saml2/meta/SAML2COTUtils.java

a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SAML2COTUtils.java,v 1.8 2009/10/28 23:58:58 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml2.meta;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.xml.bind.JAXBException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Iterator;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Map;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Set;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.HashSet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.logging.Level;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.debug.Debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.logging.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.ArrayList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>SAML2COTUtils</code> provides utility methods to update
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the SAML2 Entity Configuration <code>cotlist</code> attributes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the Service and Identity Provider configurations.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SAML2COTUtils {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private static Debug debug = SAML2MetaUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private Object callerSession = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public SAML2COTUtils()  {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param callerToken session token of the caller.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public SAML2COTUtils(Object callerToken) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        callerSession = callerToken;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Updates the entity config to add the circle of turst name to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * <code>cotlist</code> attribute. The Service Provider and Identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Provider Configuration are updated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param realm the realm name where the entity configuration is.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param name the circle of trust name.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param entityId the name of the Entity identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @throws SAML2MetaException if there is a configuration error when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *         updating the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @throws JAXBException is there is an error updating the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void updateEntityConfig(String realm, String name, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    throws SAML2MetaException, JAXBException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String classMethod = "SAML2COTUtils.updateEntityConfig: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        SAML2MetaManager metaManager = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (callerSession == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager = new SAML2MetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager = new SAML2MetaManager(callerSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        ObjectFactory objFactory = new ObjectFactory();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        // Check whether the entity id existed in the DS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        EntityDescriptorElement edes = metaManager.getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (edes == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.error(classMethod +"No such entity: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] data = {realm, entityId};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            throw new SAML2MetaException("entityid_invalid", data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            isAffiliation = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod + "is " + entityId + " in realm "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + realm + " an affiliation? " + isAffiliation);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        EntityConfigElement eConfig = metaManager.getEntityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            BaseConfigType bctype = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            AttributeType atype = objFactory.createAttributeType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            atype.setName(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            atype.getValue().add(name);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // add to eConfig
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            EntityConfigElement ele =objFactory.createEntityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            ele.setEntityID(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            ele.setHosted(false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (isAffiliation) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // handle affiliation case
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                bctype = objFactory.createAffiliationConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                ele.setAffiliationConfig(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                List ll =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // Decide which role EntityDescriptorElement includes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    if (obj instanceof SPSSODescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype = objFactory.createSPSSOConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof IDPSSODescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype = objFactory.createIDPSSOConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof XACMLPDPDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype = objFactory.createXACMLPDPConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        XACMLAuthzDecisionQueryDescriptorElement)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        objFactory.createXACMLAuthzDecisionQueryConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof AttributeAuthorityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            objFactory.createAttributeAuthorityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof  AttributeQueryDescriptorElement){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype = objFactory.createAttributeQueryConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    } else if (obj instanceof AuthnAuthorityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype = objFactory.createAuthnAuthorityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        bctype.getAttribute().add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        ll.add(bctype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.setEntityConfig(realm,ele);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            boolean needToSave = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            List elist = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (isAffiliation) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                AffiliationConfigElement affiliationCfgElm =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    metaManager.getAffiliationConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                elist = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                elist.add(affiliationCfgElm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                elist = eConfig.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            for (Iterator iter = elist.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                boolean foundCOT = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                BaseConfigType bConfig = (BaseConfigType)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                List list = bConfig.getAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                for (Iterator iter2 = list.iterator(); iter2.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    AttributeType avp = (AttributeType)iter2.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    if (avp.getName().trim().equalsIgnoreCase(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            SAML2Constants.COT_LIST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        foundCOT = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        List avpl = avp.getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        if (avpl.isEmpty() ||!containsValue(avpl,name)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            avpl.add(name);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            needToSave = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            break;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // no cot_list in the original entity config
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (!foundCOT) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    AttributeType atype = objFactory.createAttributeType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    atype.setName(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    atype.getValue().add(name);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    list.add(atype);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    needToSave = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (needToSave) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.setEntityConfig(realm,eConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private boolean containsValue(List list, String name) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        for (Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (((String) iter.next()).trim().equalsIgnoreCase(name)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Removes the circle trust name passed from the <code>cotlist</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * attribute in the Entity Config. The Service Provider and Identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Provider Entity Configuration are updated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param name the circle of trust name to be removed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param entityId the entity identifier of the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @throws SAML2MetaException if there is an error updating the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     *          config.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @throws JAXBException if there is an error updating the entity config.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void removeFromEntityConfig(String realm,String name,String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    throws SAML2MetaException, JAXBException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String classMethod = "SAML2COTUtils.removeFromEntityConfig: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        SAML2MetaManager metaManager = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (callerSession == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager = new SAML2MetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager = new SAML2MetaManager(callerSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        // Check whether the entity id existed in the DS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        EntityDescriptorElement edes = metaManager.getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (edes == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.error(classMethod +"No such entity: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] data = {realm, entityId};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            throw new SAML2MetaException("entityid_invalid", data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        EntityConfigElement eConfig = metaManager.getEntityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            isAffiliation = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod + "is " + entityId + " in realm "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                + realm + " an affiliation? " + isAffiliation);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (eConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            List elist = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (isAffiliation) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                AffiliationConfigElement affiliationCfgElm =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    metaManager.getAffiliationConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                elist = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                elist.add(affiliationCfgElm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster               elist = eConfig.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            boolean needToSave = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            for (Iterator iter = elist.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                BaseConfigType bConfig = (BaseConfigType)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                List list = bConfig.getAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                for (Iterator iter2 = list.iterator(); iter2.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    AttributeType avp = (AttributeType)iter2.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    if (avp.getName().trim().equalsIgnoreCase(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            SAML2Constants.COT_LIST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        List avpl = avp.getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        if (avpl != null && !avpl.isEmpty() &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                containsValue(avpl,name)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            avpl.remove(name);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            needToSave = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            break;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (needToSave) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.setEntityConfig(realm, eConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}