use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method getCertificateContent.
/**
* Retrieves the certificate content from the database using the certificate reference id property of a
* service provider.
*
* @param serviceProviderProperties
* @param connection
* @return
* @throws CertificateRetrievingException
*/
private String getCertificateContent(List<ServiceProviderProperty> serviceProviderProperties, Connection connection) throws CertificateRetrievingException {
String certificateReferenceId = null;
for (ServiceProviderProperty property : serviceProviderProperties) {
if ("CERTIFICATE".equals(property.getName())) {
certificateReferenceId = property.getValue();
}
}
if (certificateReferenceId != null) {
PreparedStatement statementForFetchingCertificate = null;
ResultSet results = null;
try {
statementForFetchingCertificate = connection.prepareStatement(GET_CERTIFICATE_BY_ID);
statementForFetchingCertificate.setInt(1, Integer.parseInt(certificateReferenceId));
results = statementForFetchingCertificate.executeQuery();
String certificateContent = null;
while (results.next()) {
certificateContent = getBlobValue(results.getBinaryStream("CERTIFICATE_IN_PEM"));
}
if (certificateContent != null) {
return certificateContent;
}
} catch (SQLException | IOException e) {
String errorMessage = "An error occurred while retrieving the certificate for the " + "application.";
log.error(errorMessage);
throw new CertificateRetrievingException(errorMessage, e);
} finally {
IdentityApplicationManagementUtil.closeResultSet(results);
IdentityApplicationManagementUtil.closeStatement(statementForFetchingCertificate);
}
}
return null;
}
use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.
the class SAMLSSOServiceProviderDAO method getServiceProvider.
/**
* Get the service provider.
*
* @param issuer
* @return
* @throws IdentityException
*/
public SAMLSSOServiceProviderDO getServiceProvider(String issuer) throws IdentityException {
String path = IdentityRegistryResources.SAML_SSO_SERVICE_PROVIDERS + encodePath(issuer);
SAMLSSOServiceProviderDO serviceProviderDO = null;
UserRegistry userRegistry = null;
String tenantDomain = null;
try {
userRegistry = (UserRegistry) registry;
tenantDomain = IdentityTenantUtil.getRealmService().getTenantManager().getDomain(userRegistry.getTenantId());
if (registry.resourceExists(path)) {
serviceProviderDO = resourceToObject(registry.get(path));
// Load the certificate stored in the database, if signature validation is enabled..
if (serviceProviderDO.isDoValidateSignatureInRequests() || serviceProviderDO.isDoValidateSignatureInArtifactResolve() || serviceProviderDO.isDoEnableEncryptedAssertion()) {
Tenant tenant = new Tenant();
tenant.setDomain(tenantDomain);
tenant.setId(userRegistry.getTenantId());
serviceProviderDO.setX509Certificate(getApplicationCertificate(serviceProviderDO, tenant));
}
serviceProviderDO.setTenantDomain(tenantDomain);
}
} catch (RegistryException e) {
throw IdentityException.error("Error occurred while checking if resource path \'" + path + "\' exists in " + "registry for tenant domain : " + tenantDomain, e);
} catch (UserStoreException e) {
throw IdentityException.error("Error occurred while getting tenant domain from tenant ID : " + userRegistry.getTenantId(), e);
} catch (SQLException e) {
throw IdentityException.error(String.format("An error occurred while getting the " + "application certificate id for validating the requests from the issuer '%s'", issuer), e);
} catch (CertificateRetrievingException e) {
throw IdentityException.error(String.format("An error occurred while getting the " + "application certificate for validating the requests from the issuer '%s'", issuer), e);
}
return serviceProviderDO;
}
use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.
the class ApplicationDAOImpl method getApplication.
@Override
public ServiceProvider getApplication(int applicationId) throws IdentityApplicationManagementException {
Connection connection = IdentityDatabaseUtil.getDBConnection(false);
try {
// Load basic application data
ServiceProvider serviceProvider = getBasicApplicationData(applicationId, connection);
if (serviceProvider == null) {
return null;
}
int tenantID = IdentityTenantUtil.getTenantId(serviceProvider.getOwner().getTenantDomain());
List<ServiceProviderProperty> propertyList = getServicePropertiesBySpId(connection, applicationId);
serviceProvider.setJwksUri(getJwksUri(propertyList));
serviceProvider.setTemplateId(getTemplateId(propertyList));
serviceProvider.setInboundAuthenticationConfig(getInboundAuthenticationConfig(applicationId, connection, tenantID));
serviceProvider.setLocalAndOutBoundAuthenticationConfig(getLocalAndOutboundAuthenticationConfig(applicationId, connection, tenantID, propertyList));
serviceProvider.setInboundProvisioningConfig(getInboundProvisioningConfiguration(applicationId, connection, tenantID));
serviceProvider.setOutboundProvisioningConfig(getOutboundProvisioningConfiguration(applicationId, connection, tenantID));
// Load Claim Mapping
serviceProvider.setClaimConfig(getClaimConfiguration(applicationId, connection, tenantID));
// Load Role Mappings
List<RoleMapping> roleMappings = getRoleMappingOfApplication(applicationId, connection, tenantID);
PermissionsAndRoleConfig permissionAndRoleConfig = new PermissionsAndRoleConfig();
permissionAndRoleConfig.setRoleMappings(roleMappings.toArray(new RoleMapping[0]));
serviceProvider.setPermissionAndRoleConfig(permissionAndRoleConfig);
RequestPathAuthenticatorConfig[] requestPathAuthenticators = getRequestPathAuthenticators(applicationId, connection, tenantID);
serviceProvider.setRequestPathAuthenticatorConfigs(requestPathAuthenticators);
serviceProvider.setSpProperties(propertyList.toArray(new ServiceProviderProperty[0]));
serviceProvider.setCertificateContent(getCertificateContent(propertyList, connection));
// Will be supported with 'Advance Consent Management Feature'.
/*
ConsentConfig consentConfig = serviceProvider.getConsentConfig();
if (isNull(consentConfig)) {
consentConfig = new ConsentConfig();
}
consentConfig.setConsentPurposeConfigs(getConsentPurposeConfigs(connection, applicationId, tenantID));
serviceProvider.setConsentConfig(consentConfig);
*/
String serviceProviderName = serviceProvider.getApplicationName();
loadApplicationPermissions(serviceProviderName, serviceProvider);
return serviceProvider;
} catch (SQLException | CertificateRetrievingException e) {
throw new IdentityApplicationManagementException("Failed to get service provider with id: " + applicationId, e);
} finally {
IdentityApplicationManagementUtil.closeConnection(connection);
}
}
use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.
the class SAMLSSOServiceProviderDAO method getApplicationCertificate.
/**
* Returns the {@link java.security.cert.Certificate} which should used to validate the requests
* for the given service provider.
*
* @param serviceProviderDO
* @param tenant
* @return
* @throws SQLException
* @throws CertificateRetrievingException
*/
private X509Certificate getApplicationCertificate(SAMLSSOServiceProviderDO serviceProviderDO, Tenant tenant) throws SQLException, CertificateRetrievingException {
// Check whether there is a certificate stored against the service provider (in the database)
int applicationCertificateId = getApplicationCertificateId(serviceProviderDO.getIssuer(), tenant.getId());
CertificateRetriever certificateRetriever;
String certificateIdentifier;
if (applicationCertificateId != -1) {
certificateRetriever = new DatabaseCertificateRetriever();
certificateIdentifier = Integer.toString(applicationCertificateId);
} else {
certificateRetriever = new KeyStoreCertificateRetriever();
certificateIdentifier = serviceProviderDO.getCertAlias();
}
return certificateRetriever.getCertificate(certificateIdentifier, tenant);
}
use of org.wso2.carbon.identity.core.CertificateRetrievingException in project carbon-identity-framework by wso2.
the class DatabaseCertificateRetriever method getCertificate.
/**
* @param certificateId Database identifier of the certificate.
* @param tenant Tenant where the certificate belongs to. But in this implementation the passed tenant is
* not considered since the database id is already there.
* @return The certificate for the given database identifier.
* @throws CertificateRetrievingException
*/
@Override
public X509Certificate getCertificate(String certificateId, Tenant tenant) throws CertificateRetrievingException {
Connection connection;
try {
connection = IdentityDatabaseUtil.getDBConnection(false);
} catch (IdentityRuntimeException e) {
throw new CertificateRetrievingException("Couldn't get a database connection.", e);
}
PreparedStatement statementToGetApplicationCertificate = null;
ResultSet queryResults = null;
try {
statementToGetApplicationCertificate = connection.prepareStatement(QUERY_TO_GET_APPLICATION_CERTIFICATE);
statementToGetApplicationCertificate.setInt(1, Integer.parseInt(certificateId));
queryResults = statementToGetApplicationCertificate.executeQuery();
String certificateContent = null;
while (queryResults.next()) {
certificateContent = getBlobValue(queryResults.getBinaryStream(1));
}
if (StringUtils.isNotBlank(certificateContent)) {
return (X509Certificate) IdentityUtil.convertPEMEncodedContentToCertificate(certificateContent);
}
} catch (SQLException e) {
String errorMessage = String.format("An error occurred while retrieving the certificate content from " + "the database for the ID '%s'", certificateId);
throw new CertificateRetrievingException(errorMessage, e);
} catch (CertificateException e) {
String errorMessage = String.format("An error occurred while build a certificate using the certificate " + "content from the database for the ID '%s'", certificateId);
throw new CertificateRetrievingException(errorMessage, e);
} catch (IOException e) {
String errorMessage = String.format("An error occurred while reading the certificate blob from the " + "database for the ID '%s'", certificateId);
throw new CertificateRetrievingException(errorMessage, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, queryResults, statementToGetApplicationCertificate);
}
return null;
}
Aggregations