RestSTSInstancePublisher.java revision c1bef59b02d89a84c23d29663cc4e6d46148ebd2
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2016 ForgeRock AS. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt.
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file at legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
*/
/**
* This class provides an example of how to programatically publish rest-sts instances. It does not provide an
* exhaustive enumeration of configuration options, but rather provides an indication of how to consume the various
* classes used to build the configuration state corresponding to a published rest-sts instance.
*/
public class RestSTSInstancePublisher {
private final String publishEndpoint;
private final String adminPassword;
private final BasicOpenAMAuthenticator basicOpenAMAuthenticator;
private final RestSTSInstanceConfigFactory restSTSInstanceConfigFactory;
private final UrlConstituentCatenator urlConstituentCatenator;
/**
*
* @param publishEndpoint The url of the publish service: e.g http://myhost.com:8080/openam/rest-sts-publish/publish
* @param adminPassword The amadmin passwordRequired
* as only admins can consume the rest-sts publish service.
*
*/
public RestSTSInstancePublisher(@Named(RestSTSFunctionalTestAPIModule.PUBLISH_ENDPOINT) String publishEndpoint,
this.publishEndpoint = publishEndpoint;
this.adminPassword = adminPassword;
}
/**
An example of the json posted as part of this method invocation:
{ "invocation_context": "invocation_context_client_sdk", "instance_state": { "oidc-id-token-config": { "oidc-issuer": "oidc_issuer", "oidc-public-key-reference-type": "NONE", "oidc-token-lifetime-seconds": "600", "oidc-authorized-party": null, "oidc-audience": [ "oidc_audience" ], "oidc-signature-algorithm": "HS256", "oidc-claim-map": { "email": "mail" }, "oidc-custom-claim-mapper-class": null, "oidc-custom-authn-context-mapper-class": null, "oidc-custom-authn-method-references-mapper-class": null, "oidc-keystore-location": null, "oidc-keystore-password": null, "oidc-client-secret": "bobo", "oidc-signature-key-alias": null, "oidc-signature-key-password": null }, "supported-token-transforms": [ { "inputTokenType": "X509", "outputTokenType": "OPENIDCONNECT", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "OPENIDCONNECT", "outputTokenType": "SAML2", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "OPENIDCONNECT", "outputTokenType": "OPENIDCONNECT", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "USERNAME", "outputTokenType": "OPENIDCONNECT", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "USERNAME", "outputTokenType": "SAML2", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "OPENAM", "outputTokenType": "SAML2", "invalidateInterimOpenAMSession": false }, { "inputTokenType": "X509", "outputTokenType": "SAML2", "invalidateInterimOpenAMSession": true }, { "inputTokenType": "OPENAM", "outputTokenType": "OPENIDCONNECT", "invalidateInterimOpenAMSession": false } ], "persist-issued-tokens-in-cts": "true", "saml2-config": { "issuer-name": "http://idp.com:8080/openam", "saml2-name-id-format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "saml2-token-lifetime-seconds": "600", "saml2-custom-conditions-provider-class-name": null, "saml2-custom-subject-provider-class-name": null, "saml2-custom-attribute-statements-provider-class-name": null, "saml2-custom-attribute-mapper-class-name": null, "saml2-custom-authn-context-mapper-class-name": null, "saml2-custom-authentication-statements-provider-class-name": null, "saml2-custom-authz-decision-statements-provider-class-name": null, "saml2-sign-assertion": "true", "saml2-encrypt-assertion": "false", "saml2-encrypt-attributes": "false", "saml2-encrypt-nameid": "false", "saml2-encryption-algorithm": "http://www.w3.org/2001/04/xmlenc#aes128-cbc", "saml2-encryption-algorithm-strength": "128", "saml2-attribute-map": { "email": "mail" }, "saml2-keystore-filename": "/Users/DirkHogan/openam/openam/keystore.jks", "saml2-keystore-password": "changeit", "saml2-sp-acs-url": "http://sp.com:8080/openam/acs", "saml2-sp-entity-id": "http://sp.com:8080/openam", "saml2-signature-key-alias": "test", "saml2-signature-key-password": "changeit", "saml2-encryption-key-alias": "test" }, "deployment-config": { "deployment-url-element": "rest_sts_instance1049252330", "deployment-realm": "/subrealm2021890344", "deployment-auth-target-mappings": { "X509": { "mapping-auth-index-type": "module", "mapping-auth-index-value": "cert_module", "mapping-context": { "x509_token_auth_target_header_key": "client_cert" } }, "OPENIDCONNECT": { "mapping-auth-index-type": "module", "mapping-auth-index-value": "oidc_module", "mapping-context": { "oidc_id_token_auth_target_header_key": "oidc_id_token" } }, "USERNAME": { "mapping-auth-index-type": "service", "mapping-auth-index-value": "ldapService" } }, "deployment-offloaded-two-way-tls-header-key": "also_client_cert", "deployment-tls-offload-engine-hosts": [ "10.0.0.6", "127.0.0.1" ] } } }
*/
public String publishInstance(final String urlElement, String realm, STSPublishContext publishContext,
restSTSInstanceConfigFactory.createRestSTSInstanceConfig(urlElement, realm, publishContext, customTokenOperationContext);
logger.log(Level.SEVERE, "Publishing instance according to the following config state: " + jsonString);
return parseInstanceUrl(response);
}
/*
The fullSTSId should be the string returned by publishInstance.
*/
return result;
}
public String updateInstance(final String fullSTSId, RestSTSInstanceConfig restSTSInstanceConfig) throws IOException {
return result;
}
} else {
}
}
return parsePublishResponse(response);
}
try {
} catch (JsonException e) {
throw e;
}
continue;
}
}
return instanceConfigs;
}
private String getPublishedRestSTSInstancesConfigContent(String publishEndpoint) throws IOException {
}
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
return getSuccessMessage(connection);
} else {
}
}
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
return getSuccessMessage(connection);
} else {
throw new IOException("Failed to perform DELETE on url: " + deletionUrl + ": " + getErrorMessage(connection));
}
}
private String invokeRestSTSInstanceUpdate(String updateUrl, String invocationPayload) throws IOException{
connection.setDoOutput(true);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
/*
Don't remove this version specification - it is necessary to avoid 'upsert' semantics on a PUT. See
for details.
*/
connection.setRequestProperty(SharedSTSConstants.CREST_VERSION_HEADER_KEY, REST_STS_PUBLISH_SERVICE_VERSION);
return getSuccessMessage(connection);
} else {
throw new IOException("Failed to perform PUT on url: " + updateUrl + ": " + getErrorMessage(connection) +
}
}
}
} else {
}
}
}
}
if (inputStream == null) {
return "Empty error stream";
} else {
}
}
try {
} catch (IOException e) {
throw new IOException("Could not map the response from the PublishService to a json object. The response: "
+ publishResponse + "; The exception: " + e);
}
}
}
}
}
field(AMSTSConstants.STS_PUBLISH_INVOCATION_CONTEXT, AMSTSConstants.STS_PUBLISH_INVOCATION_CONTEXT_CLIENT_SDK),
}
}