Search in sources :

Example 1 with CertificateRetrievingException

use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method getCertificateContent.

/**
 * Retrieves the certificate content from the database using the certificate reference id property of a
 * service provider.
 *
 * @param serviceProviderProperties
 * @param connection
 * @return
 * @throws CertificateRetrievingException
 */
private String getCertificateContent(List<ServiceProviderProperty> serviceProviderProperties, Connection connection) throws CertificateRetrievingException {
    String certificateReferenceId = null;
    for (ServiceProviderProperty property : serviceProviderProperties) {
        if ("CERTIFICATE".equals(property.getName())) {
            certificateReferenceId = property.getValue();
        }
    }
    if (certificateReferenceId != null) {
        PreparedStatement statementForFetchingCertificate = null;
        ResultSet results = null;
        try {
            statementForFetchingCertificate = connection.prepareStatement(GET_CERTIFICATE_BY_ID);
            statementForFetchingCertificate.setInt(1, Integer.parseInt(certificateReferenceId));
            results = statementForFetchingCertificate.executeQuery();
            String certificateContent = null;
            while (results.next()) {
                certificateContent = getBlobValue(results.getBinaryStream("CERTIFICATE_IN_PEM"));
            }
            if (certificateContent != null) {
                return certificateContent;
            }
        } catch (SQLException | IOException e) {
            String errorMessage = "An error occurred while retrieving the certificate for the " + "application.";
            log.error(errorMessage);
            throw new CertificateRetrievingException(errorMessage, e);
        } finally {
            IdentityApplicationManagementUtil.closeResultSet(results);
            IdentityApplicationManagementUtil.closeStatement(statementForFetchingCertificate);
        }
    }
    return null;
}
Also used : SQLException(java.sql.SQLException) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) NamedPreparedStatement(org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement) IOException(java.io.IOException) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty) CertificateRetrievingException(org.wso2.carbon.identity.core.CertificateRetrievingException)

Example 2 with CertificateRetrievingException

use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.

the class SAMLSSOServiceProviderDAO method getServiceProvider.

/**
 * Get the service provider.
 *
 * @param issuer
 * @return
 * @throws IdentityException
 */
public SAMLSSOServiceProviderDO getServiceProvider(String issuer) throws IdentityException {
    String path = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(issuer);
    SAMLSSOServiceProviderDO serviceProviderDO = null;
    UserRegistry userRegistry = null;
    String tenantDomain = null;
    try {
        userRegistry = (UserRegistry) registry;
        tenantDomain = IdentityTenantUtil.getRealmService().getTenantManager().getDomain(userRegistry.getTenantId());
        if (registry.resourceExists(path)) {
            serviceProviderDO = resourceToObject(registry.get(path));
            // Load the certificate stored in the database, if signature validation is enabled..
            if (serviceProviderDO.isDoValidateSignatureInRequests() || serviceProviderDO.isDoValidateSignatureInArtifactResolve() || serviceProviderDO.isDoEnableEncryptedAssertion()) {
                Tenant tenant = new Tenant();
                tenant.setDomain(tenantDomain);
                tenant.setId(userRegistry.getTenantId());
                serviceProviderDO.setX509Certificate(getApplicationCertificate(serviceProviderDO, tenant));
            }
            serviceProviderDO.setTenantDomain(tenantDomain);
        }
    } catch (RegistryException e) {
        throw IdentityException.error("Error occurred while checking if resource path \'" + path + "\' exists in " + "registry for tenant domain : " + tenantDomain, e);
    } catch (UserStoreException e) {
        throw IdentityException.error("Error occurred while getting tenant domain from tenant ID : " + userRegistry.getTenantId(), e);
    } catch (SQLException e) {
        throw IdentityException.error(String.format("An error occurred while getting the " + "application certificate id for validating the requests from the issuer '%s'", issuer), e);
    } catch (CertificateRetrievingException e) {
        throw IdentityException.error(String.format("An error occurred while getting the " + "application certificate for validating the requests from the issuer '%s'", issuer), e);
    }
    return serviceProviderDO;
}
Also used : SAMLSSOServiceProviderDO(org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO) Tenant(org.wso2.carbon.user.api.Tenant) SQLException(java.sql.SQLException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) UserRegistry(org.wso2.carbon.registry.core.session.UserRegistry) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) CertificateRetrievingException(org.wso2.carbon.identity.core.CertificateRetrievingException)

Example 3 with CertificateRetrievingException

use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.

the class ApplicationDAOImpl method getApplication.

@Override
public ServiceProvider getApplication(int applicationId) throws IdentityApplicationManagementException {
    Connection connection = IdentityDatabaseUtil.getDBConnection(false);
    try {
        // Load basic application data
        ServiceProvider serviceProvider = getBasicApplicationData(applicationId, connection);
        if (serviceProvider == null) {
            return null;
        }
        int tenantID = IdentityTenantUtil.getTenantId(serviceProvider.getOwner().getTenantDomain());
        List<ServiceProviderProperty> propertyList = getServicePropertiesBySpId(connection, applicationId);
        serviceProvider.setJwksUri(getJwksUri(propertyList));
        serviceProvider.setTemplateId(getTemplateId(propertyList));
        serviceProvider.setInboundAuthenticationConfig(getInboundAuthenticationConfig(applicationId, connection, tenantID));
        serviceProvider.setLocalAndOutBoundAuthenticationConfig(getLocalAndOutboundAuthenticationConfig(applicationId, connection, tenantID, propertyList));
        serviceProvider.setInboundProvisioningConfig(getInboundProvisioningConfiguration(applicationId, connection, tenantID));
        serviceProvider.setOutboundProvisioningConfig(getOutboundProvisioningConfiguration(applicationId, connection, tenantID));
        // Load Claim Mapping
        serviceProvider.setClaimConfig(getClaimConfiguration(applicationId, connection, tenantID));
        // Load Role Mappings
        List<RoleMapping> roleMappings = getRoleMappingOfApplication(applicationId, connection, tenantID);
        PermissionsAndRoleConfig permissionAndRoleConfig = new PermissionsAndRoleConfig();
        permissionAndRoleConfig.setRoleMappings(roleMappings.toArray(new RoleMapping[0]));
        serviceProvider.setPermissionAndRoleConfig(permissionAndRoleConfig);
        RequestPathAuthenticatorConfig[] requestPathAuthenticators = getRequestPathAuthenticators(applicationId, connection, tenantID);
        serviceProvider.setRequestPathAuthenticatorConfigs(requestPathAuthenticators);
        serviceProvider.setSpProperties(propertyList.toArray(new ServiceProviderProperty[0]));
        serviceProvider.setCertificateContent(getCertificateContent(propertyList, connection));
        // Will be supported with 'Advance Consent Management Feature'.
        /*
            ConsentConfig consentConfig = serviceProvider.getConsentConfig();
            if (isNull(consentConfig)) {
                consentConfig = new ConsentConfig();
            }
            consentConfig.setConsentPurposeConfigs(getConsentPurposeConfigs(connection, applicationId, tenantID));
            serviceProvider.setConsentConfig(consentConfig);
            */
        String serviceProviderName = serviceProvider.getApplicationName();
        loadApplicationPermissions(serviceProviderName, serviceProvider);
        return serviceProvider;
    } catch (SQLException | CertificateRetrievingException e) {
        throw new IdentityApplicationManagementException("Failed to get service provider with id: " + applicationId, e);
    } finally {
        IdentityApplicationManagementUtil.closeConnection(connection);
    }
}
Also used : SQLException(java.sql.SQLException) IdentityApplicationManagementException(org.wso2.carbon.identity.application.common.IdentityApplicationManagementException) Connection(java.sql.Connection) RoleMapping(org.wso2.carbon.identity.application.common.model.RoleMapping) CertificateRetrievingException(org.wso2.carbon.identity.core.CertificateRetrievingException) PermissionsAndRoleConfig(org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig) ServiceProvider(org.wso2.carbon.identity.application.common.model.ServiceProvider) RequestPathAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig) ServiceProviderProperty(org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)

Example 4 with CertificateRetrievingException

use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.

the class SAMLSSOServiceProviderDAO method getApplicationCertificate.

/**
 * Returns the {@link java.security.cert.Certificate} which should used to validate the requests
 * for the given service provider.
 *
 * @param serviceProviderDO
 * @param tenant
 * @return
 * @throws SQLException
 * @throws CertificateRetrievingException
 */
private X509Certificate getApplicationCertificate(SAMLSSOServiceProviderDO serviceProviderDO, Tenant tenant) throws SQLException, CertificateRetrievingException {
    // Check whether there is a certificate stored against the service provider (in the database)
    int applicationCertificateId = getApplicationCertificateId(serviceProviderDO.getIssuer(), tenant.getId());
    CertificateRetriever certificateRetriever;
    String certificateIdentifier;
    if (applicationCertificateId != -1) {
        certificateRetriever = new DatabaseCertificateRetriever();
        certificateIdentifier = Integer.toString(applicationCertificateId);
    } else {
        certificateRetriever = new KeyStoreCertificateRetriever();
        certificateIdentifier = serviceProviderDO.getCertAlias();
    }
    return certificateRetriever.getCertificate(certificateIdentifier, tenant);
}
Also used : DatabaseCertificateRetriever(org.wso2.carbon.identity.core.DatabaseCertificateRetriever) KeyStoreCertificateRetriever(org.wso2.carbon.identity.core.KeyStoreCertificateRetriever) DatabaseCertificateRetriever(org.wso2.carbon.identity.core.DatabaseCertificateRetriever) CertificateRetriever(org.wso2.carbon.identity.core.CertificateRetriever) KeyStoreCertificateRetriever(org.wso2.carbon.identity.core.KeyStoreCertificateRetriever)

Example 5 with CertificateRetrievingException

use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.

the class DatabaseCertificateRetriever method getCertificate.

/**
 * @param certificateId Database identifier of the certificate.
 * @param tenant        Tenant where the certificate belongs to. But in this implementation the passed tenant is
 *                      not considered since the database id is already there.
 * @return The certificate for the given database identifier.
 * @throws CertificateRetrievingException
 */
@Override
public X509Certificate getCertificate(String certificateId, Tenant tenant) throws CertificateRetrievingException {
    Connection connection;
    try {
        connection = IdentityDatabaseUtil.getDBConnection(false);
    } catch (IdentityRuntimeException e) {
        throw new CertificateRetrievingException("Couldn't get a database connection.", e);
    }
    PreparedStatement statementToGetApplicationCertificate = null;
    ResultSet queryResults = null;
    try {
        statementToGetApplicationCertificate = connection.prepareStatement(QUERY_TO_GET_APPLICATION_CERTIFICATE);
        statementToGetApplicationCertificate.setInt(1, Integer.parseInt(certificateId));
        queryResults = statementToGetApplicationCertificate.executeQuery();
        String certificateContent = null;
        while (queryResults.next()) {
            certificateContent = getBlobValue(queryResults.getBinaryStream(1));
        }
        if (StringUtils.isNotBlank(certificateContent)) {
            return (X509Certificate) IdentityUtil.convertPEMEncodedContentToCertificate(certificateContent);
        }
    } catch (SQLException e) {
        String errorMessage = String.format("An error occurred while retrieving the certificate content from " + "the database for the ID '%s'", certificateId);
        throw new CertificateRetrievingException(errorMessage, e);
    } catch (CertificateException e) {
        String errorMessage = String.format("An error occurred while build a certificate using the certificate " + "content from the database for the ID '%s'", certificateId);
        throw new CertificateRetrievingException(errorMessage, e);
    } catch (IOException e) {
        String errorMessage = String.format("An error occurred while reading the certificate blob from the " + "database for the ID '%s'", certificateId);
        throw new CertificateRetrievingException(errorMessage, e);
    } finally {
        IdentityDatabaseUtil.closeAllConnections(connection, queryResults, statementToGetApplicationCertificate);
    }
    return null;
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) PreparedStatement(java.sql.PreparedStatement) CertificateException(java.security.cert.CertificateException) IdentityRuntimeException(org.wso2.carbon.identity.base.IdentityRuntimeException) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Aggregations

SQLException (java.sql.SQLException)4 CertificateRetrievingException (org.wso2.carbon.identity.core.CertificateRetrievingException)3 IOException (java.io.IOException)2 X509Certificate (java.security.cert.X509Certificate)2 Connection (java.sql.Connection)2 PreparedStatement (java.sql.PreparedStatement)2 ResultSet (java.sql.ResultSet)2 ServiceProviderProperty (org.wso2.carbon.identity.application.common.model.ServiceProviderProperty)2 KeyStore (java.security.KeyStore)1 CertificateException (java.security.cert.CertificateException)1 KeyStoreManager (org.wso2.carbon.core.util.KeyStoreManager)1 NamedPreparedStatement (org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement)1 IdentityApplicationManagementException (org.wso2.carbon.identity.application.common.IdentityApplicationManagementException)1 PermissionsAndRoleConfig (org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig)1 RequestPathAuthenticatorConfig (org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig)1 RoleMapping (org.wso2.carbon.identity.application.common.model.RoleMapping)1 ServiceProvider (org.wso2.carbon.identity.application.common.model.ServiceProvider)1 IdentityRuntimeException (org.wso2.carbon.identity.base.IdentityRuntimeException)1 CertificateRetriever (org.wso2.carbon.identity.core.CertificateRetriever)1 DatabaseCertificateRetriever (org.wso2.carbon.identity.core.DatabaseCertificateRetriever)1