From 6bd2f1ca973c4ef4a1afc4f5c39f359094770950 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 1 Jul 2024 18:53:03 -0600 Subject: [PATCH] Deprecate OpenSamlRelyingPartyRegistration Closes gh-15343 --- .../OpenSamlAssertingPartyDetails.java | 14 +++++++ .../OpenSamlRelyingPartyRegistration.java | 31 ++++++++------ .../RelyingPartyRegistration.java | 40 ++++++++----------- 3 files changed, 48 insertions(+), 37 deletions(-) diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java index 25d5738a6c..0d780d0e0d 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java @@ -65,6 +65,20 @@ public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistratio return new OpenSamlAssertingPartyDetails.Builder(entity); } + @Override + public OpenSamlAssertingPartyDetails.Builder mutate() { + return new OpenSamlAssertingPartyDetails.Builder(this.descriptor).entityId(getEntityId()) + .wantAuthnRequestsSigned(getWantAuthnRequestsSigned()) + .signingAlgorithms((algorithms) -> algorithms.addAll(getSigningAlgorithms())) + .verificationX509Credentials((c) -> c.addAll(getVerificationX509Credentials())) + .encryptionX509Credentials((c) -> c.addAll(getEncryptionX509Credentials())) + .singleSignOnServiceLocation(getSingleSignOnServiceLocation()) + .singleSignOnServiceBinding(getSingleSignOnServiceBinding()) + .singleLogoutServiceLocation(getSingleLogoutServiceLocation()) + .singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation()) + .singleLogoutServiceBinding(getSingleLogoutServiceBinding()); + } + /** * An OpenSAML version of * {@link org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder} diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java index ce9061ad4a..9b3f26dc3a 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java @@ -29,7 +29,19 @@ import org.springframework.security.saml2.core.Saml2X509Credential; * * @author Josh Cummings * @since 6.1 + * @deprecated This class no longer is needed in order to transmit the + * {@link EntityDescriptor} to {@link OpenSamlAssertingPartyDetails}. Instead of doing: + *
+ * 	if (registration instanceof OpenSamlRelyingPartyRegistration openSamlRegistration) {
+ * 	    EntityDescriptor descriptor = openSamlRegistration.getAssertingPartyDetails.getEntityDescriptor();
+ * 	}
+ * 
do instead:
+ * 	if (registration.getAssertingPartyDetails() instanceof openSamlAssertingPartyDetails) {
+ * 	    EntityDescriptor descriptor = openSamlAssertingPartyDetails.getEntityDescriptor();
+ * 	}
+ * 
*/ +@Deprecated public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistration { OpenSamlRelyingPartyRegistration(RelyingPartyRegistration registration) { @@ -47,7 +59,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra @Override public OpenSamlRelyingPartyRegistration.Builder mutate() { OpenSamlAssertingPartyDetails party = getAssertingPartyDetails(); - return withAssertingPartyEntityDescriptor(party.getEntityDescriptor()).registrationId(getRegistrationId()) + return new Builder(party).registrationId(getRegistrationId()) .entityId(getEntityId()) .signingX509Credentials((c) -> c.addAll(getSigningX509Credentials())) .decryptionX509Credentials((c) -> c.addAll(getDecryptionX509Credentials())) @@ -57,18 +69,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra .singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation()) .singleLogoutServiceBindings((c) -> c.addAll(getSingleLogoutServiceBindings())) .nameIdFormat(getNameIdFormat()) - .authnRequestsSigned(isAuthnRequestsSigned()) - .assertingPartyDetails((assertingParty) -> ((OpenSamlAssertingPartyDetails.Builder) assertingParty) - .entityId(party.getEntityId()) - .wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned()) - .signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms())) - .verificationX509Credentials((c) -> c.addAll(party.getVerificationX509Credentials())) - .encryptionX509Credentials((c) -> c.addAll(party.getEncryptionX509Credentials())) - .singleSignOnServiceLocation(party.getSingleSignOnServiceLocation()) - .singleSignOnServiceBinding(party.getSingleSignOnServiceBinding()) - .singleLogoutServiceLocation(party.getSingleLogoutServiceLocation()) - .singleLogoutServiceResponseLocation(party.getSingleLogoutServiceResponseLocation()) - .singleLogoutServiceBinding(party.getSingleLogoutServiceBinding())); + .authnRequestsSigned(isAuthnRequestsSigned()); } /** @@ -100,6 +101,10 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra super(entityDescriptor.getEntityID(), OpenSamlAssertingPartyDetails.withEntityDescriptor(entityDescriptor)); } + Builder(OpenSamlAssertingPartyDetails details) { + super(details.getEntityDescriptor().getEntityID(), details.mutate()); + } + @Override public Builder registrationId(String id) { return (Builder) super.registrationId(id); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java index 9e6f1b7533..87cfea754e 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java @@ -139,8 +139,7 @@ public class RelyingPartyRegistration { * @since 6.1 */ public Builder mutate() { - AssertingPartyDetails party = this.assertingPartyDetails; - return withRegistrationId(this.registrationId).entityId(this.entityId) + return new Builder(this.registrationId, this.assertingPartyDetails.mutate()).entityId(this.entityId) .signingX509Credentials((c) -> c.addAll(this.signingX509Credentials)) .decryptionX509Credentials((c) -> c.addAll(this.decryptionX509Credentials)) .assertionConsumerServiceLocation(this.assertionConsumerServiceLocation) @@ -149,17 +148,7 @@ public class RelyingPartyRegistration { .singleLogoutServiceResponseLocation(this.singleLogoutServiceResponseLocation) .singleLogoutServiceBindings((c) -> c.addAll(this.singleLogoutServiceBindings)) .nameIdFormat(this.nameIdFormat) - .authnRequestsSigned(this.authnRequestsSigned) - .assertingPartyDetails((assertingParty) -> assertingParty.entityId(party.getEntityId()) - .wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned()) - .signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms())) - .verificationX509Credentials((c) -> c.addAll(party.getVerificationX509Credentials())) - .encryptionX509Credentials((c) -> c.addAll(party.getEncryptionX509Credentials())) - .singleSignOnServiceLocation(party.getSingleSignOnServiceLocation()) - .singleSignOnServiceBinding(party.getSingleSignOnServiceBinding()) - .singleLogoutServiceLocation(party.getSingleLogoutServiceLocation()) - .singleLogoutServiceResponseLocation(party.getSingleLogoutServiceResponseLocation()) - .singleLogoutServiceBinding(party.getSingleLogoutServiceBinding())); + .authnRequestsSigned(this.authnRequestsSigned); } /** @@ -346,17 +335,7 @@ public class RelyingPartyRegistration { public static Builder withAssertingPartyDetails(AssertingPartyDetails assertingPartyDetails) { Assert.notNull(assertingPartyDetails, "assertingPartyDetails cannot be null"); - return withRegistrationId(assertingPartyDetails.getEntityId()) - .assertingPartyDetails((party) -> party.entityId(assertingPartyDetails.getEntityId()) - .wantAuthnRequestsSigned(assertingPartyDetails.getWantAuthnRequestsSigned()) - .signingAlgorithms((algorithms) -> algorithms.addAll(assertingPartyDetails.getSigningAlgorithms())) - .verificationX509Credentials((c) -> c.addAll(assertingPartyDetails.getVerificationX509Credentials())) - .encryptionX509Credentials((c) -> c.addAll(assertingPartyDetails.getEncryptionX509Credentials())) - .singleSignOnServiceLocation(assertingPartyDetails.getSingleSignOnServiceLocation()) - .singleSignOnServiceBinding(assertingPartyDetails.getSingleSignOnServiceBinding()) - .singleLogoutServiceLocation(assertingPartyDetails.getSingleLogoutServiceLocation()) - .singleLogoutServiceResponseLocation(assertingPartyDetails.getSingleLogoutServiceResponseLocation()) - .singleLogoutServiceBinding(assertingPartyDetails.getSingleLogoutServiceBinding())); + return new Builder(assertingPartyDetails.getEntityId(), assertingPartyDetails.mutate()); } /** @@ -592,6 +571,19 @@ public class RelyingPartyRegistration { return this.singleLogoutServiceBinding; } + public AssertingPartyDetails.Builder mutate() { + return new AssertingPartyDetails.Builder().entityId(this.entityId) + .wantAuthnRequestsSigned(this.wantAuthnRequestsSigned) + .signingAlgorithms((algorithms) -> algorithms.addAll(this.signingAlgorithms)) + .verificationX509Credentials((c) -> c.addAll(this.verificationX509Credentials)) + .encryptionX509Credentials((c) -> c.addAll(this.encryptionX509Credentials)) + .singleSignOnServiceLocation(this.singleSignOnServiceLocation) + .singleSignOnServiceBinding(this.singleSignOnServiceBinding) + .singleLogoutServiceLocation(this.singleLogoutServiceLocation) + .singleLogoutServiceResponseLocation(this.singleLogoutServiceResponseLocation) + .singleLogoutServiceBinding(this.singleLogoutServiceBinding); + } + public static class Builder { private String entityId;