CircleOfTrustManager.java revision 9debc3e1f7d734b25e6ccf57802d2d2c02b97b2c
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: CircleOfTrustManager.java,v 1.13 2009/10/28 23:58:56 exu Exp $
*
* Portions Copyrighted 2016 ForgeRock AS.
*/
/**
* This class has methods to manage the circle of trust.
*/
public class CircleOfTrustManager {
private static final int SUBCONFIG_PRIORITY = 0;
private static ConfigurationInstance configInstStatic;
private ConfigurationInstance configInst;
static {
try {
} catch (ConfigurationException ce) {
"COTManager.static: Unable to get COT service config",ce);
}
if (configInstStatic != null) {
try {
} catch (ConfigurationException ce) {
"ConfigurationListener for COT service.",ce);
}
}
}
/**
* Constructor for <code>COTManager</code>.
*
* @throws COTException if unable to construct <code>COTManager</code>.
*/
public CircleOfTrustManager() throws COTException {
if (configInst == null) {
}
}
/**
* Constructor for <code>COTManager</code>.
*
* @param callerToken session token of the caller
* @throws COTException if unable to construct <code>COTManager</code>.
*/
try {
} catch (ConfigurationException ce) {
}
}
/**
* Creates a circle of trust.
*
* @param realm the realm under which the circle of trust will be created.
* @param cotDescriptor the circle of trust descriptor object to be created.
* @throws COTException if unable to create the circle of trust.
*/
throws COTException {
if (cotDescriptor == null) {
}
realm = "/";
}
}
}
// Filter out the entityid which does not exist in the system
// update the extended entity config
}
// create the cot node
try {
if (debug.messageEnabled()) {
}
} catch (ConfigurationException e) {
throw new COTException(e);
}
}
/**
* This method filters out invalid entities from the trusted provider list.
*/
}
return map;
}
/**
* Retains only valid entity ID for a specific protocol
*/
throws COTException {
// no valid entity exists for this protocol, clear the map
} else {
if (debug.messageEnabled()) {
+ " Following entity id: "
+ entityIds + " are valid and will be added to "
+ "the circle of trust");
}
}
}
}
}
}
/**
* Modifies the attributes of a circle of trust.
*
* @param realm the realm the circle of trust is in.
* @param cotDescriptor circle of trust descriptor that contains
* the new set of attributes
* @throws COTException if unable to modify the circle of trust.
*/
throws COTException {
if (cotDescriptor == null) {
}
realm = "/";
}
try {
} catch (ConfigurationException e) {
throw new COTException(e);
}
}
/**
* Returns a set of names of all circle of trusts.
*
* @param realm The realm under which the circle of trust resides.
* @return Set of names of all circle of trusts.
* @throws COTException if unable to read circle of trust.
*/
throws COTException {
}
try {
}
}
} catch (ConfigurationException e) {
throw new COTException(e);
}
return cotSet;
}
/**
* Checks if the federation protocol type is valid.
*
* @param protocolType the federation protocol to be checked.
* @retrun true if the protocol type if valid.
* @throws COTException if the circle of trust type is not valid.
*/
}
return true;
}
/**
* Returns a set of entity identities based on the circle of
* trust type IDFF or SAML2, or WS_FED
*
* @param realm the realm name.
* @param type the protocol type.
* @throws COTExcepton if the circle of trust type is invalid.
*/
} else {
}
}
return entityIds;
}
/**
* Returns a set of all IDFF entity identifiers under a realm.
*/
try {
} catch (IDFFMetaException idffe) {
throw new COTException(idffe);
}
}
/**
* Returns a set of all SAML2 identifiers
*/
try {
if (callerSession != null) {
} else {
saml2MetaMgr = new SAML2MetaManager();
}
} catch (SAML2MetaException sme) {
throw new COTException(sme);
}
}
/**
* Returns a set of all WSFED identifiers
*/
try {
if (callerSession != null) {
} else {
wsfedMetaMgr = new WSFederationMetaManager();
}
} catch (WSFederationMetaException sme) {
throw new COTException(sme);
}
}
/**
* Updates the trusted providers list in the entity configuration.
* The Circle of Trust type determines whether the entiry is an
* IDFF or SAML2 provider.
*
* @param realm the realm in which the entity configuration is in.
* @param cotName the name of the circle of trust.
* @param protocolType the federation protocol type , IDFF or SAML2.
* @param trustedProvider a set of trusted provider identifiers to
* be updated in the entity configuration.
* @throws COTException if there is an error updating the entity
* configuration.
*/
} else {
}
}
/**
* Updates the entity configuration.
* The Circle of Trust type determines whether the entiry is an
* IDFF or SAML2 provider.
*
* @param realm the realm in which the entity configuration is in.
* @param cotName the name of the circle of trust.
* @param protocolType the federation protocol type , IDFF or SAML2.
* @param entityID the entity identifier.
* @throws COTException if there is an error updating the entity
* configuration.
*/
try {
} catch (IDFFMetaException idffe) {
throw new COTException(idffe);
}
try {
} catch (SAML2MetaException idffe) {
throw new COTException(idffe);
}
try {
} catch (WSFederationMetaException e) {
throw new COTException(e);
}
} else {
}
}
/**
* Remove circle of trust from the entity configuration.
*
* @param realm the realm name.
* @param cotName the circle of trust name.
* @param protocolType the federation protocol type.
* @param entityID the entity identifier to be updated.
* @throws COTException if there is error updating entity configuration.
* @throws JAXBException if there is error retrieving entity configuration.
*/
void removeFromEntityConfig(
) throws COTException, JAXBException {
try {
} catch (IDFFMetaException idme) {
throw new COTException(idme);
}
try {
} catch (SAML2MetaException sme) {
throw new COTException(sme);
}
try {
} catch (WSFederationMetaException e) {
throw new COTException(e);
}
} else {
}
}
/**
* Updates the IDFF Entity Configuration.
*
* @param realm the realm name.
* @param cotName the circle of trust name.
* @param trustedProviders set of trusted provider names.
* @throws COTException if there is an error updating the configuration.
*/
try {
} catch (IDFFMetaException idfe) {
throw new COTException(idfe);
} catch (JAXBException jbe) {
data);
throw new COTException(jbe);
}
}
}
}
/**
* Updates the SAML2 Entity Configuration.
*
* @param realm the realm name.
* @param cotName the circle of trust name.
* @param trustedProviders set of trusted provider names.
* @throws COTException if there is an error updating the configuration.
*/
try {
entityId);
} catch (SAML2MetaException sme) {
throw new COTException(sme);
} catch (JAXBException e) {
data);
throw new COTException(e);
}
}
}
}
/**
* Updates the WSFederation Entity Configuration.
*
* @param realm the realm name.
* @param cotName the circle of trust name.
* @param trustedProviders set of trusted provider names.
* @throws COTException if there is an error updating the configuration.
*/
try {
entityId);
} catch (WSFederationMetaException sme) {
throw new COTException(sme);
} catch (JAXBException e) {
data);
throw new COTException(e);
}
}
}
}
/**
* Adds entity identifier to a circle of trust under the realm.
*
* @param realm The realm under which the circle of trust will be
* modified.
* @param cotName the name of the circle of trust.
* @param protocolType the federation protcol type the entity supports.
* @param entityId the entity identifier.
* @throws COTException if unable to add member to the
* circle of trust.
*/
throws COTException {
}
/**
* Adds entity identifier to a circle of trust under the realm.
*
* @param realm The realm under which the circle of trust will be
* modified.
* @param cotName the name of the circle of trust.
* @param protocolType the federation protcol type the entity supports.
* @param entityId the entity identifier.
* @param addToEntityConfig if true, add the cotname to the entity config.
* @throws COTException if unable to add member to the
* circle of trust.
*/
throws COTException {
realm = "/";
}
}
}
try {
// add the cot to the entity config descriptor
if (addToEntityConfig) {
}
"fail to add entityid to the circle of trust."
} else {
}
} catch (JAXBException jbe) {
realm};
data);
throw new COTException(jbe);
}
}
/**
* Removes entity from circle of trust under the realm.
*
* @param realm the realm to which the circle of trust belongs.
* @param cotName the circle of trust name.
* @param protocolType the federation protocol type.
* @param entityId the entity identifier.
* @throws COTException if there is an error removing entity from the
* circle of trust.
*/
throws COTException {
}
/**
* Removes entity from circle of trust under the realm.
*
* @param realm the realm to which the circle of trust belongs.
* @param cotName the circle of trust name.
* @param protocolType the federation protocol type.
* @param entityId the entity identifier.
* @param rmEntityConfig flag indicate needs to remove cot from
* entity config or not.
* @throws COTException if there is an error removing entity from the
* circle of trust.
*/
throws COTException {
}
}
}
try {
// Remove the cot from the cotlist attribute in
// the entity config.
if (rmEntityConfig) {
}
// Remove entity id from the cot
} else {
}
"fail to remove entityid from the circle of trust." +
realm);
} else {
}
} catch (ConfigurationException e) {
throw new COTException(e);
} catch (JAXBException jaxbe) {
throw new COTException(jaxbe);
}
}
/**
* Lists trusted providers in a circle of trust under the realm.
*
* @param realm The realm under which the circle of trust will be
* modified.
* @param cotName the name of the circle of trust
* @param protocolType the federation protocol for the entities.
* @return Set of trusted providers or null if no member in the
* circle of trust
* @throws COTException if unable to list member in the
* circle of trust.
*/
}
realm = "/";
}
try {
return null;
} else {
}
} catch (ConfigurationException e) {
throw new COTException(e);
}
return trustedProviders;
}
/**
* Deletes the circle of trust under the realm.
*
* @param realm The realm under which the circle of trust resides.
* @param cotName Name of the circle of trust.
* @throws COTException if unable to delete the circle of trust.
*/
throws COTException {
realm = "/";
}
try {
}
trustProviders.isEmpty()) {
} else {
" is not allowed since it contains members.");
}
} catch (ConfigurationException e) {
throw new COTException(e);
}
}
/**
* Returns the circle of trust under the realm.
*
* @param realm The realm under which the circle of trust resides.
* @param name Name of the circle of trust.
* @return <code>SAML2CircleOfTrustDescriptor</code> containing the
* attributes of the given CircleOfTrust.
* @throws COTException if unable to retrieve the circle of trust.
*/
throws COTException {
realm = "/";
}
} else {
try {
} else {
}
data);
} catch (ConfigurationException e) {
throw new COTException(e);
}
}
return cotDesc;
}
/**
* Returns a set of names of all active circle of trusts.
*
* @param realm The realm under which the circle of trust resides.
* @return Set of names of all active circle of trusts.
* @throws COTException if the names of
* circle of trusts cannot be read.
*/
throws COTException {
try {
COTConstants.ACTIVE)) {
}
}
}
} catch (ConfigurationException se) {
throw new COTException(se);
}
return activeAuthDomains;
}
/**
* Determines if entity is in the circle of trust under the realm.
*
* @param realm The realm under which the circle of trust resides.
* @param name Name of the Circle of Trust.
* @param protocolType the federation protocol type of the entity.
* @param entityId the entity identifier.
* @return true if the entity is in the specified circle of trust
*/
try {
data);
}
return false;
}
/**
* Validates the circle of trust name.
*
* @param realm the realm the circle of trust is in.
* @param name the circle of trust name.
* @return true if circle of trust name is valid.
* @throws <code>COTException</code> if the circle of trust name is invalid.
*/
}
return true;
}
/**
* Checks if circle of trust status is active.
*/
}
/**
* Returns a map of circle of trust name and the value
* of the <code>sun-fm-trusted-providers</code> attribute
* The key in the map is the circle of trust name and
* value is a set of providers retreived from the attribute.
*
* @return a map where the key is the cirle of trust name
* and value is Set of providers retrieved from
* the <code>sun-fm-trusted-providers</code> attribute.
* @throws COTException if there is an error retrieving the
* trusted providers.
* TODO : cache this
*/
}
try {
if (isActiveCOT(cotStatus)) {
trustedProviders, "/");
}
}
}
}
} catch (ConfigurationException se) {
throw new COTException(se);
}
return cotMap;
}
}