Improve LogoutResponse API to match LogoutRequest/AuthnRequest ones

This introduces LogoutResponseParams and allows to make the whole API
coherent when building outgoing SAML messages. The Auth factories
benefit from this as well, because they now share a common construction
and usage pattern.

Author: mauromol

core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java

@@ -69,11 +69,6 @@ public class LogoutResponse {
 	 */
 	private String currentUrl;
 
-	/**
-	 * The inResponseTo attribute of the Logout Request
-	 */
-	private String inResponseTo;
-
 	/**
 	 * Time when the Logout Request was created
 	 */
@@ -85,12 +80,8 @@ public class LogoutResponse {
 	private Exception validationException;
 
 	/**
-	 * The respone status code and messages
-	 */
-	private SamlResponseStatus responseStatus;
-
-	/**
-	 * Constructs the LogoutResponse object.
+	 * Constructs the LogoutResponse object when a received response should be
+	 * extracted from the HTTP request and parsed.
 	 *
 	 * @param settings
 	 *              OneLogin_Saml2_Settings
@@ -115,6 +106,25 @@ public LogoutResponse(Saml2Settings settings, HttpRequest request) {
 			logoutResponseDocument = Util.loadXML(logoutResponseString);
 		}
 	}
+	
+	/**
+	 * Constructs the LogoutResponse object when a new response should be generated
+	 * and sent.
+	 *
+	 * @param settings
+	 *              OneLogin_Saml2_Settings
+	 * @param params
+	 *              a set of logout response input parameters that shape the
+	 *              request to create
+	 */
+	public LogoutResponse(Saml2Settings settings, LogoutResponseParams params) {
+		this.settings = settings;
+		this.request = null;
+		id = Util.generateUniqueID(settings.getUniqueIDPrefix());
+		issueInstant = Calendar.getInstance();
+		StrSubstitutor substitutor = generateSubstitutor(params, settings);
+		this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate()), params, settings);
+	}
 
 	/**
 	 * @return the base64 encoded unsigned Logout Response (deflated or not)
@@ -355,21 +365,33 @@ protected NodeList query (String query) throws XPathExpressionException {
 		return Util.query(this.logoutResponseDocument, query, null);
 	}
 
-      /**
-       * Generates a Logout Response XML string.
-       *
-       * @param inResponseTo
-       *				InResponseTo attribute value to bet set at the Logout Response. 
+	/**
+	 * Generates a Logout Response XML string.
+	 *
+	 * @param inResponseTo
+	 *              InResponseTo attribute value to bet set at the Logout Response.
 	 * @param responseStatus
-	 * 				SamlResponseStatus response status to be set on the LogoutResponse
-       */
+	 *              SamlResponseStatus response status to be set on the
+	 *              LogoutResponse
+	 * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)}
+	 *             instead, in which case this method becomes completely useless;
+	 *             indeed, invoking this method in an outgoing logout response
+	 *             scenario will cause the response parameters specified at
+	 *             construction time (<code>inResponseTo</code> and
+	 *             <code>responseStatus</code>) to be overwritten, as well as its
+	 *             generated id and issue instant; on the other hand invoking this
+	 *             method in a received logout response scenario does not make sense
+	 *             at all (and in that case
+	 *             {@link #LogoutResponse(Saml2Settings, HttpRequest)} should be
+	 *             used instead)
+	 */
+	@Deprecated
 	public void build(String inResponseTo, SamlResponseStatus responseStatus) {
 		id = Util.generateUniqueID(settings.getUniqueIDPrefix());
 		issueInstant = Calendar.getInstance();
-		this.inResponseTo = inResponseTo;
-
-		StrSubstitutor substitutor = generateSubstitutor(settings, responseStatus);
-		this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate()), settings);
+		final LogoutResponseParams params = new LogoutResponseParams(inResponseTo, responseStatus);
+		StrSubstitutor substitutor = generateSubstitutor(params, settings);
+		this.logoutResponseString = postProcessXml(substitutor.replace(getLogoutResponseTemplate()), params, settings);
 	}
 
       /**
@@ -379,24 +401,61 @@ public void build(String inResponseTo, SamlResponseStatus responseStatus) {
        *				InResponseTo attribute value to bet set at the Logout Response. 
 	 * @param statusCode
 	 * 				String StatusCode to be set on the LogoutResponse
+	 * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)}
+	 *             instead, in which case this method becomes completely useless;
+	 *             indeed, invoking this method in an outgoing logout response
+	 *             scenario will cause the response parameters specified at
+	 *             construction time (<code>inResponseTo</code> and
+	 *             <code>responseStatus</code>) to be overwritten, as well as its
+	 *             generated id and issue instant; on the other hand invoking this
+	 *             method in a received logout response scenario does not make sense
+	 *             at all (and in that case
+	 *             {@link #LogoutResponse(Saml2Settings, HttpRequest)} should be
+	 *             used instead)
        */
+	@Deprecated
 	public void build(String inResponseTo, String statusCode) {
 		build(inResponseTo, new SamlResponseStatus(statusCode));
 	}
 
-      /**
-       * Generates a Logout Response XML string.
-       *
-       * @param inResponseTo
-       *				InResponseTo attribute value to bet set at the Logout Response. 
-       */
+	/**
+	 * Generates a Logout Response XML string.
+	 *
+	 * @param inResponseTo
+	 *              InResponseTo attribute value to bet set at the Logout Response.
+	 * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)}
+	 *             instead, in which case this method becomes completely useless;
+	 *             indeed, invoking this method in an outgoing logout response
+	 *             scenario will cause the response parameters specified at
+	 *             construction time (<code>inResponseTo</code> and
+	 *             <code>responseStatus</code>) to be overwritten, as well as its
+	 *             generated id and issue instant; on the other hand invoking this
+	 *             method in a received logout response scenario does not make sense
+	 *             at all (and in that case
+	 *             {@link #LogoutResponse(Saml2Settings, HttpRequest)} should be
+	 *             used instead)
+	 */
+	@Deprecated
 	public void build(String inResponseTo) {
 		build(inResponseTo, Constants.STATUS_SUCCESS);
 	}
 
-      /**
-       * Generates a Logout Response XML string.
-       */
+	/**
+	 * Generates a Logout Response XML string.
+	 * 
+	 * @deprecated use {@link #LogoutResponse(Saml2Settings, LogoutResponseParams)}
+	 *             instead, in which case this method becomes completely useless;
+	 *             indeed, invoking this method in an outgoing logout response
+	 *             scenario will cause the response parameters specified at
+	 *             construction time (<code>inResponseTo</code> and
+	 *             <code>responseStatus</code>) to be overwritten, as well as its
+	 *             generated id and issue instant; on the other hand invoking this
+	 *             method in a received logout response scenario does not make sense
+	 *             at all (and in that case
+	 *             {@link #LogoutResponse(Saml2Settings, HttpRequest)} should be
+	 *             used instead)
+	 */
+	@Deprecated
 	public void build() {
 		build(null);
 	}	
@@ -412,26 +471,29 @@ public void build() {
 	 * @param logoutResponseXml
 	 *              the XML produced for this LogoutResponse by the standard
 	 *              implementation provided by {@link LogoutResponse}
+	 * @param params
+	 *              the logout request input parameters
 	 * @param settings
 	 *              the settings
 	 * @return the post-processed XML for this LogoutResponse, which will then be
 	 *         returned by any call to {@link #getLogoutResponseXml()}
 	 */
-	protected String postProcessXml(final String logoutResponseXml, final Saml2Settings settings) {
+	protected String postProcessXml(final String logoutResponseXml, final LogoutResponseParams params,
+	            final Saml2Settings settings) {
 		return logoutResponseXml;
 	}
 
 	/**
 	 * Substitutes LogoutResponse variables within a string by values.
 	 *
+	 * @param params
+	 *              the logout response input parameters
 	 * @param settings
-	 * 				Saml2Settings object. Setting data
-	 * @param responseStatus
-	 * 				SamlResponseStatus response status to be set on the LogoutResponse
+	 *              Saml2Settings object. Setting data
 	 *
 	 * @return the StrSubstitutor object of the LogoutResponse
 	 */
-	private StrSubstitutor generateSubstitutor(Saml2Settings settings, SamlResponseStatus responseStatus) {
+	private StrSubstitutor generateSubstitutor(LogoutResponseParams params, Saml2Settings settings) {
 		Map<String, String> valueMap = new HashMap<String, String>();
 
 		valueMap.put("id", Util.toXml(id));
@@ -447,12 +509,14 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings, SamlResponseS
 		valueMap.put("destinationStr", destinationStr);
 
 		String inResponseStr = "";
+		final String inResponseTo = params.getInResponseTo();
 		if (inResponseTo != null) {
 			inResponseStr = " InResponseTo=\"" + Util.toXml(inResponseTo) + "\"";
 		}
 		valueMap.put("inResponseStr", inResponseStr);		
 
 		StringBuilder statusStr = new StringBuilder("<samlp:StatusCode ");
+		final SamlResponseStatus responseStatus = params.getResponseStatus();
 		if (responseStatus != null) {
 			String statusCode = responseStatus.getStatusCode();
 			if (statusCode != null) {

core/src/main/java/com/onelogin/saml2/logout/LogoutResponseParams.java

@@ -0,0 +1,105 @@
+package com.onelogin.saml2.logout;
+
+import com.onelogin.saml2.model.SamlResponseStatus;
+import com.onelogin.saml2.util.Constants;
+
+/**
+ * Input parameters for a SAML 2 logout response.
+ */
+public class LogoutResponseParams {
+
+	/**
+	 * Id of the logout request the response refers to.
+	 */
+	private final String inResponseTo;
+
+	/**
+	 * Response status.
+	 */
+	private final SamlResponseStatus responseStatus;
+
+	/**
+	 * Creates a logout response with no <code>inResponseTo</code> attribute and a
+	 * response status with a top-level {@link Constants#STATUS_SUCCESS} status
+	 * code.
+	 */
+	public LogoutResponseParams() {
+		this((String) null);
+	}
+
+	/**
+	 * Creates a logout response with a response status with a top-level
+	 * {@link Constants#STATUS_SUCCESS} status code.
+	 * 
+	 * @param inResponseTo
+	 *              the id of the logout request the response refers to; may be
+	 *              <code>null</code> if such id cannot be determined (possibly
+	 *              because the request is malformed)
+	 */
+	public LogoutResponseParams(String inResponseTo) {
+		this(inResponseTo, Constants.STATUS_SUCCESS);
+	}
+
+	/**
+	 * Creates a logout response.
+	 *
+	 * @param inResponseTo
+	 *              the id of the logout request the response refers to; may be
+	 *              <code>null</code> if such id cannot be determined (possibly
+	 *              because the request is malformed)
+	 * @param statusCode
+	 *              the top-level status code code to set on the response
+	 */
+	public LogoutResponseParams(String inResponseTo, String statusCode) {
+		this(inResponseTo, new SamlResponseStatus(statusCode));
+	}
+
+	/**
+	 * Creates a logout response.
+	 *
+	 * @param inResponseTo
+	 *              the id of the logout request the response refers to; may be
+	 *              <code>null</code> if such id cannot be determined (possibly
+	 *              because the request is malformed)
+	 * @param responseStatus
+	 *              the response status; should not be <code>null</code>
+	 * @throws NullPointerException
+	 *               if the specified response status is <code>null</code>
+	 */
+	public LogoutResponseParams(String inResponseTo, SamlResponseStatus responseStatus) throws NullPointerException {
+		this.inResponseTo = inResponseTo;
+		this.responseStatus = responseStatus;
+		if (responseStatus == null)
+			throw new NullPointerException("response status must not be null");
+	}
+
+	/**
+	 * Create a set of logout request input parameters, by copying them from another
+	 * set.
+	 *
+	 * @param source
+	 *              the source set of logout request input parameters
+	 */
+	protected LogoutResponseParams(LogoutResponseParams source) {
+		this.inResponseTo = source.getInResponseTo();
+		this.responseStatus = source.getResponseStatus();
+	}
+
+	/**
+	 * Returns the response status.
+	 * 
+	 * @return the response status
+	 */
+	public SamlResponseStatus getResponseStatus() {
+		return responseStatus;
+	}
+
+	/**
+	 * Returns the id of the logout request this response refers to.
+	 * 
+	 * @return the <code>inResponseTo</code>
+	 */
+	public String getInResponseTo() {
+		return inResponseTo;
+	}
+}