1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.relyingparty.saml;
19
20 import java.util.List;
21 import java.util.Map;
22
23 import javax.xml.namespace.QName;
24
25 import org.opensaml.xml.util.DatatypeHelper;
26 import org.opensaml.xml.util.LazyList;
27 import org.opensaml.xml.util.XMLHelper;
28 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
29 import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
30 import org.springframework.beans.factory.xml.ParserContext;
31 import org.w3c.dom.Element;
32
33 import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtils;
34 import edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel;
35
36
37
38
39 public abstract class AbstractSAMLProfileConfigurationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
40
41
42 protected void doParse(Element element, ParserContext parserContext, BeanDefinitionBuilder builder) {
43 builder.setLazyInit(true);
44 Map<QName, List<Element>> children = XMLHelper.getChildElements(element);
45
46 List<Element> audienceElems = children.get(new QName(SAMLRelyingPartyNamespaceHandler.NAMESPACE, "Audience"));
47 if (audienceElems != null && audienceElems.size() > 0) {
48 LazyList<String> audiences = new LazyList<String>();
49 for (Element audienceElem : audienceElems) {
50 audiences.add(DatatypeHelper.safeTrimOrNullString(audienceElem.getTextContent()));
51 }
52 builder.addPropertyValue("audiences", audiences);
53 }
54
55 String secCredRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "signingCredentialRef"));
56 if (secCredRef != null) {
57 builder.addDependsOn(secCredRef);
58 builder.addPropertyReference("signingCredential", secCredRef);
59 }
60
61 long lifetime = 300000L;
62 if (element.hasAttributeNS(null, "assertionLifetime")) {
63 lifetime = SpringConfigurationUtils.parseDurationToMillis(
64 "'assertionLifetime' on profile configuration of type " + XMLHelper.getXSIType(element),
65 element.getAttributeNS(null, "assertionLifetime"), 0);
66 }
67 builder.addPropertyValue("assertionLifetime", lifetime);
68
69 String artifactType = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "outboundArtifactType"));
70 if (artifactType != null) {
71 byte[] artifactTypeBytes = DatatypeHelper.intToByteArray(Integer.parseInt(artifactType));
72 byte[] trimmedArtifactTypeBytes = { artifactTypeBytes[2], artifactTypeBytes[3] };
73 builder.addPropertyValue("outboundArtifactType", trimmedArtifactTypeBytes);
74 }
75
76 CryptoOperationRequirementLevel signRequests = CryptoOperationRequirementLevel.conditional;
77 if (element.hasAttributeNS(null, "signRequests")) {
78 signRequests = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signRequests"));
79 }
80 builder.addPropertyValue("signRequests", signRequests);
81
82 CryptoOperationRequirementLevel signResponses = getSignResponsesDefault();
83 if (element.hasAttributeNS(null, "signResponses")) {
84 signResponses = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signResponses"));
85 }
86 builder.addPropertyValue("signResponses", signResponses);
87
88 CryptoOperationRequirementLevel signAssertions = getSignAssertionsDefault();
89 if (element.hasAttributeNS(null, "signAssertions")) {
90 signAssertions = CryptoOperationRequirementLevel.valueOf(element.getAttributeNS(null, "signAssertions"));
91 }
92 builder.addPropertyValue("signAssertions", signAssertions);
93
94 String secPolRef = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "securityPolicyRef"));
95 if (secPolRef != null) {
96 builder.addDependsOn(secPolRef);
97 builder.addPropertyReference("profileSecurityPolicy", secPolRef);
98 }
99 }
100
101
102 protected boolean shouldGenerateId() {
103 return true;
104 }
105
106
107
108
109
110
111 protected abstract CryptoOperationRequirementLevel getSignResponsesDefault();
112
113
114
115
116
117
118 protected abstract CryptoOperationRequirementLevel getSignAssertionsDefault();
119 }