a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSAssertionManagerClient.java,v 1.8 2008/08/19 19:11:06 veiming Exp $
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSRemoteException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.protocol.AssertionArtifact;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.jaxrpc.SOAPClient;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>FSAssertionManagerClient</code> is a <code>final</code> class
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that provides interfaces to create, get and destroy <code>Assertion</code>s.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class provides mechanisms to manage the <code>Assertion</code>s either
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * locally (i.e., within the same JVM process) or remotely on another instance
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * of OpenAM. The default constructor will manage the <code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Assertion</code>s locally if it detects SAML web services running locally,
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * else will use one of the configured OpenAM. The constructor which
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * accepts an <code>URL</code> will always use the URL to manage the assertions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Having obtained an instance of <code>FSAssertionManagerClient</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * its methods can be called to create/get <code>Assertion</code>, and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionArtifact</code>, and to obtain decision from an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Query</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Service name in naming
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String SERVICE_NAME = "fsassertionmanager";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Flag to determine if FSAssertionManager is local or remote
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Remote JAX-RPC server for objects that use default constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If local pointer to AssertionManager instance
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static FSAssertionManager assertionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // JAX-RPC remote stub
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an instance of <code>AssertionManagerClient</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSAssertionManagerClient(String metaAlias) throws FSException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Construct the URL for local server
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer.parseInt(SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionManagerClient()Exception", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Use the remoteStub if set
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an instance of <code>FSAssertionManagerClient</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that will use the provided <code>URL</code> for the management
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of assertions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param url the <code>FSAssertionManager</code> service URL that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will be used to create, get and delete <code>Assertion</code>s
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSAssertionManagerClient(String metaAlias, String url)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Construct the JAX-RPC stub and set the URL endpoint
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.hostedEntityId = FSUtils.getIDFFMetaManager().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAssertionManagerClient() Exception", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Private method to get the service endpoint URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String protocol, String hostname, int port, String uri)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Obtain the URL for the service endpoint
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL weburl = SystemConfigurationUtil.getServiceURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAssertionManagerClient with URL: " + iurl);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Obtaining the stub for JAX-RPC and setting the endpoint URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns assertion associated with the <code>AssertionArtifact</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param artifact An <code>AssertionArtifact</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param destID The destination site requesting the assertion using
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the artifact. This String is compared with the destID that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the artifact is created for originally.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return The Assertion referenced to by artifact.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSException If an error occurred during the process, or no
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * assertion maps to the input artifact.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected Assertion getAssertion(AssertionArtifact artifact, String destID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (assertionManager.getAssertion(artifact, destID));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object[] obj = {metaAlias, artifact.getAssertionArtifact(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Base64.encode(SAMLUtils.stringToByteArray(destID))};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion = (String) stub.send("getAssertion", obj, null, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (assertion == null && FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("AMC:getAssertion(" + artifact +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getAssertion: asserion:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return ((assertion == null) ? null : new FSAssertion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLUtils.toDOMDocument(assertion, FSUtils.debug)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getAssertion: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getAssertion: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getAssertion: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getAssertion: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the destination id the artifact is created for.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param artifact <code>AssertionArtifact</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return destination id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSException if error occurred.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected String getDestIdForArtifact(AssertionArtifact artifact)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (assertionManager.getDestIdForArtifact(artifact));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object[] obj = {metaAlias, artifact.getAssertionArtifact()};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerId = (String) stub.send("getDestIdForArtifact", obj,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerId == null && FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "): Server returned NULL");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getDestIdForArtifact: returning" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getDestIdForArtifact: " + artifact,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getDestIdForArtifact: " + artifact,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getDestIdForArtifact: " + artifact,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the user exists.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDN user ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the user exists; <code>false</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSException if error occurred.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Boolean ret = (Boolean) stub.send("isUserExists", obj, null,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("AMC:isUserExists(" + userDN + ")"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:isUserExists: " + userDN, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:isUserExists: " + userDN, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:isUserExists: " + userDN, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected Status getErrorStatus( AssertionArtifact artifact )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object[] obj = {metaAlias, artifact.getAssertionArtifact()};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster status = (String) stub.send("getErrorStatus", obj, null, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (status == null && FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("AMC:getErrorStatus(" + artifact +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "): Server returned NULL");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("AMC:getErrorStatus: status:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = XMLUtils.toDOMDocument( status, FSUtils.debug );
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);