Add SP role interfaces, sync with latest SAML 2.0 spec
authorgilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:18:27 +0000 (13:18 +0000)
committergilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:18:27 +0000 (13:18 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1144 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/metadata/AttributeAuthorityRole.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/metadata/Endpoint.java
src/edu/internet2/middleware/shibboleth/metadata/EntityDescriptor.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/metadata/EntityLocator.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/metadata/IDPProviderRole.java [new file with mode: 0644]
src/edu/internet2/middleware/shibboleth/metadata/KeyDescriptor.java
src/edu/internet2/middleware/shibboleth/metadata/Provider.java
src/edu/internet2/middleware/shibboleth/metadata/ProviderRole.java
src/edu/internet2/middleware/shibboleth/metadata/SAML2Metadata.java [new file with mode: 0644]

diff --git a/src/edu/internet2/middleware/shibboleth/metadata/AttributeAuthorityRole.java b/src/edu/internet2/middleware/shibboleth/metadata/AttributeAuthorityRole.java
new file mode 100644 (file)
index 0000000..a9c1ea4
--- /dev/null
@@ -0,0 +1,16 @@
+/*
+ * AttributeAuthorityRole.java
+  */
+package edu.internet2.middleware.shibboleth.metadata;
+
+import org.opensaml.SAMLAttributeDesignator;
+
+/**
+ * @author Howard Gilbert
+ */
+public interface AttributeAuthorityRole extends ProviderRole {
+       
+       Endpoint[] getAttributeServices();
+       SAMLAttributeDesignator[] getAttributeDesignators();
+
+}
index 96a56dd..30675fb 100644 (file)
 package edu.internet2.middleware.shibboleth.metadata;
 
 /**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "EndpointType".
+ * </p><p>
+ * "The complex type EndpointType describes a SAML protocol binding endpoint
+ * at which a SAML entity can be sent protocol messages." That is, it is 
+ * to SAML what a URL is to HTTP, the address of one end of a conversation.
+ * The exact meaning depends on the SAML binding (is this a Browser POST,
+ * a Web Service request, or what).
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
 public interface Endpoint {
 
-       public String getBinding();
+       public String getBinding(); // URI identifying a SAML binding
 
-       public String getVersion();
+       public String getLocation(); // URI(URL) of the message destination
 
-       public String getLocation();
-
-       public String getResponseLocation();
+       public String getResponseLocation(); // optional second URI(URL) destination
 
 }
diff --git a/src/edu/internet2/middleware/shibboleth/metadata/EntityDescriptor.java b/src/edu/internet2/middleware/shibboleth/metadata/EntityDescriptor.java
new file mode 100644 (file)
index 0000000..3a6e0b8
--- /dev/null
@@ -0,0 +1,48 @@
+/*
+ * EntityDescriptor.java
+ * 
+ * Simplify the transition to SAML 2 by allowing the obsolete
+ * "Provider" interface to be called by its new name "EntityDescriptor".
+ * Can be used to add or rename fields while writing code that 
+ * implements the new interface while continuing to support the old.
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * @author Howard Gilbert
+ */
+public abstract class EntityDescriptor implements Provider {
+    
+    /**
+     * Scan the array of Roles, return instance of a particular type
+     * @param type  Sub-Class of ProviderRole
+     * @return      instance of the type
+     */
+    public ProviderRole getRoleByType(Class type) {
+        
+        ProviderRole[] roles = this.getRoles();
+        for (int i=0;i<roles.length;i++) {
+            ProviderRole role = roles[i];
+            if (type.isInstance(role))
+                return role;
+        }
+         return null;
+    }
+    
+    public 
+       AttributeAuthorityRole 
+    getAttributeAuthorityRole(){
+        AttributeAuthorityRole aa = (AttributeAuthorityRole) getRoleByType(AttributeAuthorityRole.class);
+        return aa;
+    }
+       
+    public 
+       IDPProviderRole 
+    getHandleServer() {
+        IDPProviderRole hs = (IDPProviderRole) getRoleByType(IDPProviderRole.class);
+        return hs;
+    }
+
+    
+
+}
diff --git a/src/edu/internet2/middleware/shibboleth/metadata/EntityLocator.java b/src/edu/internet2/middleware/shibboleth/metadata/EntityLocator.java
new file mode 100644 (file)
index 0000000..3c5ed11
--- /dev/null
@@ -0,0 +1,13 @@
+/*
+ * EntityLocator.java
+  */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * @author Howard Gilbert
+ */
+public interface EntityLocator extends Metadata {
+       
+       EntityDescriptor getEntityDescriptor(String id);
+
+}
diff --git a/src/edu/internet2/middleware/shibboleth/metadata/IDPProviderRole.java b/src/edu/internet2/middleware/shibboleth/metadata/IDPProviderRole.java
new file mode 100644 (file)
index 0000000..06823f2
--- /dev/null
@@ -0,0 +1,13 @@
+/*
+ * IDPProviderRole.java
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+/**
+ * ID Service (HS)
+ * 
+ * @author Howard Gilbert
+ */
+public interface IDPProviderRole extends ProviderRole {
+       
+}
index 4dedfad..f58fa31 100644 (file)
@@ -29,7 +29,11 @@ package edu.internet2.middleware.shibboleth.metadata;
 import org.apache.xml.security.keys.KeyInfo;
 
 /**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "KeyDescriptorType".
+ * </p><p>
+ * Provides information about the cryptographic keys that an EntityDescriptor/Provider
+ * uses to sign data. However, this is nested inside a RoleDescriptor 
+ * instead of appearing at the EntityDescriptor level.
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
@@ -40,9 +44,7 @@ public interface KeyDescriptor {
 
        public int getUse();
 
-       public String getEncryptionMethod();
-
-       public int getKeySize();
+       public String[] getEncryptionMethod();
 
        public KeyInfo[] getKeyInfo();
 }
index 6ea705a..9029da8 100644 (file)
 package edu.internet2.middleware.shibboleth.metadata;
 
 /**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "EntityDescriptorType".
+ * </p><p>
+ * Entities are campuses or departments with either an origin or target
+ * infrastructure (or both). Each implemented component (HS, AA, SHAR) 
+ * has a Role definition with URLs and PKI to locate and authenticate
+ * the provider of that role. Although the Metadata may define all 
+ * roles, target code tends to build objects describing origins, and 
+ * origins are only interested in targets.
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
 public interface Provider {
 
-       public String getId();
+       public String getId();  // Unique ID used as global key of Provider
 
-       public String[] getGroups();
+       public String[] getGroups(); // Groups in which this Provider is nested
 
-       public ContactPerson[] getContacts();
+       public ContactPerson[] getContacts(); // People
 
-       public ProviderRole[] getRoles();
+       public ProviderRole[] getRoles(); // HS, AA, SHAR, ... definitions
 
 }
index fcd4386..99274eb 100644 (file)
@@ -29,13 +29,22 @@ package edu.internet2.middleware.shibboleth.metadata;
 import java.net.URL;
 
 /**
- * Ported from Scott Cantor's C++ interfaces
+ * <p>Corresponds loosely to SAML Metadata Schema "RoleDescriptorType".
+ * </p><p>
+ * A child of the EntityDescriptor element (the Provider object).
+ * Example Roles are IDP (Identity Provider), Authentication Authority (HS),
+ * Attribute Authority (AA), Attribute Requestor (SHAR), ...
+ * 
+ * The only role supported in the Origin is 
+ * AuthenticationAssertionConsumerService (formerly know as SHIRE)
+ * [not formally part of the SAML 2 Metadata standard].
+ * For this there is a special extension of SPProviderRole.
  * 
  * @author Walter Hoehn (wassa@columbia.edu)
  */
 public interface ProviderRole {
 
-       public Provider getProvider();
+       public Provider getProvider(); // find parent EntityDescriptor/Provider
 
        public String[] getProtocolSupport();
 
diff --git a/src/edu/internet2/middleware/shibboleth/metadata/SAML2Metadata.java b/src/edu/internet2/middleware/shibboleth/metadata/SAML2Metadata.java
new file mode 100644 (file)
index 0000000..acafae6
--- /dev/null
@@ -0,0 +1,20 @@
+/*
+ * SAML2Metadata.java
+ * 
+ * Shibboleth constants used in SAML 2.0 Metadata files
+ */
+package edu.internet2.middleware.shibboleth.metadata;
+
+
+public class SAML2Metadata {
+    public static final String xmlns = "urn:oasis:names:tc:SAML:2.0:metadata";
+    public static final String schema = "sstc-saml-schema-metadata-2.0.xsd";
+    public static final String assertionns = "urn:oasis:names:tc:SAML:2.0:assertion";
+    public static final String saml1protocol = "urn:oasis:names:tc:SAML:1.0:protocol";
+    public static final String shib1protocol = "urn:mace:shibboleth:1.0";
+    public static final String shib1Binding ="urn:mace:shibboleth:1.0";
+    public static final String SAML1Binding ="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding";
+    public static final String POST1Binding ="urn:oasis:names:tc:SAML:1.0:profiles:browser-post";
+    public static final String handleNameIDFormat = "urn:mace:shibboleth:1.0:nameIdentifier";
+
+}