SAMLBuilderConfig.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.message.saml;

  23. import java.io.File;
  24. import java.io.FileInputStream;
  25. import java.io.IOException;
  26. import java.io.InputStream;
  27. import java.text.SimpleDateFormat;
  28. import java.util.ArrayList;
  29. import java.util.Collections;
  30. import java.util.Date;
  31. import java.util.Enumeration;
  32. import java.util.List;
  33. import java.util.Map;
  34. import java.util.Properties;
  35. import java.util.concurrent.ConcurrentHashMap;

  37. import org.apache.wss4j.common.crypto.Crypto;
  38. import org.apache.wss4j.common.crypto.CryptoFactory;
  39. import org.apache.wss4j.common.saml.bean.Version;
  40. import org.opensaml.saml.saml2.core.NameIDType;
  41. import org.openspcoop2.core.commons.DBUtils;
  42. import org.openspcoop2.protocol.sdk.state.RequestInfo;
  43. import org.openspcoop2.security.keystore.KeystoreConstants;
  44. import org.openspcoop2.utils.SemaphoreLock;
  45. import org.openspcoop2.utils.Utilities;
  46. import org.openspcoop2.utils.certificate.KeystoreType;

  48. /**
  49.  * SAMLCallbackHandler
  50.  *  
  51.  * @author Andrea Poli (apoli@link.it)
  52.  * @author $Author$
  53.  * @version $Rev$, $Date$
  54.  */
  55. public class SAMLBuilderConfig {

  57.     // ---- STATIC CONFIG CACHE -----
  58.     
  59.     private static Map<String, SAMLBuilderConfig> samlCacheConfig = new ConcurrentHashMap<>();
  60.     private static org.openspcoop2.utils.Semaphore semaphore = new org.openspcoop2.utils.Semaphore("SAMLBuilderConfig");
  61.     private static void addSamlConfig(String propertiesName,SAMLBuilderConfig p){
  62.         SemaphoreLock lock = semaphore.acquireThrowRuntime("addSamlConfig");
  63.         try {
  64.             if(!samlCacheConfig.containsKey(propertiesName)){
  65.                 samlCacheConfig.put(propertiesName, p);
  66.             }
  67.         }finally {
  68.             semaphore.release(lock, "addSamlConfig");
  69.         }
  70.     }
  71.     public static SAMLBuilderConfig getSamlConfig(String properties, RequestInfo requestInfo) throws IOException {
  72.         InputStream is = null;
  73.         try{
  74.             File f = new File(properties);
  75.             if(f.exists()){
  76.                 is = new FileInputStream(f);
  77.             }
  78.             else{
  79.                 is = SAMLBuilderConfig.class.getResourceAsStream("/"+properties);
  80.             }
  81.             if(is==null){
  82.                 throw new IOException("SAMLPropFile ["+properties+"]: not found"); 
  83.             }
  84.             try{
  85.                 return getSamlConfig(Utilities.getAsProperties(is), requestInfo);
  86.             }catch(Exception e){
  87.                 throw new IOException("SAMLPropFile ["+properties+"]: "+e.getMessage(),e); 
  88.             }       
  89.         }
  90.         finally{
  91.             try{
  92.                 if(is!=null){
  93.                     is.close();
  94.                 }
  95.             }catch(Exception eClose){
  96.                 // close
  97.             }
  98.         }
  99.     }

  101.     private static final String SAML_CONFIG_BUILD_PROPERTY_PREFIX = "SAML Config Builder: property [";
  102.     private static final String SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX = "SAML Config Builder: required property [";
  103.     private static final String SAML_CONFIG_BUILD_PROPERTY_OR = "] or [";
  104.     private static final String SAML_CONFIG_BUILD_PROPERTY_IF_USE = "] if use property [";
  105.     
  106.     public static SAMLBuilderConfig getSamlConfig(Properties p, RequestInfo requestInfoParam) throws IOException {
  107.         
  108.         String propertiesName = p.getProperty(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONFIG_NAME);
  109.         if(propertiesName!=null){
  110.             propertiesName = propertiesName.trim();
  111.         }
  112.         
  113.         boolean cacheConfig = isTrue(p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CACHE, false);
  114.         if(cacheConfig && propertiesName==null) {
  115.             throw new IOException(SAML_CONFIG_BUILD_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONFIG_NAME+"] not found");
  116.         }
  117.         
  118.         RequestInfo requestInfo = null;
  119.         if(!cacheConfig) {
  120.             // altrimenti la configurazione verrà riutilizzata su più richieste
  121.             requestInfo = requestInfoParam;
  122.         }
  123.         
  124.         if(cacheConfig &&
  125.             samlCacheConfig.containsKey(propertiesName)){
  126.             return samlCacheConfig.get(propertiesName);
  127.         }
  128.         try{
  129.             SAMLBuilderConfig config = new SAMLBuilderConfig(p, requestInfo);
  130.             if(cacheConfig) {
  131.                 addSamlConfig(propertiesName,config);
  132.             }
  133.             return config;
  134.         }catch(Exception e){
  135.             throw new IOException("Properties config ["+propertiesName+"]: "+e.getMessage(),e);
  136.         }
  137.     }   
  138.     private static boolean isTrue(Properties p,String name, boolean defaultValue) throws IOException{
  139.         String tmp = p.getProperty(name);
  140.         if(tmp!=null){
  141.             try{
  142.                 return Boolean.parseBoolean(tmp.trim());
  143.             }catch(Exception e){
  144.                 throw new IOException("SAML Config Builder: boolean property ["+name+"] with wrong format: "+e.getMessage());
  145.             }
  146.         }
  147.         return defaultValue;
  148.     }
  149.     private static Integer getIntProperty(Properties p,String name, boolean required) throws IOException{
  150.         String tmp = getProperty(p, name, required);
  151.         if(tmp!=null){
  152.             try{
  153.                 return Integer.parseInt(tmp);
  154.             }catch(Exception e){
  155.                 throw new IOException("SAML Config Builder: integer property ["+name+"] with wrong format: "+e.getMessage());
  156.             }
  157.         }
  158.         return null;
  159.     }
  160.     private static String getProperty(Properties p,String name, boolean required) throws IOException{
  161.         String tmp = p.getProperty(name);
  162.         if(tmp!=null){
  163.             return tmp.trim();
  164.         }
  165.         else{
  166.             if(required){
  167.                 throw new IOException(SAML_CONFIG_BUILD_PROPERTY_PREFIX+name+"] not found");
  168.             }
  169.             else{
  170.                 return null;
  171.             }
  172.         }
  173.     }
  174.     
  175.     
  176.     
  177.     // ---- INSTANCE -----
  178.     
  179.     private RequestInfo requestInfo;
  180.     
  181.     private Properties p;   
  182.     
  183.     // Usage keystore caching
  184.     private boolean useKeystoreCache = false;
  185.     
  186.     // Version
  187.     private Version version = null;

  189.     // Issuer
  190.     private String issuerValue;
  191.     private String issuerQualifier;
  192.     private String issuerFormat;
  193.     
  194.     // Signature
  195.     private boolean signAssertion = false;
  196.     private Crypto signAssertionCrypto = null;
  197.     private String signAssertionCryptoPropFile = null;
  198.     private String signAssertionCryptoPropRefId = null;
  199.     private String signAssertionCryptoPropCustomKeystoreType = null;
  200.     private String signAssertionCryptoPropCustomKeystoreFile = null;
  201.     private String signAssertionCryptoPropCustomKeystoreBYOKPolicy = null;
  202.     private String signAssertionCryptoPropCustomKeystorePassword = null;
  203.     private String signAssertionIssuerKeyPassword = null;
  204.     private String signAssertionIssuerKeyName = null;
  205.     private boolean signAssertionSendKeyValue = false;
  206.     private String signAssertionSignatureAlgorithm;
  207.     private String signAssertionSignatureDigestAlgorithm;
  208.     private String signAssertionCanonicalizationAlgorithm;

  210.     // Subject
  211.     private boolean subjectEnabled = true;
  212.     private String subjectNameIDValue;
  213.     private String subjectNameIDQualifier;
  214.     private String subjectNameIDFormat = NameIDType.UNSPECIFIED;
  215.     private String subjectConfirmationMethod = null;
  216.     private int subjectConfirmationDataNotBefore = 0;
  217.     private int subjectConfirmationDataNotOnOrAfter = 1 * 60; // 1 ora
  218.     private String subjectConfirmationDataAddress;
  219.     private String subjectConfirmationDataInResponseTo;
  220.     private String subjectConfirmationDataRecipient;
  221.     private Crypto subjectConfirmationMethodHolderOfKeyCrypto = null;
  222.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesFile = null;
  223.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesRefId = null;
  224.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreType = null;
  225.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile = null;
  226.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreBYOKPolicy = null;
  227.     private String subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystorePassword = null;
  228.     private String subjectConfirmationMethodHolderOfKeyCryptoCertificateAlias = null;
  229.     
  230.     // Conditions
  231.     private boolean conditionsEnabled = true;
  232.     private int conditionsDataNotBefore = 0;
  233.     private int conditionsDataNotOnOrAfter = 1 * 60; // 1 ora
  234.     private String conditionsAudienceURI = null;
  235.     
  236.     // Authn
  237.     private boolean authnStatementEnabled = true;
  238.     private int authnStatementDataInstant = 0;
  239.     private Date authnStatementDataInstantDate = null;
  240.     private int authnStatementDataNotOnOrAfter = 1 * 60; // 1 ora
  241.     private Date authnStatementDataNotOnOrAfterDate = null; 
  242.     private String authnStatementClassRef;
  243.     private String authnSubjectLocalityIpAddress;
  244.     private String authnSubjectLocalityDnsAddress;
  245.     
  246.     // Attribute
  247.     private List<SAMLBuilderConfigAttribute> attributes = new ArrayList<>();
  248.     
  249.     public SAMLBuilderConfig(Properties p, RequestInfo requestInfo) throws IOException{
  250.         this.p = p;
  251.         this.requestInfo = requestInfo;
  252.         
  253.         // Usage keystore caching
  254.         this.useKeystoreCache = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_USE_KEYSTORE_CACHE, false);
  255.         
  256.         // Version
  257.         boolean saml2 = false;
  258.         String versionP = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_VERSION, true);
  259.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_VERSION_10.equals(versionP)){
  260.             this.version = Version.SAML_10;
  261.         }
  262.         else 
  263.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_VERSION_11.equals(versionP)){
  264.             this.version = Version.SAML_11;
  265.         }
  266.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_VERSION_20.equals(versionP)){
  267.             this.version = Version.SAML_20;
  268.             saml2 = true;
  269.         }
  270.         else{
  271.             throw new IOException(SAML_CONFIG_BUILD_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_VERSION+"] not supported");
  272.         }
  273.         
  274.         // Issuer
  275.         this.issuerValue = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ISSUER_VALUE, true);
  276.         this.issuerQualifier = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ISSUER_QUALIFIER, false);
  277.         
  278.         String tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ISSUER_FORMAT, false);
  279.         if(tmp!=null){
  280.             this.issuerFormat = getNameIDFormat(tmp);
  281.         }
  282.         

  284.         // Signature    
  285.         this.signAssertion = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION, false);
  286.         if(this.signAssertion){
  287.             this.signAssertionCryptoPropFile = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_FILE, false);
  288.             this.signAssertionCryptoPropRefId = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_REF_ID, false);
  289.             this.signAssertionCryptoPropCustomKeystoreType = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_TYPE, false);
  290.             this.signAssertionCryptoPropCustomKeystoreFile =  getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_FILE, false);
  291.             this.signAssertionCryptoPropCustomKeystoreBYOKPolicy =  getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_BYOK_POLICY, false);
  292.             this.signAssertionCryptoPropCustomKeystorePassword =  getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_PASSWORD, false);
  293.             if(this.signAssertionCryptoPropFile==null && this.signAssertionCryptoPropRefId==null && this.signAssertionCryptoPropCustomKeystoreFile==null) {
  294.                 throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_FILE+SAML_CONFIG_BUILD_PROPERTY_OR+
  295.                                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_REF_ID+SAML_CONFIG_BUILD_PROPERTY_OR+
  296.                                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_FILE+"]");
  297.             }
  298.             if(this.signAssertionCryptoPropCustomKeystoreFile!=null && this.signAssertionCryptoPropCustomKeystorePassword==null) {
  299.                 boolean required = true;
  300.                 if(KeystoreType.JKS.isType(this.signAssertionCryptoPropCustomKeystoreType)) {
  301.                     required = DBUtils.isKeystoreJksPasswordRequired();
  302.                 }
  303.                 else if(KeystoreType.PKCS12.isType(this.signAssertionCryptoPropCustomKeystoreType)) {
  304.                     required = DBUtils.isKeystorePkcs12PasswordRequired();
  305.                 }
  306.                 if(required) {
  307.                     throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_PASSWORD+SAML_CONFIG_BUILD_PROPERTY_IF_USE+
  308.                             SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_CRYPTO_PROP_KEYSTORE_FILE+"]");
  309.                 }
  310.             }
  311.             this.signAssertionIssuerKeyName = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_KEY_NAME, true);
  312.             boolean requiredKey = true;
  313.             if(KeystoreType.JKS.isType(this.signAssertionCryptoPropCustomKeystoreType)) {
  314.                 requiredKey = DBUtils.isKeystoreJksKeyPasswordRequired();
  315.             }
  316.             else if(KeystoreType.PKCS12.isType(this.signAssertionCryptoPropCustomKeystoreType)) {
  317.                 requiredKey = DBUtils.isKeystorePkcs12KeyPasswordRequired();
  318.             }
  319.             this.signAssertionIssuerKeyPassword = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_KEY_PASSWORD, requiredKey);
  320.             this.signAssertionSendKeyValue = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_SEND_KEY_VALUE, false);
  321.             this.signAssertionSignatureAlgorithm = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_SIGNATURE_ALGORITHM, false);
  322.             this.signAssertionSignatureDigestAlgorithm = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_SIGNATURE_DIGEST_ALGORITHM, false);
  323.             this.signAssertionCanonicalizationAlgorithm = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SIGN_ASSERTION_SIGNATURE_CANONICALIZATION_ALGORITHM, false);
  324.         }
  325.         
  326.         // Subject
  327.         //this.subjectEnabled = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_ENABLED, true); E' OBBLIGATORIO IL SUBJECT, SENNO VA IN NULL POINTER OPENSAML
  328.         this.subjectNameIDValue = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_VALUE, true);
  329.         this.subjectNameIDQualifier = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_QUALIFIER, false);
  330.         
  331.         tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT, false);
  332.         if(tmp!=null){
  333.             this.subjectNameIDFormat = getNameIDFormat(tmp);
  334.         }
  335.         
  336.         tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD, true);
  337.         this.subjectConfirmationMethod = getSubjectConfirmationMethod(tmp, saml2);
  338.         boolean holderOfKey = this.isHolderOfKeySubjectConfirmationMethod(this.subjectConfirmationMethod);
  339.         
  340.         Integer tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_DATA_NOT_BEFORE, false);
  341.         if(tmpInt!=null){
  342.             this.subjectConfirmationDataNotBefore = tmpInt;
  343.         }
  344.         tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_DATA_NOT_ON_OR_AFTER, false);
  345.         if(tmpInt!=null){
  346.             this.subjectConfirmationDataNotOnOrAfter = tmpInt;
  347.         }
  348.         
  349.         this.subjectConfirmationDataAddress = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_DATA_ADDRESS, false);
  350.         this.subjectConfirmationDataInResponseTo = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_DATA_IN_RESPONSE_TO, false);
  351.         this.subjectConfirmationDataRecipient = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_DATA_RECIPIENT, false);
  352.         
  353.         if(holderOfKey){
  354.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesFile = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_FILE, false);
  355.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesRefId = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_REF_ID, false);
  356.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreType = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_TYPE, false);
  357.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile =  getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_FILE, false);
  358.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreBYOKPolicy = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_BYOK_POLICY, false);
  359.             this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystorePassword =  getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_PASSWORD, false);
  360.             if(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesFile==null && this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesRefId==null && this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile==null) {
  361.                 throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_FILE+SAML_CONFIG_BUILD_PROPERTY_OR+
  362.                                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_REF_ID+SAML_CONFIG_BUILD_PROPERTY_OR+
  363.                                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_FILE+"]");
  364.             }
  365.             if(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile!=null && this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystorePassword==null) {
  366.                 boolean required = true;
  367.                 if(KeystoreType.JKS.isType(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreType)) {
  368.                     required = DBUtils.isKeystoreJksKeyPasswordRequired();
  369.                 }
  370.                 else if(KeystoreType.PKCS12.isType(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreType)) {
  371.                     required = DBUtils.isKeystorePkcs12KeyPasswordRequired();
  372.                 }
  373.                 if(required) {
  374.                     throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_PASSWORD+SAML_CONFIG_BUILD_PROPERTY_IF_USE+
  375.                             SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_PROPERTIES_KEYSTORE_FILE+"]");
  376.                 }
  377.             }
  378.             this.subjectConfirmationMethodHolderOfKeyCryptoCertificateAlias = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_CRYPTO_ALIAS, true);
  379.         }
  380.         
  381.         
  382.         // Conditions
  383.         
  384.         //this.conditionsEnabled = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONDITIONS_ENABLED, true); //VENGONO GENERATE COMUNQUE
  385.         tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONDITIONS_DATA_NOT_BEFORE, false);
  386.         if(tmpInt!=null){
  387.             this.conditionsDataNotBefore = tmpInt;
  388.         }
  389.         tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONDITIONS_DATA_NOT_ON_OR_AFTER, false);
  390.         if(tmpInt!=null){
  391.             this.conditionsDataNotOnOrAfter = tmpInt;
  392.         }
  393.         this.conditionsAudienceURI = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_CONDITIONS_AUDIENCE_URI, false);
  394.         
  395.         
  396.         // Authn
  397.         
  398.         this.authnStatementEnabled = isTrue(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_ENABLED, true);
  399.         
  400.         tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT, false);
  401.         if(tmpInt!=null){
  402.             this.authnStatementDataInstant = tmpInt; // se si vuole andare indietro deve essere fornito un valore negativo nella proprietà
  403.         }
  404.         tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_VALUE, false);
  405.         if(tmp!=null) {
  406.             String value = tmp;
  407.             tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_FORMAT, false);
  408.             if(tmp!=null) {
  409.                 String format = tmp;
  410.                 SimpleDateFormat sdf = new SimpleDateFormat(format);
  411.                 try {
  412.                     this.authnStatementDataInstantDate = sdf.parse(value);
  413.                 }catch(Exception e) {
  414.                     throw new IOException("SAML Config Builder: failed parsing property value ["+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_VALUE+"="+value+"] with format ["+
  415.                             SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_FORMAT+"="+format+"]: "+e.getMessage(),e);
  416.                 }
  417.             }
  418.             else {
  419.                 throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_FORMAT+SAML_CONFIG_BUILD_PROPERTY_IF_USE+
  420.                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_INSTANT_VALUE+"]");
  421.             }
  422.         }

  424.         tmpInt = getIntProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER, false);
  425.         if(tmpInt!=null){
  426.             this.authnStatementDataNotOnOrAfter = tmpInt;
  427.         }
  428.         tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_VALUE, false);
  429.         if(tmp!=null) {
  430.             String value = tmp;
  431.             tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_FORMAT, false);
  432.             if(tmp!=null) {
  433.                 String format = tmp;
  434.                 SimpleDateFormat sdf = new SimpleDateFormat(format);
  435.                 try {
  436.                     this.authnStatementDataNotOnOrAfterDate = sdf.parse(value);
  437.                 }catch(Exception e) {
  438.                     throw new IOException("SAML Config Builder: failed parsing property value ["+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_VALUE+"="+value+"] with format ["+
  439.                             SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_FORMAT+"="+format+"]: "+e.getMessage(),e);
  440.                 }
  441.             }
  442.             else {
  443.                 throw new IOException(SAML_CONFIG_BUILD_REQUIRED_PROPERTY_PREFIX+SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_FORMAT+SAML_CONFIG_BUILD_PROPERTY_IF_USE+
  444.                         SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_STATEMENT_DATA_NOT_ON_OR_AFTER_VALUE+"]");
  445.             }
  446.         }

  448.         tmp = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN, this.authnStatementEnabled);
  449.         if(tmp!=null){
  450.             this.authnStatementClassRef = getAuthStatementMethod(tmp, saml2);
  451.         }
  452.         this.authnSubjectLocalityIpAddress = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SUBJECT_LOCALITY_IP_ADDRESS, false);
  453.         this.authnSubjectLocalityDnsAddress = getProperty(this.p, SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SUBJECT_LOCALITY_DNS_ADDRESS, false);

  455.         
  456.         // Attribute
  457.         
  458.         Properties pAttribute = null;
  459.         try{
  460.             pAttribute = Utilities.readProperties(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_PREFIX, this.p);
  461.         }catch(Exception e){
  462.             throw new IOException(e.getMessage(),e);
  463.         }
  464.         if(pAttribute!=null && p.size()>0){
  465.             List<String> attrNames = new ArrayList<>();
  466.             Enumeration<?> enAttributes = pAttribute.keys();
  467.             if(enAttributes!=null){
  468.                 while (enAttributes.hasMoreElements()) {
  469.                     Object objectName = enAttributes.nextElement();
  470.                     if(objectName instanceof String){
  471.                         String key = (String) objectName;
  472.                         if(key.endsWith(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_VALUE)){
  473.                             String attrName = key.substring(0, key.indexOf(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_VALUE));
  474.                             attrNames.add(attrName);
  475.                         }
  476.                     }
  477.                 }
  478.             }
  479.             Collections.sort(attrNames);
  480.             for (String attrName : attrNames) {
  481.                 SAMLBuilderConfigAttribute attr = new SAMLBuilderConfigAttribute(attrName);
  482.                 
  483.                 String qualifiedName = attrName + SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_QUALIFIED_NAME;
  484.                 String simpleName = attrName + SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_SIMPLE_NAME;
  485.                 String qualifiedNameTmp = getProperty(pAttribute, qualifiedName, !saml2); // sono obbligatori entrambi solamente per saml 1.1
  486.                 String simpleNameTmp = getProperty(pAttribute, simpleName, !saml2); // sono obbligatori entrambi solamente per saml 1.1
  487.                 if(qualifiedNameTmp==null && simpleNameTmp==null){
  488.                     throw new IOException("SAML Config Builder: attribute ["+attrName+"] requires at least one of the following properties: "+
  489.                             qualifiedName+", "+simpleName);
  490.                 }
  491.                 attr.setQualifiedName(qualifiedNameTmp);
  492.                 attr.setSimpleName(simpleNameTmp);
  493.                 
  494.                 String format = attrName + SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME;
  495.                 if(saml2){
  496.                     String formatTmp = getProperty(pAttribute, format, true);
  497.                     attr.setFormatName(this.getAttributeFormat(formatTmp));
  498.                 }
  499.                 else{
  500.                     String formatTmp = getProperty(pAttribute, format, false);
  501.                     if(formatTmp!=null){
  502.                         throw new IOException("SAML Config Builder: name format unsupported in SAML 1.1; found in attribute ["+attrName+"]"); 
  503.                     }
  504.                 }
  505.                 
  506.                 String separator = attrName + SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_VALUE_SEPARATOR;
  507.                 String separatorTmp = getProperty(pAttribute, separator, false);
  508.                 if(separatorTmp==null || "".equals(separatorTmp)){
  509.                     separatorTmp = ","; // default
  510.                 }
  511.                 
  512.                 String values = attrName + SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_VALUE;
  513.                 String valuesTmp = getProperty(pAttribute, values, true);
  514.                 String [] splitValues = valuesTmp.split(separatorTmp);
  515.                 if(splitValues==null || splitValues.length<=0){
  516.                     throw new IOException("SAML Config Builder: values not found in attribute ["+attrName+"] using separator ["+valuesTmp+"]"); 
  517.                 }
  518.                 for (int i = 0; i < splitValues.length; i++) {
  519.                     attr.addValue(splitValues[i].trim());
  520.                 }
  521.                 
  522.                 this.attributes.add(attr);
  523.             }
  524.         }
  525.     }
  526.     
  527.     
  528.     private String getNameIDFormat(String tmpParam){
  529.         String tmp = tmpParam.trim();
  530.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_UNSPECIFIED.equals(tmp)){
  531.             tmp = NameIDType.UNSPECIFIED;
  532.         }
  533.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_EMAIL.equals(tmp)){
  534.             tmp = NameIDType.EMAIL;
  535.         }
  536.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_X509_SUBJECT.equals(tmp)){
  537.             tmp = NameIDType.X509_SUBJECT;
  538.         }
  539.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_WIN_DOMAIN_QUALIFIED.equals(tmp)){
  540.             tmp = NameIDType.WIN_DOMAIN_QUALIFIED;
  541.         }
  542.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_KERBEROS.equals(tmp)){
  543.             tmp = NameIDType.KERBEROS;
  544.         }
  545.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_ENTITY.equals(tmp)){
  546.             tmp = NameIDType.ENTITY;
  547.         }
  548.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_PERSISTENT.equals(tmp)){
  549.             tmp = NameIDType.PERSISTENT;
  550.         }
  551.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_TRANSIENT.equals(tmp)){
  552.             tmp = NameIDType.TRANSIENT;
  553.         }
  554.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_NAMEID_FORMAT_VALUE_ENCRYPTED.equals(tmp)){
  555.             tmp = NameIDType.ENCRYPTED;
  556.         }
  557.         else{
  558.             // lascio il valore impostato dall'utente nel file di proprietà. Deve inserire un formato valido
  559.             // Cosi' supporto anche eventuali formati futuri.
  560.         }
  561.         return tmp;
  562.     }
  563.     
  564.     private String getSubjectConfirmationMethod(String tmpParam, boolean saml2){
  565.         String tmp = tmpParam.trim();
  566.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_VALUE_ARTIFACT.equals(tmp) && !saml2){
  567.             tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_ARTIFACT_SAML_10;
  568.         }
  569.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_VALUE_IDENTITY.equals(tmp) && !saml2){
  570.             tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_IDENTITY_SAML_10;
  571.         }
  572.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_VALUE_BEARER.equals(tmp)){
  573.             if(saml2){
  574.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_BEARER_SAML_20;
  575.             }else{
  576.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_BEARER_SAML_10;
  577.             }
  578.         }
  579.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_VALUE_HOLDER_OF_KEY.equals(tmp)){
  580.             if(saml2){
  581.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_SAML_20;
  582.             }else{
  583.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_SAML_10;
  584.             }
  585.         }
  586.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_VALUE_SENDER_VOUCHES.equals(tmp)){
  587.             if(saml2){
  588.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES_SAML_20;
  589.             }else{
  590.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES_SAML_10;
  591.             }
  592.         }
  593.         else{
  594.             // lascio il valore impostato dall'utente nel file di proprietà. Deve inserire un formato valido
  595.             // Cosi' supporto anche eventuali formati futuri.
  596.         }
  597.         return tmp;
  598.     }
  599.     
  600.     private boolean isHolderOfKeySubjectConfirmationMethod(String confirmationMethod){
  601.         
  602.         return SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_SAML_20.equals(confirmationMethod)
  603.                 ||
  604.                 SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY_SAML_10.equals(confirmationMethod);
  605.         
  606.     }
  607.     
  608.     private String getAuthStatementMethod(String tmpParam, boolean saml2){
  609.         String tmp = tmpParam.trim();
  610.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_UNSPECIFIED.equals(tmp)){
  611.             if(saml2){
  612.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_UNSPECIFIED_SAML20;
  613.             }else{
  614.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_UNSPECIFIED_SAML10;
  615.             }
  616.         }
  617.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_PASSWORD.equals(tmp)){
  618.             if(saml2){
  619.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PASSWORD_SAML20;
  620.             }else{
  621.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PASSWORD_SAML10;
  622.             }
  623.         }
  624.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_KERBEROS.equals(tmp)){
  625.             if(saml2){
  626.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_KERBEROS_SAML20;
  627.             }else{
  628.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_KERBEROS_SAML10;
  629.             }
  630.         }
  631.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_TLS.equals(tmp)){
  632.             if(saml2){
  633.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_TLS_SAML20;
  634.             }else{
  635.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_TLS_SAML10;
  636.             }
  637.         }
  638.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_X509.equals(tmp)){
  639.             if(saml2){
  640.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_X509_SAML20;
  641.             }else{
  642.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_X509_SAML10;
  643.             }
  644.         }
  645.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_PGP.equals(tmp)){
  646.             if(saml2){
  647.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PGP_SAML20;
  648.             }else{
  649.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PGP_SAML10;
  650.             }
  651.         }
  652.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_SRP.equals(tmp)){
  653.             if(saml2){
  654.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SRP_SAML20;
  655.             }else{
  656.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SRP_SAML10;
  657.             }
  658.         }
  659.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_SPKI.equals(tmp)){
  660.             if(saml2){
  661.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SPKI_SAML20;
  662.             }else{
  663.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SPKI_SAML10;
  664.             }
  665.         }
  666.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_DSIG.equals(tmp)){
  667.             if(saml2){
  668.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_DSIG_SAML20;
  669.             }else{
  670.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_DSIG_SAML10;
  671.             }
  672.         }
  673.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_HARDWARE.equals(tmp)){
  674.             if(!saml2){
  675.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_HARDWARE_SAML10;
  676.             }
  677.         }
  678.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_XKMS.equals(tmp)){
  679.             if(!saml2){
  680.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_XKMS_SAML10;
  681.             }
  682.         }
  683.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_INTERNET_PROTOCOL.equals(tmp)){
  684.             if(saml2){
  685.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_INTERNET_PROTOCOL_SAML20;
  686.             }
  687.         }
  688.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_INTERNET_PROTOCOL_PASSWORD.equals(tmp)){
  689.             if(saml2){
  690.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_INTERNET_PROTOCOL_PASSWORD_SAML20;
  691.             }
  692.         }
  693.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_MOBILE_ONE_FACTOR_UNREGISTERED.equals(tmp)){
  694.             if(saml2){
  695.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_MOBILE_ONE_FACTOR_UNREGISTERED_SAML20;
  696.             }
  697.         }
  698.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_MOBILE_TWO_FACTOR_UNREGISTERED.equals(tmp)){
  699.             if(saml2){
  700.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_MOBILE_TWO_FACTOR_UNREGISTERED_SAML20;
  701.             }
  702.         }
  703.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_MOBILE_ONE_FACTOR_CONTRACT.equals(tmp)){
  704.             if(saml2){
  705.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_MOBILE_ONE_FACTOR_CONTRACT_SAML20;
  706.             }
  707.         }
  708.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_MOBILE_TWO_FACTOR_CONTRACT.equals(tmp)){
  709.             if(saml2){
  710.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_MOBILE_TWO_FACTOR_CONTRACT_SAML20;
  711.             }
  712.         }
  713.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_PASSWORD_PROTECTED_TRANSPORT.equals(tmp)){
  714.             if(saml2){
  715.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PASSWORD_PROTECTED_TRANSPORT_SAML20;
  716.             }
  717.         }
  718.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_PREVIOUS_SESSION.equals(tmp)){
  719.             if(saml2){
  720.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PREVIOUS_SESSION_SAML20;
  721.             }
  722.         }
  723.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_SMARTCARD.equals(tmp)){
  724.             if(saml2){
  725.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SMARTCARD_SAML20;
  726.             }
  727.         }
  728.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_SMARTCARD_PKI.equals(tmp)){
  729.             if(saml2){
  730.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SMARTCARD_PKI_SAML20;
  731.             }
  732.         }
  733.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_SOFTWARE_PKI.equals(tmp)){
  734.             if(saml2){
  735.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_SOFTWARE_PKI_SAML20;
  736.             }
  737.         }
  738.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_TELEPHONY.equals(tmp)){
  739.             if(saml2){
  740.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_TELEPHONY_SAML20;
  741.             }
  742.         }
  743.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_NOMAD_TELEPHONY.equals(tmp)){
  744.             if(saml2){
  745.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_NOMAD_TELEPHONY_SAML20;
  746.             }
  747.         }
  748.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_PERSONAL_TELEPHONY.equals(tmp)){
  749.             if(saml2){
  750.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_PERSONAL_TELEPHONY_SAML20;
  751.             }
  752.         }
  753.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_AUTHENTICATED_TELEPHONY.equals(tmp)){
  754.             if(saml2){
  755.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_AUTHENTICATED_TELEPHONY_SAML20;
  756.             }
  757.         }
  758.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_VALUE_TIME_SYNC.equals(tmp)){
  759.             if(saml2){
  760.                 tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_AUTHN_TIME_SYNC_SAML20;
  761.             }
  762.         }
  763.         else{
  764.             // lascio il valore impostato dall'utente nel file di proprietà. Deve inserire un formato valido
  765.             // Cosi' supporto anche eventuali formati futuri.
  766.         }
  767.         return tmp;
  768.     }
  769.     
  770.     private String getAttributeFormat(String tmpParam){
  771.         String tmp = tmpParam.trim();
  772.         if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_VALUE_UNSPECIFIED.equals(tmp)){
  773.             tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_UNSPECIFIED_SAML20;
  774.         }
  775.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_VALUE_URI.equals(tmp)){
  776.             tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_URI_SAML20;
  777.         }
  778.         else if(SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_VALUE_BASIC.equals(tmp)){
  779.             tmp = SAMLBuilderConfigConstants.SAML_CONFIG_BUILDER_ATTRIBUTE_SUFFIX_FORMAT_NAME_BASIC_SAML20;
  780.         }
  781.         else{
  782.             // lascio il valore impostato dall'utente nel file di proprietà. Deve inserire un formato valido
  783.             // Cosi' supporto anche eventuali formati futuri.
  784.         }
  785.         return tmp;
  786.     }
  787.     

  789.     
  790.     // Usage keystore caching
  791.     
  792.     public boolean isUseKeystoreCache() {
  793.         return this.useKeystoreCache;
  794.     }   
  795.     
  796.     // Version
  797.     
  798.     public Version getVersion() {
  799.         return this.version;
  800.     }
  801.     
  802.     // Issuer

  804.     public String getIssuerValue() {
  805.         return this.issuerValue;
  806.     }
  807.     public String getIssuerQualifier() {
  808.         return this.issuerQualifier;
  809.     }
  810.     public String getIssuerFormat() {
  811.         return this.issuerFormat;
  812.     }

  814.     // Signature

  816.     public boolean isSignAssertion() {
  817.         return this.signAssertion;
  818.     }
  819.     public Crypto getSignAssertionCrypto() throws Exception {
  820.         if(this.signAssertionCrypto==null){
  821.             initSignAssertionCrypto();
  822.         }
  823.         return this.signAssertionCrypto;
  824.     }
  825.     private synchronized void initSignAssertionCrypto() throws Exception{
  826.         if(this.signAssertionCrypto==null){
  827.             if(this.signAssertionCryptoPropFile!=null) {
  828.                 this.signAssertionCrypto = 
  829.                     CryptoFactory.getInstance(this.signAssertionCryptoPropFile);
  830.             }
  831.             else if(this.signAssertionCryptoPropCustomKeystoreFile!=null) {
  832.                 Properties pMerlin = SAMLUtilities.convertToMerlinProperties(this.signAssertionCryptoPropCustomKeystoreType, 
  833.                         this.signAssertionCryptoPropCustomKeystoreFile, this.signAssertionCryptoPropCustomKeystorePassword,
  834.                         this.useKeystoreCache,
  835.                         this.signAssertionCryptoPropCustomKeystoreBYOKPolicy);
  836.                 if(this.requestInfo!=null) {
  837.                     pMerlin.put(KeystoreConstants.PROPERTY_REQUEST_INFO, this.requestInfo);
  838.                 }
  839.                 this.signAssertionCrypto = CryptoFactory.getInstance(pMerlin);
  840.             }
  841.             else {
  842.                 this.signAssertionCrypto = 
  843.                         CryptoFactory.getInstance(this.p);
  844.             }
  845.         }
  846.     }
  847.     public String getSignAssertionIssuerKeyPassword() {
  848.         return this.signAssertionIssuerKeyPassword;
  849.     }
  850.     public String getSignAssertionIssuerKeyName() {
  851.         return this.signAssertionIssuerKeyName;
  852.     }
  853.     public boolean isSignAssertionSendKeyValue() {
  854.         return this.signAssertionSendKeyValue;
  855.     }
  856.     public String getSignAssertionSignatureAlgorithm() {
  857.         return this.signAssertionSignatureAlgorithm;
  858.     }
  859.     public String getSignAssertionSignatureDigestAlgorithm() {
  860.         return this.signAssertionSignatureDigestAlgorithm;
  861.     }
  862.     public String getSignAssertionCanonicalizationAlgorithm() {
  863.         return this.signAssertionCanonicalizationAlgorithm;
  864.     }
  865.     
  866.     // Subject
  867.     
  868.     public boolean isSubjectEnabled() {
  869.         return this.subjectEnabled;
  870.     }
  871.     public String getSubjectNameIDValue() {
  872.         return this.subjectNameIDValue;
  873.     }
  874.     public String getSubjectNameIDQualifier() {
  875.         return this.subjectNameIDQualifier;
  876.     }
  877.     public String getSubjectNameIDFormat() {
  878.         return this.subjectNameIDFormat;
  879.     }
  880.     public String getSubjectConfirmationMethod() {
  881.         return this.subjectConfirmationMethod;
  882.     }
  883.     public int getSubjectConfirmationDataNotBefore() {
  884.         return this.subjectConfirmationDataNotBefore;
  885.     }
  886.     public int getSubjectConfirmationDataNotOnOrAfter() {
  887.         return this.subjectConfirmationDataNotOnOrAfter;
  888.     }
  889.     public String getSubjectConfirmationDataAddress() {
  890.         return this.subjectConfirmationDataAddress;
  891.     }
  892.     public String getSubjectConfirmationDataInResponseTo() {
  893.         return this.subjectConfirmationDataInResponseTo;
  894.     }
  895.     public String getSubjectConfirmationDataRecipient() {
  896.         return this.subjectConfirmationDataRecipient;
  897.     }
  898.     public Crypto getSubjectConfirmationMethodHolderOfKeyCrypto() throws Exception {
  899.         if(this.subjectConfirmationMethodHolderOfKeyCrypto==null){
  900.             initSubjectConfirmationMethodHolderOfKeyCrypto();
  901.         }
  902.         return this.subjectConfirmationMethodHolderOfKeyCrypto;
  903.     }
  904.     private synchronized void initSubjectConfirmationMethodHolderOfKeyCrypto() throws Exception{
  905.         if(this.subjectConfirmationMethodHolderOfKeyCrypto==null){
  906.             if(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesFile!=null) {
  907.                 this.subjectConfirmationMethodHolderOfKeyCrypto = 
  908.                     CryptoFactory.getInstance(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesFile);   
  909.             }
  910.             else if(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile!=null) {
  911.                 Properties pMerlin = SAMLUtilities.convertToMerlinProperties(this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreType, 
  912.                         this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreFile, this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystorePassword,
  913.                         this.useKeystoreCache,
  914.                         this.subjectConfirmationMethodHolderOfKeyCryptoPropertiesCustomKeystoreBYOKPolicy);
  915.                 if(this.requestInfo!=null) {
  916.                     pMerlin.put(KeystoreConstants.PROPERTY_REQUEST_INFO, this.requestInfo);
  917.                 }
  918.                 this.subjectConfirmationMethodHolderOfKeyCrypto = CryptoFactory.getInstance(pMerlin);
  919.             }
  920.             else {
  921.                 this.subjectConfirmationMethodHolderOfKeyCrypto = 
  922.                         CryptoFactory.getInstance(this.p);
  923.             }
  924.         }
  925.     }
  926.     public String getSubjectConfirmationMethodHolderOfKeyCryptoCertificateAlias() {
  927.         return this.subjectConfirmationMethodHolderOfKeyCryptoCertificateAlias;
  928.     }
  929.     
  930.     // Conditions
  931.     
  932.     public boolean isConditionsEnabled() {
  933.         return this.conditionsEnabled;
  934.     }
  935.     public int getConditionsDataNotBefore() {
  936.         return this.conditionsDataNotBefore;
  937.     }
  938.     public int getConditionsDataNotOnOrAfter() {
  939.         return this.conditionsDataNotOnOrAfter;
  940.     }
  941.     public String getConditionsAudienceURI() {
  942.         return this.conditionsAudienceURI;
  943.     }
  944.     
  945.     // Authn
  946.     
  947.     public boolean isAuthnStatementEnabled() {
  948.         return this.authnStatementEnabled;
  949.     }
  950.     public int getAuthnStatementDataInstant() {
  951.         return this.authnStatementDataInstant;
  952.     }
  953.     public Date getAuthnStatementDataInstantDate() {
  954.         return this.authnStatementDataInstantDate;
  955.     }
  956.     public int getAuthnStatementDataNotOnOrAfter() {
  957.         return this.authnStatementDataNotOnOrAfter;
  958.     }
  959.     public Date getAuthnStatementDataNotOnOrAfterDate() {
  960.         return this.authnStatementDataNotOnOrAfterDate;
  961.     }
  962.     public String getAuthnStatementClassRef() {
  963.         return this.authnStatementClassRef;
  964.     }
  965.     public String getAuthnSubjectLocalityIpAddress() {
  966.         return this.authnSubjectLocalityIpAddress;
  967.     }
  968.     public String getAuthnSubjectLocalityDnsAddress() {
  969.         return this.authnSubjectLocalityDnsAddress;
  970.     }
  971.     
  972.     // Attribute
  973.     
  974.     public List<SAMLBuilderConfigAttribute> getAttributes() {
  975.         return this.attributes;
  976.     }
  977. }
Created with JaCoCo 0.8.8.202204050719