001/*******************************************************************************
002 * Copyright 2017 The MIT Internet Trust Consortium
003 *
004 * Portions copyright 2011-2013 The MITRE Corporation
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License");
007 * you may not use this file except in compliance with the License.
008 * You may obtain a copy of the License at
009 *
010 *   http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 *******************************************************************************/
018package org.mitre.openid.connect.client.service.impl;
019
020import java.util.Set;
021
022import javax.servlet.http.HttpServletRequest;
023
024import org.mitre.openid.connect.client.model.IssuerServiceResponse;
025import org.mitre.openid.connect.client.service.IssuerService;
026
027import com.google.common.collect.Sets;
028
029/**
030 *
031 * Issuer service that tries to parse input from the inputs from a third-party
032 * account chooser service (if possible), but falls back to webfinger discovery
033 * if not.
034 *
035 * @author jricher
036 *
037 */
038public class HybridIssuerService implements IssuerService {
039
040        /**
041         * @return
042         * @see org.mitre.openid.connect.client.service.impl.ThirdPartyIssuerService#getAccountChooserUrl()
043         */
044        public String getAccountChooserUrl() {
045                return thirdPartyIssuerService.getAccountChooserUrl();
046        }
047
048        /**
049         * @param accountChooserUrl
050         * @see org.mitre.openid.connect.client.service.impl.ThirdPartyIssuerService#setAccountChooserUrl(java.lang.String)
051         */
052        public void setAccountChooserUrl(String accountChooserUrl) {
053                thirdPartyIssuerService.setAccountChooserUrl(accountChooserUrl);
054        }
055
056        /**
057         * @return
058         * @see org.mitre.openid.connect.client.service.impl.WebfingerIssuerService#isForceHttps()
059         */
060        public boolean isForceHttps() {
061                return webfingerIssuerService.isForceHttps();
062        }
063
064        /**
065         * @param forceHttps
066         * @see org.mitre.openid.connect.client.service.impl.WebfingerIssuerService#setForceHttps(boolean)
067         */
068        public void setForceHttps(boolean forceHttps) {
069                webfingerIssuerService.setForceHttps(forceHttps);
070        }
071
072        private ThirdPartyIssuerService thirdPartyIssuerService = new ThirdPartyIssuerService();
073        private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService();
074
075        @Override
076        public IssuerServiceResponse getIssuer(HttpServletRequest request) {
077
078                IssuerServiceResponse resp = thirdPartyIssuerService.getIssuer(request);
079                if (resp.shouldRedirect()) {
080                        // if it wants us to redirect, try the webfinger approach first
081                        return webfingerIssuerService.getIssuer(request);
082                } else {
083                        return resp;
084                }
085
086        }
087
088        public Set<String> getWhitelist() {
089                return Sets.union(thirdPartyIssuerService.getWhitelist(), webfingerIssuerService.getWhitelist());
090        }
091
092        public void setWhitelist(Set<String> whitelist) {
093                thirdPartyIssuerService.setWhitelist(whitelist);
094                webfingerIssuerService.setWhitelist(whitelist);
095        }
096
097        public Set<String> getBlacklist() {
098                return Sets.union(thirdPartyIssuerService.getBlacklist(), webfingerIssuerService.getWhitelist());
099        }
100
101        public void setBlacklist(Set<String> blacklist) {
102                thirdPartyIssuerService.setBlacklist(blacklist);
103                webfingerIssuerService.setBlacklist(blacklist);
104        }
105
106        public String getParameterName() {
107                return webfingerIssuerService.getParameterName();
108        }
109
110        public void setParameterName(String parameterName) {
111                webfingerIssuerService.setParameterName(parameterName);
112        }
113
114        public String getLoginPageUrl() {
115                return webfingerIssuerService.getLoginPageUrl();
116        }
117
118        public void setLoginPageUrl(String loginPageUrl) {
119                webfingerIssuerService.setLoginPageUrl(loginPageUrl);
120                thirdPartyIssuerService.setAccountChooserUrl(loginPageUrl); // set the same URL on both, but this one gets ignored
121        }
122
123
124}