/* * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software distributed under the Licence * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.eaaf.modules.pvp2.api.metadata; import java.util.Collection; import java.util.List; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.metadata.ContactPerson; import org.opensaml.saml.saml2.metadata.Organization; import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.opensaml.security.credential.Credential; /** * PVP Metadata builder configuration. * * @author tlenz * */ public interface IPvpMetadataBuilderConfiguration { /** * Defines a unique name for this PVP Service-provider, which is used for * logging. * * @return */ String getSpNameForLogging(); /** * Set metadata valid area. * * @return valid until in hours [h] */ int getMetadataValidUntil(); /** * Build a SAML2 Entities element as metadata root element. * * @return true, if the metadata should start with entities element */ boolean buildEntitiesDescriptorAsRootElement(); /** * Build an IDP SSO Descriptor. * * @return true, if an IDP SSO-descriptor element should be generated */ boolean buildIdpSsoDescriptor(); /** * Build a SP Descriptor. * * @return true, if an SP SSO-descriptor element should be generated */ boolean buildSpSsoDescriptor(); /** * Set the PVP entityID for this SAML2 metadata. The entityID must be an URL and * must be start with the public-URL prefix of the server. * * @return PVP entityID postfix as String */ String getEntityID(); /** * Set a friendlyName for this PVP entity. * * @return */ String getEntityFriendlyName(); /** * Set the contact information for this metadata entity. * * @return */ List getContactPersonInformation(); /** * Set organisation information for this metadata entity. * * @return */ Organization getOrgansiationInformation(); /** * Set the credential for metadata signing. * * @return Credentials * @throws CredentialsNotAvailableException In case of an error */ EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException; /** * Set the credential for request/response signing IDP metadata: this credential * is used for SAML2 response signing SP metadata: this credential is used for * SAML2 response signing. * * @return Credentials * @throws CredentialsNotAvailableException In case of an error */ Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException; /** * Set the credential for response encryption. * * @return Credentials * @throws CredentialsNotAvailableException In case of an error */ Credential getEncryptionCredentials() throws CredentialsNotAvailableException; /** * Set the IDP Post-Binding URL for WebSSO. * * @return */ String getIdpWebSsoPostBindingUrl(); /** * Set the IDP Redirect-Binding URL for WebSSO. * * @return */ String getIdpWebSsoRedirectBindingUrl(); /** * Set the IDP Post-Binding URL for Single LogOut. * * @return */ String getIdpSloPostBindingUrl(); /** * Set the IDP Redirect-Binding URL for Single LogOut. * * @return */ String getIdpSloRedirectBindingUrl(); /** * Set the SP Post-Binding URL for for the Assertion-Consumer Service. * * @return */ String getSpAssertionConsumerServicePostBindingUrl(); /** * Set the SP Redirect-Binding URL for the Assertion-Consumer Service. * * @return */ String getSpAssertionConsumerServiceRedirectBindingUrl(); /** * Set the SP Post-Binding URL for Single LogOut. * * @return */ String getSpSloPostBindingUrl(); /** * Set the SP Redirect-Binding URL for Single LogOut. * * @return */ String getSpSloRedirectBindingUrl(); /** * Set the SP SOAP-Binding URL for Single LogOut. * * @return */ String getSpSloSoapBindingUrl(); /** * Set all SAML2 attributes which could be provided by this IDP. * * @return */ List getIdpPossibleAttributes(); /** * Set all nameID types which could be provided by this IDP. * * @return a List of SAML2 nameID types */ List getIdpPossibleNameIdTypes(); /** * Set all SAML2 attributes which are required by the SP. * * @return */ Collection getSpRequiredAttributes(); /** * Set all nameID types which allowed from the SP. * * @return a List of SAML2 nameID types */ List getSpAllowedNameIdTypes(); /** * Set the 'wantAssertionSigned' attribute in SP metadata. * * @return */ boolean wantAssertionSigned(); /** * Set the 'wantAuthnRequestSigned' attribute. * * @return */ boolean wantAuthnRequestSigned(); }