View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.logic;
20  
21  import java.io.InputStream;
22  import java.security.KeyStore;
23  import java.security.PrivateKey;
24  import java.security.cert.X509Certificate;
25  import org.apache.syncope.common.lib.to.EntityTO;
26  import org.apache.syncope.core.logic.saml2.NoOpLogoutHandler;
27  import org.pac4j.saml.config.SAML2Configuration;
28  import org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator;
29  import org.springframework.core.io.FileUrlResource;
30  import org.springframework.core.io.support.ResourcePatternResolver;
31  
32  abstract class AbstractSAML2SP4UILogic extends AbstractTransactionalLogic<EntityTO> {
33  
34      protected final SAML2SP4UIProperties props;
35  
36      protected final ResourcePatternResolver resourceResolver;
37  
38      protected AbstractSAML2SP4UILogic(
39              final SAML2SP4UIProperties props,
40              final ResourcePatternResolver resourceResolver) {
41  
42          this.props = props;
43          this.resourceResolver = resourceResolver;
44      }
45  
46      protected SAML2Configuration newSAML2Configuration() {
47          SAML2Configuration cfg = new SAML2Configuration(
48                  resourceResolver.getResource(props.getKeystore()),
49                  props.getKeystoreAlias(),
50                  props.getKeystoreType(),
51                  props.getKeystoreStorepass(),
52                  props.getKeystoreKeypass(),
53                  null);
54  
55          if (cfg.getKeystoreResource() instanceof FileUrlResource) {
56              cfg.setKeystoreGenerator(new BaseSAML2KeystoreGenerator(cfg) {
57  
58                  @Override
59                  protected void store(
60                          final KeyStore ks,
61                          final X509Certificate certificate,
62                          final PrivateKey privateKey) throws Exception {
63  
64                      // nothing to do
65                  }
66  
67                  @Override
68                  public InputStream retrieve() throws Exception {
69                      return cfg.getKeystoreResource().getInputStream();
70                  }
71              });
72          }
73  
74          cfg.setWantsAssertionsSigned(true);
75          cfg.setAuthnRequestSigned(true);
76          cfg.setSpLogoutRequestSigned(true);
77          cfg.setMaximumAuthenticationLifetime(props.getMaximumAuthenticationLifetime());
78          cfg.setAcceptedSkew(props.getAcceptedSkew());
79          cfg.setLogoutHandler(new NoOpLogoutHandler());
80  
81          return cfg;
82      }
83  }