a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: COTUtils.java,v 1.5 2008/08/06 17:26:14 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class contains circle of trust utilities.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String RESOURCE_BUNDLE_NAME = "libCOT";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Debug debug = Debug.getInstance("libCOT");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static String WSFED_DELIM = COTConstants.DELIMITER + COTConstants.WS_FED;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static String SAML2_DELIM = COTConstants.DELIMITER + COTConstants.SAML2;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static String IDFF_DELIM = COTConstants.DELIMITER + COTConstants.IDFF;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the first value of set by given key searching in the given map.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * return null if <code>attrMap</code> is null or <code>key</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrMap Map of attributes name and their values
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the circle of trust service. The key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is the attribute name and the value is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param key the attribute name to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the first value of the attribute in the value set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getFirstEntry(Map attrMap, String key) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((valueSet != null) && !valueSet.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Adds a set of a given value to a map. Set will not be added if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>attrMap</code> is null or <code>value</code> is null or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>key</code> is null.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrMap Map of which set is to be added.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param key Key of the entry to be added.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param value Value to be added to the Set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void fillEntriesInSet(Map attrMap, String key, String value) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((key != null) && (value != null) && (attrMap != null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the federation protocol type is valid. The valid values
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * are IDFF or SAML2.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param protocolType the federation protocol type.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if value is idff or saml2.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean isValidProtocolType(String protocolType) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster && (protocolType.equalsIgnoreCase(COTConstants.IDFF)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster || protocolType.equalsIgnoreCase(COTConstants.SAML2)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster || protocolType.equalsIgnoreCase(COTConstants.WS_FED)));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_COT_TYPE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Converts set of COT trusted providers to map.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key of the map is the entity id name, value is a set of protocols the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entity supports.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerSet A set of trusted providers, each entry value could
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * contain both entity id and protocol in "|" separated format.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm the providers resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A map with entity id as key, protocols as value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static Map trustedProviderSetToEntityIDMap(Set providerSet, String realm) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((providerSet == null) || providerSet.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("COTUtils.setToEntityIDMap: check " + val);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map.put(val.substring(0, val.length() - SAML2_DELIM.length()),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map.put(val.substring(0, val.length() - IDFF_DELIM.length()),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster map.put(val.substring(0, val.length() - WSFED_DELIM.length()),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // find out protocol for this provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set protocolSet = findProtocolsForEntity(val, realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((protocolSet != null) && !protocolSet.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("COTUtils.setToEntityIDMap: return " + map);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Converts set of COT trusted providers to map.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key of the map is protocol name, value is a set of entity IDs which
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * speaks the protocol. Protocl name is one of COTConstants.WS_FED,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * COTConstants.SAML2 or COTConstants.IDFF.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerSet A set of trusted providers, each entry value could
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * contain both entity id and protocol in "|" separated format.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm the providers resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A map with protocol name as key, set of entity IDs as value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static Map trustedProviderSetToProtocolMap(Set providerSet, String realm) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((providerSet == null) || providerSet.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("COTUtils.setToPrototolMap: check " + val);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster val.substring(0, val.length() - SAML2_DELIM.length()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster val.substring(0, val.length() - IDFF_DELIM.length()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster val.substring(0, val.length() - WSFED_DELIM.length()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // find out protocol for this provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set protocolSet = findProtocolsForEntity(val, realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((protocolSet != null) && !protocolSet.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (proto.equals(COTConstants.WS_FED)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("COTUtils.setToProtocolMap: return " + map);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns set of protocol the entity supports.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity to be checked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm in which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Set of protocol the entity supports, values could be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>COTConstants.SAML2</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>COTConstants.IDFF</code> or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>COTConstants.WS_FED</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Set findProtocolsForEntity(String entityId, String realm) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CircleOfTrustManager manager = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set idffSet = manager.getAllEntities(realm, COTConstants.IDFF);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set saml2Set = manager.getAllEntities(realm, COTConstants.SAML2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((saml2Set != null) && saml2Set.contains(entityId)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // TODO : hanlde WS-FED
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("COTUtils.findProtocolsForEntity", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Converts trusted provider protocol/entity IDs map to Set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method returns a Set with value in per entity and per protocol
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * format ("|" separated).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A map with protocol name as key, set of entity IDs as value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A set of trusted providers with each entry value containing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * both entity id and protocol in "|" separated format.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static Set trustedProviderProtocolMapToSet(Map providerMap) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((providerMap == null) || providerMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("COTUtils.protocolMapToSet: return" + retSet);