identity/workflow/CreateHostedSP.java

4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: CreateHostedSP.java,v 1.9 2010/01/04 19:10:50 veiming Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.workflow;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.cot.COTException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.meta.SAML2MetaException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.meta.SAML2MetaManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.ArrayList;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.List;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Locale;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Creates Hosted Service Provider.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class CreateHostedSP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    extends Task {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public CreateHostedSP() {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Creates hosted service provider.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param locale Locale of the Request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param params Map of creation parameters.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public String execute(Locale locale, Map params)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        throws WorkflowException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        validateParameters(params);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String metadataFile = getString(params, ParameterKeys.P_META_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String defAttrMappings = getString(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            params, ParameterKeys.P_DEF_ATTR_MAPPING);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        boolean hasMetaData = (metadataFile != null) &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            (metadataFile.trim().length() > 0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String metadata = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String extendedData = null;
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (hasMetaData) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String extendedDataFile = getString(params,
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell                ParameterKeys.P_EXTENDED_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            metadata = getContent(metadataFile, locale);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            extendedData = getContent(extendedDataFile, locale);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String entityId = getString(params, ParameterKeys.P_ENTITY_ID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String metaAlias = generateMetaAliasForSP(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                getString(params, ParameterKeys.P_REALM));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Map map = new HashMap();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            map.put(MetaTemplateParameters.P_SP, metaAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            map.put(MetaTemplateParameters.P_SP_E_CERT,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                getString(params, ParameterKeys.P_SP_E_CERT));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                metadata =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    CreateSAML2HostedProviderTemplate.buildMetaDataTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    entityId, map, getRequestURL(params));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                //metadata = enableSigning(metadata);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                extendedData =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                   CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    entityId, map, getRequestURL(params));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (SAML2MetaException e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return e.getMessage();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String[] results = ImportSAML2MetaData.importData(null, metadata,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            extendedData);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String realm = results[0];
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String entityId = results[1];
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String cot = getString(params, ParameterKeys.P_COT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((cot != null) && (cot.length() > 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                AddProviderToCOT.addToCOT(realm, cot, entityId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (COTException e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                throw new WorkflowException(e.getMessage());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        List attrMapping = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (defAttrMappings.equals("true")) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            attrMapping = new ArrayList(1);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            attrMapping.add("*=*");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            attrMapping = getAttributeMapping(params);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (!attrMapping.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SAML2MetaManager manager = new SAML2MetaManager();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                EntityConfigElement config = manager.getEntityConfig(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    realm, entityId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                SPSSOConfigElement ssoConfig = manager.getSPSSOConfig(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    realm, entityId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                List mappedAttributes = (List) attribConfig.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    SAML2Constants.ATTRIBUTE_MAP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                mappedAttributes.addAll(attrMapping);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                manager.setEntityConfig(realm, config);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (SAML2MetaException e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                throw new WorkflowException(e.getMessage());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return "done|||realm=" + realm;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private String enableSigning(String metadata) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        int idx = metadata.indexOf("WantAssertionsSigned=\"false\"");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (idx != -1) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            metadata = metadata.substring(0, idx) +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "WantAssertionsSigned=\"true\"" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                metadata.substring(idx + 28);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return metadata;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private void validateParameters(Map params)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        throws WorkflowException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String metadata = getString(params, ParameterKeys.P_META_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        boolean hasMetaData = (metadata != null) &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            (metadata.trim().length() > 0);
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell        String extendedData = getString(params, ParameterKeys.P_EXTENDED_DATA);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        boolean hasExtendedData = (extendedData != null) &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            (extendedData.trim().length() > 0);
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((hasMetaData && !hasExtendedData) ||
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            (!hasMetaData && hasExtendedData)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new WorkflowException("both-meta-extended-data-required",
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((params.size() == 3) &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            params.containsKey(ParameterKeys.P_META_DATA) &&
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell            params.containsKey(ParameterKeys.P_EXTENDED_DATA) &&
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            !hasMetaData && !hasExtendedData
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new WorkflowException("both-meta-extended-data-required",
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String cotname = getString(params, ParameterKeys.P_COT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((cotname == null) || (cotname.trim().length() == 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            throw new WorkflowException("missing-cot", null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (!hasMetaData && !hasExtendedData) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String realm = getString(params, ParameterKeys.P_REALM);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if ((realm == null) || (realm.trim().length() == 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                throw new WorkflowException("missing-realm", null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
3fc1b5e9b2ff286cd528a06154cc998198de1e70Craig McDonnell
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String entityId = getString(params, ParameterKeys.P_ENTITY_ID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if ((entityId == null) || (entityId.trim().length() == 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                throw new WorkflowException("missing-entity-id", null);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}