bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington/*
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SPCache.java,v 1.5 2009/12/14 23:42:48 mallas Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyright 2015-2016 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.wsfederation.profile;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Collections;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Enumeration;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Hashtable;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.HashSet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Set;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Date;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.PeriodicCleanUpMap;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemTimerPool;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class provides the memory store for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * WS-Federation request and response information on Service Provider side.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SPCache {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static int interval = SAML2Constants.CACHE_CLEANUP_INTERVAL_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PeriodicCleanUpMap assertionByIDCache = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String intervalStr = SystemPropertiesManager.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.CACHE_CLEANUP_INTERVAL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (intervalStr != null && intervalStr.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster interval = Integer.parseInt(intervalStr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (interval < 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster interval =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.CACHE_CLEANUP_INTERVAL_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (NumberFormatException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (WSFederationUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.debug.message("SPCache.constructor: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "invalid cleanup interval. Using default.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertionByIDCache = new PeriodicCleanUpMap(interval * 1000,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster interval * 1000);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SystemTimerPool.getTimerPool().schedule(assertionByIDCache,
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts new Date(currentTimeMillis() + interval * 1000));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private SPCache() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves the request info.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : requestID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : AuthnRequestInfo object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable requestHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves the MNI request info.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : requestID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : ManageNameIDRequestInfo object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable mniRequestHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable to save the relayState URL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : a String the relayStateID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value: a String the RelayState Value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable relayStateHash= new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable stores information required for LogoutRequest consumption.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key : String NameIDInfoKey (NameIDInfoKey.toValueString())
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * value : List of SPFedSession's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (SPFedSession - idp sessionIndex (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * - sp token id (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * one key --- multiple SPFedSession's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable fedSessionListsByNameIDInfoKey = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SP: used to correlate LogoutRequest ID and inResponseTo in LogoutResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * element : request ID (String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Set logoutRequestIDs =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Collections.synchronizedSet(new HashSet());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves response info for local auth.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key: requestID String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value: ResponseInfo object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable responseHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves AuthnContext Mapper object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key: hostEntityID+realmName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value: SPAuthnContextMapper
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable authCtxObjHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves AuthnContext class name and the authLevel.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key: hostEntityID+realmName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value: Map containing AuthContext Class Name as Key and value
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is authLevel.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable authContextHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Hashtable saves the Request Parameters before redirecting
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to IDP Discovery Service to retreive the preferred IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key: requestID a String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : Request Parameters Map , a Map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable reqParamHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cache saves the sp account mapper.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Key : sp account mapper class name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Value : sp account mapper object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Hashtable spAccountMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Clears the auth context object hash table.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realmName Organization or Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void clear(String realmName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isDefault = isDefaultOrg(realmName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((authCtxObjHash != null) && (!authCtxObjHash.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Enumeration keys = authCtxObjHash.keys();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (keys.hasMoreElements()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String key = (String) keys.nextElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (key.indexOf("|"+realmName) != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authCtxObjHash.remove(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isDefault && key.endsWith("|/")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authCtxObjHash.remove(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((authContextHash != null) && (!authContextHash.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Enumeration keys = authContextHash.keys();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (keys.hasMoreElements()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String key = (String) keys.nextElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (key.indexOf("|"+realmName) != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authContextHash.remove(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isDefault && key.endsWith("|/")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authCtxObjHash.remove(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Clears the auth context object hash table.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void clear() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((authCtxObjHash != null) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!authCtxObjHash.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authCtxObjHash.clear();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((authContextHash != null) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!authContextHash.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authContextHash.clear();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>true</code> if the realm is root.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param orgName the organization name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if realm is root.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean isDefaultOrg(String orgName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (orgName !=null) || orgName.equals("/");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}