mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32691 Commits
59 Branches
Tree: 1e297c135a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1e297c135a'
${ noResults }
sonarqube/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlSettings.java

SamlSettings.java 8.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2022 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.auth.saml;

  21. 

  22. import java.util.Arrays;

  23. import java.util.List;

  24. import java.util.Optional;

  25. import org.sonar.api.config.Configuration;

  26. import org.sonar.api.config.PropertyDefinition;

  27. import org.sonar.api.server.ServerSide;

  28. 

  29. import static java.lang.String.valueOf;

  30. import static org.sonar.api.PropertyType.BOOLEAN;

  31. import static org.sonar.api.PropertyType.PASSWORD;

  32. 

  33. @ServerSide

  34. public class SamlSettings {

  35. 

  36.   public static final String ENABLED = "sonar.auth.saml.enabled";

  37.   public static final String PROVIDER_ID = "sonar.auth.saml.providerId";

  38.   public static final String PROVIDER_NAME = "sonar.auth.saml.providerName";

  39. 

  40.   public static final String APPLICATION_ID = "sonar.auth.saml.applicationId";

  41.   public static final String LOGIN_URL = "sonar.auth.saml.loginUrl";

  42.   public static final String CERTIFICATE = "sonar.auth.saml.certificate.secured";

  43. 

  44.   public static final String USER_LOGIN_ATTRIBUTE = "sonar.auth.saml.user.login";

  45.   public static final String USER_NAME_ATTRIBUTE = "sonar.auth.saml.user.name";

  46.   public static final String USER_EMAIL_ATTRIBUTE = "sonar.auth.saml.user.email";

  47.   public static final String GROUP_NAME_ATTRIBUTE = "sonar.auth.saml.group.name";

  48. 

  49.   public static final String SIGN_REQUESTS_ENABLED = "sonar.auth.saml.signature.enabled";

  50.   public static final String SERVICE_PROVIDER_CERTIFICATE = "sonar.auth.saml.sp.certificate.secured";

  51.   public static final String SERVICE_PROVIDER_PRIVATE_KEY = "sonar.auth.saml.sp.privateKey.secured";

  52. 

  53.   public static final String CATEGORY = "authentication";

  54.   public static final String SUBCATEGORY = "saml";

  55. 

  56.   private final Configuration configuration;

  57. 

  58.   public SamlSettings(Configuration configuration) {

  59.     this.configuration = configuration;

  60.   }

  61. 

  62.   String getProviderId() {

  63.     return configuration.get(PROVIDER_ID).orElseThrow(() -> new IllegalArgumentException("Provider ID is missing"));

  64.   }

  65. 

  66.   String getProviderName() {

  67.     return configuration.get(PROVIDER_NAME).orElseThrow(() -> new IllegalArgumentException("Provider Name is missing"));

  68.   }

  69. 

  70.   String getApplicationId() {

  71.     return configuration.get(APPLICATION_ID).orElseThrow(() -> new IllegalArgumentException("Application ID is missing"));

  72.   }

  73. 

  74.   String getLoginUrl() {

  75.     return configuration.get(LOGIN_URL).orElseThrow(() -> new IllegalArgumentException("Login URL is missing"));

  76.   }

  77. 

  78.   String getCertificate() {

  79.     return configuration.get(CERTIFICATE).orElseThrow(() -> new IllegalArgumentException("Identity provider certificate is missing"));

  80.   }

  81. 

  82.   String getUserLogin() {

  83.     return configuration.get(USER_LOGIN_ATTRIBUTE).orElseThrow(() -> new IllegalArgumentException("User login attribute is missing"));

  84.   }

  85. 

  86.   String getUserName() {

  87.     return configuration.get(USER_NAME_ATTRIBUTE).orElseThrow(() -> new IllegalArgumentException("User name attribute is missing"));

  88.   }

  89. 

  90.   boolean isSignRequestsEnabled() {

  91.     return configuration.getBoolean(SIGN_REQUESTS_ENABLED).orElse(false);

  92.   }

  93. 

  94.   Optional<String> getServiceProviderPrivateKey() {

  95.     return configuration.get(SERVICE_PROVIDER_PRIVATE_KEY);

  96.   }

  97. 

  98.   String getServiceProviderCertificate() {

  99.     return configuration.get(SERVICE_PROVIDER_CERTIFICATE).orElseThrow(() -> new IllegalArgumentException("Service provider certificate is missing"));

  100.   }

  101. 

  102.   Optional<String> getUserEmail() {

  103.     return configuration.get(USER_EMAIL_ATTRIBUTE);

  104.   }

  105. 

  106.   Optional<String> getGroupName() {

  107.     return configuration.get(GROUP_NAME_ATTRIBUTE);

  108.   }

  109. 

  110.   boolean isEnabled() {

  111.     return configuration.getBoolean(ENABLED).orElse(false) &&

  112.       configuration.get(PROVIDER_ID).isPresent() &&

  113.       configuration.get(APPLICATION_ID).isPresent() &&

  114.       configuration.get(LOGIN_URL).isPresent() &&

  115.       configuration.get(CERTIFICATE).isPresent() &&

  116.       configuration.get(USER_LOGIN_ATTRIBUTE).isPresent() &&

  117.       configuration.get(USER_NAME_ATTRIBUTE).isPresent();

  118.   }

  119. 

  120.   static List<PropertyDefinition> definitions() {

  121.     return Arrays.asList(

  122.       PropertyDefinition.builder(ENABLED)

  123.         .name("Enabled")

  124.         .description("Enable SAML users to login. Value is ignored if provider ID, login url, certificate, login, name attributes are not defined.")

  125.         .category(CATEGORY)

  126.         .subCategory(SUBCATEGORY)

  127.         .type(BOOLEAN)

  128.         .defaultValue(valueOf(false))

  129.         .index(1)

  130.         .build(),

  131.       PropertyDefinition.builder(APPLICATION_ID)

  132.         .name("Application ID")

  133.         .description("Identifier of the application.")

  134.         .defaultValue("sonarqube")

  135.         .category(CATEGORY)

  136.         .subCategory(SUBCATEGORY)

  137.         .index(2)

  138.         .build(),

  139.       PropertyDefinition.builder(PROVIDER_NAME)

  140.         .name("Provider Name")

  141.         .description("Name displayed for the provider in the login page.")

  142.         .defaultValue("SAML")

  143.         .category(CATEGORY)

  144.         .subCategory(SUBCATEGORY)

  145.         .index(3)

  146.         .build(),

  147.       PropertyDefinition.builder(PROVIDER_ID)

  148.         .name("Provider ID")

  149.         .description("Identifier of the identity provider, the entity that provides SAML authentication.")

  150.         .category(CATEGORY)

  151.         .subCategory(SUBCATEGORY)

  152.         .index(4)

  153.         .build(),

  154.       PropertyDefinition.builder(LOGIN_URL)

  155.         .name("SAML login url")

  156.         .description("SAML login URL for the identity provider.")

  157.         .category(CATEGORY)

  158.         .subCategory(SUBCATEGORY)

  159.         .index(5)

  160.         .build(),

  161.       PropertyDefinition.builder(CERTIFICATE)

  162.         .name("Identity provider certificate")

  163.         .description("X.509 certificate for the identity provider.")

  164.         .category(CATEGORY)

  165.         .subCategory(SUBCATEGORY)

  166.         .type(PASSWORD)

  167.         .index(6)

  168.         .build(),

  169.       PropertyDefinition.builder(USER_LOGIN_ATTRIBUTE)

  170.         .name("SAML user login attribute")

  171.         .description("Attribute defining the user login in SAML.")

  172.         .category(CATEGORY)

  173.         .subCategory(SUBCATEGORY)

  174.         .index(7)

  175.         .build(),

  176.       PropertyDefinition.builder(USER_NAME_ATTRIBUTE)

  177.         .name("SAML user name attribute")

  178.         .description("Attribute defining the user name in SAML.")

  179.         .category(CATEGORY)

  180.         .subCategory(SUBCATEGORY)

  181.         .index(8)

  182.         .build(),

  183.       PropertyDefinition.builder(USER_EMAIL_ATTRIBUTE)

  184.         .name("SAML user email attribute")

  185.         .description("Attribute defining the user email in SAML.")

  186.         .category(CATEGORY)

  187.         .subCategory(SUBCATEGORY)

  188.         .index(9)

  189.         .build(),

  190.       PropertyDefinition.builder(GROUP_NAME_ATTRIBUTE)

  191.         .name("SAML group attribute")

  192.         .description("Attribute defining the user groups in SAML. " +

  193.           "Users are associated to the default group only if no attribute is defined.")

  194.         .category(CATEGORY)

  195.         .subCategory(SUBCATEGORY)

  196.         .index(10)

  197.         .build(),

  198.       PropertyDefinition.builder(SIGN_REQUESTS_ENABLED)

  199.         .name("Sign requests")

  200.         .description("Enables signature of SAML requests. It requires both service provider private key and certificate to be set.")

  201.         .category(CATEGORY)

  202.         .subCategory(SUBCATEGORY)

  203.         .type(BOOLEAN)

  204.         .defaultValue(valueOf(false))

  205.         .index(11)

  206.         .build(),

  207.       PropertyDefinition.builder(SERVICE_PROVIDER_PRIVATE_KEY)

  208.         .name("Service provider private key")

  209.         .description("PKCS8 stored private key used for signing the requests and decrypting responses from the identity provider. ")

  210.         .category(CATEGORY)

  211.         .subCategory(SUBCATEGORY)

  212.         .type(PASSWORD)

  213.         .index(12)

  214.         .build(),

  215.       PropertyDefinition.builder(SERVICE_PROVIDER_CERTIFICATE)

  216.         .name("Service provider certificate")

  217.         .description("X.509 certificate for the service provider, used for signing the requests.")

  218.         .category(CATEGORY)

  219.         .subCategory(SUBCATEGORY)

  220.         .type(PASSWORD)

  221.         .index(13)

  222.         .build());

  223.   }

  224. }