/*
* Licensed to the University Corporation for Advanced Internet Development,
* Inc. (UCAID) under one or more contributor license agreements. See the
* NOTICE file distributed with this work for additional information regarding
* copyright ownership. The UCAID licenses this file to You under the Apache
* License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.opensaml;
import org.apache.xml.security.Init;
import org.opensaml.saml1.binding.artifact.SAML1ArtifactBuilderFactory;
import org.opensaml.saml2.binding.artifact.SAML2ArtifactBuilderFactory;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLConfigurator;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
import org.owasp.esapi.ESAPI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* This class can be used to bootstrap the OpenSAML library with the default configurations that ship with the library.
*/
public class DefaultBootstrap {
/** List of default XMLTooling configuration files. */
private static String[] xmlToolingConfigs = {
"/default-config.xml",
"/schema-config.xml",
"/signature-config.xml",
"/signature-validation-config.xml",
"/encryption-config.xml",
"/encryption-validation-config.xml",
"/soap11-config.xml",
"/wsfed11-protocol-config.xml",
"/saml1-assertion-config.xml",
"/saml1-protocol-config.xml",
"/saml1-core-validation-config.xml",
"/saml2-assertion-config.xml",
"/saml2-protocol-config.xml",
"/saml2-core-validation-config.xml",
"/saml1-metadata-config.xml",
"/saml2-metadata-config.xml",
"/saml2-metadata-validation-config.xml",
"/saml2-metadata-attr-config.xml",
"/saml2-metadata-idp-discovery-config.xml",
"/saml2-metadata-ui-config.xml",
"/saml2-protocol-aslo-config.xml",
"/saml2-protocol-thirdparty-config.xml",
"/saml2-metadata-query-config.xml",
"/saml2-assertion-delegation-restriction-config.xml",
"/saml2-ecp-config.xml",
"/saml2-channel-binding-config.xml",
"/saml-ec-gss-config.xml",
"/xacml10-saml2-profile-config.xml",
"/xacml11-saml2-profile-config.xml",
"/xacml20-context-config.xml",
"/xacml20-policy-config.xml",
"/xacml2-saml2-profile-config.xml",
"/xacml3-saml2-profile-config.xml",
"/wsaddressing-config.xml",
"/wssecurity-config.xml",
"/wstrust-config.xml",
"/wspolicy-config.xml",
};
/** Constructor. */
protected DefaultBootstrap() {
}
/**
* Initializes the OpenSAML library, loading default configurations.
*
* @throws ConfigurationException thrown if there is a problem initializing the OpenSAML library
*/
public static synchronized void bootstrap() throws ConfigurationException {
initializeXMLSecurity();
initializeXMLTooling();
initializeArtifactBuilderFactories();
initializeGlobalSecurityConfiguration();
initializeParserPool();
initializeESAPI();
}
/**
* Initializes the OWASPI ESAPI library.
*/
protected static void initializeESAPI() {
Logger log = getLogger();
String systemPropertyKey = "org.owasp.esapi.SecurityConfiguration";
String opensamlConfigImpl = ESAPISecurityConfig.class.getName();
String currentValue = System.getProperty(systemPropertyKey);
if (currentValue == null || currentValue.isEmpty()) {
log.debug("Setting ESAPI SecurityConfiguration impl to OpenSAML internal class: {}", opensamlConfigImpl);
System.setProperty(systemPropertyKey, opensamlConfigImpl);
// We still need to call ESAPI.initialize() despite setting the system property, b/c within the ESAPI class
// the property is only evaluated once in a static initializer and stored. The initialize method however
// does overwrite the statically-set value from the system property. But still set the system property for
// consistency, so other callers can see what has been set.
ESAPI.initialize(opensamlConfigImpl);
} else {
log.debug("ESAPI SecurityConfiguration impl was already set non-null and non-empty via system property, leaving existing value in place: {}",
currentValue);
}
}
/**
* Initializes the default global parser pool instance.
*
* <p>
* The ParserPool configured by default here is an instance of
* {@link StaticBasicParserPool}, with a maxPoolSize property of 50
* and all other properties with default values.
* </p>
*
* <p>
* If a deployment wishes to use a different parser pool implementation,
* or one configured with different characteristics, they may either override this method,
* or simply configure a different ParserPool after bootstrapping via
* {@link Configuration#setParserPool(org.opensaml.xml.parse.ParserPool)}.
* </p>
*
* @throws ConfigurationException thrown if there is a problem initializing the parser pool
*/
protected static void initializeParserPool() throws ConfigurationException {
StaticBasicParserPool pp = new StaticBasicParserPool();
pp.setMaxPoolSize(50);
try {
pp.initialize();
} catch (XMLParserException e) {
throw new ConfigurationException("Error initializing parser pool", e);
}
Configuration.setParserPool(pp);
}
/**
* Initializes the default global security configuration.
*/
protected static void initializeGlobalSecurityConfiguration() {
Configuration.setGlobalSecurityConfiguration(DefaultSecurityConfigurationBootstrap.buildDefaultConfig());
}
/**
* Initializes the Apache XMLSecurity libary.
*
* @throws ConfigurationException thrown is there is a problem initializing the library
*/
protected static void initializeXMLSecurity() throws ConfigurationException {
Logger log = getLogger();
String lineBreakPropName = "org.apache.xml.security.ignoreLineBreaks";
// Don't override if it was set explicitly
if (System.getProperty(lineBreakPropName) == null) {
System.setProperty(lineBreakPropName, "true");
}
if (!Init.isInitialized()) {
log.debug("Initializing Apache XMLSecurity library");
Init.init();
}
}
/**
* Initializes the XMLTooling library with a default set of object providers.
*
* @throws ConfigurationException thrown if there is a problem loading the configuration files
*/
protected static void initializeXMLTooling() throws ConfigurationException {
initializeXMLTooling(xmlToolingConfigs);
}
/**
* Initializes the XMLTooling library with an explicitly supplied set of object providers.
*
* @param providerConfigs list of provider configuration files located on the classpath
*
* @throws ConfigurationException thrown if there is a problem loading the configuration files
*/
protected static void initializeXMLTooling(String[] providerConfigs) throws ConfigurationException {
Logger log = getLogger();
Class clazz = Configuration.class;
XMLConfigurator configurator = new XMLConfigurator();
for (String config : providerConfigs) {
log.debug("Loading XMLTooling configuration {}", config);
configurator.load(clazz.getResourceAsStream(config));
}
}
/**
* Initializes the artifact factories for SAML 1 and SAML 2 artifacts.
*
* @throws ConfigurationException thrown if there is a problem initializing the artifact factory
*/
protected static void initializeArtifactBuilderFactories() throws ConfigurationException {
Logger log = getLogger();
log.debug("Initializing SAML Artifact builder factories");
Configuration.setSAML1ArtifactBuilderFactory(new SAML1ArtifactBuilderFactory());
Configuration.setSAML2ArtifactBuilderFactory(new SAML2ArtifactBuilderFactory());
}
/**
* Get an SLF4J Logger.
*
* @return a Logger instance
*/
protected static Logger getLogger() {
return LoggerFactory.getLogger(DefaultBootstrap.class);
}
}