RestSTSModelImpl.java revision 61ea54c309169801a1833f99729723071c24c047
/*
* The contents of this file are subject to the terms of the Common Development and
* Distribution License (the License). You may not use this file except in compliance with the
* License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
* specific language governing permission and limitations under the License.
*
* When distributing Covered Software, include this CDDL Header Notice in each file and include
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
* Header, with the fields enclosed by brackets [] replaced by your own identifying
* information: "Portions Copyrighted [year] [name of copyright owner]".
*
* Copyright 2014 ForgeRock AS. All rights reserved.
*/
/**
* @see com.sun.identity.console.reststs.model.RestSTSModel
* This class extends the AMServiceProfileModelImpl because this class provides functionality for reading values corresponding
* to propertySheets.
*
*/
}
try {
if (baseService != null) {
return baseService.getSubConfigNames();
} else {
return Collections.EMPTY_SET;
}
} catch (SMSException e) {
throw new AMConsoleException(e);
} catch (SSOException e) {
throw new AMConsoleException(e);
}
}
try {
if (!response.isSuccessful()) {
}
} catch (IOException e) {
throw new AMConsoleException(e);
}
}
}
public RestSTSModelResponse createInstance(Map<String, Set<String>> configurationState, String realm) throws AMConsoleException {
try {
} catch (IOException e) {
throw new AMConsoleException(e);
}
}
public RestSTSModelResponse updateInstance(Map<String, Set<String>> configurationState, String realm, String instanceName) throws AMConsoleException {
try {
} catch (IOException e) {
throw new AMConsoleException(e);
}
}
public Map<String, Set<String>> getInstanceState(String realm, String instanceName) throws AMConsoleException {
try {
if (baseService != null) {
if (serviceConfig != null) {
return serviceConfig.getAttributes();
} else {
return Collections.EMPTY_MAP;
}
} else {
return Collections.EMPTY_MAP;
}
} catch (SMSException e) {
throw new AMConsoleException(e);
} catch (SSOException e) {
throw new AMConsoleException(e);
}
}
public RestSTSModelResponse validateConfigurationState(Map<String, Set<String>> configurationState) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.token.lifetime.message"));
}
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.deployment.url.message"));
} else {
String urlElement = configurationState.get(SharedSTSConstants.DEPLOYMENT_URL_ELEMENT).iterator().next();
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.deployment.url.content.message"));
}
}
}
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_SIGN_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.filename.message"));
}
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.password.message"));
}
}
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_SIGN_ASSERTION, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.signature.keyalias.message"));
}
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.signature.keypassword.message"));
}
}
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.encryption.keyalias.message"));
}
}
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
&& (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false))) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.saml2.encryptioncombinations.message"));
}
final Set<String> supportedTokenTransforms = configurationState.get(SharedSTSConstants.SUPPORTED_TOKEN_TRANSFORMS);
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.tokentransforms.message"));
}
/*
Need to check if selected transforms include both the validate_interim_session and !invalidate_interim_session
flavors. If the token transformation set includes two entries for a specific input token type, then this is the
case, and the configuration must be rejected.
*/
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.tokentransforms.duplicate.message"));
}
return RestSTSModelResponse.success();
}
/**
* The set of possible token transformation definition selections, as defined in the supported-token-transforms property
* in propertyRestSecurityTokenService.xml, is as follow:
* USERNAME|SAML2|true
* USERNAME|SAML2|false
* OPENIDCONNECT|SAML2|true
* OPENIDCONNECT|SAML2|false
* OPENAM|SAML2|true
* OPENAM|SAML2|false
* X509|SAML2|true
* X509|SAML2|false
* This method will return true if the supportedTokenTransforms method specified by the user contains more than a single
* entry for a given input token type.
* @param supportedTokenTransforms The set of supported token transformations specified by the user
* @return true if duplicate transformations are specified - i.e. the user cannot specify token transformations with
* USERNAME input which specify that interim OpenAM sessions should be, and should not be, invalidated.
*/
numOpenam++;
numOidc++;
numx509++;
numUsername++;
}
}
}
/*
Add the realm, as this information does not have to be solicited from the user. Also add the encryption strength
parameter, as this value is hard-coded based upon the encryption algorithm type, and necessary only if the
FMEncProvider is over-ridden. See comment in SAML2Config.SAML2ConfigBuilder#encryptionAlgorithmStrength for details.
*/
private void addProgrammaticConfigurationState(Map<String, Set<String>> configurationState, String realm) {
final String encryptionAlgorithmStrength =
getEncryptionStrengthFromEncryptionAlgorithm(CollectionHelper.getMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPTION_ALGORITHM));
}
return "128";
return "192";
return "256";
}
//safety case, should not be triggered because possible values specified in properties file
return "128";
}
field(SharedSTSConstants.STS_PUBLISH_INVOCATION_CONTEXT, SharedSTSConstants.STS_PUBLISH_INVOCATION_CONTEXT_VIEW_BEAN),
}
}
} else {
}
}
if (inputStream == null) {
return "Empty error stream";
} else {
}
}
}
}
return getRestSTSInstanceDeletionUrl(instanceId);
}
private String getRestSTSInstanceCreationUrl() {
return getRestSTSPublishEndpointUrl() + SharedSTSConstants.REST_PUBLISH_SERVICE_CREATE_ACTION_URL_ELEMENT;
}
private String getRestSTSPublishEndpointUrl() {
}
private String getAMDeploymentUrl() {
}
/*
Currently, JsonValue#toString will only create a json array for elements which are lists. If I want the
Map<String, Set<String>> returned by this.getValues() to marshal to json correctly using JsonValue#toString(), I
need to transform the Map<String, Set<String>> to a Map<String, List<String>>.
*/
}
return listMap;
}
}
}
private RestSTSModelResponse invokeRestSTSInstancePublish(String invocationPayload) throws IOException {
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
connection.setRequestProperty(SharedSTSConstants.CREST_VERSION_HEADER_KEY, REST_STS_PUBLISH_SERVICE_VERSION);
} else {
}
}
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
connection.setRequestProperty(SharedSTSConstants.CREST_VERSION_HEADER_KEY, REST_STS_PUBLISH_SERVICE_VERSION);
} else {
}
}
private RestSTSModelResponse invokeRestSTSInstanceUpdate(String invocationPayload, String instanceId) throws IOException {
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
connection.setRequestProperty(SharedSTSConstants.CREST_VERSION_HEADER_KEY, REST_STS_PUBLISH_SERVICE_VERSION);
} else {
}
}
private String getAdminSessionTokenCookie() {
return SystemPropertiesManager.get(Constants.AM_COOKIE_NAME) + EQUALS + getUserSSOToken().getTokenID().toString();
}
}