com.stormpath.sdk.impl.saml.DefaultSamlIdpUrlBuilder Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of stormpath-sdk-impl Show documentation

The Stormpath Java SDK core implemenation .jar is used at runtime to support API invocations. This implementation jar should be a runtime dependency only and should NOT be depended on at compile time by your code. The implementations within this jar can change at any time without warning - use it with runtime scope only.

There is a newer version: 2.0.4-okta

Show newest version

/*
 * Copyright 2015 Stormpath, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.stormpath.sdk.impl.saml;

import com.stormpath.sdk.api.ApiKey;
import com.stormpath.sdk.impl.ds.InternalDataStore;
import com.stormpath.sdk.impl.http.QueryString;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.saml.SamlIdpUrlBuilder;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

import java.util.Date;
import java.util.UUID;

import static com.stormpath.sdk.impl.idsite.IdSiteClaims.ACCESS_TOKEN;

/**
 * @since 1.0.RC8
 */
public class DefaultSamlIdpUrlBuilder implements SamlIdpUrlBuilder {

    public static String SSO_LOGOUT_SUFFIX = "/logout";
    public final String ssoEndpoint;
    private final InternalDataStore internalDataStore;
    private final String applicationHref;
    private final SamlClaims claims;

    private boolean logout = false;

    public DefaultSamlIdpUrlBuilder(InternalDataStore internalDataStore, String applicationHref, String samlProviderEndpoint) {
        Assert.notNull(internalDataStore, "internalDataStore cannot be null.");
        Assert.hasText(samlProviderEndpoint, "samlProviderEndpoint cannot be null or empty");

        this.ssoEndpoint = samlProviderEndpoint;
        this.internalDataStore = internalDataStore;
        this.applicationHref = applicationHref;
        this.claims = new SamlClaims();
    }

    @Override
    public SamlIdpUrlBuilder setCallbackUri(String callbackUri) {
        claims.setCallbackUri(callbackUri);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder setState(String state) {
        claims.setState(state);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder setPath(String path) {
        claims.setPath(path);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder setOrganizationNameKey(String organizationNameKey) {
        claims.setOrganizationNameKey(organizationNameKey);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder setSpToken(String spToken) {
        claims.setSpToken(spToken);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder setAccountStoreHref(String accountStoreHref) {
        claims.setAccountStoreHref(accountStoreHref);
        return this;
    }

    @Override
    public SamlIdpUrlBuilder addProperty(String name, Object value) {
        claims.put(name, value);
        return this;
    }

    @Override
    public String build() {
        Assert.state(Strings.hasText(claims.getCallbackUri()), "callbackUri cannot be null or empty.");

        String jti = UUID.randomUUID().toString();

        Date now = new Date();

        final ApiKey apiKey = this.internalDataStore.getApiKey();

        JwtBuilder jwtBuilder = Jwts.builder().setClaims(claims).setId(jti).setIssuedAt(now).setIssuer(apiKey.getId())
                .setSubject(this.applicationHref);

        byte[] secret = apiKey.getSecret().getBytes(Strings.UTF_8);

        String jwt = jwtBuilder
                .setHeaderParam(JwsHeader.TYPE, JwsHeader.JWT_TYPE)
                .setHeaderParam(JwsHeader.KEY_ID, apiKey.getId())
                .signWith(SignatureAlgorithm.HS256, secret)
                .compact();

        QueryString queryString = new QueryString();
        queryString.put(ACCESS_TOKEN, jwt);

        StringBuilder urlBuilder = new StringBuilder(ssoEndpoint);

        if (logout) {
            urlBuilder.append(SSO_LOGOUT_SUFFIX);
        }

        return urlBuilder.append('?').append(queryString.toString()).toString();
    }
}