Example 6 with IDPDescriptorConfigElement
use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws IDFFMetaException if failed to update the certificate alias for
* the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
if ((idpConfig == null) || (idpDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(idpDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(idpDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
if ((spConfig == null) || (spDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(spDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(spDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
KeyDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement)
EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)
HashSet(java.util.HashSet)
Example 7 with IDPDescriptorConfigElement
use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaManager method removeEntityFromCOT.
/**
* Removes and entity identifier from circle of trust.
* @param realm The realm under which the entity resides.
* @param entityID the entity identifier.
* @throws IDFFMetaException if there is an error remove entity.
*/
private void removeEntityFromCOT(String realm, String entityID) throws IDFFMetaException {
IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
if (idpConfig != null) {
removeFromCircleOfTrust(idpConfig, realm, entityID);
}
SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
if (spConfig != null) {
removeFromCircleOfTrust(spConfig, realm, entityID);
}
AffiliationDescriptorConfigElement affiConfig = getAffiliationDescriptorConfig(realm, entityID);
if (affiConfig != null) {
removeFromCircleOfTrust(affiConfig, realm, entityID);
}
}
Also used :
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
AffiliationDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.AffiliationDescriptorConfigElement)
Example 8 with IDPDescriptorConfigElement
use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.
the class ExportMetaData method runIDFFExportMetaSign.
private void runIDFFExportMetaSign() throws CLIException {
PrintWriter pw = null;
String out = (isWebBase) ? "web" : metadata;
Object[] objs = { out };
try {
IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
if (descriptor == null) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-entity-descriptor-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
Document doc = null;
/*
* TODO: Signing
* Document doc = SAML2MetaSecurityUtils.sign(
descriptor, spConfig, idpConfig);
*/
if (doc == null) {
runIDFFExportMeta();
return;
} else {
String xmlstr = XMLUtils.print(doc);
if (isWebBase) {
getOutputWriter().printlnMessage(xmlstr);
} else {
pw = new PrintWriter(new FileWriter(metadata));
pw.print(xmlstr);
}
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("export-entity-export-descriptor-succeeded"), objs));
}
} catch (IDFFMetaException e) {
debugError("ExportMetaData.runIDFFExportMetaSign", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("ExportMetaData.runIDFFExportMetaSign", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if (pw != null) {
pw.close();
}
}
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FileWriter(java.io.FileWriter)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
CLIException(com.sun.identity.cli.CLIException)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
PrintWriter(java.io.PrintWriter)
Example 9 with IDPDescriptorConfigElement
use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.
the class ImportMetaData method handleIDFFRequest.
private void handleIDFFRequest(RequestContext rc) throws CLIException {
try {
IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
String entityID = null;
com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
if (extendedData != null) {
configElt = getIDFFEntityConfigElement();
/*
* see note at the end of this class for how we decide
* the realm value
*/
if ((configElt != null) && configElt.isHosted()) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
if (idpConfig != null) {
realm = SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
if (spConfig != null) {
realm = SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
}
}
}
}
if (metadata != null) {
entityID = importIDFFMetaData(realm, metaManager);
}
if (configElt != null) {
String out = (webAccess) ? "web" : extendedData;
Object[] objs = { out };
metaManager.createEntityConfig(realm, configElt);
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if ((cot != null) && (cot.length() > 0) && (entityID != null) && (entityID.length() > 0)) {
CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
if (!cotManager.isInCircleOfTrust(realm, cot, spec, entityID)) {
cotManager.addCircleOfTrustMember(realm, cot, spec, entityID);
}
}
} catch (IDFFMetaException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (COTException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
COTException(com.sun.identity.cot.COTException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
CLIException(com.sun.identity.cli.CLIException)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
Example 10 with IDPDescriptorConfigElement
use of com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFModelImpl method updateIDPEntityConfig.
/**
* Modifies a identity provider's extended metadata.
*
* @param entityName name of Entity Descriptor.
* @param realm where entity exists.
* @param attrValues Map of attribute name to set of values.
* @throws AMConsoleException if provider cannot be modified.
* @throws JAXBException if provider cannot be retrieved.
*/
public void updateIDPEntityConfig(String realm, String entityName, Map attrValues) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "IDP-Extended Metadata" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
try {
IDFFMetaManager idffMetaMgr = getIDFFMetaManager();
EntityConfigElement entityConfig = idffMetaMgr.getEntityConfig(realm, entityName);
if (entityConfig == null) {
throw new AMConsoleException("invalid.entity.name");
}
IDPDescriptorConfigElement idpDecConfigElement = idffMetaMgr.getIDPDescriptorConfig(realm, entityName);
if (idpDecConfigElement == null) {
throw new AMConsoleException("invalid.config.element");
} else {
updateAttrInConfig(idpDecConfigElement, attrValues, EntityModel.IDENTITY_PROVIDER);
}
//saves the attributes by passing the new entityConfig object
idffMetaMgr.setEntityConfig(realm, entityConfig);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "IDP-Extended Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
JAXBException(javax.xml.bind.JAXBException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)
Aggregations
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)16
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)8
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)8
Iterator (java.util.Iterator)6
List (java.util.List)5
Map (java.util.Map)4
Set (java.util.Set)4
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)3
EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)3
ArrayList (java.util.ArrayList)3
HashSet (java.util.HashSet)3
CLIException (com.sun.identity.cli.CLIException)2
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)2
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)2
Attribute (com.sun.identity.saml.assertion.Attribute)2
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)2
SAMLException (com.sun.identity.saml.common.SAMLException)2
HashMap (java.util.HashMap)2
COTException (com.sun.identity.cot.COTException)1
