Skip to content

Commit 87b9786

Browse files
committed
Merge branch 'laurentleseigneur-feat/validUntil'
2 parents 4d7add1 + 8d78228 commit 87b9786

File tree

3 files changed

+210
-186
lines changed

3 files changed

+210
-186
lines changed

core/src/main/java/com/onelogin/saml2/settings/Metadata.java

Lines changed: 106 additions & 131 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,10 @@
3434
*/
3535
public class Metadata {
3636
/**
37-
* Private property to construct a logger for this class.
38-
*/
37+
* Private property to construct a logger for this class.
38+
*/
3939
private static final Logger LOGGER = LoggerFactory.getLogger(Metadata.class);
40-
40+
4141
// Constants
4242
private static final int N_DAYS_VALID_UNTIL = 2;
4343
private static final int SECONDS_CACHED = 604800; // 1 week
@@ -46,51 +46,35 @@ public class Metadata {
4646
* AttributeConsumingService
4747
*/
4848
private AttributeConsumingService attributeConsumingService = null;
49-
49+
5050
/**
51-
* Generated metadata in string format
52-
*/
51+
* Generated metadata in string format
52+
*/
5353
private final String metadataString;
5454

5555
/**
56-
* validUntilTime of the metadata. How long the metadata is valid
57-
*/
56+
* validUntilTime of the metadata. How long the metadata is valid
57+
*/
5858
private final Calendar validUntilTime;
5959

6060
/**
61-
* cacheDuration of the metadata. Duration of the cache in seconds
62-
*/
61+
* cacheDuration of the metadata. Duration of the cache in seconds
62+
*/
6363
private final Integer cacheDuration;
6464

6565
/**
6666
* Constructs the Metadata object.
6767
*
68-
* @param settings
69-
* Saml2Settings object. Setting data
70-
* @param validUntilTime
71-
* Metadata's valid time
72-
* @param cacheDuration
73-
* Duration of the cache in seconds
74-
* @param attributeConsumingService
75-
* AttributeConsumingService of service provider
76-
*
77-
* @throws CertificateEncodingException
68+
* @param settings Saml2Settings object. Setting data
69+
* @param validUntilTime Metadata's valid time
70+
* @param cacheDuration Duration of the cache in seconds
71+
* @param attributeConsumingService AttributeConsumingService of service provider
72+
* @throws CertificateEncodingException
7873
*/
7974
public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDuration, AttributeConsumingService attributeConsumingService) throws CertificateEncodingException {
80-
if (validUntilTime == null) {
81-
this.validUntilTime = Calendar.getInstance();
82-
this.validUntilTime.add(Calendar.DAY_OF_YEAR, N_DAYS_VALID_UNTIL);
83-
} else {
84-
this.validUntilTime = validUntilTime;
85-
}
86-
75+
this.validUntilTime = validUntilTime;
8776
this.attributeConsumingService = attributeConsumingService;
88-
89-
if (cacheDuration == null) {
90-
this.cacheDuration = SECONDS_CACHED;
91-
} else {
92-
this.cacheDuration = cacheDuration;
93-
}
77+
this.cacheDuration = cacheDuration;
9478

9579
StrSubstitutor substitutor = generateSubstitutor(settings);
9680
String unsignedMetadataString = substitutor.replace(getMetadataTemplate());
@@ -102,14 +86,10 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu
10286
/**
10387
* Constructs the Metadata object.
10488
*
105-
* @param settings
106-
* Saml2Settings object. Setting data
107-
* @param validUntilTime
108-
* Metadata's valid time
109-
* @param cacheDuration
110-
* Duration of the cache in seconds
111-
*
112-
* @throws CertificateEncodingException
89+
* @param settings Saml2Settings object. Setting data
90+
* @param validUntilTime Metadata's valid time
91+
* @param cacheDuration Duration of the cache in seconds
92+
* @throws CertificateEncodingException
11393
*/
11494
public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDuration) throws CertificateEncodingException {
11595
this(settings, validUntilTime, cacheDuration, null);
@@ -118,31 +98,49 @@ public Metadata(Saml2Settings settings, Calendar validUntilTime, Integer cacheDu
11898
/**
11999
* Constructs the Metadata object.
120100
*
121-
* @param settings
122-
* Saml2Settings object. Setting data
123-
*
124-
* @throws CertificateEncodingException
101+
* @param settings Saml2Settings object. Setting data
102+
* @throws CertificateEncodingException
125103
*/
126104
public Metadata(Saml2Settings settings) throws CertificateEncodingException {
127-
this(settings, null, null);
105+
106+
this.validUntilTime = Calendar.getInstance();
107+
this.validUntilTime.add(Calendar.DAY_OF_YEAR, N_DAYS_VALID_UNTIL);
108+
109+
this.cacheDuration = SECONDS_CACHED;
110+
111+
StrSubstitutor substitutor = generateSubstitutor(settings);
112+
String unsignedMetadataString = substitutor.replace(getMetadataTemplate());
113+
114+
LOGGER.debug("metadata --> " + unsignedMetadataString);
115+
metadataString = unsignedMetadataString;
128116
}
129117

130118
/**
131119
* Substitutes metadata variables within a string by values.
132120
*
133-
* @param settings
134-
* Saml2Settings object. Setting data
135-
*
136-
* @return the StrSubstitutor object of the metadata
137-
*/
121+
* @param settings Saml2Settings object. Setting data
122+
* @return the StrSubstitutor object of the metadata
123+
*/
138124
private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws CertificateEncodingException {
139125

140126
Map<String, String> valueMap = new HashMap<String, String>();
141127
Boolean wantsEncrypted = settings.getWantAssertionsEncrypted() || settings.getWantNameIdEncrypted();
142128

143129
valueMap.put("id", Util.generateUniqueID(settings.getUniqueIDPrefix()));
144-
valueMap.put("validUntilTime", Util.formatDateTime(validUntilTime.getTimeInMillis()));
145-
valueMap.put("cacheDuration", String.valueOf(cacheDuration));
130+
String validUntilTimeStr = "";
131+
if (validUntilTime != null) {
132+
String validUntilTimeValue = Util.formatDateTime(validUntilTime.getTimeInMillis());
133+
validUntilTimeStr = " validUntil=\"" + validUntilTimeValue + "\"";
134+
}
135+
valueMap.put("validUntilTimeStr", validUntilTimeStr);
136+
137+
String cacheDurationStr = "";
138+
if (cacheDuration != null) {
139+
String cacheDurationValue = String.valueOf(cacheDuration);
140+
cacheDurationStr = " cacheDuration=\"PT" + cacheDurationValue + "S\"";
141+
}
142+
valueMap.put("cacheDurationStr", cacheDurationStr);
143+
146144
valueMap.put("spEntityId", settings.getSpEntityId());
147145
valueMap.put("strAuthnsign", String.valueOf(settings.getAuthnRequestsSigned()));
148146
valueMap.put("strWsign", String.valueOf(settings.getWantAssertionsSigned()));
@@ -154,6 +152,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws Certif
154152
valueMap.put("strAttributeConsumingService", getAttributeConsumingServiceXml());
155153

156154
valueMap.put("strKeyDescriptor", toX509KeyDescriptorsXML(settings.getSPcert(), settings.getSPcertNew(), wantsEncrypted));
155+
157156
valueMap.put("strContacts", toContactsXml(settings.getContacts()));
158157
valueMap.put("strOrganization", toOrganizationXml(settings.getOrganization()));
159158

@@ -168,8 +167,8 @@ private static StringBuilder getMetadataTemplate() {
168167
StringBuilder template = new StringBuilder();
169168
template.append("<?xml version=\"1.0\"?>");
170169
template.append("<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"");
171-
template.append(" validUntil=\"${validUntilTime}\"");
172-
template.append(" cacheDuration=\"PT${cacheDuration}S\"");
170+
template.append("${validUntilTimeStr}");
171+
template.append("${cacheDurationStr}");
173172
template.append(" entityID=\"${spEntityId}\"");
174173
template.append(" ID=\"${id}\">");
175174
template.append("<md:SPSSODescriptor AuthnRequestsSigned=\"${strAuthnsign}\" WantAssertionsSigned=\"${strWsign}\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">");
@@ -188,7 +187,6 @@ private static StringBuilder getMetadataTemplate() {
188187
/**
189188
* Generates the AttributeConsumingService section of the metadata's template
190189
*
191-
*
192190
* @return the AttributeConsumingService section of the metadata's template
193191
*/
194192
private String getAttributeConsumingServiceXml() {
@@ -211,10 +209,10 @@ private String getAttributeConsumingServiceXml() {
211209
String friendlyName = requestedAttribute.getFriendlyName();
212210
String nameFormat = requestedAttribute.getNameFormat();
213211
Boolean isRequired = requestedAttribute.isRequired();
214-
List<String> attrValues = requestedAttribute.getAttributeValues() ;
212+
List<String> attrValues = requestedAttribute.getAttributeValues();
213+
214+
String contentStr = "<md:RequestedAttribute";
215215

216-
String contentStr = "<md:RequestedAttribute";
217-
218216
if (name != null && !name.isEmpty()) {
219217
contentStr += " Name=\"" + name + "\"";
220218
}
@@ -230,7 +228,7 @@ private String getAttributeConsumingServiceXml() {
230228
if (isRequired != null) {
231229
contentStr += " isRequired=\"" + isRequired.toString() + "\"";
232230
}
233-
231+
234232
if (attrValues != null && !attrValues.isEmpty()) {
235233
contentStr += ">";
236234
for (String attrValue : attrValues) {
@@ -244,16 +242,14 @@ private String getAttributeConsumingServiceXml() {
244242
}
245243
attributeConsumingServiceXML.append("</md:AttributeConsumingService>");
246244
}
247-
245+
248246
return attributeConsumingServiceXML.toString();
249247
}
250-
248+
251249
/**
252250
* Generates the contact section of the metadata's template
253251
*
254-
* @param contacts
255-
* List of contact objects
256-
*
252+
* @param contacts List of contact objects
257253
* @return the contact section of the metadata's template
258254
*/
259255
private String toContactsXml(List<Contact> contacts) {
@@ -272,9 +268,8 @@ private String toContactsXml(List<Contact> contacts) {
272268
/**
273269
* Generates the organization section of the metadata's template
274270
*
275-
* @param organization
276-
* organization object
277-
* @return the organization section of the metadata's template
271+
* @param organization organization object
272+
* @return the organization section of the metadata's template
278273
*/
279274
private String toOrganizationXml(Organization organization) {
280275
String orgXml = "";
@@ -291,12 +286,8 @@ private String toOrganizationXml(Organization organization) {
291286

292287
/**
293288
* Generates the KeyDescriptor section of the metadata's template
294-
*
295-
* @param cert
296-
* the public cert that will be used by the SP to sign and encrypt
297-
* @param wantsEncrypted
298-
* Whether to include the KeyDescriptor for encryption
299-
*
289+
* @param cert the public cert that will be used by the SP to sign and encrypt
290+
* @param wantsEncrypted Whether to include the KeyDescriptor for encryption
300291
* @return the KeyDescriptor section of the metadata's template
301292
*/
302293
private String toX509KeyDescriptorsXML(X509Certificate cert, Boolean wantsEncrypted) throws CertificateEncodingException {
@@ -305,13 +296,10 @@ private String toX509KeyDescriptorsXML(X509Certificate cert, Boolean wantsEncryp
305296

306297
/**
307298
* Generates the KeyDescriptor section of the metadata's template
308-
*
309-
* @param certCurrent
310-
* the public cert that will be used by the SP to sign and encrypt
311-
* @param certNew
312-
* the public cert that will be used by the SP to sign and encrypt in future
313-
* @param wantsEncrypted
314-
* Whether to include the KeyDescriptor for encryption
299+
*
300+
* @param certCurrent the public cert that will be used by the SP to sign and encrypt
301+
* @param certNew the public cert that will be used by the SP to sign and encrypt in future
302+
* @param wantsEncrypted Whether to include the KeyDescriptor for encryption
315303
*
316304
* @return the KeyDescriptor section of the metadata's template
317305
*/
@@ -347,16 +335,16 @@ private String toX509KeyDescriptorsXML(X509Certificate certCurrent, X509Certific
347335

348336
return keyDescriptorXml.toString();
349337
}
350-
338+
351339
/**
352340
* @return the md:SingleLogoutService section of the metadata's template
353341
*/
354342
private String toSLSXml(URL spSingleLogoutServiceUrl, String spSingleLogoutServiceBinding) {
355343
StringBuilder slsXml = new StringBuilder();
356-
344+
357345
if (spSingleLogoutServiceUrl != null) {
358-
slsXml.append("<md:SingleLogoutService Binding=\""+spSingleLogoutServiceBinding+"\"");
359-
slsXml.append(" Location=\""+spSingleLogoutServiceUrl.toString()+"\"/>");
346+
slsXml.append("<md:SingleLogoutService Binding=\"" + spSingleLogoutServiceBinding + "\"");
347+
slsXml.append(" Location=\"" + spSingleLogoutServiceUrl.toString() + "\"/>");
360348
}
361349
return slsXml.toString();
362350
}
@@ -368,50 +356,37 @@ public final String getMetadataString() {
368356
return metadataString;
369357
}
370358

371-
/**
372-
* Signs the metadata with the key/cert provided
373-
*
374-
* @param metadata
375-
* SAML Metadata XML
376-
* @param key
377-
* Private Key
378-
* @param cert
379-
* x509 Public certificate
380-
* @param signAlgorithm
381-
* Signature Algorithm
382-
*
383-
* @return string Signed Metadata
384-
* @throws XMLSecurityException
385-
* @throws XPathExpressionException
386-
*/
387-
public static String signMetadata(String metadata, PrivateKey key, X509Certificate cert, String signAlgorithm) throws XPathExpressionException, XMLSecurityException
388-
{
389-
return signMetadata(metadata, key, cert, signAlgorithm, Constants.SHA1);
390-
}
391-
392-
/**
393-
* Signs the metadata with the key/cert provided
394-
*
395-
* @param metadata
396-
* SAML Metadata XML
397-
* @param key
398-
* Private Key
399-
* @param cert
400-
* x509 Public certificate
401-
* @param signAlgorithm
402-
* Signature Algorithm
403-
* @param digestAlgorithm
404-
* Digest Algorithm
405-
*
406-
* @return string Signed Metadata
407-
* @throws XMLSecurityException
408-
* @throws XPathExpressionException
409-
*/
410-
public static String signMetadata(String metadata, PrivateKey key, X509Certificate cert, String signAlgorithm, String digestAlgorithm) throws XPathExpressionException, XMLSecurityException
411-
{
412-
Document metadataDoc = Util.loadXML(metadata);
413-
String signedMetadata = Util.addSign(metadataDoc, key, cert, signAlgorithm, digestAlgorithm);
414-
LOGGER.debug("Signed metadata --> " + signedMetadata);
415-
return signedMetadata;
416-
}
359+
/**
360+
* Signs the metadata with the key/cert provided
361+
*
362+
* @param metadata SAML Metadata XML
363+
* @param key Private Key
364+
* @param cert x509 Public certificate
365+
* @param signAlgorithm Signature Algorithm
366+
* @return string Signed Metadata
367+
* @throws XMLSecurityException
368+
* @throws XPathExpressionException
369+
*/
370+
public static String signMetadata(String metadata, PrivateKey key, X509Certificate cert, String signAlgorithm) throws XPathExpressionException, XMLSecurityException {
371+
return signMetadata(metadata, key, cert, signAlgorithm, Constants.SHA1);
372+
}
373+
374+
/**
375+
* Signs the metadata with the key/cert provided
376+
*
377+
* @param metadata SAML Metadata XML
378+
* @param key Private Key
379+
* @param cert x509 Public certificate
380+
* @param signAlgorithm Signature Algorithm
381+
* @param digestAlgorithm Digest Algorithm
382+
* @return string Signed Metadata
383+
* @throws XMLSecurityException
384+
* @throws XPathExpressionException
385+
*/
386+
public static String signMetadata(String metadata, PrivateKey key, X509Certificate cert, String signAlgorithm, String digestAlgorithm) throws XPathExpressionException, XMLSecurityException {
387+
Document metadataDoc = Util.loadXML(metadata);
388+
String signedMetadata = Util.addSign(metadataDoc, key, cert, signAlgorithm, digestAlgorithm);
389+
LOGGER.debug("Signed metadata --> " + signedMetadata);
390+
return signedMetadata;
391+
}
417392
}

core/src/test/java/com/onelogin/saml2/test/settings/IdPMetadataParserTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -235,4 +235,4 @@ public void testInjectIntoSettings() throws Exception {
235235
"MIIC9jCCAd6gAwIBAgIQI/B8CLE676pCR2/QaKih9TANBgkqhkiG9w0BAQsFADA3MTUwMwYDVQQDEyxBREZTIFNpZ25pbmcgLSBsb2dpbnRlc3Qub3dlbnNib3JvaGVhbHRoLm9yZzAeFw0xNjEwMjUxNjI4MzhaFw0xNzEwMjUxNjI4MzhaMDcxNTAzBgNVBAMTLEFERlMgU2lnbmluZyAtIGxvZ2ludGVzdC5vd2Vuc2Jvcm9oZWFsdGgub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjikmKRRVD5oK3fxm0xNfDqvWCujZIhtv2zeIwmoRKUAjo6KeUhauII4BHh5DclmbOFD4ruli3sNWGKgqVCX1AFW/p3m3/FtzeumFeZSmyfqeJEeOqAK5jAom/MfXxaQ85QHlGa0BTtdWdCuxhJz5G797o4s1Me/8QOQdmbkkwOHOVXRDW0QxBXvsRB1jPpIO+JvNcWFpvJrELccD0Fws91LH42j2C4gDNR8JLu5LrUGL6zAIq8NM7wfbwoax9n/0tIZKa6lo6szpXGqiMrDBJPpAqC5MSePyp5/SEX6jxwodQUGRgI5bKILQwOWDrkgfsK1MIeHfovtyqnDZj8e9VwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBKbK4qu7WTLYeQW7OcFAeWcT5D7ujo61QtPf+6eY8hpNntN8yF71vGm+5zdOjmw18igxUrf3W7dLk2wAogXK196WX34x9muorwmFK/HqmKuy0kWWzGcNzZHb0o4Md2Ux7QQVoHqD6dUSqUisOBs34ZPgT5R42LepJTGDEZSkvOxUv9V6fY5dYk8UaWbZ7MQAFi1CnOyybq2nVNjpuxWyJ6SsHQYKRhXa7XGurXFB2mlgcjVj9jxW0gO7djkgRD68b6PNpQmJkbKnkCtJg9YsSeOmuUjwgh4DlcIo5jZocKd5bnLbQ9XKJ3YQHRxFoZbP3BXKrfhVV3vqqzRxMwjZmK"));
236236
}
237237

238-
}
238+
}

0 commit comments

Comments
 (0)