Example 6 with EntityDescriptorElement
use of com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement in project OpenAM by OpenRock.
the class IDFFMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws IDFFMetaException if failed to update the certificate alias for
* the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws IDFFMetaException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(config);
IDPDescriptorType idpDesp = IDFFMetaUtils.getIDPDescriptor(desp);
if ((idpConfig == null) || (idpDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(idpDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(idpDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(idpConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(idpConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(config);
SPDescriptorType spDesp = IDFFMetaUtils.getSPDescriptor(desp);
if ((spConfig == null) || (spDesp == null)) {
String[] args = { entityID, realm };
throw new IDFFMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(spDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(spDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(spConfig, IFSConstants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(spConfig, IFSConstants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
KeyDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement)
EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)
HashSet(java.util.HashSet)
Example 7 with EntityDescriptorElement
use of com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement in project OpenAM by OpenRock.
the class IDFFMetaManager method getAffiliationDescriptor.
/**
* Returns the Affiliation Descriptor for the entity identifier.
*
* @param realm The realm under which the entity resides.
* @param entityID Entity Identifier to retrieve Affiliation Descriptor
* from.
* @return <code>AffiliationDescriptorType</code> the Affliation
* descriptor.
* @throws IDFFMetaException if there is an error retreiving the
* affiliation.
*/
public AffiliationDescriptorType getAffiliationDescriptor(String realm, String entityID) throws IDFFMetaException {
AffiliationDescriptorType affiliationDescriptor = null;
EntityDescriptorElement entityDescriptor = getEntityDescriptor(realm, entityID);
if (entityDescriptor != null) {
affiliationDescriptor = entityDescriptor.getAffiliationDescriptor();
}
return affiliationDescriptor;
}
Also used :
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
Example 8 with EntityDescriptorElement
use of com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement in project OpenAM by OpenRock.
the class IDFFModelImpl method modifyEntityProfile.
/**
* Modifies entity descriptor profile.
*
* @param realm the realm in which the entity resides.
* @param entityName Name of entity descriptor.
* @param map Map of attribute type to a Map of attribute name to values.
* @throws AMConsoleException if profile cannot be modified.
*/
public void modifyEntityProfile(String realm, String entityName, Map map) throws AMConsoleException {
String[] param = { entityName };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", param);
try {
IDFFMetaManager manager = getIDFFMetaManager();
EntityDescriptorElement desc = manager.getEntityDescriptor(realm, entityName);
desc.setValidUntil((String) AMAdminUtils.getValue((Set) map.get(ATTR_VALID_UNTIL)));
desc.setCacheDuration((String) AMAdminUtils.getValue((Set) map.get(ATTR_CACHE_DURATION)));
manager.setEntityDescriptor(realm, desc);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", param);
} catch (IDFFMetaException e) {
String[] paramsEx = { entityName, getErrorString(e) };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(getErrorString(e));
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
Example 9 with EntityDescriptorElement
use of com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement in project OpenAM by OpenRock.
the class IDFFModelImpl method updateEntitySPDescriptor.
public void updateEntitySPDescriptor(String realm, String entityName, Map attrValues, Map extendedValues, boolean ishosted) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "SP-Standard Metadata" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
try {
//save key and encryption details if present for hosted
if (ishosted == true) {
String keysize = getValueByKey(attrValues, ATTR_ENCRYPTION_KEY_SIZE);
String algorithm = getValueByKey(attrValues, ATTR_ENCRYPTION_ALGORITHM);
String e_certAlias = getValueByKey(extendedValues, ATTR_ENCRYPTION_CERT_ALIAS);
String s_certAlias = getValueByKey(extendedValues, ATTR_SIGNING_CERT_ALIAS);
int keysi = (keysize != null && keysize.length() > 0) ? Integer.parseInt(keysize) : 128;
String alg = (algorithm == null || algorithm.length() == 0) ? "http://www.w3.org/2001/04/xmlenc#aes128-cbc" : algorithm;
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, e_certAlias, false, false, alg, keysi);
IDFFMetaSecurityUtils.updateProviderKeyInfo(realm, entityName, s_certAlias, true, false, alg, keysi);
}
IDFFMetaManager idffManager = getIDFFMetaManager();
EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName);
SPDescriptorType pDesc = idffManager.getSPDescriptor(realm, entityName);
//Protocol Support Enumeration
pDesc.getProtocolSupportEnumeration().clear();
pDesc.getProtocolSupportEnumeration().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_PROTOCOL_SUPPORT_ENUMERATION)));
//communication URLs
pDesc.setSoapEndpoint((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SOAP_END_POINT)));
pDesc.setSingleLogoutServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_URL)));
pDesc.setSingleLogoutServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_SERVICE_RETURN_URL)));
pDesc.setFederationTerminationServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICES_URL)));
pDesc.setFederationTerminationServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_SERVICE_RETURN_URL)));
pDesc.setRegisterNameIdentifierServiceURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_URL)));
pDesc.setRegisterNameIdentifierServiceReturnURL((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_SERVICE_RETURN_URL)));
// communication profiles
pDesc.getFederationTerminationNotificationProtocolProfile().clear();
pDesc.getFederationTerminationNotificationProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)));
int size = federationTerminationProfileList.size();
for (int i = 0; i < size; i++) {
if (!federationTerminationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_FEDERATION_TERMINATION_NOTIFICATION_PROTOCOL_PROFILE)))) {
pDesc.getFederationTerminationNotificationProtocolProfile().add(federationTerminationProfileList.get(i));
}
}
pDesc.getSingleLogoutProtocolProfile().clear();
pDesc.getSingleLogoutProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)));
size = singleLogoutProfileList.size();
for (int i = 0; i < size; i++) {
if (!singleLogoutProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_SINGLE_LOGOUT_PROTOCOL_PROFILE)))) {
pDesc.getSingleLogoutProtocolProfile().add(singleLogoutProfileList.get(i));
}
}
pDesc.getRegisterNameIdentifierProtocolProfile().clear();
pDesc.getRegisterNameIdentifierProtocolProfile().add((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)));
size = nameRegistrationProfileList.size();
for (int i = 0; i < size; i++) {
if (!nameRegistrationProfileList.get(i).equals((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_REGISTRATION_NAME_IDENTIFIER_PROFILE_PROFILE)))) {
pDesc.getRegisterNameIdentifierProtocolProfile().add(nameRegistrationProfileList.get(i));
}
}
// only for sp
String id = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID));
String value = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL));
String isDefault = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_ASSERTION_CUSTOMER_SERVICE_URL_AS_DEFAULT));
String authnRequestsSigned = (String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_AUTHN_REQUESTS_SIGNED));
com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory objFactory = new com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory();
com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = objFactory.createSPDescriptorTypeAssertionConsumerServiceURLType();
assertionType.setId(id);
assertionType.setValue(value);
if (isDefault.equals("true")) {
assertionType.setIsDefault(true);
} else {
assertionType.setIsDefault(false);
}
pDesc.getAssertionConsumerServiceURL().clear();
pDesc.getAssertionConsumerServiceURL().add(assertionType);
if (authnRequestsSigned.equals("true")) {
pDesc.setAuthnRequestsSigned(true);
} else {
pDesc.setAuthnRequestsSigned(false);
}
entityDescriptor.getSPDescriptor().clear();
entityDescriptor.getSPDescriptor().add(pDesc);
idffManager.setEntityDescriptor(realm, entityDescriptor);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
debug.error("IDFFMetaException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("JAXBException, updateEntitySPDescriptor");
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "SP-Standard Metadata", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
JAXBException(javax.xml.bind.JAXBException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
ObjectFactory(com.sun.identity.federation.jaxb.entityconfig.ObjectFactory)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 10 with EntityDescriptorElement
use of com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement in project OpenAM by OpenRock.
the class IDFFModelImpl method updateAffiliateProfile.
/**
* Modifies affiliate profile.
*
* @param realm the realm in which the entity resides.
* @param entityName Name of entity descriptor.
* @param values Map of attribute name/value pairs.
* @param members Set of affiliate members
* @throws AMConsoleException if profile cannot be modified.
*/
public void updateAffiliateProfile(String realm, String entityName, Map values, Set members) throws AMConsoleException {
String[] params = { realm, entityName, "IDFF", "Affiliate" };
logEvent("ATTEMPT_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", params);
try {
IDFFMetaManager idffManager = getIDFFMetaManager();
EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName);
AffiliationDescriptorType aDesc = entityDescriptor.getAffiliationDescriptor();
aDesc.setAffiliationOwnerID((String) AMAdminUtils.getValue((Set) values.get(ATTR_AFFILIATE_OWNER_ID)));
//TBD : common attributes which may be added here later
/* ATTR_AFFILIATE_VALID_UNTIL,
* ATTR_AFFILIATE_CACHE_DURATION
* ATTR_ENCRYPTION_KEY_SIZE
* ATTR_AFFILIATE_ENCRYPTION_KEY_ALGORITHM
* ATTR_AFFILIATE_ENCRYPTION_CERT_ALIAS
* ATTR_AFFILIATE_SIGNING_CERT_ALIAS
*/
// add affilliate members
aDesc.getAffiliateMember().clear();
Iterator it = members.iterator();
while (it.hasNext()) {
String newMember = (String) it.next();
aDesc.getAffiliateMember().add(newMember);
}
entityDescriptor.setAffiliationDescriptor(aDesc);
idffManager.setEntityDescriptor(realm, entityDescriptor);
logEvent("SUCCEED_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", params);
} catch (IDFFMetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "IDFF", "Affiliate", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Iterator(java.util.Iterator)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)
Aggregations
EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)14
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)7
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)7
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)7
EntityConfigElement (com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)5
JAXBException (javax.xml.bind.JAXBException)5
HashSet (java.util.HashSet)4
Set (java.util.Set)4
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)3
ObjectFactory (com.sun.identity.federation.jaxb.entityconfig.ObjectFactory)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
Map (java.util.Map)3
AttributeType (com.sun.identity.federation.jaxb.entityconfig.AttributeType)2
AffiliationDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)2
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)2
SPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)2
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)2
Iterator (java.util.Iterator)2
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)1
