All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.xacml4j.opensaml.DefaultIDPConfiguration Maven / Gradle / Ivy

There is a newer version: 1.2.2
Show newest version
package org.xacml4j.opensaml;

/*
 * #%L
 * XACML/OpenSAML Integration
 * %%
 * Copyright (C) 2009 - 2014 Xacml4J.org
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Lesser Public License for more details.
 * 
 * You should have received a copy of the GNU General Lesser Public
 * License along with this program.  If not, see
 * .
 * #L%
 */

import org.opensaml.saml2.metadata.AuthzService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.PDPDescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import org.opensaml.xml.util.DatatypeHelper;

import com.google.common.base.Preconditions;

public class DefaultIDPConfiguration implements IDPConfiguration
{
	private static final String SAML20_PROTOCOL = "urn:oasis:names:tc:SAML:2.0:protocol";

	private final EntityDescriptor localEntity;
	private final SignatureTrustEngine trustEngine;
	private final Credential idpSigningCredential;

	public DefaultIDPConfiguration(String localEntityId,
			MetadataProvider metadata,
			Credential idpSigningCredential)
		throws MetadataProviderException
	{
		Preconditions.checkNotNull(localEntityId);
		Preconditions.checkNotNull(metadata);
		Preconditions.checkNotNull(idpSigningCredential);
		this.localEntity = metadata.getEntityDescriptor(localEntityId);
		Preconditions.checkState(localEntity != null);
		this.trustEngine = createDefaultSignatureTrustEngine(metadata);
		this.idpSigningCredential = idpSigningCredential;
	}

	@Override
	public EntityDescriptor getLocalEntity() {
		return localEntity;
	}

	@Override
	public SignatureTrustEngine getSignatureTrustEngine(){
		return trustEngine;
	}

	@Override
	public AuthzService getAuthzServiceByLocation(
			String locationURL){
		PDPDescriptor pdp = localEntity.getPDPDescriptor(SAML20_PROTOCOL);
		if(pdp == null){
			return null;
		}
		for(AuthzService s : pdp.getAuthzServices()){
			if(DatatypeHelper.safeEquals(locationURL, s.getLocation())){
				return s;
			}
		}
		return null;
	}

	@Override
	public Credential getSigningCredential()
	{
		return idpSigningCredential;
	}

	private static SignatureTrustEngine createDefaultSignatureTrustEngine(MetadataProvider metadata)
	{
		MetadataCredentialResolver mdCredResolver = new MetadataCredentialResolver(metadata);
		KeyInfoCredentialResolver keyInfoCredResolver = Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
		return new ExplicitKeySignatureTrustEngine(mdCredResolver, keyInfoCredResolver);
	}
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy