Search in sources :

Example 1 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class InumService method containsTrustRelationship.

public boolean containsTrustRelationship(String inum, String gluuInum) {
    GluuSAMLTrustRelationship tRelation = new GluuSAMLTrustRelationship();
    tRelation.setBaseDn(String.format("inum=%s,ou=trustRelationships,inum=%s,o=gluu", inum, gluuInum));
    return ldapEntryManager.contains(tRelation);
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)

Example 2 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class UpdateTrustRelationshipAction method save.

public String save() {
    synchronized (svnSyncTimer) {
        if (StringHelper.isEmpty(this.trustRelationship.getInum())) {
            this.inum = trustService.generateInumForNewTrustRelationship();
            this.trustRelationship.setInum(this.inum);
        } else {
            this.inum = this.trustRelationship.getInum();
            if (this.trustRelationship.getSpMetaDataFN() == null)
                update = true;
        }
        boolean updateShib3Configuration = appConfiguration.isConfigGeneration();
        switch(trustRelationship.getSpMetaDataSourceType()) {
            case GENERATE:
                String certificate = getCertForGeneratedSP();
                GluuStatus status = StringHelper.isNotEmpty(certificate) ? GluuStatus.ACTIVE : GluuStatus.INACTIVE;
                this.trustRelationship.setStatus(status);
                if (generateSpMetaDataFile(certificate)) {
                    setEntityId();
                } else {
                    log.error("Failed to generate SP meta-data file");
                    return OxTrustConstants.RESULT_FAILURE;
                }
                break;
            case FILE:
                if (saveSpMetaDataFileSourceTypeFile()) {
                    //update = true;
                    updateSpMetaDataCert(certWrapper);
                    //					setEntityId();
                    if (!update) {
                        this.trustRelationship.setStatus(GluuStatus.ACTIVE);
                    }
                } else {
                    log.error("Failed to save SP meta-data file {}", fileWrapper);
                    return OxTrustConstants.RESULT_FAILURE;
                }
                break;
            case URI:
                try {
                    //if (saveSpMetaDataFileSourceTypeURI()) {
                    //						setEntityId();
                    boolean result = shibboleth3ConfService.existsResourceUri(trustRelationship.getSpMetaDataURL());
                    if (result) {
                        newThreadSaveSpMetaDataFileSourceTypeURI();
                    } else {
                        log.info("There is no resource found Uri : {}", trustRelationship.getSpMetaDataURL());
                    }
                    if (!update) {
                        this.trustRelationship.setStatus(GluuStatus.ACTIVE);
                    }
                /*} else {
						log.error("Failed to save SP meta-data file {}", fileWrapper);
						return OxTrustConstants.RESULT_FAILURE;
					}*/
                } catch (Exception e) {
                    return "unable_download_metadata";
                }
                break;
            case FEDERATION:
                if (!update) {
                    this.trustRelationship.setStatus(GluuStatus.ACTIVE);
                }
                if (this.trustRelationship.getEntityId() == null) {
                    return "invalid_entity_id";
                }
                break;
            default:
                break;
        }
        trustService.updateReleasedAttributes(this.trustRelationship);
        boolean federation = shibboleth3ConfService.isFederation(this.trustRelationship);
        this.trustRelationship.setFederation(federation);
        trustContactsAction.saveContacts();
        if (update) {
            try {
                saveTR(update);
            } catch (LdapMappingException ex) {
                log.error("Failed to update trust relationship {}", ex, inum);
                return OxTrustConstants.RESULT_FAILURE;
            }
        } else {
            String dn = trustService.getDnForTrustRelationShip(this.inum);
            // Save trustRelationship
            this.trustRelationship.setDn(dn);
            try {
                saveTR(update);
            } catch (LdapMappingException ex) {
                log.error("Failed to add new trust relationship {}", ex, this.trustRelationship.getInum());
                return OxTrustConstants.RESULT_FAILURE;
            }
            this.update = true;
        }
        if (updateShib3Configuration) {
            List<GluuSAMLTrustRelationship> trustRelationships = trustService.getAllActiveTrustRelationships();
            updateShibboleth3Configuration(trustRelationships);
        }
    }
    return OxTrustConstants.RESULT_SUCCESS;
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) GluuStatus(org.xdi.ldap.model.GluuStatus) LdapMappingException(org.gluu.site.ldap.persistence.exception.LdapMappingException) LdapMappingException(org.gluu.site.ldap.persistence.exception.LdapMappingException) CertificateEncodingException(java.security.cert.CertificateEncodingException) IOException(java.io.IOException)

Example 3 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class SvnSyncTimer method commitShibboleth3Configuration.

private void commitShibboleth3Configuration(List<GluuSAMLTrustRelationship> trustRelationships) {
    synchronized (this) {
        List<SubversionFile> subversionFiles = new ArrayList<SubversionFile>();
        try {
            subversionFiles = subversionService.getDifferentFiles(shibboleth3ConfService.getConfigurationFilesForSubversion(trustRelationships));
        } catch (IOException e) {
            log.error("Failed to prepare files list to be persisted in svn", e);
        }
        List<SubversionFile> removeSubversionFiles = new ArrayList<SubversionFile>();
        while (!removedTrustRelationship.isEmpty()) {
            Pair<GluuSAMLTrustRelationship, String> removedRelationship = removedTrustRelationship.poll();
            SubversionFile file = shibboleth3ConfService.getConfigurationFileForSubversion(removedRelationship.getValue0());
            if (file != null) {
                removeSubversionFiles.add(file);
            }
        }
        String idpSvnComment = "";
        // Find all TRs modified not by user.
        for (SubversionFile file : subversionFiles) {
            String filename = file.getLocalFile();
            if (filename.matches(".*/DA[0-9A-F]*-sp-metadata\\.xml")) {
                boolean found = false;
                String inum = filename.replaceAll("-sp-metadata\\.xml", "").replaceAll(".*/", "");
                for (Pair<GluuSAMLTrustRelationship, String> trust : alteredTrustRelations) {
                    if (StringHelper.removePunctuation(trust.getValue0().getInum()).equals(inum)) {
                        found = true;
                        break;
                    }
                }
                if (!found) {
                    GluuSAMLTrustRelationship unknownTrust = trustService.getTrustByUnpunctuatedInum(inum);
                    if (unknownTrust != null) {
                        idpSvnComment += "Trust relationship '" + unknownTrust.getDisplayName() + "' was updated automatically\n";
                    } else {
                        idpSvnComment += "Appliance have no information about  '" + filename + "'. Please report this issue to appliance admin.\n";
                    }
                }
            }
        }
        log.debug("Files to be persisted in repository: " + StringHelper.toString(subversionFiles.toArray(new SubversionFile[] {})));
        log.debug("Files to be removed from repository: " + StringHelper.toString(removeSubversionFiles.toArray(new SubversionFile[] {})));
        if (!subversionService.commitShibboleth3ConfigurationFiles(organizationService.getOrganization(), subversionFiles, removeSubversionFiles, svnComment + idpSvnComment)) {
            log.error("Failed to commit Shibboleth3 configuration to SVN repository");
        } else {
            svnComment = "";
            alteredTrustRelations.clear();
            log.info("Shibboleth3 configuration commited successfully to SVN repository");
        }
    }
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) ArrayList(java.util.ArrayList) IOException(java.io.IOException) SubversionFile(org.gluu.oxtrust.model.SubversionFile)

Example 4 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class TrustService method getAllActiveTrustRelationships.

public List<GluuSAMLTrustRelationship> getAllActiveTrustRelationships() {
    GluuSAMLTrustRelationship trustRelationship = new GluuSAMLTrustRelationship();
    trustRelationship.setBaseDn(getDnForTrustRelationShip(null));
    trustRelationship.setStatus(GluuStatus.ACTIVE);
    return ldapEntryManager.findEntries(trustRelationship);
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)

Example 5 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class TrustService method addTrustRelationship.

public void addTrustRelationship(GluuSAMLTrustRelationship trustRelationship) {
    log.info("Creating TR " + trustRelationship.getInum());
    String[] clusterMembers = appConfiguration.getClusteredInums();
    String applianceInum = appConfiguration.getApplianceInum();
    if (clusterMembers == null || clusterMembers.length == 0) {
        log.debug("there is no cluster configuration. Assuming standalone appliance.");
        clusterMembers = new String[] { applianceInum };
    }
    String dn = trustRelationship.getDn();
    for (String clusterMember : clusterMembers) {
        String clusteredDN = StringHelper.replaceLast(dn, applianceInum, clusterMember);
        trustRelationship.setDn(clusteredDN);
        GluuSAMLTrustRelationship tr = new GluuSAMLTrustRelationship();
        tr.setDn(trustRelationship.getDn());
        if (!containsTrustRelationship(tr)) {
            log.debug("Adding TR" + clusteredDN);
            OrganizationalUnit ou = new OrganizationalUnit();
            ou.setDn(getDnForTrustRelationShip(null));
            if (!ldapEntryManager.contains(ou)) {
                ldapEntryManager.persist(ou);
            }
            ldapEntryManager.persist(trustRelationship);
        } else {
            ldapEntryManager.merge(trustRelationship);
        }
    }
    trustRelationship.setDn(dn);
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) OrganizationalUnit(org.gluu.oxtrust.model.OrganizationalUnit)

Aggregations

GluuSAMLTrustRelationship (org.gluu.oxtrust.model.GluuSAMLTrustRelationship)51 ArrayList (java.util.ArrayList)17 IOException (java.io.IOException)15 CertificateEncodingException (java.security.cert.CertificateEncodingException)11 BaseMappingException (org.gluu.persist.exception.mapping.BaseMappingException)10 Path (javax.ws.rs.Path)7 Produces (javax.ws.rs.Produces)7 ApiResponses (com.wordnik.swagger.annotations.ApiResponses)6 List (java.util.List)6 File (java.io.File)5 HashSet (java.util.HashSet)5 Consumes (javax.ws.rs.Consumes)4 POST (javax.ws.rs.POST)4 VelocityContext (org.apache.velocity.VelocityContext)4 SubversionFile (org.gluu.oxtrust.model.SubversionFile)4 ApiOperation (com.wordnik.swagger.annotations.ApiOperation)3 HashMap (java.util.HashMap)3 Set (java.util.Set)3 TreeSet (java.util.TreeSet)3 GluuAttribute (org.gluu.model.GluuAttribute)3