console/federation/SAMLv2IDPAssertionContentViewBean.java

/**
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
 *
 * The contents of this file are subject to the terms
 * of the Common Development and Distribution License
 * (the License). You may not use this file except in
 * compliance with the License.
 *
 * You can obtain a copy of the License at
 * https://opensso.dev.java.net/public/CDDLv1.0.html or
 * opensso/legal/CDDLv1.0.txt
 * See the License for the specific language governing
 * permission and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL
 * Header Notice in each file and include the License file
 * at opensso/legal/CDDLv1.0.txt.
 * If applicable, add the following below the CDDL Header,
 * with the fields enclosed by brackets [] replaced by
 * your own identifying information:
 * "Portions Copyrighted [year] [name of copyright owner]"
 *
 * $Id: SAMLv2IDPAssertionContentViewBean.java,v 1.5 2008/09/25 01:52:20 babysunil Exp $
 *
 * Portions Copyrighted 2013-2015 ForgeRock AS.
 */

package com.sun.identity.console.federation;

import com.iplanet.jato.view.event.RequestInvocationEvent;
import com.iplanet.jato.model.ModelControlException;
import com.iplanet.jato.view.ContainerView;
import com.iplanet.jato.view.event.DisplayEvent;
import com.iplanet.jato.view.View;
import com.sun.identity.console.base.AMPropertySheet;
import com.sun.identity.console.base.AMTableTiledView;
import com.sun.identity.console.base.model.AMPropertySheetModel;
import com.sun.identity.security.EncodeAction;
import com.sun.web.ui.view.alert.CCAlert;
import com.sun.identity.console.base.model.AMConsoleException;
import com.sun.identity.console.federation.model.SAMLv2Model;
import com.sun.web.ui.model.CCActionTableModel;
import com.sun.web.ui.view.table.CCActionTable;

import java.security.AccessController;
import java.util.*;

public class SAMLv2IDPAssertionContentViewBean extends SAMLv2Base {
    public static final String DEFAULT_DISPLAY_URL =
            "/console/federation/SAMLv2IDPAssertionContent.jsp";

    protected CCActionTableModel tblAuthContextsModel;

    public SAMLv2IDPAssertionContentViewBean() {
        super("SAMLv2IDPAssertionContent");
        setDefaultDisplayURL(DEFAULT_DISPLAY_URL);
    }

    protected void registerChildren() {
    super.registerChildren();
        if (isHosted()) {
        registerChild(CHILD_AUTH_CONTEXT_TILED_VIEW,
                AMTableTiledView.class);
        }
    }

    protected View createChild(String name) {
        View view = null;
        if ( isHosted() && (name.equals(CHILD_AUTH_CONTEXT_TILED_VIEW))) {
            view = new AMTableTiledView(this, tblAuthContextsModel, name);
        } else if (isHosted() && (name.equals(TBL_AUTHENTICATION_CONTEXTS))) {
            CCActionTable child = new CCActionTable(
                this, tblAuthContextsModel, name);
            child.setTiledView((ContainerView)getChild(
                CHILD_AUTH_CONTEXT_TILED_VIEW));
            view = child;
        } else {
            view = super.createChild(name);
        }
        return view;
    }

    public void beginDisplay(DisplayEvent event)
    throws ModelControlException {
        super.beginDisplay(event);
        AMPropertySheet ps = (AMPropertySheet) getChild(PROPERTIES);
        ps.init();
        SAMLv2Model model = (SAMLv2Model)getModel();
        ps.setAttributeValues(getStandardValues(), model);
        ps.setAttributeValues(getExtendedValues(), model);
        if (isHosted()) {
            SAMLv2AuthContexts authContexts = null;
            try {
                authContexts = model.getIDPAuthenticationContexts(
                    realm,
                    entityName);
            } catch (AMConsoleException e){
                setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error",
                    e.getMessage());
            }
            populateAuthenticationContext(authContexts, tblAuthContextsModel,
                    SAMLv2Model.IDP_AUTHN_CONTEXT_CLASS_REF_MAPPING_DEFAULT);
        }
    }

    protected void createPropertyModel() {
        retrieveCommonProperties();
        if (isHosted()) {
            psModel = new AMPropertySheetModel(
                getClass().getClassLoader().getResourceAsStream(
                "com/sun/identity/console/propertySAMLv2IDPAssertionContentHosted.xml"));
            createAuthContextsModel();
            psModel.setModel(TBL_AUTHENTICATION_CONTEXTS,
                 tblAuthContextsModel);

        } else {
            psModel = new AMPropertySheetModel(
                getClass().getClassLoader().getResourceAsStream(
                "com/sun/identity/console/propertySAMLv2IDPAssertionContentRemote.xml"));
        }
        psModel.clear();
    }

    private void createAuthContextsModel() {
        tblAuthContextsModel = new CCActionTableModel(
            getClass().getClassLoader().getResourceAsStream(
            "com/sun/identity/console/tblSAMLv2IDPAuthenticationContext.xml"));
        tblAuthContextsModel.setTitleLabel("label.items");
        tblAuthContextsModel.setActionValue(TBL_COL_CONTEXT_REFERENCE,
            "samlv2.idp.authenticationContext.table.name.contextReference.name");
        tblAuthContextsModel.setActionValue(TBL_COL_SUPPORTED,
            "samlv2.idp.authenticationContext.table.name.supported.name");
        tblAuthContextsModel.setActionValue(TBL_COL_KEY,
            "samlv2.idp.authenticationContext.table.name.key.name");
        tblAuthContextsModel.setActionValue(TBL_COL_VALUE,
            "samlv2.idp.authenticationContext.table.name.value.name");
        tblAuthContextsModel.setActionValue(TBL_COL_LEVEL,
            "samlv2.idp.authenticationContext.table.name.level.name");
    }

    private SAMLv2AuthContexts getAuthenticationContexts()
        throws ModelControlException
    {
        CCActionTable tbl = (CCActionTable)getChild(
            TBL_AUTHENTICATION_CONTEXTS);
        tbl.restoreStateData();

        SAMLv2AuthContexts authContexts = new SAMLv2AuthContexts();
        String defaultAuthnContext =
                (String)getDisplayFieldValue(SAMLv2Model.IDP_AUTHN_CONTEXT_CLASS_REF_MAPPING_DEFAULT);
        for (int i = 0; i < tblAuthContextsModel.getSize(); i++) {
            tblAuthContextsModel.setLocation(i);
            String name = (String)tblAuthContextsModel.getValue(
                TBL_DATA_CONTEXT_REFERENCE);
            String supported = (String)tblAuthContextsModel.getValue(
                TBL_DATA_SUPPORTED);
            String key = (String)tblAuthContextsModel.getValue(TBL_DATA_KEY);
            String value = (String)tblAuthContextsModel.getValue(
                TBL_DATA_VALUE);
            String level = (String)tblAuthContextsModel.getValue(
                TBL_DATA_LEVEL);
            boolean isDefault = false;
            if(name.equals(defaultAuthnContext)){
                isDefault = true;
                supported = "true";
            }
            authContexts.put(name, supported, key, value, level, isDefault);
        }
        return authContexts;
    }

    public void handleButton1Request(RequestInvocationEvent event)
    throws ModelControlException {
        try {
            SAMLv2Model model = (SAMLv2Model)getModel();
            AMPropertySheet ps = (AMPropertySheet)getChild(PROPERTY_ATTRIBUTES);

            //retrieve the standard metadata values from the property sheet
            Map idpStdValues = ps.getAttributeValues(
                    model.getStandardIdentityProviderAttributes(realm, entityName), false, model);

            //retrieve the extended metadata values from the property sheet
            Map idpExtValues = getExtendedValues();
            Map new_idpExtValues = ps.getAttributeValues(model.getIDPEXACDataMap(), false, model);

            // Check if the signing keypass has been updated, if it hasn't then remove it from the update since
            // password fields are set to AMPropertySheetModel.passwordRandom before they are displayed to the user.
            if (new_idpExtValues.containsKey(SAMLv2Model.IDP_SIGN_CERT_KEYPASS)) {
                Set value = (Set)new_idpExtValues.get(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
                if (value != null && !value.isEmpty()) {
                    String keyPass = (String)value.iterator().next();
                    if (AMPropertySheetModel.passwordRandom.equals(keyPass)) {
                        // User did not change the password => remove fake value to avoid it overriding the stored value
                        new_idpExtValues.remove(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
                    } else {
                        // The value has been updated
                        Set<String> encodedValue = new HashSet<String>(1);
                        // If the value is blank, don't encode
                        if (keyPass.isEmpty()) {
                            encodedValue.add(keyPass);
                        } else {
                            //Since it is plain text we need to encrypt it before storing
                            encodedValue.add(AccessController.doPrivileged(new EncodeAction(keyPass)));
                        }
                        new_idpExtValues.put(SAMLv2Model.IDP_SIGN_CERT_KEYPASS, encodedValue);
                    }
                }
            }
            idpExtValues.putAll(new_idpExtValues);

            //save the standard metadata values for the Idp
            model.setIDPStdAttributeValues(realm, entityName, idpStdValues);

            //save the extended metadata values for the Idp
            model.setIDPExtAttributeValues(realm, entityName, idpExtValues, location);

           if (isHosted()) {
                //update Authentication Contexts
                model.updateIDPAuthenticationContexts(realm, entityName, getAuthenticationContexts());

                //save the encryption and signing info
                 model.updateKeyinfo(realm, entityName, idpExtValues, idpStdValues, true);
            }

            setInlineAlertMessage(CCAlert.TYPE_INFO, "message.information", "samlv2.idp.property.updated");
        } catch (AMConsoleException e) {
            setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
        }
        forwardTo();
    }

    private Map getStandardValues() {
        Map map = new HashMap();
        try {

            //gets standard metadata values
            SAMLv2Model model = (SAMLv2Model)getModel();
            map = model.getStandardIdentityProviderAttributes(
                    realm, entityName);
        } catch (AMConsoleException e) {
            setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error",
                    e.getMessage() );
        }
        return map;
    }

    private Map<String, Set<String>> getExtendedValues() {
        Map<String, Set<String>> extendedValues = new HashMap<>();
        try {
            SAMLv2Model model = (SAMLv2Model) getModel();
            Map<String, List<String>> attr = model.getExtendedIdentityProviderAttributes(realm, entityName);

            for (Map.Entry<String, List<String>> entry : attr.entrySet()) {
                extendedValues.put(entry.getKey(), convertListToSet(entry.getValue()) );
            }
        } catch (AMConsoleException e) {
            setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage() );
        }
        return extendedValues;
    }
}