/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSAssertionManager.java,v 1.12 2009/08/03 18:18:36 bigfatrat Exp $
*
*/
/**
* IDP side class which handles assertion and artifact operations.
*/
public final class FSAssertionManager {
/**
* Statistics instance for artifacts.
*/
/**
* Statistics instance for assertions.
*/
private int cleanupInterval;
private int assertionTimeout;
private int artifactTimeout;
private class Entry {
public Entry(
{
}
return assertion;
}
return destID;
}
return artString;
}
return token;
}
}
throws FSException
{
idEntryMap = new HashMap();
try {
if (metaManager != null) {
}
} catch (IDFFMetaException ie) {
throw new FSException(ie);
}
if (hostEntityId == null) {
}
try {
try {
} catch (Exception e) {
+ "Exception while parsing interval", e);
}
try {
} catch (Exception e) {
+ "Exception while parsing timeout", e);
}
if (assertionTimeout <
}
try {
"FSAssertionManager: "
+ "ArtifactTimeOut configuration not found in FSConfig."
+ " Using Default");
}
}
} catch(Exception e){
+ "Exception while parsing cleanup assertion :", e);
}
}
}
{
}
}
}
};
cleanupInterval, assertionTimeout, true);
cleanupInterval, artifactTimeout, true);
if (assrtStats.isEnabled()) {
}
}
/**
* Returns hosted provider meta alias.
* @return hosted provider meta alias.
* @see #setMetaAlias(String)
*/
return metaAlias;
}
/**
* Sets hosted provider meta alias.
* @param metaAlias hosted provider meta alias
* @see #getMetaAlias()
*/
}
/**
* Returns the realm which hosted provider resides.
* @return the realm which hosted provider resides.
* @see #setRealm(String)
*/
return realm;
}
/**
* Sets the realm which hosted provider resides.
* @param realm The realm which hosted provider resides
* @see #getRealm()
*/
}
/**
* Returns hosted provider Entity ID.
* @return hosted provider Entity ID
* @see #setEntityId(String)
*/
return hostEntityId;
}
/**
* Sets hosted provider Entity ID.
* @param entityId hosted provider Entity ID
* @see #getEntityId()
*/
this.hostEntityId = entityId;
}
/**
* Returns artifact to assertion ID map.
* @return artifact to assertion ID map
*/
return artIdMap;
}
/**
* Returns assertion ID to <code>Entry</code> object map.
* @return assertion ID to <code>Entry</code> object map
*/
return idEntryMap;
}
/**
* Returns a <code>FSAssertionManager</code> instance.
* @param metaAlias hosted entity ID
* @return <code>FSAssertionManager</code> instance.
* @exception FSException if error occurrs.
*/
throws FSException
{
"Constructing a new instance of FSAssertionManager");
}
synchronized (instanceMap) {
}
}
return(instance);
}
/**
* Creates an assertion artifact.
* @param id session ID
* @param realm the realm in which the provider resides
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param minorVersion request minor version, used to determine assertion's
* minor version
* @exception FSException,SAMLException if error occurrs
*/
int minorVersion)
throws FSException, SAMLException
{
// check input
+ " method createFSAssertionArtifact.");
}
}
// create assertion id and artifact
+ "ifact: couldn't generate assertion handle.");
}
}
// TODO: should obtain it through meta
byte bytesHandle[] = null;
try{
} catch(Exception e){
"FSAssertionManager.createFSAssertionArt: ", e);
return null;
}
}
art,
return art;
}
/**
* Creates an assertion artifact.
* @param id session ID
* @param artifact assertion artifact
* @param realm the realm under which the entity resides.
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param assertionMinorVersion minor version the assertion should use
* @exception FSException,SAMLException if error occurrs
*/
throws FSException, SAMLException
{
"FSAssertionManager.createFSAssertion(id): Called");
// check input
+ " method createFSAssertion.");
}
}
if (metaManager != null) {
try {
} catch (IDFFMetaException e) {
"FSAssertionManager.createFSAssertion: exception while"
+ " obtaining idp extended meta:", e);
}
}
}
}
try {
try {
} catch (UnsupportedOperationException ue) {
"FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
"FSAssertionManager.createFSAssertion(id):", se);
}
}
try {
} catch(ParseException ex){
"createFSAssertion(id): AuthInstant not found" +
"in the Token");
}
}
} else {
}
"FSAssertionManager.createFSAssertion(id):AuthInstant = "
+ authInstant);
}
try {
}
} catch (UnsupportedOperationException ue) {
"FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
"FSAssertionManager.createFSAssertion(id):", se);
}
}
if (assertionIssuer == null) {
"com.iplanet.am.server.host");
}
try {
} catch(UnknownHostException uhe) {
+ " obtain the localhost's ipaddress:", uhe);
}
try {
+ "(id): AuthnContextStatement for the token is null"
+ " Assertion will not contain any "
+ " AuthenticationStatement");
}
}
if (authnContextStatementRef != null){
if (assertionMinorVersion ==
{
} else {
}
}
"FSAssertionManager.createFSAssertion(id):"
+ "AuthnContextStatement used for authenticating the user: "
}
} catch(Exception e) {
+ " exception retrieving info from the session: ", e);
throw new FSException(
"alliance_manager_no_local_descriptor", null, e);
}
+ " Creating Authentication Assertion for user with"
+ "opaqueHandle= "
+ " And SecurityDomain= "
+ securityDomain);
}
if (assertionMinorVersion ==
{
} else {
}
} else {
// set to bearer for POST profile
}
if (assertionMinorVersion ==
{
idpNi = new IDPProvidedNameIdentifier(
} else {
}
+ "AssertionManager could not find a valid Session for"
+ "userId: "
}
return null;
}
if (sessionIndex == null) {
}
"FSAssertionManager.createAssertion(id): SessionIndex: " +
}
//setReauthenticateOnOrAfter date
// get this period from the config
} else {
}
}
}
}
/**
* This is added to create an attribute statement for the bootstrap
* information.
*/
&&
(generateBootstrapping != null &&
{
try {
if (bootStrap.hasCredentials()) {
}
} catch (Exception e) {
+ "exception when generating bootstrapping resource "
+ "offering:", e);
}
}
if (attribStatement != null) {
}
if ((attributePluginImpl != null) &&
{
try {
if (pluginClass instanceof FSRealmAttributePlugin) {
} else if (pluginClass instanceof FSAttributePlugin) {
}
if ((attribStatements != null) &&
{
}
}
"FSAssertion.createAssertion(id):getAttributePlugin:", ex);
}
}
}
cond,
+ " Assertion created successfully: "
+ assertion.toXMLString());
}
try {
+ " Assertion MAX number configuration not found in "
+ "FSConfig. Using Default");
}
}
}
+ "reached maxNumber of assertions.");
}
try {
synchronized(idEntryMap) {
}
}
} catch(Exception e) {
+ "to idEntryMap.", e);
}
}
} else {
}
try {
synchronized(artIdMap) {
}
}
} catch(Exception e) {
+ "artifact to the artIdMap.", e);
}
}
}
} else {
}
}
}
return assertion;
}
/**
* Retrieves the assertion associated with an artifact.
* @param artifact assertion artifact
* @param destID destination ID of the site who sent the request
* @return assertion associated with the artifact
* @exception FSException if the assertion could not be retrieved
*/
) throws FSException
{
{
}
// get server id.
// call AssertionManagerClient.getAssertion
"destid: calling another server in lb site:" + remoteUrl);
}
} // else
try {
}
} catch(Exception e) {
+ "stid): no AssertionID found corresponding to artifact.");
}
}
try {
}
} catch(Exception e) {
+ "stid): no Entry found corresponding to artifact.");
}
}
// check the destination id
+ "stid): no destID found corresponding to artifact.");
}
}
+ "stid): destinationID doesn't match.");
}
}
synchronized(artIdMap) {
}
}
synchronized(idEntryMap) {
}
}
+ "stid): no Assertion found corresponding to aID.");
}
}
if (!assertion.isTimeValid()) {
+ aIDString + " is expired.");
}
}
return assertion;
}
/**
* Finds the destination id for whom the artifact is issued for.
* @param artifact assertion artifact
* @return destination id
* @exception FSException if error occurrs
*/
) throws FSException
{
"FSAssertionManager.getDestIdForArtifact: Called");
// get server id.
// call FSAssertionManagerClient.getAssertion
"AssertionManager.getDestIdForArtifact(art, " +
"destid: calling another server in lb site:" + remoteUrl);
}
} // else
try {
}
} catch(Exception e) {
"FSAssertionManager.getDestIdForArtifact :" +
"no AssertionID found corresponding to artifact.");
}
}
try {
}
} catch(Exception e) {
"FSAssertionManager.getDestIdForArtifact: " +
"no Entry found corresponding to artifact.");
}
}
"FSAssertionManager.getDestIdForArtifact: " +
"no destID found corresponding to artifact.");
}
}
"FSAssertionManager.getDestIdForArtifact: " +
"Destination ProviderID found for Artifact: " + dest);
}
return dest;
}
try {
u.getPath());
"AssertionManager.getFullServiceURL:full remote URL is: " +
result);
}
} catch (Exception e) {
"AssertionManager.getFullServiceURL:Exception:", e);
}
}
return result;
}
/**
* Specific assertion class containing date and status.
* This is used to store information about a fault artifact.
*/
}
return _status;
}
}
/**
* Store the status of a given artifact (original error)
* @param aa reference artifact
* @param s stored status
*/
}
synchronized (idEntryMap) {
}
}
}
}
/**
* Retrieve the original status of a reference artifact.
* @param aa reference artifact
* @return The status as originally recorded.
*/
}
aa.getAssertionHandle());
// call AssertionManagerClient.getAssertion
+ "destid: calling another server in lb site:"
+ remoteUrl);
}
try {
} catch ( FSException fse ) {
}
} else {
if ( null != e ) {
if ( assertion instanceof ErrorAssertion ) {
}
}
}
return s;
}
}