Example 26 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method sign.
/**
* Signs the entity descriptor root element by the following rules:
* <ul>
* <li>Hosted Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
* </li>
* <li>Simply signs the EntityDescriptor otherwise.</li>
* </ul>
* <li>Remote Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, then does not change it, but returns the
* Document with the original signature.
* </li>
* <li>Simply signs the EntityDescriptor otherwise</li>
* </ul>
* </ul>
* If there is no extended metadata for the entity, the entity is considered as remote.
*
* @param realm The realm where the EntityDescriptor belongs to.
* @param descriptor The entity descriptor.
* @return Signed <code>Document</code> for the entity descriptor or null if no metadata signing key is found in
* the configuration.
* @throws SAML2MetaException if unable to sign the entity descriptor.
* @throws JAXBException if the entity descriptor is invalid.
*/
public static Document sign(String realm, EntityDescriptorElement descriptor) throws JAXBException, SAML2MetaException {
if (descriptor == null) {
throw new SAML2MetaException("Unable to sign null descriptor");
}
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement cfgElem = metaManager.getEntityConfig(realm, descriptor.getEntityID());
boolean isHosted;
if (cfgElem == null) {
//if there is no EntityConfig, this is considered as a remote entity
isHosted = false;
} else {
isHosted = cfgElem.isHosted();
}
String signingCert = getRealmSetting(METADATA_SIGNING_KEY, realm);
if (signingCert == null) {
return null;
}
initializeKeyStore();
String xmlstr = SAML2MetaUtils.convertJAXBToString(descriptor);
xmlstr = formatBase64BinaryElement(xmlstr);
Document doc = XMLUtils.toDOMDocument(xmlstr, debug);
NodeList childNodes = doc.getDocumentElement().getChildNodes();
for (int i = 0; i < childNodes.getLength(); i++) {
Node node = childNodes.item(i);
if (node.getLocalName() != null && node.getLocalName().equals("Signature") && node.getNamespaceURI().equals(NS_XMLSIG)) {
if (isHosted) {
node.getParentNode().removeChild(node);
break;
} else {
//as that may be judged more accurately
return doc;
}
}
}
//we need to sign or re-sign the document, let's generate a new ID
String descriptorId = SAMLUtils.generateID();
doc.getDocumentElement().setAttribute(ATTR_ID, descriptorId);
XMLSignatureManager sigManager = XMLSignatureManager.getInstance();
try {
String xpath = "//*[local-name()=\"" + TAG_ENTITY_DESCRIPTOR + "\" and namespace-uri()=\"" + NS_META + "\"]/*[1]";
sigManager.signXMLUsingKeyPass(doc, signingCert, getRealmSetting(METADATA_SIGNING_KEY_PASS, realm), null, SAML2Constants.ID, descriptorId, true, xpath);
} catch (XMLSignatureException xmlse) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.sign:", xmlse);
}
}
return doc;
}
Also used :
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 27 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class ConfigFedMonitoring method getSAMLv2Roles.
/*
* This is used to determine what 'roles' a particular entity is
* acting as. It will producs a list of role names which can then
* be used by the calling routine for whatever purpose it needs.
*/
private List getSAMLv2Roles(String entity, String realm) {
List roles = new ArrayList();
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
EntityDescriptorElement d = samlManager.getEntityDescriptor(realm, entity);
if (d != null) {
// find out what role this dude is playing
if (SAML2MetaUtils.getSPSSODescriptor(d) != null) {
roles.add(SERVICE_PROVIDER);
}
if (SAML2MetaUtils.getIDPSSODescriptor(d) != null) {
roles.add(IDENTITY_PROVIDER);
}
if (SAML2MetaUtils.getPolicyDecisionPointDescriptor(d) != null) {
roles.add(POLICY_DECISION_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getPolicyEnforcementPointDescriptor(d) != null) {
roles.add(POLICY_ENFORCEMENT_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getAttributeAuthorityDescriptor(d) != null) {
roles.add(SAML_ATTRAUTHORITY);
}
if (SAML2MetaUtils.getAuthnAuthorityDescriptor(d) != null) {
roles.add(SAML_AUTHNAUTHORITY);
}
if (SAML2MetaUtils.getAttributeQueryDescriptor(d) != null) {
roles.add(SAML_ATTRQUERY);
}
if (samlManager.getAffiliationDescriptor(realm, entity) != null) {
roles.add(AFFILIATE);
}
}
} catch (SAML2MetaException s) {
if (debug.warningEnabled()) {
debug.warning("ConfigFedMonitoring.getSAMLv2Roles() - " + "Couldn't get SAMLMetaManager");
}
}
return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used :
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 28 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class GetIDPSPPairingInCOT method getEntities.
private List getEntities(String realm, String cotName, boolean bIDP, boolean hosted) throws WorkflowException {
try {
SAML2MetaManager mgr = new SAML2MetaManager();
Set entities = getEntities(realm, cotName);
List results = new ArrayList();
for (Iterator i = entities.iterator(); i.hasNext(); ) {
String entityId = (String) i.next();
EntityConfigElement elm = mgr.getEntityConfig(realm, entityId);
if (elm.isHosted() == hosted) {
EntityDescriptorElement desc = mgr.getEntityDescriptor(realm, entityId);
if (bIDP) {
if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) {
results.add(entityId);
}
} else {
if (SAML2MetaUtils.getSPSSODescriptor(desc) != null) {
results.add(entityId);
}
}
}
}
return results;
} catch (SAML2MetaException ex) {
throw new WorkflowException(ex.getMessage());
}
}
Also used :
Set(java.util.Set)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 29 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2COTUtils method removeFromEntityConfig.
/**
* Removes the circle trust name passed from the <code>cotlist</code>
* attribute in the Entity Config. The Service Provider and Identity
* Provider Entity Configuration are updated.
*
* @param name the circle of trust name to be removed.
* @param entityId the entity identifier of the provider.
* @throws SAML2MetaException if there is an error updating the entity
* config.
* @throws JAXBException if there is an error updating the entity config.
*/
public void removeFromEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.removeFromEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
if (eConfig != null) {
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
boolean needToSave = false;
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
List avpl = avp.getValue();
if (avpl != null && !avpl.isEmpty() && containsValue(avpl, name)) {
avpl.remove(name);
needToSave = true;
break;
}
}
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Also used :
ArrayList(java.util.ArrayList)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 30 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2Test method deleteEntity.
@Test(groups = { "samlv2", "samlv2op" }, dependsOnMethods = { "removeProviderFromCircleOfTrust" })
public void deleteEntity() throws CLIException, SAML2MetaException {
entering("deleteEntity", null);
String[] args = { "delete-entity", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_ENTITY_ID, NAME_IDP, CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.SPECIFICATION_VERSION, FedCLIConstants.SAML2_SPECIFICATION };
CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
cmdManager.addToRequestQueue(req);
cmdManager.serviceRequestQueue();
SAML2MetaManager mgr = new SAML2MetaManager();
EntityDescriptorElement entity = mgr.getEntityDescriptor("/", NAME_IDP);
assert (entity == null);
exiting("deleteEntity");
}
Also used :
CLIRequest(com.sun.identity.cli.CLIRequest)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Aggregations
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)29
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)20
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)20
List (java.util.List)18
ArrayList (java.util.ArrayList)16
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
Iterator (java.util.Iterator)11
JAXBException (javax.xml.bind.JAXBException)11
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)8
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)8
Set (java.util.Set)7
COTException (com.sun.identity.cot.COTException)6
HashSet (java.util.HashSet)5
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)4
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)4
XACMLPDPDescriptorElement (com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)4
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)4
