SamlConfig.java

/*
 * *****************************************************************************
 *      Cloud Foundry
 *      Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved.
 *      This product is licensed to you under the Apache License, Version 2.0 (the "License").
 *      You may not use this product except in compliance with the License.
 *
 *      This product includes a number of subcomponents with
 *      separate copyright notices and license terms. Your use of these
 *      subcomponents is subject to the terms and conditions of the
 *      subcomponent's license, as noted in the LICENSE file.
 * *****************************************************************************
 */

package org.cloudfoundry.identity.uaa.zone;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import org.cloudfoundry.identity.uaa.saml.SamlKey;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

import static org.springframework.util.StringUtils.hasText;

@JsonIgnoreProperties(ignoreUnknown = true)
@JsonInclude(JsonInclude.Include.NON_NULL)
public class SamlConfig {
    public static final String LEGACY_KEY_ID = "legacy-saml-key";

    private boolean assertionSigned = true;
    private boolean requestSigned = true;
    private boolean wantAssertionSigned = true;
    private boolean wantAuthnRequestSigned = false;
    private int assertionTimeToLiveSeconds = 600;
    private String activeKeyId;
    private Map<String, SamlKey> keys = new HashMap<>();

    public boolean isAssertionSigned() {
        return assertionSigned;
    }

    public void setAssertionSigned(boolean assertionSigned) {
        this.assertionSigned = assertionSigned;
    }

    public boolean isRequestSigned() {
        return requestSigned;
    }

    public void setRequestSigned(boolean requestSigned) {
        this.requestSigned = requestSigned;
    }

    public boolean isWantAssertionSigned() {
        return wantAssertionSigned;
    }

    public void setWantAssertionSigned(boolean wantAssertionSigned) {
        this.wantAssertionSigned = wantAssertionSigned;
    }

    @JsonProperty("certificate")
    public void setCertificate(String certificate) {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (hasText(certificate) && null == legacyKey) {
            legacyKey = new SamlKey();
        }
        if (legacyKey != null) {
            legacyKey.setCertificate(certificate);
            keys.put(LEGACY_KEY_ID, legacyKey);
        }
    }

    @JsonProperty("privateKey")
    public void setPrivateKey(String privateKey) {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (hasText(privateKey) && null == legacyKey) {
            legacyKey = new SamlKey();
        }
        if (legacyKey != null) {
            legacyKey.setKey(privateKey);
            keys.put(LEGACY_KEY_ID, legacyKey);
        }
    }

    @JsonProperty("privateKeyPassword")
    public void setPrivateKeyPassword(String privateKeyPassword) {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (hasText(privateKeyPassword) && null == legacyKey) {
            legacyKey = new SamlKey();
        }
        if (legacyKey != null) {
            legacyKey.setPassphrase(privateKeyPassword);
            keys.put(LEGACY_KEY_ID, legacyKey);
        }
    }

    public boolean isWantAuthnRequestSigned() {
        return wantAuthnRequestSigned;
    }

    public void setWantAuthnRequestSigned(boolean wantAuthnRequestSigned) {
        this.wantAuthnRequestSigned = wantAuthnRequestSigned;
    }

    public int getAssertionTimeToLiveSeconds() {
        return assertionTimeToLiveSeconds;
    }

    public void setAssertionTimeToLiveSeconds(int assertionTimeToLiveSeconds) {
        this.assertionTimeToLiveSeconds = assertionTimeToLiveSeconds;
    }

    @JsonProperty("certificate")
    public String getCertificate() {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (null != legacyKey) {
            return legacyKey.getCertificate();
        }
        return null;
    }

    @JsonProperty
    public String getPrivateKey() {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (null != legacyKey) {
            return legacyKey.getKey();
        }
        return null;
    }

    @JsonProperty
    public String getPrivateKeyPassword() {
        SamlKey legacyKey = keys.get(LEGACY_KEY_ID);
        if (null != legacyKey) {
            return legacyKey.getPassphrase();
        }
        return null;
    }

    public String getActiveKeyId() {
        return hasText(activeKeyId) ? activeKeyId : hasLegacyKey() ? LEGACY_KEY_ID : null;
    }

    public void setActiveKeyId(String activeKeyId) {
        if (!LEGACY_KEY_ID.equals(activeKeyId)) {
            this.activeKeyId = activeKeyId;
        }
    }

    public Map<String, SamlKey> getKeys() {
        return Collections.unmodifiableMap(keys);
    }

    public void setKeys(Map<String, SamlKey> keys) {
        this.keys = new HashMap<>(keys);
    }

    @JsonIgnore
    public void addAndActivateKey(String keyId, SamlKey key) {
        addKey(keyId, key);
        this.activeKeyId = keyId;
    }

    @JsonIgnore
    public void addKey(String keyId, SamlKey key) {
        keys.put(keyId, key);
    }

    @JsonIgnore
    protected boolean hasLegacyKey() {
        return keys.get(LEGACY_KEY_ID) != null;
    }

    @JsonIgnore
    public SamlKey removeKey(String keyId) {
        return keys.remove(keyId);
    }
}