All Downloads are FREE. Search and download functionalities are using the official Maven repository.

pl.edu.icm.unity.saml.sp.console.SAMLAuthneticatorConfiguration Maven / Gradle / Ivy

There is a newer version: 4.0.4
Show newest version
/*
 * Copyright (c) 2019 Bixbit - Krzysztof Benedyczak. All rights reserved.
 * See LICENCE.txt file for licensing information.
 */

package pl.edu.icm.unity.saml.sp.console;

import java.io.IOException;
import java.io.StringReader;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import java.util.Set;

import org.apache.logging.log4j.Logger;

import eu.unicore.util.configuration.ConfigurationException;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.file.FileData;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.files.FileStorageService;
import pl.edu.icm.unity.engine.api.files.FileStorageService.StandardOwner;
import pl.edu.icm.unity.engine.api.files.URIAccessService;
import pl.edu.icm.unity.engine.api.files.URIHelper;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.saml.SamlProperties;
import pl.edu.icm.unity.saml.console.SAMLIdentityMapping;
import pl.edu.icm.unity.saml.sp.SAMLSPProperties;
import pl.edu.icm.unity.webui.authn.CommonWebAuthnProperties;
import pl.edu.icm.unity.webui.common.binding.LocalOrRemoteResource;
import pl.edu.icm.unity.webui.common.file.FileFieldUtils;
import pl.edu.icm.unity.webui.common.file.ImageAccessService;

/**
 * Related to {@link SAMLSPProperties}. Contains whole SAML authenticator
 * configuration
 * 
 * @author P.Piernik
 *
 */
public class SAMLAuthneticatorConfiguration
{
	private static Logger log = Log.getLogger(Log.U_SERVER_SAML, SAMLAuthneticatorConfiguration.class);

	private String requesterId;
	private String credential;
	private String additionalCredential;
	private boolean includeAddtionalCredentialInMetadata;
	private List acceptedNameFormats;
	private boolean requireSignedAssertion;
	private boolean defSignRequest;
	private List defaultRequestedNameFormat;
	private boolean defAccountAssociation;
	private List trustedFederations;
	private List individualTrustedIdps;
	private boolean publishMetadata;
	private String metadataPath;
	private boolean signMetadata;
	private boolean autoGenerateMetadata;
	private LocalOrRemoteResource metadataSource;
	private String sloPath;
	private String sloRealm;
	private List sloMappings;

	public SAMLAuthneticatorConfiguration()
	{
		setPublishMetadata(true);
		setAutoGenerateMetadata(true);
		setMetadataPath("sp");
		setDefAccountAssociation(true);
	}

	public String toProperties(PKIManagement pkiMan, FileStorageService fileService, MessageSource msg,
			String name) throws ConfigurationException
	{
		Properties raw = new Properties();
		raw.put(SAMLSPProperties.P + SAMLSPProperties.REQUESTER_ID, getRequesterId());

		if (getCredential() != null)
		{
			raw.put(SAMLSPProperties.P + SAMLSPProperties.CREDENTIAL, getCredential());
		}
		
		if (getAdditionalCredential() != null && !getAdditionalCredential().isEmpty())
		{
			raw.put(SAMLSPProperties.P + SAMLSPProperties.ADDITIONAL_CREDENTIAL, getAdditionalCredential());
		}

		raw.put(SAMLSPProperties.P + SAMLSPProperties.INCLUDE_ADDITIONAL_CREDENTIAL_IN_METADATA, String.valueOf(includeAddtionalCredentialInMetadata));
		
		if (acceptedNameFormats != null)
		{
			acceptedNameFormats.stream().forEach(
					f -> raw.put(SAMLSPProperties.P + SAMLSPProperties.ACCEPTED_NAME_FORMATS
							+ (acceptedNameFormats.indexOf(f) + 1), f));
		}

		raw.put(SAMLSPProperties.P + SAMLSPProperties.REQUIRE_SIGNED_ASSERTION,
				String.valueOf(isRequireSignedAssertion()));
		raw.put(SAMLSPProperties.P + SAMLSPProperties.DEF_SIGN_REQUEST, String.valueOf(isDefSignRequest()));

		if (defaultRequestedNameFormat != null)
		{
			defaultRequestedNameFormat.stream().forEach(d -> raw
					.put(SAMLSPProperties.P + SAMLSPProperties.DEF_REQUESTED_NAME_FORMAT, d));
		}

		raw.put(SAMLSPProperties.P + CommonWebAuthnProperties.DEF_ENABLE_ASSOCIATION,
				String.valueOf(isDefAccountAssociation()));

		if (getTrustedFederations() != null)
		{
			getTrustedFederations().stream().forEach(f -> f.toProperties(raw));
		}

		if (getIndividualTrustedIdps() != null)
		{
			getIndividualTrustedIdps().stream().forEach(f -> f.toProperties(raw, msg, fileService, name));
		}

		raw.put(SAMLSPProperties.P + SAMLSPProperties.PUBLISH_METADATA, String.valueOf(isPublishMetadata()));
		if (getMetadataPath() != null)
		{
			raw.put(SAMLSPProperties.P + SAMLSPProperties.METADATA_PATH, getMetadataPath());
		}

		raw.put(SAMLSPProperties.P + SAMLSPProperties.SIGN_METADATA, String.valueOf(isSignMetadata()));

		if (getMetadataSource() != null && !isAutoGenerateMetadata())
		{
			FileFieldUtils.saveInProperties(getMetadataSource(),
					SAMLSPProperties.P + SAMLSPProperties.METADATA_SOURCE, raw, fileService,
					StandardOwner.SERVICE.toString(), name);
		}

		if (getSloPath() != null)
		{
			raw.put(SAMLSPProperties.P + SAMLSPProperties.SLO_PATH, getSloPath());
		}

		if (getSloRealm() != null)
		{
			raw.put(SAMLSPProperties.P + SAMLSPProperties.SLO_REALM, getSloRealm());
		}

		if (getSloMappings() != null)
		{
			getSloMappings().forEach(m -> {

				int i = getSloMappings().indexOf(m) + 1;
				raw.put(SAMLSPProperties.P + SAMLSPProperties.IDENTITY_MAPPING_PFX + i + "."
						+ SAMLSPProperties.IDENTITY_LOCAL,
						m.getUnityId() == null ? "" : m.getUnityId());

				raw.put(SAMLSPProperties.P + SAMLSPProperties.IDENTITY_MAPPING_PFX + i + "."
						+ SAMLSPProperties.IDENTITY_SAML,
						m.getSamlId() == null ? "" : m.getSamlId());

			});
		}

		SAMLSPProperties samlProp = new SAMLSPProperties(raw, pkiMan);
		return samlProp.getAsString();

	}

	public void fromProperties(PKIManagement pkiMan, URIAccessService uriAccessService, 
			ImageAccessService imageAccessService, MessageSource msg, String properties)
	{
		Properties raw = new Properties();
		try
		{
			raw.load(new StringReader(properties));
		} catch (IOException e)
		{
			throw new InternalException("Invalid configuration of the SAML verificator", e);
		}

		SAMLSPProperties samlSpProp = new SAMLSPProperties(raw, pkiMan);

		setRequesterId(samlSpProp.getValue(SAMLSPProperties.REQUESTER_ID));
		setCredential(samlSpProp.getValue(SAMLSPProperties.CREDENTIAL));
		setAdditionalCredential(samlSpProp.getValue(SAMLSPProperties.ADDITIONAL_CREDENTIAL));
		setIncludeAddtionalCredentialInMetadata(samlSpProp.getBooleanValue(SAMLSPProperties.INCLUDE_ADDITIONAL_CREDENTIAL_IN_METADATA));
		setAcceptedNameFormats(samlSpProp.getListOfValues(SAMLSPProperties.ACCEPTED_NAME_FORMATS));
		setRequireSignedAssertion(samlSpProp.getBooleanValue(SAMLSPProperties.REQUIRE_SIGNED_ASSERTION));
		setDefSignRequest(samlSpProp.getBooleanValue(SAMLSPProperties.DEF_SIGN_REQUEST));
		String defNameFormat = samlSpProp.getValue(SAMLSPProperties.DEF_REQUESTED_NAME_FORMAT);
		setDefaultRequestedNameFormat(defNameFormat != null ? Arrays.asList(defNameFormat) : null);
		if (samlSpProp.isSet(CommonWebAuthnProperties.DEF_ENABLE_ASSOCIATION))
		{
			setDefAccountAssociation(
					samlSpProp.getBooleanValue(CommonWebAuthnProperties.DEF_ENABLE_ASSOCIATION));
		}

		Set fedKeys = samlSpProp.getStructuredListKeys(SAMLSPProperties.IDPMETA_PREFIX);

		trustedFederations = new ArrayList<>();
		fedKeys.forEach(

				key -> {
					SAMLAuthnTrustedFederationConfiguration fed = new SAMLAuthnTrustedFederationConfiguration();
					key = key.substring(SAMLSPProperties.IDPMETA_PREFIX.length(), key.length() - 1);
					fed.fromProperties(samlSpProp, key);
					trustedFederations.add(fed);
				});

		Set idpKeys = samlSpProp.getStructuredListKeys(SAMLSPProperties.IDP_PREFIX);

		individualTrustedIdps = new ArrayList<>();
		idpKeys.forEach(

				key -> {
					SAMLIndividualTrustedSamlIdpConfiguration idp = new SAMLIndividualTrustedSamlIdpConfiguration();
					key = key.substring(SAMLSPProperties.IDP_PREFIX.length(), key.length() - 1);
					idp.fromProperties(msg, imageAccessService, samlSpProp, key);
					individualTrustedIdps.add(idp);
				});

		if (samlSpProp.isSet(SamlProperties.PUBLISH_METADATA))
		{
			setPublishMetadata(samlSpProp.getBooleanValue(SamlProperties.PUBLISH_METADATA));
		}

		setMetadataPath(samlSpProp.getValue(SAMLSPProperties.METADATA_PATH));

		if (samlSpProp.isSet(SamlProperties.SIGN_METADATA))
		{
			setSignMetadata(samlSpProp.getBooleanValue(SamlProperties.SIGN_METADATA));
		}

		if (samlSpProp.isSet(SamlProperties.METADATA_SOURCE))
		{
			setAutoGenerateMetadata(false);

			String metaUri = samlSpProp.getValue(SamlProperties.METADATA_SOURCE);

			try
			{
				URI uri = URIHelper.parseURI(metaUri);
				if (URIHelper.isWebReady(uri))
				{
					setMetadataSource(new LocalOrRemoteResource(uri.toString()));
				} else
				{
					FileData fileData = uriAccessService.readURI(uri);
					setMetadataSource(new LocalOrRemoteResource(fileData.getContents(),
							uri.toString()));
				}

			} catch (Exception e)
			{
				log.error("Can not load configured metadata from uri: " + metaUri);
			}
		} else
		{
			setAutoGenerateMetadata(true);
		}

		setSloPath(samlSpProp.getValue(SAMLSPProperties.SLO_PATH));
		setSloRealm(samlSpProp.getValue(SAMLSPProperties.SLO_REALM));

		Set sloMappingsKeys = samlSpProp.getStructuredListKeys(SAMLSPProperties.IDENTITY_MAPPING_PFX);

		sloMappings = new ArrayList<>();
		sloMappingsKeys.forEach(

				key -> {
					SAMLIdentityMapping m = new SAMLIdentityMapping();
					if (samlSpProp.getValue(key + SAMLSPProperties.IDENTITY_LOCAL) != null
							&& !samlSpProp.getValue(key + SAMLSPProperties.IDENTITY_LOCAL)
									.isEmpty())
					{
						m.setUnityId(samlSpProp
								.getValue(key + SAMLSPProperties.IDENTITY_LOCAL));
					}

					if (samlSpProp.getValue(key + SAMLSPProperties.IDENTITY_SAML) != null
							&& !samlSpProp.getValue(key + SAMLSPProperties.IDENTITY_SAML)
									.isEmpty())
					{
						m.setSamlId(samlSpProp.getValue(key + SAMLSPProperties.IDENTITY_SAML));
					}
					sloMappings.add(m);
				});
	}

	public String getRequesterId()
	{
		return requesterId;
	}

	public void setRequesterId(String requesterId)
	{
		this.requesterId = requesterId;
	}

	public String getCredential()
	{
		return credential;
	}

	public void setCredential(String credential)
	{
		this.credential = credential;
	}

	public List getAcceptedNameFormats()
	{
		return acceptedNameFormats;
	}

	public void setAcceptedNameFormats(List acceptedNameFormats)
	{
		this.acceptedNameFormats = acceptedNameFormats;
	}

	public boolean isRequireSignedAssertion()
	{
		return requireSignedAssertion;
	}

	public void setRequireSignedAssertion(boolean requireSignedAssertion)
	{
		this.requireSignedAssertion = requireSignedAssertion;
	}

	public boolean isDefSignRequest()
	{
		return defSignRequest;
	}

	public void setDefSignRequest(boolean defSignRequest)
	{
		this.defSignRequest = defSignRequest;
	}

	public List getDefaultRequestedNameFormat()
	{
		return defaultRequestedNameFormat;
	}

	public void setDefaultRequestedNameFormat(List defaultRequestedNameFormat)
	{
		this.defaultRequestedNameFormat = defaultRequestedNameFormat;
	}

	public boolean isDefAccountAssociation()
	{
		return defAccountAssociation;
	}

	public void setDefAccountAssociation(boolean defAccountAssociation)
	{
		this.defAccountAssociation = defAccountAssociation;
	}

	public List getTrustedFederations()
	{
		return trustedFederations;
	}

	public void setTrustedFederations(List trustedFederations)
	{
		this.trustedFederations = trustedFederations;
	}

	public List getIndividualTrustedIdps()
	{
		return individualTrustedIdps;
	}

	public void setIndividualTrustedIdps(List individualTrustedIdps)
	{
		this.individualTrustedIdps = individualTrustedIdps;
	}

	public boolean isPublishMetadata()
	{
		return publishMetadata;
	}

	public void setPublishMetadata(boolean publishMetadata)
	{
		this.publishMetadata = publishMetadata;
	}

	public String getMetadataPath()
	{
		return metadataPath;
	}

	public void setMetadataPath(String metadataPath)
	{
		this.metadataPath = metadataPath;
	}

	public boolean isSignMetadata()
	{
		return signMetadata;
	}

	public void setSignMetadata(boolean signMetadata)
	{
		this.signMetadata = signMetadata;
	}

	public String getSloPath()
	{
		return sloPath;
	}

	public void setSloPath(String sloPath)
	{
		this.sloPath = sloPath;
	}

	public String getSloRealm()
	{
		return sloRealm;
	}

	public void setSloRealm(String sloRealm)
	{
		this.sloRealm = sloRealm;
	}

	public List getSloMappings()
	{
		return sloMappings;
	}

	public void setSloMappings(List sloMappings)
	{
		this.sloMappings = sloMappings;
	}

	public boolean isAutoGenerateMetadata()
	{
		return autoGenerateMetadata;
	}

	public void setAutoGenerateMetadata(boolean autoGenerateMetadata)
	{
		this.autoGenerateMetadata = autoGenerateMetadata;
	}

	public LocalOrRemoteResource getMetadataSource()
	{
		return metadataSource;
	}

	public void setMetadataSource(LocalOrRemoteResource metadataSource)
	{
		this.metadataSource = metadataSource;
	}

	public String getAdditionalCredential()
	{
		return additionalCredential;
	}

	public void setAdditionalCredential(String additionallyAdvertisedCredential)
	{
		this.additionalCredential = additionallyAdvertisedCredential;
	}

	public boolean isIncludeAddtionalCredentialInMetadata()
	{
		return includeAddtionalCredentialInMetadata;
	}

	public void setIncludeAddtionalCredentialInMetadata(boolean includeAddtionalCredentialInMetadata)
	{
		this.includeAddtionalCredentialInMetadata = includeAddtionalCredentialInMetadata;
	}
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy