use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaManager method getEntityIDByMetaAlias.
/**
* Returns entity ID associated with the metaAlias.
*
* @param metaAlias The Meta Alias of the provider.
* @return entity ID associated with the metaAlias or null if not found.
* @throws IDFFMetaException if unable to retrieve the entity id.
*/
public String getEntityIDByMetaAlias(String metaAlias) throws IDFFMetaException {
try {
if (metaAlias == null || metaAlias.length() == 0) {
return null;
}
// check cache first
String entityId = IDFFMetaCache.getEntityByMetaAlias(metaAlias);
if (entityId != null) {
if (debug.messageEnabled()) {
debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " found entity in cache, metaAlias=" + metaAlias + ", ID=" + entityId);
}
return entityId;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
Set entityIds = idffMetaConfigInstance.getAllConfigurationNames(realm);
if (entityIds == null || entityIds.isEmpty()) {
return null;
}
for (Iterator iter = entityIds.iterator(); iter.hasNext(); ) {
String tmpId = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " process entity cache for metaAlias=" + metaAlias + ", ID=" + tmpId);
}
SPDescriptorConfigElement spconfig = getSPDescriptorConfig(realm, tmpId);
if (spconfig != null) {
String tmpMetaAlias = spconfig.getMetaAlias();
if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) {
if (metaAlias.equals(tmpMetaAlias)) {
// remember this and continue to process others,
entityId = tmpId;
}
IDFFMetaCache.setMetaAliasEntityMapping(tmpMetaAlias, tmpId);
IDFFMetaCache.setMetaAliasRoleMapping(tmpMetaAlias, IFSConstants.SP);
if (debug.messageEnabled()) {
debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " save to cache, metaAlias=" + tmpMetaAlias + ", ID=" + tmpId + ", role=" + IFSConstants.SP);
}
}
}
IDPDescriptorConfigElement idpconfig = getIDPDescriptorConfig(realm, tmpId);
if (idpconfig != null) {
String tmpMetaAlias = idpconfig.getMetaAlias();
if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) {
if (metaAlias.equals(tmpMetaAlias)) {
// remember this and continue to process others,
entityId = tmpId;
}
IDFFMetaCache.setMetaAliasEntityMapping(tmpMetaAlias, tmpId);
IDFFMetaCache.setMetaAliasRoleMapping(tmpMetaAlias, IFSConstants.IDP);
if (debug.messageEnabled()) {
debug.message("IDFFMetaManager.getEntityByMetaAlias :" + " save to cache, metaAlias=" + tmpMetaAlias + ", ID=" + tmpId + ", role=" + IFSConstants.IDP);
}
}
}
}
return entityId;
} catch (ConfigurationException e) {
debug.error("IDFFMetaManager.getEntityByMetaAlias:", e);
throw new IDFFMetaException(e);
}
}
use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.
the class FSDefaultRealmAttributeMapper method getAttributes.
/**
* Returns the attribute map for the given list of
* <code>AttributeStatement</code>s.
* @param statements list of <code>AttributeStatements</code>s.
* @param realm The realm under which the entity resides.
* @param hostEntityId Hosted provider entity id.
* @param remoteEntityId Remote provider entity id.
* @param token Single sign-on session token.
* @return map of attribute values. The map will have the key as the
* attribute name and the map value is the attribute value
* that are passed via the single sign-on assertion.
*/
public Map getAttributes(List statements, String realm, String hostEntityId, String remoteEntityId, Object token) {
Map map = new HashMap();
if (statements == null || statements.size() == 0) {
return map;
}
Map configMap = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
if (spConfig != null) {
Map attributes = IDFFMetaUtils.getAttributes(spConfig);
configMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.SP_ATTRIBUTE_MAP));
}
}
} catch (IDFFMetaException fme) {
FSUtils.debug.error("FSDefaultAttributeMapper.getAttributes:" + " Unable to read configuration map.", fme);
return map;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributeMapper.getAttributeMap: Configured map " + configMap);
}
for (Iterator iter = statements.iterator(); iter.hasNext(); ) {
AttributeStatement statement = (AttributeStatement) iter.next();
List attributes = statement.getAttribute();
if (attributes == null || attributes.size() == 0) {
continue;
}
Iterator iter1 = attributes.iterator();
while (iter1.hasNext()) {
Attribute attribute = (Attribute) iter1.next();
List values = null;
try {
values = attribute.getAttributeValue();
} catch (SAMLException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributeMapper.get" + "Attributes: Exception", ex);
}
continue;
}
if (values == null || values.size() == 0) {
continue;
}
String attributeName = attribute.getAttributeName();
if (configMap != null && !configMap.isEmpty()) {
String realAttrName = (String) configMap.get(attributeName);
if (realAttrName != null && realAttrName.length() > 0) {
attributeName = realAttrName;
}
}
//Retrieve the first only one.
String valueString = XMLUtils.getElementValue((Element) values.get(0));
if (valueString != null && valueString.length() > 0) {
map.put(attributeName, valueString);
}
}
}
return map;
}
use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaManager method addEntityToCOT.
/**
* Adds an entity identifier to circle of trust.
*
* @param realm The realm under which the entity resides in
* @param entityID the entity identifier.
* @throws IDFFMetaException if there is an error adding entity to circle
* of trust.
*/
private void addEntityToCOT(String realm, String entityID) throws IDFFMetaException {
IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
if (idpConfig != null) {
addToCircleOfTrust(idpConfig, realm, entityID);
}
SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
if (spConfig != null) {
addToCircleOfTrust(spConfig, realm, entityID);
}
}
use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws IDFFMetaException if failed to update the certificate alias for
* the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
if ((idpConfig == null) || (idpDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(idpDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(idpDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
if ((spConfig == null) || (spDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(spDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(spDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
}
use of com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement in project OpenAM by OpenRock.
the class IDFFMetaManager method removeEntityFromCOT.
/**
* Removes and entity identifier from circle of trust.
* @param realm The realm under which the entity resides.
* @param entityID the entity identifier.
* @throws IDFFMetaException if there is an error remove entity.
*/
private void removeEntityFromCOT(String realm, String entityID) throws IDFFMetaException {
IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID);
if (idpConfig != null) {
removeFromCircleOfTrust(idpConfig, realm, entityID);
}
SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID);
if (spConfig != null) {
removeFromCircleOfTrust(spConfig, realm, entityID);
}
AffiliationDescriptorConfigElement affiConfig = getAffiliationDescriptorConfig(realm, entityID);
if (affiConfig != null) {
removeFromCircleOfTrust(affiConfig, realm, entityID);
}
}
Aggregations