/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: WSFederationMetaManager.java,v 1.8 2009/10/28 23:58:59 exu Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The <code>WSFederationMetaManager</code> provides methods to manage both the
* standard entity descriptor and the extended entity configuration.
*/
public class WSFederationMetaManager {
"sun-fm-wsfederation-entityconfig";
static {
try {
if (configInstStatic != null) {
new WSFederationMetaServiceListener());
}
} catch (ConfigurationException ce) {
"WSFederationMetaManager.static: Unable to add " +
"ConfigurationListener for WSFederationCOT service.",
ce);
throw new ExceptionInInitializerError(ce);
}
try {
cotmStatic = new CircleOfTrustManager();
} catch (COTException se) {
throw new ExceptionInInitializerError(se);
}
}
/*
* Constructor.
* @exception WSFederationMetaException if an instance cannot be
* instantiated.
*/
cotm = cotmStatic;
}
}
/*
* Constructor.
* @param callerToken sesion token for the caller.
* @exception WSFederationMetaException if an instance cannot be
* instantiated.
*/
throws WSFederationMetaException
{
try {
}
} catch (ConfigurationException ce) {
throw new WSFederationMetaException(ce);
} catch (COTException cex) {
throw new WSFederationMetaException(cex);
}
}
/**
* Returns the standard metadata federation element under the realm.
*
* @param realm The realm under which the federation resides.
* @param entityId ID of the federation to be retrieved.
* @return <code>FederationElement</code> for the entity or null if
* not found.
* @throws WSFederationMetaException if unable to retrieve the entity
* descriptor.
*/
throws WSFederationMetaException {
return null;
}
realm = "/";
}
if (callerSession == null) {
if (federation != null) {
objs,
null);
return federation;
}
}
try {
return null;
}
return null;
}
if (obj instanceof FederationElement) {
objs,
null);
return federation;
}
"invalid descriptor");
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
/**
* Sets the standard metadata entity descriptor under the realm.
*
* @param realm The realm under which the entity resides.
* @param federation Federation object.
* @throws WSFederationMetaException if unable to set the entity descriptor.
*/
throws WSFederationMetaException {
if (federationId == null) {
}
realm = "/";
}
try {
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
/**
* Creates the standard metadata entity descriptor under the realm.
*
* @param realm The realm under which the entity descriptor will be
* created.
* @param federation The standard entity descriptor object to be created.
* @throws WSFederationMetaException if unable to create the entity
* descriptor.
*/
throws WSFederationMetaException {
if (federationId == null) {
}
realm = "/";
}
try {
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
/**
* Deletes the standard metadata entity descriptor under the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId The ID of the entity for whom the standard entity
* descriptor will be deleted.
* @throws WSFederationMetaException if unable to delete the entity
* descriptor.
*/
throws WSFederationMetaException {
if (federationId == null) {
return;
}
realm = "/";
}
try {
// Remove the entity from cot
}
}
// end of remove entity from cot
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
}
}
/**
* Returns extended entity configuration under the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId ID of the entity to be retrieved.
* @return <code>FederationConfigElement</code> object for the entity or
* null if not found.
* @throws WSFederationMetaException if unable to retrieve the entity
* configuration.
*/
throws WSFederationMetaException {
if (federationId == null) {
return null;
}
realm = "/";
}
if (callerSession == null) {
objs,
null);
return config;
}
}
try {
return null;
}
return null;
}
if (obj instanceof FederationConfigElement) {
objs,
null);
return config;
}
"invalid config");
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
/**
* Returns first service provider's SSO configuration in an entity under
* the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId ID of the entity to be retrieved.
* @return <code>SPSSOConfigElement</code> for the entity or null if not
* found.
* @throws WSFederationMetaException if unable to retrieve the first service
* provider's SSO configuration.
*/
throws WSFederationMetaException {
return null;
}
if (obj instanceof SPSSOConfigElement) {
return (SPSSOConfigElement)obj;
}
}
return null;
}
/**
* Returns first identity provider's SSO configuration in an entity under
* the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId ID of the entity to be retrieved.
* @return <code>IDPSSOConfigElement</code> for the entity or null if not
* found.
* @throws WSFederationMetaException if unable to retrieve the first
* identity provider's SSO configuration.
*/
throws WSFederationMetaException {
return null;
}
if (obj instanceof IDPSSOConfigElement) {
return (IDPSSOConfigElement)obj;
}
}
return null;
}
/**
* Returns first identity provider's SSO configuration in an entity under
* the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId ID of the entity to be retrieved.
* @return <code>BaseConfigElement</code> for the entity or null if not
* found.
* @throws WSFederationMetaException if unable to retrieve the first
* identity provider's SSO configuration.
*/
throws WSFederationMetaException {
return null;
}
}
/**
* Sets the extended entity configuration under the realm.
*
* @param realm The realm under which the entity resides.
* @param config The extended entity configuration object to be set.
* @throws WSFederationMetaException if unable to set the entity
* configuration.
*/
throws WSFederationMetaException {
if (federationId == null) {
"entity ID is null");
data,
null);
}
realm = "/";
}
try {
config);
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
/**
* Creates the extended entity configuration under the realm.
*
* @param realm The realm under which the entity configuration will be
* created.
* @param config The extended entity configuration object to be created.
* @throws WSFederationMetaException if unable to create the entity
* configuration.
*/
throws WSFederationMetaException {
if (federationId == null) {
"entity ID is null");
data,
null);
}
realm = "/";
}
try {
config);
objs,
null);
throw new WSFederationMetaException(
"entity_descriptor_not_exist", objs);
}
objs,
null);
throw new WSFederationMetaException("entity_config_exists",
objs);
}
objs,
null);
// Add the entity to cot
}
}
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
} catch (JAXBException jaxbe) {
objs,
null);
}
}
try {
}
}
}
} catch (Exception e) {
}
}
/**
* Deletes the extended entity configuration under the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId The ID of the entity for whom the extended entity
* configuration will be deleted.
* @throws WSFederationMetaException if unable to delete the entity
* descriptor.
*/
throws WSFederationMetaException {
if (federationId == null) {
return;
}
realm = "/";
}
try {
objs,
null);
throw new WSFederationMetaException("entity_config_not_exist",
objs);
}
// Remove the entity from cot
}
}
objs,
null);
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
}
}
/**
* Checks that the provided metaAliases are valid for a new hosted entity in the specified realm.
* Will verify that the metaAliases do not already exist in the realm and that no duplicates are provided.
*
* @param realm The realm in which we are validating the metaAliases.
* @param newMetaAliases values we are using to create the new metaAliases.
* @throws WSFederationMetaException if duplicate values found.
*/
public void validateMetaAliasForNewEntity(String realm, List<String> newMetaAliases) throws WSFederationMetaException {
+ " metaAlias values provided in list:\n" + newMetaAliases);
}
}
// only check if we have existing aliases
if (!allRealmMetaAliaes.isEmpty()) {
}
}
if (!duplicateMetaAliases.isEmpty()) {
}
+ " already exists in the realm: " + realm);
}
}
}
}
/**
* Returns all the hosted entity metaAliases for a realm.
*
* @param realm The given realm.
* @return all the hosted entity metaAliases for a realm or an empty arrayList if not found.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
try {
return metaAliases;
}
continue;
}
}
}
}
} catch (ConfigurationException e) {
"WSFederationMetaManager.getAllHostedMetaAliasesByRealm: Error getting "
+ "hostedMetaAliases for realm: "+ realm, e);
throw new WSFederationMetaException(e);
}
return metaAliases;
}
try {
if (a.length() > 0) {
}
}
}
}
} catch (Exception e) {
e);
}
}
/**
* Returns all hosted entities under the realm.
*
* @param realm The realm under which the hosted entities reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
try {
}
}
}
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
}
objs,
null);
return hostedEntityIds;
}
/**
* Returns all hosted service provider entities under the realm.
*
* @param realm The realm under which the hosted service provider entities
* reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
}
}
return hostedSPEntityIds;
}
/**
* Returns all hosted identity provider entities under the realm.
*
* @param realm The realm under which the hosted identity provider entities
* reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
}
}
return hostedIDPEntityIds;
}
/**
* Returns all remote entities under the realm.
*
* @param realm The realm under which the hosted entities reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
try {
}
}
}
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
}
objs,
null);
return remoteEntityIds;
}
/**
* Returns all remote service provider entities under the realm.
*
* @param realm The realm under which the remote service provider entities
* reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
}
}
return remoteSPEntityIds;
}
/**
* Returns all remote identity provider entities under the realm.
*
* @param realm The realm under which the remote identity provider entities
* reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
}
}
return remoteIDPEntityIds;
}
/**
* Returns entity ID associated with the metaAlias.
*
* @param metaAlias The metaAlias.
* @return entity ID associated with the metaAlias or null if not found.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
try {
return null;
}
continue;
}
return federationId;
}
}
}
} catch (ConfigurationException e) {
throw new WSFederationMetaException(e);
}
return null;
}
/**
* Returns entity ID associated with the token issuer name.
*
* @param issuer Token issuer name.
* @return entity ID associated with the metaAlias or null if not found.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
try {
return null;
}
{
return federationId;
}
}
} catch (ConfigurationException e) {
throw new WSFederationMetaException(e);
}
return null;
}
/**
* Returns role of an entity based on its metaAlias.
*
* @param metaAlias Meta alias of the entity.
* @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
* <code>SAML2Constants.SP_ROLE</code> or
* <code>SAML2Constants.UNKNOWN_ROLE</code>
* @throws WSFederationMetaException if there are issues in getting the
* entity profile from the meta alias.
*/
throws WSFederationMetaException {
if (federationId != null) {
}
}
} else {
//Assuming that sp and idp cannot have the same metaAlias
} else {
m = idpConfig.getMetaAlias();
}
}
}
}
return role;
}
/**
* Returns metaAliases of all hosted identity providers under the realm.
*
* @param realm The realm under which the identity provider metaAliases
* reside.
* @return a <code>List</code> of metaAliases <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve meta aliases.
*/
throws WSFederationMetaException {
}
}
return metaAliases;
}
/**
* Returns metaAliases of all hosted service providers under the realm.
*
* @param realm The realm under which the service provider metaAliases
* reside.
* @return a <code>List</code> of metaAliases <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve meta aliases.
*/
throws WSFederationMetaException {
realm);
}
}
return metaAliases;
}
/**
* Determines whether two entities are in the same circle of trust
* under the realm.
*
* @param realm The realm under which the entity resides.
* @param federationId The ID of the entity
* @param trustedEntityId The ID of the entity
* @throws WSFederationMetaException if unable to determine the trusted
* relationship.
*/
throws WSFederationMetaException {
boolean result=false;
}
if (result) {
return true;
}
}
return false;
}
try {
return true;
}
}
}
}
return false;
} catch (Exception e) {
" while determining two entities are in the same COT.");
return false;
}
}
/**
* Returns all entities under the realm.
*
* @param realm The realm under which the entities reside.
* @return a <code>Set</code> of entity ID <code>String</code>.
* @throws WSFederationMetaException if unable to retrieve the entity ids.
*/
throws WSFederationMetaException {
try {
}
} catch (ConfigurationException e) {
data,
null);
throw new WSFederationMetaException(e);
}
objs,
null);
return ret;
}
/**
* Returns the value of the <code><TokenIssuerEndpoint></code> element
* for the given entity.
* @param fed The standard metadata for the entity.
* @return the value of the <code><TokenIssuerEndpoint></code> element
*/
{
// Just return first TokenIssuerEndpoint in the Federation
{
if ( o instanceof TokenIssuerEndpointElement )
{
}
}
return null;
}
/**
* Returns the value of the <code><TokenIssuerName></code> element
* for the given entity.
* @param fed The standard metadata for the entity.
* @return the value of the <code><TokenIssuerName></code> element
*/
{
// Just return first TokenIssuerName in the Federation
{
if ( o instanceof TokenIssuerNameElement )
{
return ((TokenIssuerNameElement)o).getValue();
}
}
return null;
}
/**
* Returns the value of the <code><TokenSigningCertificate></code>
* element for the given entity.
* @param fed The standard metadata for the entity.
* @return byte array containing the decoded value of the
* <code><TokenSigningCertificate></code> element
*/
{
// Just return first TokenIssuerName in the Federation
{
if ( o instanceof TokenSigningKeyInfoElement )
{
{
if ( o1 instanceof X509DataType )
{
((X509DataType)o1).
{
if ( o2 instanceof X509Certificate )
{
}
}
}
}
}
}
return null;
}
/**
* Returns the value of the <code><UriNamedClaimTypesOffered></code>
* element for the given entity.
* @param fed The standard metadata for the entity.
* @return <code>UriNamedClaimTypesOfferedElement</code> containing the
* offered claim types.
* <code><UriNamedClaimTypesOffered></code> element
*/
{
// Just return first TokenIssuerName in the Federation
{
if ( o instanceof UriNamedClaimTypesOfferedElement )
{
return (UriNamedClaimTypesOfferedElement)o;
}
}
return null;
}
}