/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* https://opensso.dev.java.net/public/CDDLv1.0.html or
* opensso/legal/CDDLv1.0.txt
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: ImportBulkFederationData.java,v 1.6 2009/10/29 00:03:50 exu Exp $
*
*/
package com.sun.identity.federation.cli;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.IOutput;
import com.sun.identity.cli.LogWriter;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.accountmgmt.FSAccountUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.NameIDInfo;
import com.sun.identity.saml2.common.NameIDInfoKey;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
/**
* Import Bulk Federation Data.
* The input file is generated by <code>BulkFederation</code> class.
*/
public class ImportBulkFederationData extends AuthenticatedCommand {
static final String ARGUMENT_METADATA = "metaalias";
static final String ARGUMENT_BULK_DATA = "bulk-data-file";
private String metaAlias;
private String bulkFedData;
private String spec;
boolean isIDP;
private String localEntityId;
private String remoteEntityId;
/**
* Imports bulk federation data.
*
* @param rc Request Context.
* @throws CLIException if unable to process this request.
*/
@Override
public void handleRequest(RequestContext rc)
throws CLIException {
super.handleRequest(rc);
ldapLogin();
metaAlias = getStringOptionValue(ARGUMENT_METADATA);
bulkFedData = getStringOptionValue(ARGUMENT_BULK_DATA);
spec = FederationManager.getIDFFSubCommandSpecification(rc);
String[] params = {metaAlias, bulkFedData, spec};
writeLog(LogWriter.LOG_ACCESS, Level.INFO,
"ATTEMPT_IMPORT_BULK_FED_DATA", params);
try {
if (spec.equals(FederationManager.DEFAULT_SPECIFICATION)) {
saml2GetRoleAndEntityId();
Map nameIds = new HashMap();
validateFile(nameIds);
handleSAML2Request(nameIds);
writeLog(LogWriter.LOG_ACCESS, Level.INFO,
"SUCCEEDED_IMPORT_BULK_FED_DATA", params);
} else if (spec.equals(FedCLIConstants.IDFF_SPECIFICATION)) {
idffGetRoleAndEntityId();
Map nameIds = new HashMap();
validateFile(nameIds);
handleIDFFRequest(nameIds);
writeLog(LogWriter.LOG_ACCESS, Level.INFO,
"SUCCEEDED_IMPORT_BULK_FED_DATA", params);
} else {
throw new CLIException(
getResourceString("unsupported-specification"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
} catch (CLIException e) {
String[] args = {metaAlias, bulkFedData, spec, e.getMessage()};
writeLog(LogWriter.LOG_ERROR, Level.INFO,
"FAILED_IMPORT_BULK_FED_DATA", args);
throw e;
}
}
private void idffGetRoleAndEntityId()
throws CLIException {
try {
IDFFMetaManager idffMgr = new IDFFMetaManager(ssoToken);
String role = idffMgr.getProviderRoleByMetaAlias(metaAlias);
if (role == null) {
Object[] param = {metaAlias};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-unknown-metaalias"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
isIDP = role.equals(IFSConstants.IDP);
localEntityId = idffMgr.getEntityIDByMetaAlias(metaAlias);
} catch (IDFFMetaException e) {
debugError("ImportBulkFederationData.idffGetRoleAndEntityId", e);
Object[] param = {metaAlias};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-unknown-metaalias"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
private void saml2GetRoleAndEntityId()
throws CLIException {
try {
SAML2MetaManager saml2Mgr = new SAML2MetaManager(ssoToken);
String role = saml2Mgr.getRoleByMetaAlias(metaAlias);
if (role.equals(SAML2Constants.UNKNOWN_ROLE)) {
Object[] param = {metaAlias};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-unknown-metaalias"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
isIDP = role.equals(SAML2Constants.IDP_ROLE);
localEntityId = saml2Mgr.getEntityByMetaAlias(metaAlias);
} catch (SAML2MetaException e) {
debugError("ImportBulkFederationData.idffGetRoleAndEntityId", e);
Object[] param = {metaAlias};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-unknown-metaalias"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
private void handleSAML2Request(Map nameIds)
throws CLIException {
for (Iterator i = nameIds.entrySet().iterator(); i.hasNext(); ) {
Map.Entry e = (Map.Entry)i.next();
String userId = (String)e.getKey();
String nameId = (String)e.getValue();
saml2FederateUser(userId, nameId);
}
IOutput outputWriter = getOutputWriter();
outputWriter.printlnMessage(getResourceString(
"import-bulk-federation-data-succeeded"));
}
private void handleIDFFRequest(Map nameIds)
throws CLIException {
for (Iterator i = nameIds.entrySet().iterator(); i.hasNext(); ) {
Map.Entry e = (Map.Entry)i.next();
String userId = (String)e.getKey();
String nameId = (String)e.getValue();
idffFederateUser(userId, nameId);
}
IOutput outputWriter = getOutputWriter();
outputWriter.printlnMessage(getResourceString(
"import-bulk-federation-data-succeeded"));
}
private void validateFile(Map map)
throws CLIException {
BufferedReader io = null;
String localId = null;
try {
io = new BufferedReader(new FileReader(bulkFedData));
localId = getLocalEntityId(io.readLine());
matchEntityId(io.readLine(), localEntityId);
matchRole(io.readLine(), isIDP);
validateSpec(io.readLine());
String line = io.readLine();
//expecting uId|nameId format
while (line != null) {
line = line.trim();
int len = line.length();
if (len > 0) {
int idx = line.indexOf('|');
if ((idx == -1) || (idx == 0) || (idx == (len -1))) {
Object[] param = {line};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-incorrect-data-format"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
map.put(line.substring(0, idx), line.substring(idx+1));
}
line = io.readLine();
}
remoteEntityId = localId;
} catch (IOException e) {
throw new CLIException(e.getMessage(),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if (io != null) {
try {
io.close();
} catch (IOException ex) {
//ignored
}
}
}
}
private String getLocalEntityId(String line)
throws CLIException {
if ((line == null) || !line.startsWith(BulkFederation.HEADER_LOCAL)
) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-file-format"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
return line.substring(BulkFederation.HEADER_LOCAL.length());
}
/*
* The remote entity id from the input file should match the
* entity id of this metaalias.
*/
private void matchEntityId(String line, String entityId)
throws CLIException {
if ((line == null) || !line.startsWith(BulkFederation.HEADER_REMOTE)
) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-file-format"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
String remoteId = line.substring(BulkFederation.HEADER_REMOTE.length());
if (!entityId.equals(remoteId)) {
Object[] param = {remoteId};
throw new CLIException(MessageFormat.format(
getResourceString(
"import-bulk-federation-data-incorrect-entity-id"), param),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/*
* The role from the input file should NOT match the role of this metaalias.
* i.e. from the file contains IDP, then this metaalias should have SP role.
*/
private void matchRole(String line, boolean isIDP)
throws CLIException {
if ((line == null) || !line.startsWith(BulkFederation.HEADER_ROLE)
) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-file-format"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
String role = line.substring(BulkFederation.HEADER_ROLE.length());
if (isIDP == role.equals("IDP")) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-role"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
/*
* The specification from the input file should match the entered
* specification. either idff or saml2
*/
private void validateSpec(String line)
throws CLIException {
if ((line == null) || !line.startsWith(BulkFederation.HEADER_SPEC)
) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-file-format"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
String s = line.substring(BulkFederation.HEADER_SPEC.length());
if (!spec.equals(s)) {
throw new CLIException(getResourceString(
"import-bulk-federation-data-incorrect-spec"),
ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
private void idffFederateUser(String userId, String nameId)
throws CLIException {
try {
AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
FSAccountFedInfoKey key = (!isIDP) ?
new FSAccountFedInfoKey(localEntityId, nameId) :
new FSAccountFedInfoKey(remoteEntityId, nameId);
FSAccountFedInfo info = null;
if (isIDP) {
info = new FSAccountFedInfo(remoteEntityId,
new NameIdentifier(nameId, remoteEntityId,
IFSConstants.NI_FEDERATED_FORMAT_URI),
IFSConstants.LOCAL_NAME_IDENTIFIER, false);
} else {
info = new FSAccountFedInfo(remoteEntityId,
new NameIdentifier(nameId, localEntityId,
IFSConstants.NI_FEDERATED_FORMAT_URI),
IFSConstants.REMOTE_NAME_IDENTIFIER, false);
}
Map attributes = amid.getAttributes(
BulkFederation.idffUserAttributesFed);
Set setInfoKey = (Set)attributes.get(
FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR,
setInfoKey);
}
setInfoKey.add(FSAccountUtils.objectToKeyString(key));
Set setInfo = (Set)attributes.get(
FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
}
setInfo.add(FSAccountUtils.objectToInfoString(info));
amid.setAttributes(attributes);
amid.store();
} catch (FSAccountMgmtException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = {userId};
throw new CLIException(MessageFormat.format(
getResourceString("import-bulk-federation-data-cannot-federate"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAMLException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = {userId};
throw new CLIException(MessageFormat.format(
getResourceString("bulk-federation-cannot-federate"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
private void saml2FederateUser(String userId, String nameIdValue)
throws CLIException {
try {
AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat(
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE :
SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue,
localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId,
nameId, role, true);
Map attributes = amid.getAttributes(
BulkFederation.saml2UserAttributesFed);
Set setInfoKey = (Set)attributes.get(
FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set)attributes.get(
FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
} catch (SAML2Exception e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = {userId};
throw new CLIException(MessageFormat.format(
getResourceString("import-bulk-federation-data-cannot-federate"),
param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
}