Examples with XACMLAuthzDecisionQueryConfigElement com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement used on opensource projects

Example 1 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAML2MetaManager method getPolicyEnforcementPointConfig.

/**
     * Returns first policy enforcement point configuration in an entity under
     * the realm.
     * @param realm The realm under which the entity resides.
     * @param entityId ID of the entity to be retrieved.
     * @return policy decision point configuration or null if it is not found.
     * @throws SAML2MetaException if unable to retrieve the configuration.
     */
public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig(String realm, String entityId) throws SAML2MetaException {
    XACMLAuthzDecisionQueryConfigElement elm = null;
    EntityConfigElement eConfig = getEntityConfig(realm, entityId);
    if (eConfig != null) {
        List list = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
        for (Iterator i = list.iterator(); i.hasNext() && (elm == null); ) {
            Object obj = i.next();
            if (obj instanceof XACMLAuthzDecisionQueryConfigElement) {
                elm = (XACMLAuthzDecisionQueryConfigElement) obj;
            }
        }
    }
    return elm;
}

Example 2 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAML2MetaManager method getAllHostedPolicyEnforcementPointMetaAliases.

/**
     * Returns meta aliases of all hosted policy enforcement point under the 
     * realm.
     *
     * @param realm The realm under which the policy enforcement point resides.
     * @return list of meta aliases 
     * @throws SAML2MetaException if unable to retrieve meta aliases.
     */
public List getAllHostedPolicyEnforcementPointMetaAliases(String realm) throws SAML2MetaException {
    List metaAliases = new ArrayList();
    List hostedEntityIds = getAllHostedPolicyEnforcementPointEntities(realm);
    for (Iterator i = hostedEntityIds.iterator(); i.hasNext(); ) {
        String entityId = (String) i.next();
        XACMLAuthzDecisionQueryConfigElement elm = getPolicyEnforcementPointConfig(realm, entityId);
        if (elm != null) {
            metaAliases.add(elm.getMetaAlias());
        }
    }
    return metaAliases;
}

Example 3 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAML2Utils method getAttributeValueFromXACMLConfig.

/**
     * Returns the value of attribute from entity configuration.
     *
     * @param realm      the realm of the entity.
     * @param entityRole role of the entity (PEP or PDP).
     * @param entityID   identity of the entity.
     * @param attrName   name of attribute whose value is to be retreived.
     * @return value of the attribute.
     */
public static String getAttributeValueFromXACMLConfig(String realm, String entityRole, String entityID, String attrName) {
    String method = "SAML2Utils:getAttributeValueFromXACMLConfig : ";
    if (debug.messageEnabled()) {
        debug.message(method + "realm - " + realm);
        debug.message(method + "entityRole - " + entityRole);
        debug.message(method + "EntityId - " + entityID);
        debug.message(method + "attrName - " + attrName);
    }
    String result = null;
    try {
        XACMLAuthzDecisionQueryConfigElement pepConfig = null;
        XACMLPDPConfigElement pdpConfig = null;
        Map attrs = null;
        if (entityRole.equalsIgnoreCase(SAML2Constants.PEP_ROLE)) {
            pepConfig = saml2MetaManager.getPolicyEnforcementPointConfig(realm, entityID);
            if (pepConfig != null) {
                attrs = SAML2MetaUtils.getAttributes(pepConfig);
            }
        } else {
            pdpConfig = saml2MetaManager.getPolicyDecisionPointConfig(realm, entityID);
            if (pdpConfig != null) {
                attrs = SAML2MetaUtils.getAttributes(pdpConfig);
            }
        }
        if (attrs != null) {
            List value = (List) attrs.get(attrName);
            if (value != null && value.size() != 0) {
                result = (String) value.get(0);
            }
        }
    } catch (SAML2MetaException e) {
        debug.message("Retreiving XACML Config failed:", e);
    }
    if (debug.messageEnabled()) {
        debug.message("Attribute value is : " + result);
    }
    return result;
}

Example 4 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class QueryClient method getPEPConfig.

/**
     * Returns the extended Policy Enforcement Point Configuration.
     *
     * @param realm the realm of the entity.
     * @param pepEntityId identifier of the PEP.
     * @return the <code>XACMLAuthzDecisionQueryConfigElement</code> object.
     * @exception <code>SAML2Exception</code> if there is an error retreiving
     *            the extended configuration.
     */
private static XACMLAuthzDecisionQueryConfigElement getPEPConfig(String realm, String pepEntityID) throws SAML2Exception {
    XACMLAuthzDecisionQueryConfigElement pepConfig = null;
    String classMethod = "QueryClient:getPEPConfig";
    if (saml2MetaManager != null) {
        try {
            pepConfig = saml2MetaManager.getPolicyEnforcementPointConfig(realm, pepEntityID);
        } catch (SAML2MetaException sme) {
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Error retreiving PEP meta", sme);
            }
            String[] args = { pepEntityID };
            LogUtil.error(Level.INFO, LogUtil.PEP_METADATA_ERROR, args);
            throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "pepMetaRetreivalError", args);
        }
    }
    return pepConfig;
}

Example 5 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class QueryClient method signAttributeQuery.

/**
     * 
     * @param xacmlQuery XACML Query
     * @param realm the entity's realm.
     * @param pepEntityID entity identifier of PEP.
     * @param pdpEntityID entity identifier of PDP.
     * @throws <code>SAML2Exception</code> if error in verifying
     *         the signature.
     */
private static void signAttributeQuery(XACMLAuthzDecisionQuery xacmlQuery, String realm, String pepEntityID, boolean includeCert) throws SAML2Exception {
    KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID);
    String alias = getAttributeValueFromPEPConfig(pepConfig, "signingCertAlias");
    PrivateKey signingKey = keyProvider.getPrivateKey(alias);
    if (signingKey == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
    X509Certificate signingCert = null;
    if (includeCert) {
        signingCert = keyProvider.getX509Certificate(alias);
    }
    if (signingKey != null) {
        xacmlQuery.sign(signingKey, signingCert);
    }
}