saml2/profile/IDPCache.java

	IDPCache.java revision 34f7fc919553f0b520d0008264f1c5af819a3861
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper/**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * The contents of this file are subject to the terms
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * of the Common Development and Distribution License
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * (the License). You may not use this file except in
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * compliance with the License.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * You can obtain a copy of the License at
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * https://opensso.dev.java.net/public/CDDLv1.0.html or
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * opensso/legal/CDDLv1.0.txt
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * See the License for the specific language governing
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * permission and limitations under the License.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * When distributing Covered Code, include this CDDL
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * Header Notice in each file and include the License file
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * at opensso/legal/CDDLv1.0.txt.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * If applicable, add the following below the CDDL Header,
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * with the fields enclosed by brackets [] replaced by
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * your own identifying information:
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * "Portions Copyrighted [year] [name of copyright owner]"
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * $Id: IDPCache.java,v 1.18 2009/05/14 17:23:45 exu Exp $
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper *
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * Portions Copyrighted 2010-2014 ForgeRock AS.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperpackage com.sun.identity.saml2.profile;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperimport com.sun.identity.common.PeriodicCleanUpMap;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperimport java.util.Collections;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperimport java.util.Hashtable;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperimport java.util.HashSet;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperimport java.util.Set;
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper/**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * This class caches authn request objects and relay states
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * based on the request id of the authn requests
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * It also caches idp session by session index.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * TODO: Add cleanup thread to update IDP Cache if the cached
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper * objects stay in the cache longer than a certain Cache Duration.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeperpublic class IDPCache {
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    private IDPCache() {
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    }
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the authn request objects.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Key : request ID String
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Value : AuthnRequest object
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * TODO : handle the case when assertion effective time is different
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     *        from cleanup interval
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static PeriodicCleanUpMap authnRequestCache = new PeriodicCleanUpMap(
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper        SPCache.interval * 1000, SPCache.interval * 1000);
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the authn context objects before IDP redirects user to
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * authentication.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Key : request ID String
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Value : AuthnContext object
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static PeriodicCleanUpMap idpAuthnContextCache =
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper        new PeriodicCleanUpMap(
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper            SPCache.interval * 1000, SPCache.interval * 1000);
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the assertion objects.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Key : user ID String
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Value : list of assertion objects
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static Hashtable assertionCache = new Hashtable();
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the assertion objects.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Key : assertion ID String
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Value : assertion object
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static PeriodicCleanUpMap assertionByIDCache =
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper        new PeriodicCleanUpMap(SPCache.interval * 1000,
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper        SPCache.interval * 1000);
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the relay state strings.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Key : request ID String
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Value : relay state string
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static PeriodicCleanUpMap relayStateCache = new PeriodicCleanUpMap(
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper        SPCache.interval * 1000, SPCache.interval * 1000);
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves the idp sessions.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * key : sessionIndex (String)
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * value :IDPSession
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * IDP: used in SingleSignOnService and SingleLogoutService
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     *      to invalidate a specific session
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static Hashtable<String, IDPSession> idpSessionsByIndices = new Hashtable<String, IDPSession>();
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    /**
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * Cache saves Responses to be used by ArtifactResolutionService.
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * key --- artifact string (after encoding and all that)
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * value --- Response
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * IDP: used in SingleSignOnService and ArtifactResolutionService
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     * TODO : handle the case when artifact expiration time is different
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     *        from cleanup interval
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper     */
9772159fcd47ec75c7451e49baf2165fecb1f271Mark de Reeper    public static PeriodicCleanUpMap responsesByArtifacts =
       new PeriodicCleanUpMap(SPCache.interval * 1000, SPCache.interval * 1000);

    /**
     * Hashtable saves the MNI request info.
     * Key   :   requestID String
     * Value : ManageNameIDRequestInfo object
     */
    public static PeriodicCleanUpMap mniRequestHash = new PeriodicCleanUpMap(
        SPCache.interval * 1000, SPCache.interval * 1000);

    /**
     * Cache saves the idp attribute mapper.
     * Key : idp attribute mapper class name
     * Value : idp attribute mapper object
     */
    public static Hashtable idpAttributeMapperCache = new Hashtable();

    /**
     * Cache saves the idp account mapper.
     * Key : idp account mapper class name
     * Value : idp account mapper object
     */
    public static Hashtable idpAccountMapperCache = new Hashtable();

    /**
     * Cache saves the idp authn context mapper.
     * Key : idp authn context mapper class name
     * Value : idp authn context mapper object
     */
    public static Hashtable idpAuthnContextMapperCache = new Hashtable();

    /**
     * Cache saves the idp ecp session mapper.
     * Key : idp ecp session mapper class name
     * Value : idp ecp session mapper object
     */
    public static Hashtable idpECPSessionMapperCache = new Hashtable();

     /**
     * Cache saves the IDP Proxy Finder.
     * Key : IDP Proxy Finder class name
     * Value : IDP Proxy Finder mapper object
     */
    public static Hashtable idpProxyFinderCache = new Hashtable();

    /**
     * Cache saves the IDP Adapter.
     * Key : IDP Adapter class name
     * Value : IDP Adapter mapper object
     */
    public static Hashtable idpAdapterCache = new Hashtable();

    /**
     * Cache saves information needed after coming back from COT cookie setting.
     * key --- cachedResID (String)
     * value --- Response Information List (ArrayList of size 9)
     * IDP: used in SingleSignOnService and ArtifactResolutionService
     */
    public static PeriodicCleanUpMap responseCache = new PeriodicCleanUpMap(
        SPCache.interval * 1000, SPCache.interval * 1000);

    /**
     * Cache saves informate needed to determine the Authentication
     * Context of the incoming request from Service Provider.
     * key   : sessionIndex (String)
     * value : the AuthnContext object
     */
    public static Hashtable authnContextCache = new Hashtable();

    /**
     * Cache saves information to determine if the request was
     * a session upgrade case.
     * key   : requestID (String)
     * value : session upgrade (Boolean)
     */
    public static Set isSessionUpgradeCache =
        Collections.synchronizedSet(new HashSet());

    /**
     * Cache saves the IDP Session object before an session upgrade.
     * key    : requestID (String)
     * value  : IDPSession object.
     */
    public static Hashtable oldIDPSessionCache = new Hashtable();

    /**
      * Cache saves the original AuthnRequest coming from SP to IDP proxy
      * key   : requestID (String)
      * value : AuthnRequest
      */
    public static PeriodicCleanUpMap proxySPAuthnReqCache =
         new PeriodicCleanUpMap(
         SPCache.interval * 1000, SPCache.interval * 1000);

    /**
      * Cache saves the SAML2SessionPartner
      * key   : sessionId (String)
      * value : SAML2SessionPartner
      */
    public static Hashtable idpSessionsBySessionID = new Hashtable();

    /**
      * Cache saves user ID for transient NameID
      * key   : NameID value (String)
      * value : user ID
      */
    public static Hashtable userIDByTransientNameIDValue = new Hashtable();

    /**
      * Cache saves the original LogoutRequest coming from SP to IDP proxy
      * key   : requestID (String)
      * value : LogoutRequest
      */
    public static PeriodicCleanUpMap proxySPLogoutReqCache =
        new PeriodicCleanUpMap(
        SPCache.interval * 1000, SPCache.interval * 1000);

    /**
      * Cache saves the SOAPMessage created by proxy IDP to the original SP
      * key   : requestID (String)
      * value : SOAPMessage
      */
    public static PeriodicCleanUpMap SOAPMessageByLogoutRequestID =
         new PeriodicCleanUpMap(
         SPCache.interval * 1000, SPCache.interval * 1000);

    /**
      * Cache saves the SAML2 Session Partner's providerID
      * key   : sessionId (String)
      * value : SAML2 SessionPartner's provider id
      */
    public static Hashtable spSessionPartnerBySessionID = new Hashtable();

     /**
      * Cache saves the original LogoutResponse generated by IDP proxy
      * to the IDP
      * key   : requestID (String)
      * value : Map keeping LogoutResponse, sending location,
      *         spEntityID and idpEntityID.
      */
     public static PeriodicCleanUpMap logoutResponseCache =
          new PeriodicCleanUpMap(
          SPCache.interval * 1000, SPCache.interval * 1000);
    /**
     * Hashtable saves AuthnContextClassRef to auth schems mapping
     * key  : hostEntityID + "|" + realmName
     * value: Map containing AuthnContext class ref as Key and
     *            Set of auth schemes as value.
     */
    public static Hashtable classRefSchemesHash = new Hashtable();

    /**
     * Hashtable saves AuthnContextClassRef to AuthLevel mapping
     * key  : hostEntityID + "|" + realmName
     * value: Map containing AuthnContext class ref as Key and
     *            authLevel as value.
     */
    public static Hashtable classRefLevelHash = new Hashtable();

    /**
     * Hashtable saves AuthLevel to AuthnContextClassRef mapping
     * key  : hostEntityID + "|" + realmName
     * value: String default AuthnContext Class Ref.
     */
    public static Hashtable defaultClassRefHash = new Hashtable();

    /**
     * Hashtable saves NameID format to user profile attribute mapping
     * key  : hostEntityID + "|" + realm
     * value: Map containing NameNameID format as Key and user profile
     *     attribute name as Value.
     */
    public static Hashtable formatAttributeHash = new Hashtable();

    /**
     * Clears the authn context mapping hash tables.
     * @param realmName Organization or Realm
     */
    public static void clear(String realmName) {
        if (classRefSchemesHash != null && !classRefSchemesHash.isEmpty()) {
            classRefSchemesHash.clear();
        }
        if (classRefLevelHash != null && !classRefLevelHash.isEmpty()) {
            classRefLevelHash.clear();
        }
        if (defaultClassRefHash != null && !defaultClassRefHash.isEmpty()) {
            defaultClassRefHash.clear();
        }
        formatAttributeHash.clear();
    }
}