a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SAML2COTUtils.java,v 1.8 2009/10/28 23:58:58 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>SAML2COTUtils</code> provides utility methods to update
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the SAML2 Entity Configuration <code>cotlist</code> attributes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the Service and Identity Provider configurations.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Debug debug = SAML2MetaUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param callerToken session token of the caller.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Updates the entity config to add the circle of turst name to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>cotlist</code> attribute. The Service Provider and Identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Provider Configuration are updated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm name where the entity configuration is.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name the circle of trust name.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId the name of the Entity identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if there is a configuration error when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * updating the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws JAXBException is there is an error updating the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void updateEntityConfig(String realm, String name, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "SAML2COTUtils.updateEntityConfig: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager = new SAML2MetaManager(callerSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ObjectFactory objFactory = new ObjectFactory();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Check whether the entity id existed in the DS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement edes = metaManager.getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod +"No such entity: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entityid_invalid", data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod + "is " + entityId + " in realm "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + realm + " an affiliation? " + isAffiliation);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = metaManager.getEntityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeType atype = objFactory.createAttributeType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // add to eConfig
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement ele =objFactory.createEntityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // handle affiliation case
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createAffiliationConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Decide which role EntityDescriptorElement includes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createSPSSOConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof IDPSSODescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createIDPSSOConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof XACMLPDPDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createXACMLPDPConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objFactory.createXACMLAuthzDecisionQueryConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof AttributeAuthorityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objFactory.createAttributeAuthorityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof AttributeQueryDescriptorElement){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createAttributeQueryConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (obj instanceof AuthnAuthorityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bctype = objFactory.createAuthnAuthorityConfigElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean needToSave = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAffiliationConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = elist.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean foundCOT = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType bConfig = (BaseConfigType)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter2 = list.iterator(); iter2.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeType avp = (AttributeType)iter2.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (avpl.isEmpty() ||!containsValue(avpl,name)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // no cot_list in the original entity config
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeType atype = objFactory.createAttributeType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean containsValue(List list, String name) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (((String) iter.next()).trim().equalsIgnoreCase(name)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Removes the circle trust name passed from the <code>cotlist</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * attribute in the Entity Config. The Service Provider and Identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Provider Entity Configuration are updated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name the circle of trust name to be removed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId the entity identifier of the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if there is an error updating the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws JAXBException if there is an error updating the entity config.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void removeFromEntityConfig(String realm,String name,String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "SAML2COTUtils.removeFromEntityConfig: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager = new SAML2MetaManager(callerSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Check whether the entity id existed in the DS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement edes = metaManager.getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod +"No such entity: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entityid_invalid", data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = metaManager.getEntityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod + "is " + entityId + " in realm "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + realm + " an affiliation? " + isAffiliation);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAffiliationConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean needToSave = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = elist.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType bConfig = (BaseConfigType)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter2 = list.iterator(); iter2.hasNext();) {