/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AssertionManagerClient.java,v 1.8 2008/08/19 19:11:11 veiming Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The class <code>AssertionManagerClient</code> is a <code>final</code> class
* that provides interfaces to create, get and destroy <code>Assertion</code>s.
* <p>
* The class provides mechanisms to manage the <code>Assertion</code>s either
* locally (i.e., within the same JVM process) or remotely on another instance
* of OpenAM. The default constructor will manage the <code>
* Assertion</code>s locally if it detects SAML web services running locally,
* else will use one of the configured OpenAM servers. The constructor which
* accepts an <code>URL</code> will always use the URL to manage the assertions.
* <p>
* Having obtained an instance of <code>AssertionManagerClient</code>, its
* <code>AssertionArtifact</code>, and to obtain decision from an
* <code>Query</code>.
*/
public final class AssertionManagerClient {
// Service name in naming
// Flag to determine if AssertionManager is local or remote
static boolean checkedForLocal;
static boolean isLocal;
// Instance variable to use local service via AssertionManager
private boolean useLocal;
// Remote JAX-RPC server for objects that use default constructor
// If local pointer to AssertionManager instance
// JAX-RPC remote stub
/**
* Default Constructor
*
* @throws SAMLException if it cannot be constructed.
*/
if (!checkedForLocal) {
try {
// Construct the URL for locally defined server.
// This will throw URLNotFoundException if host
// is not part of Naming platform list
// The following call will throw one of the following
// exception if service does not exist or does not have
// permissions: javax.xml.soap.SOAPException
// java.rmi.RemoteException, java.rmi.ServerException
if (isLocal) {
}
checkedForLocal = true;
/*
* The following code is commented out since we are not ready
* to do a fall back function yet, as the rest of OpenAM
* does not support this. The server specified in AMConfig
* .properties
* will only be used to determine the remote server.
*/
/* } catch (URLNotFoundException unfe) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC: No SAML service locally. " +
"URLNotFound.", unfe);
}
remoteStub = getRemoteStub();
checkedForLocal = true;
} catch (SOAPException se) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC: No SAML service locally. " +
"SOAPException.", se);
}
remoteStub = getRemoteStub();
checkedForLocal = true;
} catch (ServerException se) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC: No SAML service locally. " +
"ServerException.", se);
}
remoteStub = getRemoteStub();
checkedForLocal = true;
} catch (RemoteException re) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC: No SAML service locally. " +
"RemoteException.", re);
}
remoteStub = getRemoteStub();
checkedForLocal = true;
*/
} catch (Exception e) {
"AssertionManagerClient()Exception", e);
}
throw (new SAMLException(e.getMessage()));
}
}
if (isLocal) {
useLocal = true;
} else {
// Use the remoteStub if set
stub = remoteStub;
}
}
/**
* Constructs an instance of <code>AssertionManagerClient</code>
* that will use the provided <code>URL</code> for the management
* of assertions.
*
* @param url <code>AssertionManager</code> service URL that will be used
* to create, get and delete assertions.
* @throws SAMLException if it cannot be constructed.
*/
try {
// Construct the JAX-RPC SOAPClient
useLocal = false;
} catch (Exception e) {
"AssertionManagerClient() Exception", e);
}
throw (new SAMLException(e.getMessage()));
}
}
/**
* Constructs an instance of <code>AssertionManagerClient</code>
* that will use the provided <code>URLs</code> for the management
* of assertions. In case of server failure, it will fall back
* to next available server.
*
* @param urls an array of <code>AssertionManager</code> service URLs that
* will be used to create, get and delete assertions.
* @throws SAMLException if it cannot be constructed.
*/
try {
// Construct the JAX-RPC SOAPClient
useLocal = false;
} catch (Exception e) {
"AssertionManagerClient() Exception", e);
}
throw (new SAMLException(e.getMessage()));
}
}
// Private method to get the service endpoint URL
// Obtain the URL for the service endpoint
}
// Obtaining the stub for JAX-RPC
return (new SOAPClient(urls));
}
try {
// Get a valid server from JAXRPCUtil. This throws
// Exception if no servers are found
// The following call will check if the JVM contains the
// the service instance also. If this is a server instance also
// "short-circuit" will be performed.
"AMC:getRemoteStub: generic error: ", ee);
}
}
return (remoteStub);
}
/**
* Returns an assertion that contains an authentication statement.
* @param token User session that contains authentication
* information which is needed to create the authentication
* statement.
* @return the created assertion.
* @throws SAMLException if the assertion cannot be created.
*/
if (useLocal) {
}
try {
null);
}
}
}
/**
* Returns an assertion that contains an authentication and attribute
* statement.
* @param token User session that contains authentication
* information which is needed to create the authentication
* statement for the assertion.
* @param attributes A list of attribute objects which are used to create
* the attribute statement.
* @return The created assertion.
* @throws SAMLException If the Assertion cannot be created.
*/
throws SAMLException
{
if (useLocal) {
}
// Check for null or empty attributes
return (createAssertion(token));
try {
}
null);
}
}
}
/**
* Returns an <code>AssertionArtifact</code> for the given <code>
* Assertion</code>.
* @param assertion The Assertion for which an Artifact needs to be
* created.
* @param target The <code>sourceID</code> of the site for which the
* <code>AssertionArtifact</code> is created. It is in raw String
* format (not Base64 encoded, for example.) This String can be
* obtained from converting the 20 bytes sequence to char Array,
* then from the char Array to String.
* @return <code>AssertionArtifact</code>
* @throws SAMLException if the <code>AssertionArtifact</code> cannot be
* created.
*/
{
if (useLocal) {
return (assertionManager.createAssertionArtifact(
}
try {
null);
return (new AssertionArtifact(aa));
}
}
}
/**
* Returns the <code>Assertion</code> based on the
* <code>AssertionIDReference</code>.
*
* @param idRef The <code>AssertionIDReference</code> which references to an
* Assertion.
* @param destID A set of String that representing the destination site id.
* The destination site id requesting the assertion using
* the assertion id reference. This String is compared with the
* <code>destID</code> that the assertion is created for originally.
* This field is not used (could be null) if the assertion was
* created without a <code>destID</code> originally. This String can
* be obtained from converting the 20 byte site id sequence to char
* array, then a new String from the char array.
* @return the Assertion referenced by the
* <code>AssertionIDReference</code>.
* @throws SAMLException if an error occurred during the process; or
* the assertion could not be found.
*/
throws SAMLException
{
if (useLocal)
try {
}
}
null);
}
}
}
/**
* Returns the <code>Assertion</code> based on the
* <code>AssertionIDReference</code>
*
* @param idRef The <code>AssertionIDReference</code> which references to
* an Assertion.
* @param destID The destination site id requesting the assertion using
* the assertion id reference. This String is compared with the
* <code>destID</code> that the assertion is created for originally.
* This field is not used (could be null) if the assertion was
* created without a <code>destID</code> originally. This String can
* be obtained from converting the 20 byte site id sequence to char
* array, then a new String from the char array.
* @return the Assertion referenced by the
* <code>AssertionIDReference</code>.
* @throws SAMLException If an error occurred during the process; or
* the assertion could not be found.
*/
throws SAMLException
{
if (useLocal) {
}
try {
// rpc could not handle destID is null or empty string case
destID = " ";
}
null);
}
}
}
/**
* Returns assertion associated with the <code>AssertionArtifact</code>.
* @param artifact An <code>AssertionArtifact</code>.
* @param destID A Set of String that represents the destination id.
* The destination site requesting the assertion using the
* artifact. This String is compared with the <code>destID</code>
* that the artifact is created for originally. This field must not
* be null or empty set.
* @return The Assertion referenced to by artifact.
* @throws SAMLException If an error occurred during the process, or no
* assertion maps to the input artifact.
*/
throws SAMLException
{
if (useLocal) {
}
try {
"AssertionArtifact, Set): destID set is null");
throw new SAMLException("nullInput");
}
}
null);
}
}
}
/**
* Returns assertion associated with the <code>AssertionArtifact</code>.
* @param artifact An <code>AssertionArtifact</code>.
* @param destID The destination site requesting the assertion using
* the artifact. This String is compared with the
* <code>destID</code> that the artifact is created for originally.
* @return The Assertion referenced to by artifact.
* @throws SAMLException If an error occurred during the process, or no
* assertion maps to the input artifact.
*/
throws SAMLException
{
if (useLocal) {
}
try {
null);
}
}
}
/**
* Returns the <code>Assertion</code> based on the
* <code>AssertionIDReference</code>.
*
* @param idRef The <code>AssertionIDReference</code> which references to an
* Assertion.
* @param token User session that is allowed to obtain the assertion.
* This token must have top level administrator role.
* @return the Assertion referenced by the
* <code>AssertionIDReference</code>.
* @throws SAMLException If an error occurred during the process; or
* the assertion could not be found.
*/
throws SAMLException
{
if (useLocal) {
}
try {
}
}
}
/**
* Returns all valid <code>AssertionArtifacts</code> managed by
* this instance (or the identified remote instance) of OpenAM.
* @param token User session which is allowed to get all
* <code>AssertionArtifacts</code>
* @return A Set of valid <code>AssertionArtifacts</code>. Each element
* in the Set is an <code>AssertionArtifact</code> object
* representing an artifact.
* @throws SAMLException If this method can not gets all valid
* <code>AssertionArtifacts</code>.
*/
if (useLocal) {
}
try {
}
}
}
/**
* Returns all valid <code>Assertion</code>s managed by this instance
* (or the identified remote instance) of OpenAM.
*
* @param token User session which is allowed to get all Assertions.
* @return A Set of valid Assertion IDs. Each element in the Set is a
* String representing an Assertion ID.
* @throws SAMLException if this method can not gets all valid Assertions.
*/
if (useLocal) {
}
try {
}
}
}
}