Merge pull request #1155 from stormpath/issue-1136-stormpath-idp-flow-support

Issue 1136 stormpath idp flow support

Author: palimpsestor

api/src/main/java/com/stormpath/sdk/saml/AuthnVerification.java

@@ -0,0 +1,46 @@
+package com.stormpath.sdk.saml;
+
+import com.stormpath.sdk.application.Application;
+import com.stormpath.sdk.resource.Resource;
+
+import java.util.Date;
+
+/**
+ * An AuthnVerification represents the successful results of verifying the signature of a SAML AuthnRequest targeted
+ * against a particular Stormpath {@link Application}.
+ *
+ * @since 1.3.0
+ */
+public interface AuthnVerification extends Resource {
+
+    /**
+     * Returns the relay state provided with the original SAML AuthnRequest, if any was provided.  Otherwise the default
+     * relay state configured for the {@link Application}.
+     *
+     * @return the relay state associated with the SAML AuthnRequest.
+     */
+    String getRelayState();
+
+    /**
+     * Returns the {@link RegisteredSamlServiceProvider} associated with the entityId of the original AuthnRequest.
+     *
+     * @return the {@link RegisteredSamlServiceProvider} associated with the entityId of the original AuthnRequest.
+     */
+    RegisteredSamlServiceProvider getServiceProvider();
+
+
+    /**
+     * Returns the request ID provided with the original SAML AuthnRequest.
+     *
+     * @return the request ID provided with the original SAML AuthnRequest.
+     */
+    String getRequestId();
+
+
+    /**
+     * Returns the issue instant of the original SAML AuthnRequest.
+     *
+     * @return the issue instant of the original SAML AuthnRequest.
+     */
+    Date getAuthnIssueInstant();
+}

api/src/main/java/com/stormpath/sdk/saml/AuthnVerificationRequest.java

@@ -0,0 +1,82 @@
+package com.stormpath.sdk.saml;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ * An AuthnVerificationRequest encapsulates the fields of a SAML AuthnRequest targeted
+ * against a particular Stormpath Application.
+ *
+ * @since 1.3.0
+ */
+public interface AuthnVerificationRequest extends Resource {
+
+    /**
+     * Returns the value of the SAMLRequest parameter provided with the incoming AuthnRequest.
+     *
+     * @return the value of the SAMLRequest parameter provided with the incoming AuthnRequest.
+     */
+    String getSamlRequest();
+
+    /**
+     * Sets the value of the SAMLRequest parameter provided with the incoming AuthnRequest.
+     *
+     * @param samlRequest the value of the SAMLRequest parameter from the incoming AuthnRequest.
+     * @return this instance for method chaining.
+     */
+    AuthnVerificationRequest setSamlRequest(String samlRequest);
+
+    /**
+     * Returns the value of the RelayState parameter provided with the incoming AuthnRequest.
+     *
+     * @return the value of the RelayState parameter provided with the incoming AuthnRequest.
+     */
+    String getRelayState();
+
+    /**
+     * Sets the value of the RelayState parameter provided with the incoming AuthnRequest.
+     *
+     * @param relayState the value of the RelayState parameter from the incoming AuthnRequest.
+     * @return this instance for method chaining.
+     */
+    AuthnVerificationRequest setRelayState(String relayState);
+
+    /**
+     * Returns the value of the SigAlg parameter provided with the incoming AuthnRequest.
+     *
+     * @return the value of the SigAlg parameter provided with the incoming AuthnRequest.
+     */
+    String getSigAlg();
+
+    /**
+     * Sets the value of the SigAlg parameter provided with the incoming AuthnRequest.
+     *
+     * @param sigAlg the value of the SigAlg parameter from the incoming AuthnRequest.
+     * @return this instance for method chaining.
+     */
+    AuthnVerificationRequest setSigAlg(String sigAlg);
+
+    /**
+     * Returns the value of the Signature parameter provided with the incoming AuthnRequest.
+     *
+     * @return the value of the Signature parameter provided with the incoming AuthnRequest.
+     */
+    String getSignature();
+
+    /**
+     * Sets the value of the Signature parameter provided with the incoming AuthnRequest.
+     *
+     * @param signature the value of the Signature parameter from the incoming AuthnRequest.
+     * @return this instance for method chaining.
+     */
+    AuthnVerificationRequest setSignature(String signature);
+
+    /**
+     * When the AuthnRequest is submitted via HTTP GET, returns the query string of the incoming request.
+     * Otherwise null.
+     *
+     * @return the query string of the incoming AuthnRequest, or null if the AuthnRequest was submitted with HTTP POST.
+     */
+    String getQueryString();
+
+    AuthnVerificationRequest setQueryString(String queryString);
+}

api/src/main/java/com/stormpath/sdk/saml/CreateSamlResponseRequest.java

@@ -0,0 +1,78 @@
+package com.stormpath.sdk.saml;
+
+import com.stormpath.sdk.account.Account;
+import com.stormpath.sdk.resource.Resource;
+
+import java.util.Date;
+
+/**
+ * A SamlResponseRequest encapsulates the information needed to prepare a SAML response according to the SAML specification.
+ *
+ * @since 1.3.0
+ */
+public interface CreateSamlResponseRequest extends Resource {
+
+    /**
+     * Returns the {@link Account} to be represented in this SAML response.
+     *
+     * @return the {@link Account} to be represented in this SAML response.
+     */
+    Account getAccount();
+
+    /**
+     * Sets the {@link Account} to be represented in this SAML response.
+     *
+     * @param account the {@link Account} to be represented in this SAML response.
+     * @return this instance for method chaining.
+     */
+    CreateSamlResponseRequest setAccount(Account account);
+
+    /**
+     * Returns the {@link RegisteredSamlServiceProvider} to be represented in this SAML response.
+     *
+     * @return the {@link RegisteredSamlServiceProvider} to be represented in this SAML response.
+     */
+    RegisteredSamlServiceProvider getServiceProvider();
+
+    /**
+     * Sets the {@link RegisteredSamlServiceProvider} to be represented in this SAML response.
+     *
+     * @param serviceProvider the {@link RegisteredSamlServiceProvider} to be represented in this SAML response.
+     * @return this instance for method chaining.
+     */
+    CreateSamlResponseRequest setServiceProvider(RegisteredSamlServiceProvider serviceProvider);
+
+    /**
+     * Returns the request ID to be represented in this SAML response, which should match the request ID
+     * that was provided in the initiating SAML AuthnRequest.
+     *
+     * @return the request ID to be represented in this SAML response.
+     */
+    String getRequestId();
+
+    /**
+     * Sets the request ID to be represented in this SAML response, which should match the request ID
+     * that was provided in the initiating SAML AuthnRequest.
+     *
+     * @param requestId the request ID to be represented in this SAML response.
+     * @return this instance for method chaining.
+     */
+    CreateSamlResponseRequest setRequestId(String requestId);
+
+    /**
+     * Returns the issue instant to be represented in this SAML response, which should match the issue instant
+     * that was provided in the initiating SAML AuthnRequest.
+     *
+     * @return the issue instant to be represented in this SAML response.
+     */
+    Date getAuthnIssueInstant();
+
+    /**
+     * Sets the issue instant to be represented in this SAML response, which should match the issue instant
+     * that was provided in the initiating SAML AuthnRequest.
+     *
+     * @param authnIssueInstant the issue instant to be represented in this SAML response.
+     * @return this instance for method chaining.
+     */
+    CreateSamlResponseRequest setAuthnIssueInstant(Date authnIssueInstant);
+}

api/src/main/java/com/stormpath/sdk/saml/SamlIdentityProvider.java

@@ -195,4 +195,23 @@ public interface SamlIdentityProvider extends Resource, Saveable, Deletable, Aud
      * @return a paginated list of the samlIdentityProvider's samlServiceProviderRegistrations that match the specified query criteria.
      */
     SamlServiceProviderRegistrationList getSamlServiceProviderRegistrations(SamlServiceProviderRegistrationCriteria criteria);
+
+    /**
+     * Given an {@link AuthnVerificationRequest} wrapping an incoming SAML AuthnRequest, verifies that the request targets a
+     * {@link RegisteredSamlServiceProvider} that is registered with this identity provider, and validates the signature of
+     * the request if one is provided.
+     *
+     * @param request the request to be verified.
+     * @return an {@link AuthnVerification} containing the state to be passed along during the SAML flow.
+     */
+    AuthnVerification createAuthnVerification(AuthnVerificationRequest request);
+
+    /**
+     * Given a {@link CreateSamlResponseRequest} for a given {@link com.stormpath.sdk.account.Account} and {@link RegisteredSamlServiceProvider},
+     * creates a {@link SamlResponse} wrapping the XML of the SAML response to be returned to the service provider.
+     *
+     * @param samlResponseRequest a {@link CreateSamlResponseRequest} wrapping the values needed to prepare the SAML response.
+     * @return a {@link SamlResponse} wrapping the XML of the SAML response to be returned to the service provider.
+     */
+    SamlResponse createSamlResponse(CreateSamlResponseRequest samlResponseRequest);
 }

api/src/main/java/com/stormpath/sdk/saml/SamlResponse.java

@@ -0,0 +1,18 @@
+package com.stormpath.sdk.saml;
+
+import com.stormpath.sdk.resource.Resource;
+
+/**
+ * A SamlResponse has a single field whose value is the base 64 encoded XML of a SAML response according to the SAML specification.
+ *
+ * @since 1.3.0
+ */
+public interface SamlResponse extends Resource {
+
+    /**
+     * Returns the base 64 encoded XML of the SAML response..
+     *
+     * @return the base 64 encoded XML of the SAML response.
+     */
+    String getValue();
+}

extensions/httpclient/src/test/groovy/com/stormpath/sdk/impl/saml/AbstractSamlIT.groovy

@@ -31,7 +31,7 @@ import static org.testng.Assert.assertTrue
 /**
  * @since 1.3.0
  */
-abstract class AbstractSamlIT extends ClientIT{
+abstract class AbstractSamlIT extends ClientIT {
     public static String validX509Cert = '''-----BEGIN CERTIFICATE-----
 MIIDBjCCAe4CCQDkkfBwuV3jqTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
 UzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
@@ -75,23 +75,23 @@ xu/vQr6stjuzJIsDNAtW1FlG8WALOMjV
 '''
 
 
-    protected SamlIdentityProvider getNewSamlIdentityProviderForNewApplication(){
+    protected SamlIdentityProvider getNewSamlIdentityProviderForNewApplication() {
         def app = createTempApp()
         return getSamlIdentityProviderForApplication(app)
     }
 
-    protected SamlIdentityProvider getSamlIdentityProviderForApplication(Application app){
+    protected SamlIdentityProvider getSamlIdentityProviderForApplication(Application app) {
         def samlPolicy = client.getResource(app.getSamlPolicy().href, SamlPolicy)
         samlPolicy.getIdentityProvider()
         return client.getResource(samlPolicy.getIdentityProvider().href, SamlIdentityProvider)
     }
 
-    protected SamlIdentityProvider getSamlIdentityProviderForDefaultApplication(){
+    protected SamlIdentityProvider getSamlIdentityProviderForDefaultApplication() {
         def app = client.currentTenant.getApplications(Applications.where(Applications.name().eqIgnoreCase("Stormpath"))).asList().get(0)
         return getSamlIdentityProviderForApplication(app)
     }
 
-    protected SamlServiceProviderRegistration createAndGetAndAssertNewRegistration(SamlServiceProviderRegistration registration){
+    protected SamlServiceProviderRegistration createAndGetAndAssertNewRegistration(SamlServiceProviderRegistration registration) {
         def identityProviderHref = registration.getIdentityProvider().href
         def builder = SamlServiceProviderRegistrations.newCreateRequestFor(registration)
         registration = registration.getIdentityProvider().createSamlServiceProviderRegistration(builder.build())
@@ -105,7 +105,7 @@ xu/vQr6stjuzJIsDNAtW1FlG8WALOMjV
         return registration
     }
 
-    protected void createNewRegistrationError(SamlServiceProviderRegistration registration, int expectedErrorCode){
+    protected void createNewRegistrationError(SamlServiceProviderRegistration registration, int expectedErrorCode) {
         def builder = SamlServiceProviderRegistrations.newCreateRequestFor(registration)
 
         Throwable e = null;

extensions/httpclient/src/test/groovy/com/stormpath/sdk/impl/saml/SAMLServiceProviderRegistrationIT.groovy

@@ -12,7 +12,7 @@ import org.testng.annotations.Test
 import static org.testng.AssertJUnit.assertEquals
 import static org.testng.AssertJUnit.assertNotNull
 
-class SamlServiceProviderRegistrationIT extends AbstractSamlIT{
+class SamlServiceProviderRegistrationIT extends AbstractSamlIT {
 
     @AfterMethod
     public void cleanUp() {