Idp.java

/**
 * Copyright (c) Codice Foundation
 * <p>
 * This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
 * General Public License as published by the Free Software Foundation, either version 3 of the
 * License, or any later version.
 * <p>
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details. A copy of the GNU Lesser General Public License
 * is distributed along with this program and can be found at
 * <http://www.gnu.org/licenses/lgpl.html>.
 */
package org.codice.ddf.security.idp.server;

import java.io.InputStream;
import java.security.cert.CertificateEncodingException;

import javax.jws.WebService;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

import org.apache.cxf.rs.security.saml.sso.SSOConstants;
import org.apache.wss4j.common.ext.WSSecurityException;

import com.google.common.collect.ImmutableSet;

import ddf.security.samlp.SamlProtocol.Binding;

/**
 * IdP endpoint interface
 */
@WebService(name = "IdpService",
        targetNamespace = "")
@Path("/")
public interface Idp {

    String SAML_REQ = "SAMLRequest";

    String RELAY_STATE = "RelayState";

    String AUTH_METHOD = "AuthMethod";

    String ACS_URL = "ACSURL";

    String SAML_RESPONSE = "SAMLResponse";

    String ECP_RESPONSE = "ECPResponse";

    String ECP_RELAY_STATE = "ECPRelayState";

    String ECP_REQUEST_AUTHENTICATED = "ECPRequestAuthenticated";

    String IDP_STATE_OBJ = "IDP_STATE_OBJ";

    String SAML_TYPE = "SAML_TYPE";

    String PKI = "pki";

    String SAML = "saml";

    String GUEST = "guest";

    String USER_PASS = "up";

    String HTTP_POST_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";

    String SAML_SOAP_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:SOAP";

    String PAOS_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:PAOS";

    String HTTP_REDIRECT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";

    String HTTP_ARTIFACT_BINDING = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";

    String COOKIE = "org.codice.ddf.security.idp.session";

    String ORIGINAL_BINDING = "OriginalBinding";

    ImmutableSet<Binding> SUPPORTED_BINDINGS = ImmutableSet.of(Binding.HTTP_POST,
            Binding.HTTP_REDIRECT, Binding.SOAP);

    @POST
    @Path("/login")
    @Consumes({"text/xml", "application/soap+xml"})
    Response doSoapLogin(InputStream body, @Context HttpServletRequest request) throws WSSecurityException;

    /**
     * Returns the IdP login form.
     *
     * @param samlRequest
     * @param relayState
     * @param request
     * @return Response
     * @throws WSSecurityException
     */
    @POST
    @Path("/login")
    Response showPostLogin(@FormParam(SAML_REQ) String samlRequest,
            @FormParam(RELAY_STATE) String relayState, @Context HttpServletRequest request)
            throws WSSecurityException;

    /**
     * Returns the IdP login form.
     *
     * @param samlRequest
     * @param relayState
     * @param signatureAlgorithm
     * @param signature
     * @param request
     * @return Response
     * @throws WSSecurityException
     */
    @GET
    @Path("/login")
    Response showGetLogin(@QueryParam(SAML_REQ) String samlRequest,
            @QueryParam(RELAY_STATE) String relayState,
            @QueryParam(SSOConstants.SIG_ALG) String signatureAlgorithm,
            @QueryParam(SSOConstants.SIGNATURE) String signature,
            @Context HttpServletRequest request) throws WSSecurityException;

    /**
     * Processes a login attempt from the IdP login web app.
     *
     * @param samlRequest
     * @param relayState
     * @param authMethod
     * @param signatureAlgorithm
     * @param signature
     * @param request
     * @return Response
     */
    @GET
    @Path("/login/sso")
    Response processLogin(@QueryParam(SAML_REQ) String samlRequest,
            @QueryParam(RELAY_STATE) String relayState, @QueryParam(AUTH_METHOD) String authMethod,
            @QueryParam(SSOConstants.SIG_ALG) String signatureAlgorithm,
            @QueryParam(SSOConstants.SIGNATURE) String signature,
            @QueryParam(IdpEndpoint.ORIGINAL_BINDING) String originalBinding,
            @Context HttpServletRequest request);

    /**
     * Returns the metadata associated with this IdP.
     *
     * @return Response
     * @throws WSSecurityException
     * @throws CertificateEncodingException
     */
    @GET
    @Path("/login/metadata")
    @Produces("application/xml")
    Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException;

    @GET
    @Path("/logout")
    Response processRedirectLogout(@QueryParam(SAML_REQ) String samlRequest,
            @QueryParam(SAML_RESPONSE) String samlResponse,
            @QueryParam(RELAY_STATE) String relayState,
            @QueryParam(SSOConstants.SIG_ALG) String signatureAlgorithm,
            @QueryParam(SSOConstants.SIGNATURE) String signature,
            @Context HttpServletRequest request) throws WSSecurityException, IdpException;

    @POST
    @Path("/logout")
    Response processPostLogout(@FormParam(SAML_REQ) String samlRequest,
            @FormParam(SAML_RESPONSE) String samlResponse,
            @FormParam(RELAY_STATE) String relayState, @Context HttpServletRequest request)
            throws WSSecurityException, IdpException;

}