FAMSTSConfiguration.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FAMSTSConfiguration.java,v 1.12 2009/11/16 21:52:59 mallas Exp $
*
*/
public class FAMSTSConfiguration implements
private static boolean encryptIssuedToken = false;
private static boolean encryptIssuedKey = true;
private static long issuedTokenTimeout;
private static String stsEndpoint;
private static String clientUserToken;
private static boolean isResponseSign = false;
private static boolean isResponseEncrypt = false;
private static boolean isRequestSign = false;
private static boolean isRequestEncrypt = false;
private static boolean isRequestHeaderEncrypt = false;
private static String privateKeyType;
private static String privateKeyAlias;
private static String publicKeyAlias;
private static String kerberosDomainServer;
private static String kerberosDomain;
private static String kerberosServicePrincipal;
private static String kerberosKeyTabFile;
private static boolean isVerifyKrbSignature = false;
private static boolean includeMemberships = false;
private static int encryptionStrength = 0;
private static boolean detectUserTokenReplay = true;
private static boolean detectMessageReplay = true;
private CallbackHandler callbackHandler;
static final String CLIENT_USER_TOKEN =
"com.sun.identity.wss.sts.clientusertoken";
static final String SAML_ATTRIBUTE_MAPPING =
"SAMLAttributeMapping";
static {
try {
setValues();
} catch (ConfigurationException ce) {
}
}
/**
* Default Constructor.
*/
public FAMSTSConfiguration() {
}
/**
* This method will be invoked when a component's
* configuration data has been changed. The parameters componentName,
* realm and configName denotes the component name,
* organization and configuration instance name that are changed
* respectively.
*
* @param e Configuration action event, like ADDED, DELETED, MODIFIED etc.
*/
public void configChanged(ConfigurationActionEvent e) {
if (debug.messageEnabled()) {
}
setValues();
}
/**
* This method reads values from service schema.
*/
static private void setValues() {
try {
} catch (ConfigurationException ce) {
return;
}
}
}
.booleanValue();
}
.booleanValue();
}
.longValue();
}
}
}
}
} else {
}
}
.booleanValue();
}
.booleanValue();
}
.booleanValue();
}
.booleanValue();
}
.booleanValue();
}
}
}
}
}
if(usercredentials == null) {
usercredentials = new ArrayList();
}
while(stVal.hasMoreTokens()) {
if(index == -1) {
return;
}
if(st.hasMoreTokens()) {
}
}
if(st1.hasMoreTokens()) {
}
}
}
}
}
}
}
}
}
.booleanValue();
}
}
}
.booleanValue();
}
}
}
}
}
}
.booleanValue();
}
.booleanValue();
}
if(signedElements == null) {
signedElements = new ArrayList();
} else {
}
}
}
final String spEndpoint){
}
}
public Set getTrustedIssuers() {
return trustedIssuers;
}
public Set getTrustedIPAddresses() {
return trustedIPAddresses;
}
}
return this.type;
}
}
return this.issuer;
}
public void setEncryptIssuedToken(boolean encryptIssuedToken){
this.encryptIssuedToken = encryptIssuedToken;
}
public boolean getEncryptIssuedToken(){
return this.encryptIssuedToken;
}
public void setEncryptIssuedKey(boolean encryptIssuedKey){
this.encryptIssuedKey = encryptIssuedKey;
}
public boolean getEncryptIssuedKey(){
return this.encryptIssuedKey;
}
public void setIssuedTokenTimeout(long issuedTokenTimeout){
this.issuedTokenTimeout = issuedTokenTimeout;
}
public long getIssuedTokenTimeout(){
return this.issuedTokenTimeout;
}
this.callbackHandler = callbackHandler;
}
public CallbackHandler getCallbackHandler(){
return new FAMCallbackHandler(this.certAlias);
}
this.clientUserToken = clientUserTokenClass;
}
public String getClientUserTokenClass(){
return this.clientUserToken;
}
/**
* Returns the list of security mechanims that the STS service is configured.
*
* @return list of security mechanisms.
*/
public List getSecurityMechanisms() {
return this.secMech;
}
/**
* Sets the list of security mechanisms.
*
* @param authMech the list of security mechanisms.
*/
}
/**
* Checks if the response needs to be signed or not.
*
* @return true if the response needs to be signed.
*/
public boolean isResponseSignEnabled() {
return this.isResponseSign;
}
/**
* Sets the response sign enable flag.
*
* @param enable enables the response signing.
*/
public void setResponseSignEnabled(boolean enable) {
this.isResponseSign = enable;
}
/**
* Checks if the response needs to be encrypted or not.
*
* @return true if the response needs to be encrypted.
*/
public boolean isResponseEncryptEnabled() {
return this.isResponseEncrypt;
}
/**
* Sets the response encrypt enable flag.
*
* @param enable enables the response encryption.
*/
public void setResponseEncryptEnabled(boolean enable) {
this.isResponseEncrypt = enable;
}
/**
* Checks if the request needs to be signed or not.
*
* @return true if the request needs to be signed.
*/
public boolean isRequestSignEnabled() {
return this.isRequestSign;
}
/**
* Sets the request sign enable flag.
*
* @param enable enables the request signing.
*/
public void setRequestSignEnabled(boolean enable) {
this.isRequestSign = enable;
}
/**
* Checks if the request needs to be encrypted or not.
*
* @return true if the request needs to be encrypted.
*/
public boolean isRequestEncryptEnabled() {
return this.isRequestEncrypt;
}
/**
* Sets the request encrypt enable flag.
*
* @param enable enables the request encryption.
*/
public void setRequestEncryptEnabled(boolean enable) {
this.isRequestEncrypt = enable;
}
/**
* Checks if the request header needs to be encrypted or not.
*
* @return true if the request header needs to be encrypted.
*/
public boolean isRequestHeaderEncryptEnabled() {
return this.isRequestHeaderEncrypt;
}
/**
* Sets the request header encrypt enable flag.
*
* @param enable enables the request header encryption.
*/
public void setRequestHeaderEncryptEnabled(boolean enable) {
this.isRequestHeaderEncrypt = enable;
}
/**
* Returns the key type for the security provider at STS service.
*
* @return the key type of the security provider at STS service.
*/
public String getPrivateKeyType() {
return privateKeyType;
}
/**
* Sets the key type for the security provider at STS service.
*
* @param keyType the key type for the security provider at STS service.
*/
this.privateKeyType = keyType;
}
/**
* Returns the key alias for the security provider at STS service.
*
* @return the key alias of the security provider at STS service.
*/
public String getPrivateKeyAlias() {
return privateKeyAlias;
}
/**
* Sets the key alias for the security provider at STS service.
*
* @param alias the key alias for the security provider at STS service.
*/
this.privateKeyAlias = alias;
}
/**
* Returns the Public key alias for this provider's partner.
*
* @return the Public key alias of the provider's partner.
*/
public String getPublicKeyAlias() {
return publicKeyAlias;
}
/**
* Sets the Public key alias for this provider's partner.
*
* @param alias the Public key alias for this provider's partner.
*/
this.publicKeyAlias = alias;
}
return this.otherOptions;
}
/**
* Returns STS Endpoint
* @return the STS endpoint
*/
public String getSTSEndpoint() {
return stsEndpoint;
}
/**
* Returns Kerberos Domain Controller Domain
* @return Kerberos Domain Controller Domain
*/
public String getKDCDomain() {
return kerberosDomain;
}
/**
* Sets Kerberos Domain Controller Domain
* @param domain Kerberos Domain Controller Domain
*/
this.kerberosDomain = domain;
}
/**
* Returns Kerberos Domain Controller Server.
* @return Kerberos Domain Controller Server.
*/
public String getKDCServer() {
return kerberosDomainServer;
}
/**
* Sets Kerberos Domain Controller Server
* @param kdcServer Kerberos Domain Controller Server
*/
this.kerberosDomainServer = kdcServer;
}
/**
* This method is used by the web services provider to get the key tab file.
* @return the keytab file.
*/
public String getKeyTabFile() {
return kerberosKeyTabFile;
}
/**
* Sets the keytab file
* @param file the fully qualified file path
*/
this.kerberosKeyTabFile = file;
}
/**
* Returns kerberos service principal
* @return the kerberos service principal
*/
public String getKerberosServicePrincipal() {
return kerberosServicePrincipal;
}
/**
* Sets kerberos service principal.
* @param principal the kerberos service principal.
*/
this.kerberosServicePrincipal = principal;
}
/**
* Returns true if kerberos signature needs to be validated.
* The signature validation is supported only with JDK6 onwards.
* @return true if the signature validation needs to be validated.
*/
public boolean isValidateKerberosSignature() {
return isVerifyKrbSignature;
}
/**
* Sets a boolean flag to enable or disable validate kerberos signature.
* @param validate boolean flag to enable or disable validate krb signature.
*/
public void setValidateKerberosSignature(boolean validate) {
this.isVerifyKrbSignature = validate;
}
/**
* Returns the SAML Attribute Mapping list. This method is used by the
* WSP configuration when enabled for SAML.
*/
public Set getSAMLAttributeMapping() {
return samlAttributes;
}
/**
* Sets the list of SAML attribute mappings. This method is used by the
* WSP configuration when enabled for SAML.
* @param attributeMap the list of SAML attribute mapping
*/
this.samlAttributes = attributeMap;
}
/**
* Checks if the memberships should be included in the SAML attribute
* mapping.
* @return true if the memberships are included.
*/
public boolean shouldIncludeMemberships() {
return includeMemberships;
}
/**
* Sets a flag to include memberships for SAML attribute mapping.
* @param include boolean flag to indicate if the memberships needs to
* be included.
*/
public void setIncludeMemberships(boolean include) {
this.includeMemberships = include;
}
/**
* Returns the NameID mapper class
* @return returns the nameid mapper class.
*/
public String getNameIDMapper() {
return nameIDMapper;
}
/**
* Sets the NameID Mapper class.
* @param nameIDMapper NameID Mapper class.
*/
this.nameIDMapper = nameIDMapper;
}
/**
* Returns SAML attribute namespace.
* @return returns SAML attribute namespace.
*/
public String getSAMLAttributeNamespace() {
return attributeNS;
}
/**
* Sets SAML attribute namespace.
* @param attributeNS SAML attribute namespace.
*/
this.attributeNS = attributeNS;
}
/**
* Sets the user credentials list.
* @param usercredentials list of <code>PasswordCredential</code>objects.
*/
this.usercredentials = usercredentials;
}
/**
* Returns the list of <code>PasswordCredential</code>s of the user.
*
* @return the list of <code>PasswordCredential</code> objects.
*/
return usercredentials;
}
/**
* Returns encryption algorithm
* @return the encryption algorithm
*/
public String getEncryptionAlgorithm() {
return encryptionAlgorithm;
}
/**
* Sets the encryption algorithm
* @param algorithm the encryption algorithm
*/
this.encryptionAlgorithm = algorithm;
}
/**
* Returns the encryption strength;
* @return the encryption strength;
*/
public int getEncryptionStrength() {
return encryptionStrength;
}
/**
* Sets the encryption data strength.
* @param encryptionStrength the encryption data strength.
*/
public void setEncryptionStrength(int encryptionStrength) {
this.encryptionStrength = encryptionStrength;
}
/**
* Returns signing reference type.
* @return the signing reference type.
*/
public String getSigningRefType() {
return signingRefType;
}
/**
* Set signing reference type.
* @param refType the signing reference type.
*/
this.signingRefType = refType;
}
/**
* Returns authentication chain used for authenticating sts clients.
* @return the authentication chain name.
*/
public String getAuthenticationChain() {
return authChain;
}
/**
* Sets the authentication chain name.
* @param authChain the authentication chain name.
*/
}
/**
* Returns true if the user name token replay is enabled.
* @return true if the user name token replay is enabled.
*/
public boolean isUserTokenDetectReplayEnabled() {
return detectUserTokenReplay;
}
/**
* Enable or disable the detection of user token replay
* @param enable true if the detection of user token replay is enabled.
*/
public void setDetectUserTokenReplay(boolean enable) {
this.detectUserTokenReplay = enable;
}
/**
* Returns true if the message replay detection is enabled.
* @return true if the message replay detection is enabled.
*/
public boolean isMessageReplayDetectionEnabled() {
return detectMessageReplay;
}
/**
* Enable or disable the message replay detection.
* @param enable true if the detection of the message replay is enabled.
*/
public void setMessageReplayDetection(boolean enable) {
this.detectMessageReplay = enable;
}
/**
* Returns the list of signed elements.
* @return the list of signed elements.
*/
public List getSignedElements() {
return signedElements;
}
/**
* Sets the signed elements
* @param signedElements the signed elements.
*/
this.signedElements = signedElements;
}
}