package at.asitplus.eidas.specific.modules.auth.idaustria.config; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.core.NameIDType; import org.opensaml.saml.saml2.metadata.ContactPerson; import org.opensaml.saml.saml2.metadata.Organization; import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.opensaml.security.credential.Credential; import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpAttributeBuilder; import lombok.extern.slf4j.Slf4j; /** * Configuration object to generate PVP S-Profile metadata for SAML2 client. * * @author tlenz * */ @Slf4j public class IdAustriaAuthMetadataConfiguration implements IPvpMetadataBuilderConfiguration { private Collection additionalAttributes = null; private final String authUrl; private final IdAustriaAuthCredentialProvider credentialProvider; private final IPvp2BasicConfiguration pvpConfiguration; /** * Configuration object to create PVP2 S-Profile metadata information. * * @param authUrl Public URL prefix of the application * @param credentialProvider Credentials used by PVP2 S-Profile end-point * @param pvpConfiguration Basic PVP2 S-Profile end-point configuration */ public IdAustriaAuthMetadataConfiguration(String authUrl, IdAustriaAuthCredentialProvider credentialProvider, IPvp2BasicConfiguration pvpConfiguration) { this.authUrl = authUrl; this.credentialProvider = credentialProvider; this.pvpConfiguration = pvpConfiguration; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getMetadataValidUntil() */ @Override public int getMetadataValidUntil() { return IdAustriaAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * buildEntitiesDescriptorAsRootElement() */ @Override public boolean buildEntitiesDescriptorAsRootElement() { return false; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * buildIDPSSODescriptor() */ @Override public boolean buildIdpSsoDescriptor() { return false; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * buildSPSSODescriptor() */ @Override public boolean buildSpSsoDescriptor() { return true; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getEntityIDPostfix() */ @Override public String getEntityID() { return authUrl + IdAustriaAuthConstants.ENDPOINT_METADATA; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getEntityFriendlyName() */ @Override public String getEntityFriendlyName() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getContactPersonInformation() */ @Override public List getContactPersonInformation() { try { return pvpConfiguration.getIdpContacts(); } catch (final EaafException e) { log.warn("Can not load Metadata entry: Contect Person", e); return null; } } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getOrgansiationInformation() */ @Override public Organization getOrgansiationInformation() { try { return pvpConfiguration.getIdpOrganisation(); } catch (final EaafException e) { log.warn("Can not load Metadata entry: Organisation", e); return null; } } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getMetadataSigningCredentials() */ @Override public EaafX509Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { return credentialProvider.getMetaDataSigningCredential(); } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getRequestorResponseSigningCredentials() */ @Override public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { return credentialProvider.getMessageSigningCredential(); } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getEncryptionCredentials() */ @Override public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { return credentialProvider.getMessageEncryptionCredential(); } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPWebSSOPostBindingURL() */ @Override public String getIdpWebSsoPostBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPWebSSORedirectBindingURL() */ @Override public String getIdpWebSsoRedirectBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPSLOPostBindingURL() */ @Override public String getIdpSloPostBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPSLORedirectBindingURL() */ @Override public String getIdpSloRedirectBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPAssertionConsumerServicePostBindingURL() */ @Override public String getSpAssertionConsumerServicePostBindingUrl() { return authUrl + IdAustriaAuthConstants.ENDPOINT_POST; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPAssertionConsumerServiceRedirectBindingURL() */ @Override public String getSpAssertionConsumerServiceRedirectBindingUrl() { return authUrl + IdAustriaAuthConstants.ENDPOINT_REDIRECT; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPSLOPostBindingURL() */ @Override public String getSpSloPostBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPSLORedirectBindingURL() */ @Override public String getSpSloRedirectBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPSLOSOAPBindingURL() */ @Override public String getSpSloSoapBindingUrl() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPPossibleAttributes() */ @Override public List getIdpPossibleAttributes() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getIDPPossibleNameITTypes() */ @Override public List getIdpPossibleNameIdTypes() { return null; } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPRequiredAttributes() */ @Override public Collection getSpRequiredAttributes() { final Map requestedAttributes = new HashMap<>(); log.trace("Build required attributes for ID Austria operaton ... "); injectDefinedAttributes(requestedAttributes, IdAustriaAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES); if (additionalAttributes != null) { log.trace("Add additional PVP attributes into metadata ... "); for (final RequestedAttribute el : additionalAttributes) { if (requestedAttributes.containsKey(el.getName())) { log.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); } requestedAttributes.put(el.getName(), el); } } return requestedAttributes.values(); } /* * (non-Javadoc) * * @see * at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder# * getSPAllowedNameITTypes() */ @Override public List getSpAllowedNameIdTypes() { return Arrays.asList(NameIDType.PERSISTENT); } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. * IPVPMetadataBuilderConfiguration#getSPNameForLogging() */ @Override public String getSpNameForLogging() { return IdAustriaAuthConstants.MODULE_NAME_FOR_LOGGING; } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. * IPVPMetadataBuilderConfiguration#wantAssertionSigned() */ @Override public boolean wantAssertionSigned() { return false; } /* * (non-Javadoc) * * @see at.gv.egovernment.moa.id.protocols.pvp2x.config. * IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() */ @Override public boolean wantAuthnRequestSigned() { return true; } /** * Add additonal PVP attributes that are required by this deployment. * * @param additionalAttr List of PVP attribute name and isRequired flag */ public void setAdditionalRequiredAttributes(List> additionalAttr) { if (additionalAttr != null && !additionalAttr.isEmpty()) { additionalAttributes = new ArrayList<>(); for (final Pair el : additionalAttr) { final Attribute attributBuilder = PvpAttributeBuilder.buildEmptyAttribute(el.getFirst()); if (attributBuilder != null) { additionalAttributes.add( PvpAttributeBuilder.buildReqAttribute( attributBuilder.getName(), attributBuilder.getFriendlyName(), el.getSecond())); } else { log.info("NO PVP attribute with name: " + el.getFirst()); } } } } private void injectDefinedAttributes(Map requestedAttributes, List> attributes) { for (final Triple el : attributes) { requestedAttributes.put(el.getFirst(), PvpAttributeBuilder.buildReqAttribute(el.getFirst(), el .getSecond(), el.getThird())); } } }