 
140     /**
141      * Sets the audiences of issued assertions.
142      * 
143      * @param newAudiences audiences of issued assertions
144      */
145     public void setAudiences(List<String> newAudiences) {
146         audiences = newAudiences;
147     }
148 
149     /**
150      * Sets the 2-byte artifact type used for outbound messages.
151      * 
152      * @param type 2-byte artifact type used for outbound messages
153      */
154     public void setOutboundArtifactType(byte[] type) {
155         outboundArtifactType = type;
156     }
157 
158     /**
159      * Sets the security policy for this profile.
160      * 
161      * @param policy security policy for this profile
162      */
163     public void setProfileSecurityPolicy(SecurityPolicy policy) {
164         profileSecurityPolicy = policy;
165     }
166 
167     /**
168      * Sets whether assertions should be signed.
169      * 
170      * @param sign whether assertions should be signed
171      */
172     public void setSignAssertions(CryptoOperationRequirementLevel sign) {
173         signAssertions = sign;
174     }
175 
176     /**
177      * Sets the credential used to sign assertions.
178      * 
179      * @param credential credential used to sign assertions
180      */
181     public void setSigningCredential(Credential credential) {
182         signingCredential = credential;
183     }
184 
185     /**
186      * Sets whether to sign protocol requests.
187      * 
188      * @param sign whether to sign protocol requests
189      */
190     public void setSignRequests(CryptoOperationRequirementLevel sign) {
191         signRequests = sign;
192     }
193 
194     /**
195      * Sets whether to sign protocol responses.
196      * 
197      * @param sign whether to sign protocol responses
198      */
199     public void setSignResponses(CryptoOperationRequirementLevel sign) {
200         signResponses = sign;
201     }
202     
203     /**
204      * Populates the given profile configuration with standard information.
205      * 
206      * @param configuration configuration to populate
207      */
208     protected void populateBean(AbstractSAMLProfileConfiguration configuration) {
209         configuration.setAssertionAudiences(getAudiences());
210         configuration.setAssertionLifetime(getAssertionLifetime());
211         configuration.setSecurityPolicy(getProfileSecurityPolicy());
212         configuration.setOutboundArtifactType(getOutboundArtifactType());
213         configuration.setSignRequests(getSignRequests());
214         configuration.setSignResponses(getSignResposnes());
215         configuration.setSignAssertions(getSignAssertions());
216         configuration.setSigningCredential(getSigningCredential());
217     }
218 }