src/com/google/enterprise/adaptor/SamlMetadata.java - plexi - Git at Google

 // Copyright 2011 Google Inc. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package com.google.enterprise.adaptor;

 import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObject;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.metadata.ArtifactResolutionService;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.IDPSSODescriptor;
 import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.xml.XMLObjectBuilderFactory;

 import javax.xml.namespace.QName;

 /**
  * Manual generation of SAML metadata.
  *
  * <p>This does not load from an XML file because our configuration is very
  * static and pre-defined. In addition, we have to perform replacements within
  * the configuration based on our own configuration.
  */
 class SamlMetadata {
   private final EntityDescriptor localEntity;
   private final EntityDescriptor peerEntity;
   private final XMLObjectBuilderFactory objectBuilderFactory =
       Configuration.getBuilderFactory();

   public SamlMetadata(String hostname, int port, String gsaHostname,
       String gsaEntityId, String adaptorEntityId) {
     localEntity = createLocalEntity(hostname, port, adaptorEntityId);
     peerEntity = createPeerEntity(gsaHostname, gsaEntityId);
   }

   private EntityDescriptor createLocalEntity(String hostname, int port,
       String adaptorEntityId) {
     EntityDescriptor ed = makeSamlObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
     ed.setEntityID(adaptorEntityId);

     SPSSODescriptor spsso = makeSamlObject(
         SPSSODescriptor.DEFAULT_ELEMENT_NAME);
     ed.getRoleDescriptors().add(spsso);
     spsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

     AssertionConsumerService acs = makeSamlObject(
         AssertionConsumerService.DEFAULT_ELEMENT_NAME);
     spsso.getAssertionConsumerServices().add(acs);
     acs.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
     acs.setLocation(
         "https://" + hostname + ":" + port + "/samlassertionconsumer");

     IDPSSODescriptor idpsso = makeSamlObject(
         IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
     ed.getRoleDescriptors().add(idpsso);
     idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

     SingleSignOnService ssos = makeSamlObject(
         SingleSignOnService.DEFAULT_ELEMENT_NAME);
     idpsso.getSingleSignOnServices().add(ssos);
     ssos.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
     ssos.setLocation("https://" + hostname + ":" + port + "/samlip");

     return ed;
   }

   private EntityDescriptor createPeerEntity(String gsaHostname,
       String gsaEntityId) {
     EntityDescriptor ed = makeSamlObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
     ed.setEntityID(gsaEntityId);

     IDPSSODescriptor idpsso = makeSamlObject(
         IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
     ed.getRoleDescriptors().add(idpsso);
     idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

     SingleSignOnService ssos = makeSamlObject(
         SingleSignOnService.DEFAULT_ELEMENT_NAME);
     idpsso.getSingleSignOnServices().add(ssos);
     ssos.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
     ssos.setLocation("https://" + gsaHostname + "/security-manager/samlauthn");

     ArtifactResolutionService ars = makeSamlObject(
         ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
     idpsso.getArtifactResolutionServices().add(ars);
     ars.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
     ars.setLocation(
         "https://" + gsaHostname + "/security-manager/samlartifact");

     SPSSODescriptor spsso = makeSamlObject(
         SPSSODescriptor.DEFAULT_ELEMENT_NAME);
     ed.getRoleDescriptors().add(spsso);
     idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

     // TODO(ejona): Loop through all full access hosts.
     AssertionConsumerService acs = makeSamlObject(
         AssertionConsumerService.DEFAULT_ELEMENT_NAME);
     spsso.getAssertionConsumerServices().add(acs);
     acs.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
     acs.setLocation(
         "https://" + gsaHostname + "/security-manager/samlassertionconsumer");

     acs = makeSamlObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
     spsso.getAssertionConsumerServices().add(acs);
     acs.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
     acs.setLocation(
         "https://" + gsaHostname + "/security-manager/samlassertionconsumer");

     return ed;
   }

   @SuppressWarnings("unchecked")
   private <T extends SAMLObject> SAMLObjectBuilder<T> makeSamlObjectBuilder(
       QName name) {
     return (SAMLObjectBuilder<T>) objectBuilderFactory.getBuilder(name);
   }

   private <T extends SAMLObject> T makeSamlObject(QName name) {
     SAMLObjectBuilder<T> builder = makeSamlObjectBuilder(name);
     return builder.buildObject();
   }

   public EntityDescriptor getLocalEntity() {
     return localEntity;
   }

   public EntityDescriptor getPeerEntity() {
     return peerEntity;
   }
 }
	// Copyright 2011 Google Inc. All Rights Reserved.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package com.google.enterprise.adaptor;

	import org.opensaml.Configuration;
	import org.opensaml.common.SAMLObject;
	import org.opensaml.common.SAMLObjectBuilder;
	import org.opensaml.common.xml.SAMLConstants;
	import org.opensaml.saml2.metadata.ArtifactResolutionService;
	import org.opensaml.saml2.metadata.AssertionConsumerService;
	import org.opensaml.saml2.metadata.EntityDescriptor;
	import org.opensaml.saml2.metadata.IDPSSODescriptor;
	import org.opensaml.saml2.metadata.SPSSODescriptor;
	import org.opensaml.saml2.metadata.SingleSignOnService;
	import org.opensaml.xml.XMLObjectBuilderFactory;

	import javax.xml.namespace.QName;

	/**
	* Manual generation of SAML metadata.
	*
	* <p>This does not load from an XML file because our configuration is very
	* static and pre-defined. In addition, we have to perform replacements within
	* the configuration based on our own configuration.
	*/
	class SamlMetadata {
	private final EntityDescriptor localEntity;
	private final EntityDescriptor peerEntity;
	private final XMLObjectBuilderFactory objectBuilderFactory =
	Configuration.getBuilderFactory();

	public SamlMetadata(String hostname, int port, String gsaHostname,
	String gsaEntityId, String adaptorEntityId) {
	localEntity = createLocalEntity(hostname, port, adaptorEntityId);
	peerEntity = createPeerEntity(gsaHostname, gsaEntityId);
	}

	private EntityDescriptor createLocalEntity(String hostname, int port,
	String adaptorEntityId) {
	EntityDescriptor ed = makeSamlObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
	ed.setEntityID(adaptorEntityId);

	SPSSODescriptor spsso = makeSamlObject(
	SPSSODescriptor.DEFAULT_ELEMENT_NAME);
	ed.getRoleDescriptors().add(spsso);
	spsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

	AssertionConsumerService acs = makeSamlObject(
	AssertionConsumerService.DEFAULT_ELEMENT_NAME);
	spsso.getAssertionConsumerServices().add(acs);
	acs.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
	acs.setLocation(
	"https://" + hostname + ":" + port + "/samlassertionconsumer");

	IDPSSODescriptor idpsso = makeSamlObject(
	IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
	ed.getRoleDescriptors().add(idpsso);
	idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

	SingleSignOnService ssos = makeSamlObject(
	SingleSignOnService.DEFAULT_ELEMENT_NAME);
	idpsso.getSingleSignOnServices().add(ssos);
	ssos.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
	ssos.setLocation("https://" + hostname + ":" + port + "/samlip");

	return ed;
	}

	private EntityDescriptor createPeerEntity(String gsaHostname,
	String gsaEntityId) {
	EntityDescriptor ed = makeSamlObject(EntityDescriptor.DEFAULT_ELEMENT_NAME);
	ed.setEntityID(gsaEntityId);

	IDPSSODescriptor idpsso = makeSamlObject(
	IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
	ed.getRoleDescriptors().add(idpsso);
	idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

	SingleSignOnService ssos = makeSamlObject(
	SingleSignOnService.DEFAULT_ELEMENT_NAME);
	idpsso.getSingleSignOnServices().add(ssos);
	ssos.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
	ssos.setLocation("https://" + gsaHostname + "/security-manager/samlauthn");

	ArtifactResolutionService ars = makeSamlObject(
	ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
	idpsso.getArtifactResolutionServices().add(ars);
	ars.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
	ars.setLocation(
	"https://" + gsaHostname + "/security-manager/samlartifact");

	SPSSODescriptor spsso = makeSamlObject(
	SPSSODescriptor.DEFAULT_ELEMENT_NAME);
	ed.getRoleDescriptors().add(spsso);
	idpsso.addSupportedProtocol(SAMLConstants.SAML20P_NS);

	// TODO(ejona): Loop through all full access hosts.
	AssertionConsumerService acs = makeSamlObject(
	AssertionConsumerService.DEFAULT_ELEMENT_NAME);
	spsso.getAssertionConsumerServices().add(acs);
	acs.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
	acs.setLocation(
	"https://" + gsaHostname + "/security-manager/samlassertionconsumer");

	acs = makeSamlObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
	spsso.getAssertionConsumerServices().add(acs);
	acs.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
	acs.setLocation(
	"https://" + gsaHostname + "/security-manager/samlassertionconsumer");

	return ed;
	}

	@SuppressWarnings("unchecked")
	private <T extends SAMLObject> SAMLObjectBuilder<T> makeSamlObjectBuilder(
	QName name) {
	return (SAMLObjectBuilder<T>) objectBuilderFactory.getBuilder(name);
	}

	private <T extends SAMLObject> T makeSamlObject(QName name) {
	SAMLObjectBuilder<T> builder = makeSamlObjectBuilder(name);
	return builder.buildObject();
	}

	public EntityDescriptor getLocalEntity() {
	return localEntity;
	}

	public EntityDescriptor getPeerEntity() {
	return peerEntity;
	}
	}