2: Migrate core behavior to new base

Task-Url: #2

2: Migrate core behavior to new base
Task-Url: #2
2066778e · Gradl, Tobias · 94414864 · 2066778e · 2066778e · 2066778e
Commit 2066778e authored Oct 29, 2020 by Gradl, Tobias
--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/SamlProperties.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/SamlProperties.java
 package eu.dariah.de.dariahsp.sample.config;

+import java.util.ArrayList;
 import java.util.List;

+import org.opensaml.saml.common.xml.SAMLConstants;
+
 import lombok.Getter;
 import lombok.Setter;

@@ -28,15 +31,31 @@ public class SamlProperties {
 	@Getter @Setter
 	public class SpProperties {
 		private String externalMetadata;
-		private Integer maxAuthAge;
+		private int maxAuthAge = 3600;
 		private String entityId;
+		private int httpClientTimoutMs = 2000;
 		private boolean signMetadata;
-		private String signingAlgorithm;
-		private boolean requireArtifactResolveSigned;
-		private boolean requireLogoutRequestSigned;
-		private boolean requireLogoutResponseSigned;
-		private List<String> allowedNameIds;
+		private List<String> signingMethods;
+		private List<String> digestMethods;
+		private List<String> supportedProtocols;
+		private boolean authnRequestSigned = true;
+		private boolean logoutRequestSigned = false;
+		private boolean wantsAssertionsSigned = true;
+		private boolean wantsResponsesSigned = true;
 		private List<ConditionalAttributeSet> requiredAttributes;
+		
+		
+		// ------------------------------------------
+		// Custom getters for complex default values
+		// ------------------------------------------
+		public List<String> getSupportedProtocols() {
+			List<String> p = supportedProtocols;
+	        if (p==null) {
+	        	p = new ArrayList<>();
+	        	p.add(SAMLConstants.SAML20_NS);
+	        }
+	        return p;
+		}
 	}
 	
 }
\ No newline at end of file
--- a/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/SecurityConfig.java
+++ b/dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/config/SecurityConfig.java
@@ -66,40 +66,35 @@ public class SecurityConfig {
 		} else {
 			cfg.setServiceProviderMetadataPath("/tmp/sp_metadata.xml");
 		}
+		
+		if (saml.getSp().getMaxAuthAge()<=0) {
+			cfg.setMaximumAuthenticationLifetime(Integer.MAX_VALUE);
+		} else {
 			cfg.setMaximumAuthenticationLifetime(saml.getSp().getMaxAuthAge());
-		cfg.setServiceProviderEntityId(saml.getSp().getEntityId());
+		}
 		
-		cfg.setSpLogoutRequestSigned(saml.getSp().isRequireLogoutRequestSigned());
 		
+		cfg.setSignatureAlgorithms(saml.getSp().getSigningMethods());
+		
+		cfg.setSignatureReferenceDigestMethods(saml.getSp().getDigestMethods());
+		
+		cfg.setServiceProviderEntityId(saml.getSp().getEntityId());
+		
+		cfg.setSpLogoutRequestSigned(saml.getSp().isLogoutRequestSigned());
        
-		// TODO: What to do here?
-        //cfg.setAuthnRequestBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-        //cfg.setResponseBindingType(SAMLConstants.SAML2_POST_BINDING_URI);
+        cfg.setWantsAssertionsSigned(saml.getSp().isWantsAssertionsSigned());
+        cfg.setWantsResponsesSigned(saml.getSp().isWantsResponsesSigned());

-        //cfg.setNameIdPolicyFormat(nameIdPolicyFormat);
        
-		// TODO: Refactor old properties
-        cfg.setWantsAssertionsSigned(saml.getSp().isRequireArtifactResolveSigned());
-        cfg.setWantsResponsesSigned(saml.getSp().isRequireLogoutResponseSigned());
+        cfg.setAuthnRequestSigned(saml.getSp().isAuthnRequestSigned());     
        
-        // TODO: New properties
-        /*
-        cfg.setAuthnRequestSigned(true);     
-        cfg.setSignatureAlgorithms(signatureAlgorithms);
-        cfg.setSignMetadata(true);
+        cfg.setSignMetadata(saml.getSp().isSignMetadata());
        
-        SAML2HttpClientBuilder httpClient = new SAML2HttpClientBuilder();
-        httpClient.setConnectionTimeout(Duration.ofSeconds(2));
-        httpClient.setSocketTimeout(Duration.ofSeconds(2));
       
-        cfg.setHttpClient(httpClient.build());*/

        
       
-        // Static: Support only SAML2
-        List<String> supportedProtocols = new ArrayList<>();
-        supportedProtocols.add(SAMLConstants.SAML20_NS);
-        cfg.setSupportedProtocols(supportedProtocols);
+        cfg.setSupportedProtocols(saml.getSp().getSupportedProtocols());
        

 		SAML2Client samlClient = new SAML2Client(cfg);	

--- a/dariahsp-sample/src/main/resources/application.yml
+++ b/dariahsp-sample/src/main/resources/application.yml
@@ -32,10 +32,14 @@ auth:
      maxAuthAge: -1
      entityId: https://c105-229.cloud.gwdg.de/dme
      signMetadata: true
-      signingAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
-      requireArtifactResolveSigned: true
-      requireLogoutRequestSigned: true
-      requireLogoutResponseSigned: false
+      #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
+      #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
+      #supportedProtocols: urn:oasis:names:tc:SAML:2.0:assertion
+      authnRequestSigned: true
+      logoutRequestSigned: true
+      wantsAssertionsSigned: true
+      wantsResponsesSigned: false
+      httpClientTimoutMs: 2000
      requiredAttributes:
        - stage: ATTRIBUTES
          required: true