/**
* Constructor.
*
* @param configurations varargs array of configuration instances
*/
public EncryptionConfigurationCriterion(
@Nonnull @NonnullElements @NotEmpty EncryptionConfiguration... configurations) {
Constraint.isNotNull(configurations, "List of configurations cannot be null");
configs =
new ArrayList<>(Collections2.filter(Arrays.asList(configurations), Predicates.notNull()));
Constraint.isGreaterThanOrEqual(1, configs.size(), "At least one configuration is required");
}
/**
* Set the strategy used to locate the principal name for this attribute filtering.
*
* @param strategy lookup strategy
*/
public void setPrincipalNameLookupStrategy(
@Nonnull final Function<ProfileRequestContext, String> strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
principalNameLookupStrategy =
Constraint.isNotNull(strategy, "Principal name lookup strategy cannot be null");
}
/**
* Set the strategy used to locate or create the {@link AttributeFilterContext} to populate.
*
* @param strategy lookup/creation strategy
*/
public void setFilterContextCreationStrategy(
@Nonnull final Function<ProfileRequestContext, AttributeFilterContext> strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
filterContextCreationStrategy =
Constraint.isNotNull(strategy, "AttributeContext creation strategy cannot be null");
}
@Override
@Nullable
public ProxyGrantingTicket removeProxyGrantingTicket(@Nonnull final String id) {
Constraint.isNotNull(id, "Id cannot be null");
final ProxyGrantingTicket pgt = delete(id, ProxyGrantingTicket.class);
return pgt;
}
/**
* Set the flows available for possible use.
*
* @param flows the flows available for possible use
*/
public void setAvailableFlows(
@Nonnull @NonnullElements final Collection<SubjectCanonicalizationFlowDescriptor> flows) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
Constraint.isNotNull(flows, "Flow collection cannot be null");
availableFlows = new ArrayList<>(Collections2.filter(flows, Predicates.notNull()));
}
/**
* Set the creation/lookup strategy for the {@link LogoutPropagationContext}.
*
* @param strategy creation/lookup strategy
*/
public void setLogoutPropagationContextCreationStrategy(
@Nonnull final Function<ProfileRequestContext, LogoutPropagationContext> strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
contextCreationStrategy =
Constraint.isNotNull(strategy, "LogoutPropagationContext creation strategy cannot be null");
}
/** {@inheritDoc} */
@Override
@Nonnull
public Iterable<EncryptedKey> resolve(@Nonnull final EncryptedData encryptedData) {
Constraint.isNotNull(encryptedData, "EncryptedData cannot be null");
return resolveKeyInfo(encryptedData.getKeyInfo(), depthLimit);
}
/**
* Set the strategy used to locate the {@link AuthenticationContext} associated with a given
* {@link ProfileRequestContext}.
*
* @param strategy strategy used to locate the {@link AuthenticationContext} associated with a
* given {@link ProfileRequestContext}
*/
public void setAuthenticationContextLookupStrategy(
@Nonnull final Function<ProfileRequestContext, AuthenticationContext> strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
authnContextLookupStrategy =
Constraint.isNotNull(strategy, "AuthenticationContext lookup strategy cannot be null");
}
@Override
@Nonnull
public ProxyGrantingTicket createProxyGrantingTicket(
@Nonnull final String id,
@Nonnull final Instant expiry,
@Nonnull final ProxyTicket proxyTicket) {
Constraint.isNotNull(proxyTicket, "ProxyTicket cannot be null");
final ProxyGrantingTicket pgt =
new ProxyGrantingTicket(
Constraint.isNotNull(id, "ID cannot be null"),
proxyTicket.getSessionId(),
proxyTicket.getService(),
Constraint.isNotNull(expiry, "Expiry cannot be null"),
proxyTicket.getPgtId());
store(pgt);
return pgt;
}
@Override
@Nonnull
public ServiceTicket createServiceTicket(
@Nonnull final String id,
@Nonnull final Instant expiry,
@Nonnull final String sessionId,
@Nonnull final String service,
final boolean renew) {
final ServiceTicket st =
new ServiceTicket(
Constraint.isNotNull(id, "ID cannot be null"),
Constraint.isNotNull(sessionId, "Session ID cannot be null"),
Constraint.isNotNull(service, "Service cannot be null"),
Constraint.isNotNull(expiry, "Expiry cannot be null"),
renew);
store(st);
return st;
}
@Nonnull
@Override
public ProxyTicket createProxyTicket(
@Nonnull final String id,
@Nonnull final Instant expiry,
@Nonnull final ProxyGrantingTicket pgt,
@Nonnull final String service) {
Constraint.isNotNull(pgt, "ProxyGrantingTicket cannot be null");
final ProxyTicket pt =
new ProxyTicket(
Constraint.isNotNull(id, "ID cannot be null"),
pgt.getSessionId(),
Constraint.isNotNull(service, "Service cannot be null"),
Constraint.isNotNull(expiry, "Expiry cannot be null"),
pgt.getId());
store(pt);
return pt;
}
/**
* Set the strategy used to locate the {@link SAMLMetadataContext} associated with a given {@link
* ProfileRequestContext}. Also sets the strategy to find the {@link SAMLMetadataContext} from the
* {@link AttributeFilterContext}; SAMLMetadataContext
*
* @param strategy strategy used to locate the {@link AuthenticationContext} associated with a
* given {@link ProfileRequestContext}
*/
public void setMetadataContextLookupStrategy(
@Nonnull final Function<ProfileRequestContext, SAMLMetadataContext> strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
metadataContextLookupStrategy =
Constraint.isNotNull(strategy, "MetadataContext lookup strategy cannot be null");
metadataFromFilterLookupStrategy =
Functions.compose(
metadataContextLookupStrategy,
new RootContextLookup<AttributeFilterContext, ProfileRequestContext>());
}
/**
* Constructor.
*
* @param filterService engine used to filter attributes
*/
public FilterAttributes(@Nonnull final ReloadableService<AttributeFilter> filterService) {
attributeFilterService = Constraint.isNotNull(filterService, "Service cannot be null");
issuerLookupStrategy = new ResponderIdLookupFunction();
recipientLookupStrategy = new RelyingPartyIdLookupFunction();
attributeContextLookupStrategy =
Functions.compose(
new ChildContextLookup<>(AttributeContext.class),
new ChildContextLookup<ProfileRequestContext, RelyingPartyContext>(
RelyingPartyContext.class));
principalNameLookupStrategy =
Functions.compose(
new SubjectContextPrincipalLookupFunction(),
new ChildContextLookup<ProfileRequestContext, SubjectContext>(SubjectContext.class));
authnContextLookupStrategy = new ChildContextLookup<>(AuthenticationContext.class);
// Default: inbound msg context -> SAMLPeerEntityContext -> SAMLMetadataContext
metadataContextLookupStrategy =
Functions.compose(
new ChildContextLookup<>(SAMLMetadataContext.class),
Functions.compose(
new ChildContextLookup<>(SAMLPeerEntityContext.class),
new InboundMessageContextLookup()));
// This is always set to navigate to the root context and then apply the previous function.
metadataFromFilterLookupStrategy =
Functions.compose(
new Function<ProfileRequestContext, SAMLMetadataContext>() {
@Override
public SAMLMetadataContext apply(ProfileRequestContext input) {
return metadataContextLookupStrategy.apply(input);
}
},
new RootContextLookup<AttributeFilterContext, ProfileRequestContext>());
// Defaults to ProfileRequestContext -> RelyingPartyContext -> AttributeFilterContext.
filterContextCreationStrategy =
Functions.compose(
new ChildContextLookup<>(AttributeFilterContext.class, true),
new ChildContextLookup<ProfileRequestContext, RelyingPartyContext>(
RelyingPartyContext.class));
maskFailures = true;
}
/**
* Set the {@link SPSessionSerializerRegistry} to use.
*
* @param registry a registry of SPSession class to serializer mappings
*/
public void setSPSessionSerializerRegistry(@Nonnull final SPSessionSerializerRegistry registry) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
spSessionSerializerRegistry = Constraint.isNotNull(registry, "Registry cannot be null");
}
/** {@inheritDoc} */
protected void doInitialize() throws ComponentInitializationException {
super.doInitialize();
Constraint.isNotNull(getHttpServletRequest(), "HttpServletRequest may not be null");
}
/**
* Set the HTTP servlet request instance being evaluated.
*
* @param request the request instance
*/
public void setHttpServletRequest(HttpServletRequest request) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
httpServletRequest = Constraint.isNotNull(request, "HttpServletRequest may not be null");
}
/**
* Set the strategy for locating {@link SAMLConsentContext}.
*
* @param strategy lookup strategy
*/
public void setConsentContextLookupStrategy(
@Nonnull final Function<MessageContext, SAMLConsentContext> strategy) {
consentContextStrategy =
Constraint.isNotNull(strategy, "SAMLConsentContext lookup strategy cannot be null");
}
/**
* Constructor.
*
* @param entityId the entity ID, can not be null or empty
*/
public EntityIdCriterion(@Nonnull @NotEmpty final String entityId) {
id =
Constraint.isNotNull(
StringSupport.trimOrNull(entityId), "Entity ID cannot be null or empty");
}
/**
* Creates a new instance.
*
* @param ticketService Ticket service component.
*/
public GrantProxyTicketAction(final TicketServiceEx ticketService) {
this.ticketService = Constraint.isNotNull(ticketService, "TicketService cannot be null");
}
@Override
@Nullable
public ProxyGrantingTicket fetchProxyGrantingTicket(@Nonnull final String id) {
Constraint.isNotNull(id, "Id cannot be null");
return read(id, ProxyGrantingTicket.class);
}
/**
* Set the {@link DataSealer} to use.
*
* @param sealer the {@link DataSealer} to use
*/
public void setDataSealer(@Nonnull final DataSealer sealer) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
dataSealer = Constraint.isNotNull(sealer, "DataSealer cannot be null");
}
@Override
@Nullable
public ServiceTicket removeServiceTicket(@Nonnull final String id) {
Constraint.isNotNull(id, "Id cannot be null");
return delete(id, ServiceTicket.class);
}
/**
* Creates a new instance with given parameters.
*
* @param pt Proxy ticket ID.
*/
public ProxyTicketResponse(@Nonnull final String pt) {
Constraint.isNotNull(pt, "PT cannot be null");
this.pt = pt;
}
/*
* Constructor
*/
public MobileUserPrincipal(@Nonnull @NotEmpty final String mobile) {
this.mobileNumber =
Constraint.isNotNull(
StringSupport.trimOrNull(mobile), "MobileNumber cannot be null or empty");
}
/** {@inheritDoc} */
@Override
protected void doV2Parse(
@Nonnull final Element config,
@Nonnull final ParserContext parserContext,
@Nonnull final BeanDefinitionBuilder builder) {
log.debug("{} Parsing v2 configuration {}", getLogPrefix(), config);
final String targetResolvingStrategy =
AttributeSupport.getAttributeValue(config, new QName("targetDeterminationStrategy"));
Constraint.isNotNull(
StringSupport.trimOrNull(targetResolvingStrategy),
"The targetDeterminationStrategy can not be null or empty, please adjust entityID from the AQ DataConnector");
if (targetResolvingStrategy.equals("mysql")) {
// Constructor is MySQLTargetResolvingStrategy(String url, String username, String password),
// adding arguments in this order:
final BeanDefinitionBuilder mysqlTargetResolvingStrategy =
BeanDefinitionBuilder.genericBeanDefinition(MySQLTargetDeterminationStrategy.class);
final String dbURL = AttributeSupport.getAttributeValue(config, new QName("dbURL"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbURL),
"The dbURL attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbURL);
final String dbUsername = AttributeSupport.getAttributeValue(config, new QName("dbUsername"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbUsername),
"The dbUsername attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbUsername);
final String dbPassword = AttributeSupport.getAttributeValue(config, new QName("dbPassword"));
Constraint.isNotNull(
StringSupport.trimOrNull(dbPassword),
"The dbPassword attribute is required if the targetResolvingStrategy is mysql, please adjust entityID from the AQ DataConnector");
mysqlTargetResolvingStrategy.addConstructorArgValue(dbPassword);
builder.addPropertyValue(
"targetResolvingStrategy", mysqlTargetResolvingStrategy.getBeanDefinition());
} else if (targetResolvingStrategy.equals("ldap")) {
final BeanDefinitionBuilder ldapTargetResolvingStrategy =
BeanDefinitionBuilder.genericBeanDefinition(LDAPTargetDeterminationStrategy.class);
final String sourceAttributeID =
AttributeSupport.getAttributeValue(config, new QName("sourceAttributeID"));
Constraint.isNotNull(
StringSupport.trimOrNull(sourceAttributeID),
"The sourceAttributeID attribute is required if the targetResolvingStrategy is ldap, please adjust entityID from the AQ DataConnector");
ldapTargetResolvingStrategy.addConstructorArgValue(sourceAttributeID);
final List<Element> dependencyElements =
ElementSupport.getChildElements(config, ResolverPluginDependencyParser.ELEMENT_NAME);
ldapTargetResolvingStrategy.addPropertyValue(
"dependencies", SpringSupport.parseCustomElements(dependencyElements, parserContext));
final String connectorID = AttributeSupport.getAttributeValue(config, new QName("id"));
Constraint.isNotNull(
StringSupport.trimOrNull(sourceAttributeID),
"The connectorID can not be empty, please adjust it for the AQ DataConnector");
ldapTargetResolvingStrategy.addConstructorArgValue(connectorID);
builder.addPropertyValue(
"targetResolvingStrategy", ldapTargetResolvingStrategy.getBeanDefinition());
} else {
log.error(
"{} Unsupported targetResolvingStrategy: {}. Change it to mysql or ldap! ",
getLogPrefix(),
targetResolvingStrategy);
}
final BeanDefinitionBuilder attributeQueryBuilder =
BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryBuilder.class);
// Parse value of the entityID attribute
final String issuer = AttributeSupport.getAttributeValue(config, new QName("entityID"));
Constraint.isNotNull(
StringSupport.trimOrNull(issuer),
"The entityID of the Issuer can not be empty, please adjust entityID from the AQ DataConnector");
attributeQueryBuilder.addConstructorArgValue(issuer);
// parsing of the defined AQAttributes for the attribute query
final List<Element> children = ElementSupport.getChildElements(config, ATTRIBUTE_ELEMENT_NAME);
final List<BeanDefinition> attributes = new ManagedList<>(children.size());
for (final Element child : children) {
final String name = AttributeSupport.getAttributeValue(child, new QName("name"));
final String friendlyName =
AttributeSupport.getAttributeValue(child, new QName("friendlyName"));
final BeanDefinitionBuilder attribute =
BeanDefinitionBuilder.genericBeanDefinition(AQAttribute.class);
attribute.addConstructorArgValue(name);
attribute.addConstructorArgValue(friendlyName);
log.debug(
"{} Added one AQAttribute to the resolving List. Friendly Name {}, Name {}",
getLogPrefix(),
friendlyName,
name);
attributes.add(attribute.getBeanDefinition());
}
attributeQueryBuilder.addConstructorArgValue(attributes);
builder.addPropertyValue("attributeQueryBuilder", attributeQueryBuilder.getBeanDefinition());
final BeanDefinitionBuilder keyManager =
BeanDefinitionBuilder.genericBeanDefinition(AttributeQueryKeyManager.class);
// parse the keyLocaton attribute from the AQ DataCOnnector
final String keyLocation = AttributeSupport.getAttributeValue(config, new QName("keyLocation"));
Constraint.isNotNull(
StringSupport.trimOrNull(keyLocation),
"Key location can not be empty, please adjust keyLocation from the AQ DataConnector");
// parse the certLocaton attribute from the AQ DataCOnnector
final String certLocation =
AttributeSupport.getAttributeValue(config, new QName("certLocation"));
Constraint.isNotNull(
StringSupport.trimOrNull(certLocation),
"Certificate location can not be empty, please adjust certLocation from the AQ DataConnector");
keyManager.addConstructorArgValue(getPrivateKey(keyLocation));
keyManager.addConstructorArgValue(getCertificate(certLocation));
builder.addPropertyValue("attributeQueryKeyManager", keyManager.getBeanDefinition());
// if the asertionSigned attribute is true, set the value to true
final String signatureRequired =
AttributeSupport.getAttributeValue(config, new QName("assertionSigned"));
if (signatureRequired != null && signatureRequired.equals("true")) {
builder.addPropertyValue("signatureRequired", Boolean.TRUE);
}
// if the requestedAttributesRequired attribute is true, set the value to true
final String requireMetadataAttributes =
AttributeSupport.getAttributeValue(config, new QName("requestedAttributesRequired"));
if (requireMetadataAttributes != null && requireMetadataAttributes.equals("true")) {
builder.addPropertyValue("requireMetadataAttributes", Boolean.TRUE);
}
builder.setInitMethodName("initialize");
builder.setDestroyMethodName("destroy");
}
/**
* Creates a new instance.
*
* @param service Storage service to which tickets are persisted.
*/
public SimpleTicketService(@Nonnull final StorageService service) {
this.storageService = Constraint.isNotNull(service, "StorageService cannot be null.");
}
