STSPublishContext.java revision c1bef59b02d89a84c23d29663cc4e6d46148ebd2
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2016 ForgeRock AS. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at legal/CDDLv1.0.txt.
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file at legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
*/
/**
* State to guide the publication of sts instances.
*/
public class STSPublishContext {
public static class STSPublishContextBuilder {
boolean persistIssuedTokensInCTS;
String amKeystorePath; //signed or encrypted SAML2/OIDC tokens need path to OpenAM keystore with test private-key-entry
/*
this value specifies the header name that these offload engines will place the client's
certificate, and where the STS instance expects to find this certificate.
*/
private STSPublishContextBuilder() {
oidcAudiences = new ArrayList<>();
}
this.generatedTokenType = generatedTokenType;
return this;
}
public STSPublishContextBuilder oidcSigningAlgorithmType(OIDCSigningAlgorithmType oidcSigningAlgorithmType) {
return this;
}
return this;
}
return this;
}
this.oidcIssuer = oidcIssuer;
return this;
}
this.oidcClientSecret = oidcClientSecret;
return this;
}
this.idpEntityId = idpEntityId;
return this;
}
this.spEntityId = spEntityId;
return this;
}
return this;
}
this.amKeystorePath = amKeystorePath;
return this;
}
return this;
}
public STSPublishContext build() {
return new STSPublishContext(this) ;
}
}
public enum GeneratedTokenType {
public boolean generateSAML2() {
}
public boolean generateOIDC() {
}
}
private final GeneratedTokenType generatedTokenType;
private final OIDCSigningAlgorithmType oidcSigningAlgorithmType;
private final boolean persistIssuedTokensInCTS;
private final String oidcIssuer;
private final String oidcClientSecret;
private final String idpEntityId;
private final String spEntityId;
private final String amKeystorePath;
private final String clientCertHeaderName;
}
public static STSPublishContextBuilder builder() {
return new STSPublishContextBuilder();
}
public GeneratedTokenType getGeneratedTokenType() {
return generatedTokenType;
}
return oidcSigningAlgorithmType;
}
public boolean persistIssuedTokensInCTS() {
return persistIssuedTokensInCTS;
}
return oidcAudiences;
}
public String getOidcIssuer() {
return oidcIssuer;
}
public String getOidcClientSecret() {
return oidcClientSecret;
}
public String getIdpEntityId() {
return idpEntityId;
}
public String getSpEntityId() {
return spEntityId;
}
public String getSpAcsUrl() {
return spAcsUrl;
}
public String getAmKeystorePath() {
return amKeystorePath;
}
public String getClientCertHeaderName() {
return clientCertHeaderName;
}
}
}
public static STSPublishContext buildDefaultPublishContext(String openAMKeystorePath, STSPublishContext.GeneratedTokenType generatedTokenType,
.persistIssuedTokensInCTS(true)
//under what header will the sts expect to find the client cert.
if (generatedTokenType.generateOIDC()) {
}
// no else - if we are signing with RSA, then we just set state corresponding to the default OpenAM client cert.
}
if (generatedTokenType.generateSAML2()) {
}
}
}