Example 36 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class TrustRelationshipWebService method setCertificate.
@POST
@Path("/set_certificate/{inum}")
@Consumes({ MediaType.TEXT_PLAIN })
@Produces(MediaType.TEXT_PLAIN)
@ApiOperation(value = "set certificate for TrustRelationship", notes = "Find TrustRelationship by inum and set certificate.")
@ApiResponses(value = { @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 500, message = "Server error") })
public void setCertificate(@PathParam("inum") String trustRelationshipInum, String certificate, @Context HttpServletResponse response) {
try {
GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
if (StringHelper.isEmpty(certificate)) {
logger.error("Failed to update TR certificate - certificate is empty");
return;
}
updateTRCertificate(trustRelationship, certificate);
} catch (Exception e) {
logger.error("Failed to update certificate", e);
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
} catch (Exception ex) {
}
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
BaseMappingException(org.gluu.persist.exception.mapping.BaseMappingException)
IOException(java.io.IOException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(com.wordnik.swagger.annotations.ApiOperation)
ApiResponses(com.wordnik.swagger.annotations.ApiResponses)
Example 37 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class TrustRelationshipWebService method setMetadataURL.
@POST
@Path("/set_metadata_url/{inum}")
@Consumes({ MediaType.TEXT_PLAIN })
@Produces(MediaType.TEXT_PLAIN)
@ApiResponses(value = { @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 500, message = "Server error") })
public void setMetadataURL(@PathParam("inum") String trustRelationshipInum, String url, @Context HttpServletResponse response) {
try {
GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
String metadataFileName = trustRelationship.getSpMetaDataFN();
if (StringHelper.isEmpty(metadataFileName)) {
// Generate new file name
metadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationshipInum);
}
shibboleth3ConfService.saveSpMetadataFile(url, metadataFileName);
trustRelationship.setSpMetaDataFN(metadataFileName);
trustRelationship.setSpMetaDataSourceType(GluuMetadataSourceType.FILE);
trustService.updateTrustRelationship(trustRelationship);
} catch (Exception e) {
logger.error("addMetadata() Exception", e);
try {
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR");
} catch (Exception ex) {
}
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
BaseMappingException(org.gluu.persist.exception.mapping.BaseMappingException)
IOException(java.io.IOException)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiResponses(com.wordnik.swagger.annotations.ApiResponses)
Example 38 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class EntityIDMonitoringService method process.
public void process() {
log.trace("Starting entityId monitoring process.");
log.trace("EVENT_METADATA_ENTITY_ID_UPDATE Starting");
for (GluuSAMLTrustRelationship tr : trustService.getAllTrustRelationships()) {
log.trace("Evaluating TR " + tr.getDn());
boolean meatadataAvailable = tr.getSpMetaDataFN() != null && StringHelper.isNotEmpty(tr.getSpMetaDataFN());
log.trace("meatadataAvailable:" + meatadataAvailable);
boolean correctType = trustService.getTrustContainerFederation(tr) == null;
log.trace("correctType:" + correctType);
boolean isValidated = GluuValidationStatus.VALIDATION_SUCCESS.equals(tr.getValidationStatus());
log.trace("isValidated:" + isValidated);
if (meatadataAvailable && correctType && isValidated) {
String idpMetadataFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + Shibboleth3ConfService.SHIB3_IDP_METADATA_FOLDER + File.separator;
File metadataFile = new File(idpMetadataFolder + tr.getSpMetaDataFN());
List<String> entityIds = SAMLMetadataParser.getEntityIdFromMetadataFile(metadataFile);
log.trace("entityIds from metadata: " + serviceUtil.iterableToString(entityIds));
Set<String> entityIdSet = new TreeSet<String>();
if (entityIds != null && !entityIds.isEmpty()) {
Set<String> duplicatesSet = new TreeSet<String>();
for (String entityId : entityIds) {
if (!entityIdSet.add(entityId)) {
duplicatesSet.add(entityId);
}
}
}
log.trace("unique entityIds: " + serviceUtil.iterableToString(entityIdSet));
Collection<String> disjunction = CollectionUtils.disjunction(entityIdSet, tr.getGluuEntityId());
log.trace("entityIds disjunction: " + serviceUtil.iterableToString(disjunction));
if (!disjunction.isEmpty()) {
log.trace("entityIds disjunction is not empty. Somthing has changed. Processing further.");
tr.setGluuEntityId(entityIdSet);
if (tr.isFederation()) {
List<GluuSAMLTrustRelationship> parts = trustService.getDeconstructedTrustRelationships(tr);
for (GluuSAMLTrustRelationship part : parts) {
log.trace("Processing TR part: " + part.getDn());
boolean isActive = part.getStatus() != null && GluuStatus.ACTIVE.equals(part.getStatus());
log.trace("isActive:" + isActive);
boolean entityIdPresent = entityIdSet != null && entityIdSet.contains(part.getEntityId());
log.trace("entityIdPresent:" + entityIdPresent);
boolean previouslyDisabled = part.getValidationLog() != null && part.getValidationLog().contains(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
log.trace("previouslyDisabled:" + previouslyDisabled);
if (isActive && !entityIdPresent) {
log.trace("no entityId found for part : " + part.getDn());
part.setStatus(GluuStatus.INACTIVE);
List<String> log = new ArrayList<String>();
log.add(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
part.setValidationLog(log);
trustService.updateTrustRelationship(part);
}
if (entityIdPresent && previouslyDisabled) {
log.trace("entityId found for part : " + part.getDn());
part.setStatus(GluuStatus.ACTIVE);
List<String> log = part.getValidationLog();
List<String> updatedLog = new ArrayList<String>(log);
updatedLog.remove(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
if (updatedLog.isEmpty()) {
updatedLog = null;
}
part.setValidationLog(updatedLog);
trustService.updateTrustRelationship(part);
}
}
}
trustService.updateTrustRelationship(tr);
}
}
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
TreeSet(java.util.TreeSet)
ArrayList(java.util.ArrayList)
File(java.io.File)
Example 39 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method addGluuSP.
/**
* Adds Trust relationship for own shibboleth SP and restarts services after
* done.
*
* @author �Oleksiy Tataryn�
*/
public void addGluuSP() {
String gluuSPInum = trustService.generateInumForNewTrustRelationship();
String metadataFN = getSpNewMetadataFileName(gluuSPInum);
GluuSAMLTrustRelationship gluuSP = new GluuSAMLTrustRelationship();
gluuSP.setInum(gluuSPInum);
gluuSP.setDisplayName("gluu SP on appliance");
gluuSP.setDescription("Trust Relationship for the SP");
gluuSP.setSpMetaDataSourceType(GluuMetadataSourceType.FILE);
gluuSP.setSpMetaDataFN(metadataFN);
// TODO:
gluuSP.setEntityId(StringHelper.removePunctuation(gluuSP.getInum()));
gluuSP.setUrl(appConfiguration.getApplianceUrl());
String certificate = "";
boolean result = false;
try {
certificate = FileUtils.readFileToString(new File(appConfiguration.getGluuSpCert())).replaceAll("-{5}.*?-{5}", "");
generateSpMetadataFile(gluuSP, certificate);
result = isCorrectSpMetadataFile(gluuSP.getSpMetaDataFN());
} catch (IOException e) {
log.error("Failed to gluu SP read certificate file.", e);
}
GluuAppliance appliance = null;
if (result) {
gluuSP.setStatus(GluuStatus.ACTIVE);
String inum = gluuSP.getInum();
String dn = trustService.getDnForTrustRelationShip(inum);
gluuSP.setDn(dn);
List<GluuCustomAttribute> customAttributes = new ArrayList<GluuCustomAttribute>();
List<GluuAttribute> attributes = attributeService.getAllPersonAttributes(GluuUserRole.ADMIN);
HashMap<String, GluuAttribute> attributesByDNs = attributeService.getAttributeMapByDNs(attributes);
List<String> customAttributeDNs = new ArrayList<String>();
List<String> attributeNames = new ArrayList<String>();
for (String attributeName : appConfiguration.getGluuSpAttributes()) {
GluuAttribute attribute = attributeService.getAttributeByName(attributeName, attributes);
if (attribute != null) {
customAttributeDNs.add(attribute.getDn());
}
}
customAttributes.addAll(attributeService.getCustomAttributesByAttributeDNs(customAttributeDNs, attributesByDNs));
gluuSP.setReleasedCustomAttributes(customAttributes);
gluuSP.setReleasedAttributes(attributeNames);
trustService.updateReleasedAttributes(gluuSP);
trustService.addTrustRelationship(gluuSP);
appliance = applianceService.getAppliance();
appliance.setGluuSPTR(gluuSP.getInum());
}
if (result) {
applianceService.updateAppliance(appliance);
log.warn("gluuSP EntityID set to " + StringHelper.removePunctuation(gluuSP.getInum()) + ". Shibboleth3 configuration should be updated.");
// applianceService.restartServices();
} else {
log.error("IDP configuration update failed. GluuSP was not generated.");
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
GluuCustomAttribute(org.gluu.oxtrust.model.GluuCustomAttribute)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
GluuAttribute(org.xdi.model.GluuAttribute)
GluuAppliance(org.gluu.oxtrust.model.GluuAppliance)
SubversionFile(org.gluu.oxtrust.model.SubversionFile)
File(java.io.File)
Example 40 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method initAttributes.
/*
* Init attributes
*/
private void initAttributes(List<GluuSAMLTrustRelationship> trustRelationships) {
List<GluuAttribute> attributes = attributeService.getAllPersonAttributes(GluuUserRole.ADMIN);
HashMap<String, GluuAttribute> attributesByDNs = attributeService.getAttributeMapByDNs(attributes);
GluuAttribute uid = attributeService.getAttributeByName(OxConstants.UID);
// Load attributes definition
for (GluuSAMLTrustRelationship trustRelationship : trustRelationships) {
// Add first attribute uid
List<String> oldAttributes = trustRelationship.getReleasedAttributes();
List<String> releasedAttributes = new ArrayList<String>();
if (oldAttributes != null) {
releasedAttributes.addAll(oldAttributes);
}
if (uid != null) {
if (releasedAttributes.remove(uid.getDn())) {
releasedAttributes.add(0, uid.getDn());
}
}
// Resolve custom attributes by DNs
trustRelationship.setReleasedCustomAttributes(attributeService.getCustomAttributesByAttributeDNs(releasedAttributes, attributesByDNs));
// Set attribute meta-data
attributeService.setAttributeMetadata(trustRelationship.getReleasedCustomAttributes(), attributes);
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
ArrayList(java.util.ArrayList)
GluuAttribute(org.xdi.model.GluuAttribute)
Aggregations
GluuSAMLTrustRelationship (org.gluu.oxtrust.model.GluuSAMLTrustRelationship)51
ArrayList (java.util.ArrayList)17
IOException (java.io.IOException)15
CertificateEncodingException (java.security.cert.CertificateEncodingException)11
BaseMappingException (org.gluu.persist.exception.mapping.BaseMappingException)10
Path (javax.ws.rs.Path)7
Produces (javax.ws.rs.Produces)7
ApiResponses (com.wordnik.swagger.annotations.ApiResponses)6
List (java.util.List)6
File (java.io.File)5
HashSet (java.util.HashSet)5
Consumes (javax.ws.rs.Consumes)4
POST (javax.ws.rs.POST)4
VelocityContext (org.apache.velocity.VelocityContext)4
SubversionFile (org.gluu.oxtrust.model.SubversionFile)4
ApiOperation (com.wordnik.swagger.annotations.ApiOperation)3
HashMap (java.util.HashMap)3
Set (java.util.Set)3
TreeSet (java.util.TreeSet)3
GluuAttribute (org.gluu.model.GluuAttribute)3
