Search in sources :

Example 6 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaSecurityUtils method updateProviderKeyInfo.

/**
     * Updates signing or encryption key info for SP or IDP. 
     * This will update both signing/encryption alias on extended metadata and
     * certificates in standard metadata. 
     * @param realm Realm the entity resides.
     * @param entityID ID of the entity to be updated.  
     * @param certAlias Alias of the certificate to be set to the entity. If
     *        null, will remove existing key information from the SP or IDP.
     * @param isSigning true if this is signing certificate alias, false if 
     *        this is encryption certification alias.
     * @param isIDP true if this is for IDP signing/encryption alias, false
     *        if this is for SP signing/encryption alias
     * @param encAlgo Encryption algorithm URI, this is applicable for
     *        encryption cert only.
     * @param keySize Encryption key size, this is applicable for
     *        encryption cert only. 
     * @throws IDFFMetaException if failed to update the certificate alias for 
     *        the entity.
     */
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
    if (!config.isHosted()) {
        String[] args = { entityID, realm };
        throw new IDFFMetaException("entityNotHosted", args);
    }
    EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
    if (isIDP) {
        IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
        IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
        if ((idpConfig == null) || (idpDesp == null)) {
            String[] args = { entityID, realm };
            throw new IDFFMetaException("entityNotIDP", args);
        }
        // update standard metadata
        if ((certAlias == null) || (certAlias.length() == 0)) {
            // remove key info
            removeKeyDescriptor(idpDesp, isSigning);
            if (isSigning) {
                setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
            } else {
                setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
            }
        } else {
            KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
            updateKeyDescriptor(idpDesp, kde);
            // update extended metadata
            Set value = new HashSet();
            value.add(certAlias);
            if (isSigning) {
                setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
            } else {
                setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
            }
        }
        metaManager.setEntityDescriptor(realm, desp);
        metaManager.setEntityConfig(realm, config);
    } else {
        SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
        SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
        if ((spConfig == null) || (spDesp == null)) {
            String[] args = { entityID, realm };
            throw new IDFFMetaException("entityNotSP", args);
        }
        // update standard metadata
        if ((certAlias == null) || (certAlias.length() == 0)) {
            // remove key info
            removeKeyDescriptor(spDesp, isSigning);
            if (isSigning) {
                setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
            } else {
                setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
            }
        } else {
            KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
            updateKeyDescriptor(spDesp, kde);
            // update extended metadata
            Set value = new HashSet();
            value.add(certAlias);
            if (isSigning) {
                setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
            } else {
                setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
            }
        }
        metaManager.setEntityDescriptor(realm, desp);
        metaManager.setEntityConfig(realm, config);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) KeyDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement) EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement) HashSet(java.util.HashSet)

Example 7 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFMetaManager method removeEntityFromCOT.

/**
     * Removes and entity identifier from circle of trust.
     * @param realm The realm under which the entity resides.
     * @param entityID the entity identifier.
     * @throws IDFFMetaException if there is an error remove entity.
     */
private void removeEntityFromCOT(String realm, String entityID) throws IDFFMetaException {
    IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
    if (idpConfig != null) {
        removeFromCircleOfTrust(idpConfig, realm, entityID);
    }
    SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
    if (spConfig != null) {
        removeFromCircleOfTrust(spConfig, realm, entityID);
    }
    AffiliationDescriptorConfigElement affiConfig = getAffiliationDescriptorConfig(realm, entityID);
    if (affiConfig != null) {
        removeFromCircleOfTrust(affiConfig, realm, entityID);
    }
}
Also used : SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) AffiliationDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.AffiliationDescriptorConfigElement)

Example 8 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class ExportMetaData method runIDFFExportMetaSign.

private void runIDFFExportMetaSign() throws CLIException {
    PrintWriter pw = null;
    String out = (isWebBase) ? "web" : metadata;
    Object[] objs = { out };
    try {
        IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
        com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
        if (descriptor == null) {
            Object[] objs2 = { entityID, realm };
            throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-entity-descriptor-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
        SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
        IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
        Document doc = null;
        /*
 * TODO: Signing
 * Document doc = SAML2MetaSecurityUtils.sign(
                descriptor, spConfig, idpConfig);
 */
        if (doc == null) {
            runIDFFExportMeta();
            return;
        } else {
            String xmlstr = XMLUtils.print(doc);
            if (isWebBase) {
                getOutputWriter().printlnMessage(xmlstr);
            } else {
                pw = new PrintWriter(new FileWriter(metadata));
                pw.print(xmlstr);
            }
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("export-entity-export-descriptor-succeeded"), objs));
        }
    } catch (IDFFMetaException e) {
        debugError("ExportMetaData.runIDFFExportMetaSign", e);
        throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IOException e) {
        debugError("ExportMetaData.runIDFFExportMetaSign", e);
        throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } finally {
        if (pw != null) {
            pw.close();
        }
    }
}
Also used : IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FileWriter(java.io.FileWriter) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) IOException(java.io.IOException) Document(org.w3c.dom.Document) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) CLIException(com.sun.identity.cli.CLIException) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) PrintWriter(java.io.PrintWriter)

Example 9 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class ImportMetaData method handleIDFFRequest.

private void handleIDFFRequest(RequestContext rc) throws CLIException {
    try {
        IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
        String entityID = null;
        com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
        if (extendedData != null) {
            configElt = getIDFFEntityConfigElement();
            /*
                 * see note at the end of this class for how we decide
                 * the realm value
                 */
            if ((configElt != null) && configElt.isHosted()) {
                IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
                if (idpConfig != null) {
                    realm = SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
                } else {
                    SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
                    if (spConfig != null) {
                        realm = SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
                    }
                }
            }
        }
        if (metadata != null) {
            entityID = importIDFFMetaData(realm, metaManager);
        }
        if (configElt != null) {
            String out = (webAccess) ? "web" : extendedData;
            Object[] objs = { out };
            metaManager.createEntityConfig(realm, configElt);
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
        }
        if ((cot != null) && (cot.length() > 0) && (entityID != null) && (entityID.length() > 0)) {
            CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
            if (!cotManager.isInCircleOfTrust(realm, cot, spec, entityID)) {
                cotManager.addCircleOfTrustMember(realm, cot, spec, entityID);
            }
        }
    } catch (IDFFMetaException e) {
        throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (COTException e) {
        throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    }
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) COTException(com.sun.identity.cot.COTException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) CLIException(com.sun.identity.cli.CLIException) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)

Example 10 with IDPDescriptorConfigElement

use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.

the class IDFFModelImpl method updateIDPEntityConfig.

/**
     * Modifies a identity provider's extended metadata.
     *
     * @param entityName name of Entity Descriptor.
     * @param realm where entity exists.
     * @param attrValues Map of attribute name to set of values.
     * @throws AMConsoleException if provider cannot be modified.
     * @throws JAXBException if provider cannot be retrieved.
     */
public void updateIDPEntityConfig(String realm, String entityName, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "IDFF", "IDP-Extended Metadata" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        IDFFMetaManager idffMetaMgr = getIDFFMetaManager();
        EntityConfigElement entityConfig = idffMetaMgr.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.entity.name");
        }
        IDPDescriptorConfigElement idpDecConfigElement = idffMetaMgr.getIDPDescriptorConfig(realm, entityName);
        if (idpDecConfigElement == null) {
            throw new AMConsoleException("invalid.config.element");
        } else {
            updateAttrInConfig(idpDecConfigElement, attrValues, EntityModel.IDENTITY_PROVIDER);
        }
        //saves the attributes by passing the new entityConfig object
        idffMetaMgr.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (IDFFMetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) JAXBException(javax.xml.bind.JAXBException) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement) EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)

Aggregations

IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)16 SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)8 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)8 Iterator (java.util.Iterator)6 List (java.util.List)5 Map (java.util.Map)4 Set (java.util.Set)4 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3 EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)3 ArrayList (java.util.ArrayList)3 HashSet (java.util.HashSet)3 CLIException (com.sun.identity.cli.CLIException)2 CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)2 ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)2 Attribute (com.sun.identity.saml.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 HashMap (java.util.HashMap)2 COTException (com.sun.identity.cot.COTException)1