TokenGenerationService.java revision 2dd75eff92ef66e22cca286b6f4fe5a9c929af9d
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2014-2015 ForgeRock AS.
*/
/**
*
*/
class TokenGenerationService implements CollectionResourceProvider {
private final SAML2TokenGeneration saml2TokenGeneration;
private final OpenIdConnectTokenGeneration openIdConnectTokenGeneration;
private final CTSTokenPersistence ctsTokenPersistence;
/*
Ctor invoked by the TokenGenerationServiceConnectionFactory, using the SAML2TokenGeneration, STSInstanceStateProvider,
and Logger bound by guice.
*/
TokenGenerationService(SAML2TokenGeneration saml2TokenGeneration, OpenIdConnectTokenGeneration openIdConnectTokenGeneration,
}
public void createInstance(ServerContext context, CreateRequest request, ResultHandler<Resource> handler) {
try {
} catch (Exception e) {
logger.error("Exception caught marshalling json into TokenGenerationServiceInvocationState instance: " + e);
return;
}
try {
} catch (ForbiddenException e) {
handler.handleError(e);
return;
}
try {
} catch (ResourceException e) {
handler.handleError(e);
return;
}
try {
return;
} catch (TokenCreationException e) {
handler.handleError(e);
return;
} catch (Exception e) {
return;
}
try {
return;
} catch (TokenCreationException e) {
handler.handleError(e);
return;
} catch (Exception e) {
return;
}
} else {
return;
}
}
/**
* Generates a resource response for an issued token. The ID of the resource will be a random UUID, and the
* revision is the base-64 encoded SHA-1 hash of the assertion. The content of the resource is a JSON object with
* a single field "issued_token" whose content is the issued token assertion.
*
* @param assertion the assertion to return.
* @return the assertion as a resource.
*/
}
try {
} catch (SSOException e) {
"because token string does not correspond to a valid session: " + e);
throw new ForbiddenException(e.toString(), e);
}
throw new ForbiddenException("SSO token string does not correspond to a valid SSOToken");
}
return subjectToken;
}
private STSInstanceState getSTSInstanceState(TokenGenerationServiceInvocationState invocationState) throws ResourceException {
try {
stsInstanceState = restSTSInstanceStateProvider.getSTSInstanceState(invocationState.getStsInstanceId(), invocationState.getRealm());
stsInstanceState = soapSTSInstanceStateProvider.getSTSInstanceState(invocationState.getStsInstanceId(), invocationState.getRealm());
} else {
String message = "Illegal STSType specified in TokenGenerationService invocation: " + invocationState.getStsType();
throw new BadRequestException(message);
}
} catch (TokenCreationException | STSPublishException e) {
logger.error("Exception caught obtaining the sts instance state necessary to generate a saml2 assertion: " + e, e);
throw e;
} catch (Exception e) {
logger.error("Exception caught obtaining the sts instance state necessary to generate a saml2 assertion: " + e, e);
throw new InternalServerErrorException(e);
}
return stsInstanceState;
}
public void readInstance(final ServerContext serverContext, final String resourceId, final ReadRequest readRequest,
try {
return;
} else {
resultHandler.handleError(new NotFoundException("STS-issued token with id " + resourceId + " not found."));
return;
}
} catch (CTSTokenPersistenceException e) {
}
}
public void deleteInstance(final ServerContext serverContext, final String resourceId, final DeleteRequest deleteRequest,
try {
} catch (CTSTokenPersistenceException e) {
}
}
final QueryResultHandler queryResultHandler) {
if (queryFilter == null) {
return;
}
try {
final List<STSIssuedTokenState> issuedTokens = ctsTokenPersistence.listTokens(coreTokenFieldQueryFilter);
queryResultHandler.handleResource(new Resource(tokenState.getTokenId(), EMPTY_STRING, tokenState.toJson()));
}
} catch (CTSTokenPersistenceException e) {
}
}
private org.forgerock.util.query.QueryFilter<CoreTokenField> convertToCoreTokenFieldQueryFilter(org.forgerock.json.resource.QueryFilter queryFilter)
throws CTSTokenPersistenceException {
try {
} catch (IllegalArgumentException e) {
}
}
private static final QueryFilterVisitor<org.forgerock.util.query.QueryFilter<CoreTokenField>, Void> CORE_TOKEN_FIELD_QUERY_FILTER_VISITOR =
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitAndFilter(Void aVoid, List<org.forgerock.json.resource.QueryFilter> subFilters) {
List<org.forgerock.util.query.QueryFilter<CoreTokenField>> subCoreTokenFieldFilters = new ArrayList<>(subFilters.size());
}
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitEqualsFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
return org.forgerock.util.query.QueryFilter.equalTo(CTSTokenPersistence.CTS_TOKEN_FIELD_STS_ID, valueAssertion);
} else {
" not supported. Query format: " + getUsageString());
}
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitBooleanLiteralFilter(Void aVoid, boolean value) {
throw new IllegalArgumentException("Querying STS issued tokens via boolean literal unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitContainsFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via contains relationship unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitExtendedMatchFilter(Void aVoid, JsonPointer field, String operator, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via extended match filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitGreaterThanFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via greater-than filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitGreaterThanOrEqualToFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via greater-than-or-equal-to filter unsupported. Query format:"
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitLessThanFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via less-than filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitLessThanOrEqualToFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via less-than-or-equal-to filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitNotFilter(Void aVoid, org.forgerock.json.resource.QueryFilter subFilter) {
throw new IllegalArgumentException("Querying STS issued token via not filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitOrFilter(Void aVoid, List<org.forgerock.json.resource.QueryFilter> subFilters) {
throw new IllegalArgumentException("Querying STS issued token via or filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitPresentFilter(Void aVoid, JsonPointer field) {
throw new IllegalArgumentException("Querying STS issued token via present filter unsupported. Query format: "
+ getUsageString());
}
public org.forgerock.util.query.QueryFilter<CoreTokenField> visitStartsWithFilter(Void aVoid, JsonPointer field, Object valueAssertion) {
throw new IllegalArgumentException("Querying STS issued token via starts-with filter unsupported. Query format: "
+ getUsageString());
}
};
private static String getUsageString() {
return "Url must have a query param of format: _queryFilter=/" + STSIssuedTokenState.STS_ID_QUERY_ATTRIBUTE +
"+eq+\"sts_instance_id\"+and+/" + STSIssuedTokenState.STS_TOKEN_PRINCIPAL_QUERY_ATTRIBUTE + "+eq+\"token_principal_id\"";
}
}
public void actionInstance(final ServerContext serverContext, final String s, final ActionRequest actionRequest,
}
public void patchInstance(final ServerContext serverContext, final String s, final PatchRequest patchRequest,
}
public void updateInstance(final ServerContext serverContext, final String s, final UpdateRequest updateRequest,
}
}