org.gluu.oxtrust.api.saml.TrustRelationshipWebService 連携図

公開メンバ関数
	TrustRelationshipWebService ()

String	read (@PathParam("inum") @NotNull String inum, @Context HttpServletResponse response)

String	create (GluuSAMLTrustRelationship trustRelationship, @Context HttpServletResponse response)

void	update (@PathParam("inum") @NotNull String inum, GluuSAMLTrustRelationship trustRelationship, @Context HttpServletResponse response)

void	delete (@PathParam("inum") @NotNull String inum, @Context HttpServletResponse response)

String	list (@Context HttpServletResponse response)

String	listAllFederations (@Context HttpServletResponse response)

String	listAllActiveTrustRelationships (@Context HttpServletResponse response)

String	listAllOtherFederations (@PathParam("inum") String inum, @Context HttpServletResponse response)

String	listAllSAMLTrustRelationships (@QueryParam("size_limit") int sizeLimit, @Context HttpServletResponse response)

String	listDeconstructedTrustRelationships (@PathParam("inum") String inum, @Context HttpServletResponse response)

String	searchTrustRelationships (@QueryParam("pattern") @NotNull String pattern, @QueryParam("size_limit") int sizeLimit, @Context HttpServletResponse response)

void	setMetadata (@PathParam("inum") String trustRelationshipInum, @NotNull String metadata, @Context HttpServletResponse response)

void	setMetadataURL (@PathParam("inum") String trustRelationshipInum, @NotNull String url, @Context HttpServletResponse response)

void	addAttribute (@PathParam("inum") String trustRelationshipInum, @NotNull String attribute, @Context HttpServletResponse response)

String	generateInumForNewTrustRelationship (@Context HttpServletResponse response)

String	getContacts (@PathParam("inum") String trustRelationshipInum, @Context HttpServletResponse response)

void	setContacts (@PathParam("inum") String trustRelationshipInum, String contacts, @Context HttpServletResponse response)

void	setCertificate (@PathParam("inum") String trustRelationshipInum, String certificate, @Context HttpServletResponse response)

void	removeAttribute (GluuAttribute attribute, @Context HttpServletResponse response)

void	generateConfigurationFiles (@Context HttpServletResponse response)

boolean	saveSpMetaDataFileSourceTypeURI (GluuSAMLTrustRelationship trustRelationship) throws IOException

String	generateCertForGeneratedSP (GluuSAMLTrustRelationship trustRelationship) throws IOException

変数
ObjectMapper	objectMapper

非公開メンバ関数
String	saveTR (GluuSAMLTrustRelationship trustRelationship, String metadata, String certificate)

void	saveTR (GluuSAMLTrustRelationship trustRelationship, boolean isUpdate)

void	setEntityId (GluuSAMLTrustRelationship trustRelationship)

boolean	saveSpMetaDataFileSourceTypeFile (GluuSAMLTrustRelationship trustRelationship, String inum, String metadata) throws IOException

boolean	generateSpMetaDataFile (GluuSAMLTrustRelationship trustRelationship, String certificate)

void	updateTRCertificate (GluuSAMLTrustRelationship trustRelationship, String certificate) throws IOException

静的非公開メンバ関数
static List< SAMLTrustRelationshipShort >	convertTRtoTRShort (List< GluuSAMLTrustRelationship > trustRelationships)

非公開変数類
Logger	logger

TrustService	trustService

Identity	identity

ClientService	clientService

AppConfiguration	appConfiguration

SvnSyncTimer	svnSyncTimer

MetadataValidationTimer	metadataValidationTimer

TrustContactsAction	trustContactsAction

Shibboleth3ConfService	shibboleth3ConfService

詳解

WS endpoint for TrustRelationship actions.

著者: Dmitry Ognyannikov

構築子と解体子

◆ TrustRelationshipWebService()

org.gluu.oxtrust.api.saml.TrustRelationshipWebService.TrustRelationshipWebService ( )

inline

                                          {
         // configure Jackson ObjectMapper
         objectMapper = new ObjectMapper();
         objectMapper.configure(SerializationFeature.INDENT_OUTPUT, true);
     }

関数詳解

◆ addAttribute()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.addAttribute	(	@PathParam("inum") String	trustRelationshipInum,
		@NotNull String	attribute,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                                 {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             List<String> attributes = trustRelationship.getReleasedAttributes();
             for (String lAttr : attributes) {
                 if (attribute.equals(lAttr)) 
                     return; // Nothing to add
             }
             
             attributes.add(attribute);
             trustService.updateReleasedAttributes(trustRelationship);
         } catch (Exception e) {
             logger.error("addAttribute() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ convertTRtoTRShort()

static List<SAMLTrustRelationshipShort> org.gluu.oxtrust.api.saml.TrustRelationshipWebService.convertTRtoTRShort ( List< GluuSAMLTrustRelationship > trustRelationships )

inlinestaticprivate

                                                                                                                             {
         ArrayList<SAMLTrustRelationshipShort> trustRelationshipsShort = new ArrayList<SAMLTrustRelationshipShort>();
         trustRelationshipsShort.ensureCapacity(trustRelationships.size());
         
         for (GluuSAMLTrustRelationship tr : trustRelationships) {
             trustRelationshipsShort.add(new SAMLTrustRelationshipShort(tr));
         }
         return trustRelationshipsShort;
     }

◆ create()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.create	(	GluuSAMLTrustRelationship	trustRelationship,
		@Context HttpServletResponse	response
	)

inline

                                                                                                              {
         logger.trace("Create Trust Relationship");
         try {
             String inum = trustService.generateInumForNewTrustRelationship();
             trustRelationship.setInum(inum);
             String dn = trustService.getDnForTrustRelationShip(inum);
             // Save trustRelationship
             trustRelationship.setDn(dn);
             saveTR(trustRelationship, false);
             return inum;
         } catch (Exception e) {
             logger.error("create() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return null;
         }
     }

◆ delete()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.delete	(	@PathParam("inum") @NotNull String	inum,
		@Context HttpServletResponse	response
	)

inline

                                                                                                        {
         logger.trace("Delete Trust Relationship");
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(inum);
             trustService.removeTrustRelationship(trustRelationship);
         } catch (Exception e) {
             logger.error("delete() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ generateCertForGeneratedSP()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.generateCertForGeneratedSP ( GluuSAMLTrustRelationship trustRelationship ) throws IOException

inline

戻り値: certificate for generated SP

例外

IOException
CertificateEncodingException

                                                                                                              {
         X509Certificate cert = null;
 
         //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
         if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
             Security.addProvider(new BouncyCastleProvider());
         }
 
         try {
             KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", "BC"); 
             keyPairGen.initialize(2048); 
             KeyPair pair = keyPairGen.generateKeyPair(); 
             StringWriter keyWriter = new StringWriter(); 
             PEMWriter pemFormatWriter = new PEMWriter(keyWriter); 
             pemFormatWriter.writeObject(pair.getPrivate()); 
             pemFormatWriter.close(); 
 
             String url = trustRelationship.getUrl().replaceFirst(".*//", "");
 
             X509v3CertificateBuilder v3CertGen = new JcaX509v3CertificateBuilder(new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"),
                 BigInteger.valueOf(new SecureRandom().nextInt()),
                 new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30),
                 new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)),
                 new X500Name("CN=" + url + ", OU=None, O=None L=None, C=None"),
                 pair.getPublic());
 
             cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(v3CertGen.build(new JcaContentSignerBuilder("MD5withRSA").setProvider("BC").build(pair.getPrivate())));
             org.apache.commons.codec.binary.Base64 encoder = new org.apache.commons.codec.binary.Base64(64);
             byte[] derCert = cert.getEncoded();
             String pemCertPre = new String(encoder.encode(derCert));
             logger.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_START_LINE);
             logger.debug(pemCertPre);
             logger.debug(Shibboleth3ConfService.PUBLIC_CERTIFICATE_END_LINE);
 
             shibboleth3ConfService.saveCert(trustRelationship, pemCertPre);
             shibboleth3ConfService.saveKey(trustRelationship, keyWriter.toString());
 
         } catch (Exception e) {
             e.printStackTrace();
             logger.error("Failed to generate certificate", e);
         }
 
 //                      String certName = appConfiguration.getCertDir() + File.separator + StringHelper.removePunctuation(appConfiguration.getOrgInum())
 //                                      + "-shib.crt";
 //                      File certFile = new File(certName);
 //                      if (certFile.exists()) {
 //                              cert = SSLService.instance().getPEMCertificate(certName);
 //                      }
             
 
         String certificate = null;
 
         if (cert != null) {
 
             try {
                 certificate = new String(Base64.encode(cert.getEncoded()));
 
                 logger.info("##### certificate = " + certificate);
 
             } catch (CertificateEncodingException e) {
                 certificate = null;
                 //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to encode provided certificate. Please notify Gluu support about this.");
                 logger.error("Failed to encode certificate to DER", e);
             }
 
         } else {
             //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Certificate were not provided, or was incorrect. Appliance will create a self-signed certificate.");
         }
 
         return certificate;
     }

◆ generateConfigurationFiles()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.generateConfigurationFiles ( @Context HttpServletResponse response )

inline

                                                                                   {
         try {
             List<GluuSAMLTrustRelationship> trustRelationships = trustService.getAllActiveTrustRelationships();
             if (!shibboleth3ConfService.generateConfigurationFiles(trustRelationships)) {
                 logger.error("Failed to update Shibboleth v3 configuration by web API request");
                 try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             } else {
                 logger.info("Shibboleth v3 configuration updated successfully by web API request");
             }
         } catch (Exception e) {
             logger.error("Failed to generateConfigurationFiles", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         } 
     }

◆ generateInumForNewTrustRelationship()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.generateInumForNewTrustRelationship ( @Context HttpServletResponse response )

inline

                                                                                              {
         try {
             return trustService.generateInumForNewTrustRelationship();
         } catch (Exception e) {
             logger.error("generateInumForNewTrustRelationship() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ generateSpMetaDataFile()

boolean org.gluu.oxtrust.api.saml.TrustRelationshipWebService.generateSpMetaDataFile	(	GluuSAMLTrustRelationship	trustRelationship,
		String	certificate
	)

inlineprivate

                                                                                                             {
         String spMetadataFileName = trustRelationship.getSpMetaDataFN();
 
         if (StringHelper.isEmpty(spMetadataFileName)) {
             // Generate new file name
             spMetadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationship);
             trustRelationship.setSpMetaDataFN(spMetadataFileName);
         }
 
         return shibboleth3ConfService.generateSpMetadataFile(trustRelationship, certificate);
     }

◆ getContacts()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.getContacts	(	@PathParam("inum") String	trustRelationshipInum,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                       {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             List<TrustContact> list = trustService.getContacts(trustRelationship);
             //convert to JSON
             return objectMapper.writeValueAsString(list);
         } catch (Exception e) {
             logger.error("getContacts() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ list()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.list ( @Context HttpServletResponse response )

inline

                                                               {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getAllTrustRelationships());
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("list() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return null;
         } 
     }

◆ listAllActiveTrustRelationships()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.listAllActiveTrustRelationships ( @Context HttpServletResponse response )

inline

                                                                                          {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getAllActiveTrustRelationships());
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("listAllActiveTrustRelationships() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ listAllFederations()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.listAllFederations ( @Context HttpServletResponse response )

inline

                                                                             {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getAllFederations());
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("listAllFederations() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ listAllOtherFederations()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.listAllOtherFederations	(	@PathParam("inum") String	inum,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                  {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getAllOtherFederations(inum));
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("listAllOtherFederations() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ listAllSAMLTrustRelationships()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.listAllSAMLTrustRelationships	(	@QueryParam("size_limit") int	sizeLimit,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                 {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getAllSAMLTrustRelationships(sizeLimit));
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("listAllSAMLTrustRelationships() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ listDeconstructedTrustRelationships()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.listDeconstructedTrustRelationships	(	@PathParam("inum") String	inum,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                              {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(inum);
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.getDeconstructedTrustRelationships(trustRelationship));
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("listAllActiveTrustRelationships() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ read()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.read	(	@PathParam("inum") @NotNull String	inum,
		@Context HttpServletResponse	response
	)

inline

                                                                                                        {
         logger.trace("Read Trust Relationship");
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(inum);
             // convert to JSON
             return objectMapper.writeValueAsString(trustRelationship);
         } catch (Exception e) {
             logger.error("read() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return null;
         }
     }

◆ removeAttribute()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.removeAttribute	(	GluuAttribute	attribute,
		@Context HttpServletResponse	response
	)

inline

                                                                                                 {
         try {
             trustService.removeAttribute(attribute);
         } catch (Exception e) {
             logger.error("Failed to remove attribute", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }        
     }

◆ saveSpMetaDataFileSourceTypeFile()

boolean org.gluu.oxtrust.api.saml.TrustRelationshipWebService.saveSpMetaDataFileSourceTypeFile	(	GluuSAMLTrustRelationship	trustRelationship,
		String	inum,
		String	metadata
	)		throws IOException

inlineprivate

                                                                                                                                                     {
         logger.trace("Saving metadata file source type: File");
         String spMetadataFileName = trustRelationship.getSpMetaDataFN();
         boolean emptySpMetadataFileName = StringHelper.isEmpty(spMetadataFileName);
 
         if (StringHelper.isEmpty(metadata)) {
             if (emptySpMetadataFileName) {
                 return false;
             }
 
             // Admin doesn't provide new file. Check if we already has this file
             String filePath = shibboleth3ConfService.getSpMetadataFilePath(spMetadataFileName);
             if (filePath == null) {
                 return false;
             }
 
             File file = new File(filePath);
             if (!file.exists()) {
                 return false;
             }
 
             // File already exist
             return true;
         }
 
         if (emptySpMetadataFileName) {
             // Generate new file name
             spMetadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationship);
             trustRelationship.setSpMetaDataFN(spMetadataFileName);
             if (trustRelationship.getDn() == null) {
                 String dn = trustService.getDnForTrustRelationShip(inum);
                 trustRelationship.setDn(dn);
                 trustService.addTrustRelationship(trustRelationship);
             } else {
                 trustService.updateTrustRelationship(trustRelationship);
             }
         }
         String result = shibboleth3ConfService.saveSpMetadataFile(spMetadataFileName, new CharSequenceInputStream(metadata, StandardCharsets.UTF_8));
         if (StringHelper.isNotEmpty(result)) {
             metadataValidationTimer.queue(result);
         } else {
             //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to save SP meta-data file. Please check if you provide correct file");
         }
 
         return StringHelper.isNotEmpty(result);
 
     }

◆ saveSpMetaDataFileSourceTypeURI()

boolean org.gluu.oxtrust.api.saml.TrustRelationshipWebService.saveSpMetaDataFileSourceTypeURI ( GluuSAMLTrustRelationship trustRelationship ) throws IOException

inline

                                                                                                                     {
         String spMetadataFileName = trustRelationship.getSpMetaDataFN();
         boolean emptySpMetadataFileName = StringHelper.isEmpty(spMetadataFileName);
 
         if (emptySpMetadataFileName) {
                 // Generate new file name
                 spMetadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationship);
         }
 
         String result = shibboleth3ConfService.saveSpMetadataFile(trustRelationship.getSpMetaDataURL(), spMetadataFileName);
         if (StringHelper.isNotEmpty(result)) {
                 metadataValidationTimer.queue(result);
         } else {
                 logger.error("Failed to download metadata");
         }
 
         return StringHelper.isNotEmpty(result);
     }

◆ saveTR() [1/2]

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.saveTR	(	GluuSAMLTrustRelationship	trustRelationship,
		String	metadata,
		String	certificate
	)

inlineprivate

Save SAML TrustRelationship.

引数

trustRelationship
metadata	- need for FILE type TR only
certificate	- need for FILE type TR, optional for GENERATE type TR

戻り値

                                                                                                             {
         String inum;
         boolean update = false;
         synchronized (svnSyncTimer) {
             if (StringHelper.isEmpty(trustRelationship.getInum())) {
                 inum = trustService.generateInumForNewTrustRelationship();
                 trustRelationship.setInum(inum);
             } else {
                 inum = trustRelationship.getInum();
                 if(trustRelationship.getSpMetaDataFN() == null )
                 update=true;
             }
 
             boolean updateShib3Configuration = appConfiguration.isConfigGeneration();
             switch (trustRelationship.getSpMetaDataSourceType()) {
             case GENERATE:
                 try {
                     if (StringHelper.isEmpty(certificate))
                         certificate = generateCertForGeneratedSP(trustRelationship);
                     GluuStatus status = StringHelper.isNotEmpty(certificate) ? GluuStatus.ACTIVE : GluuStatus.INACTIVE;
                     trustRelationship.setStatus(status);
                     if (generateSpMetaDataFile(trustRelationship, certificate)) {
                         setEntityId(trustRelationship);
                     } else {
                         logger.error("Failed to generate SP meta-data file");
                         return OxTrustConstants.RESULT_FAILURE;
                     }
                 } catch (IOException ex) {
                     logger.error("Failed to download SP certificate", ex);
 
                     return OxTrustConstants.RESULT_FAILURE;
                 }
 
                 break;
             case FILE:
                 try {
                     if (saveSpMetaDataFileSourceTypeFile(trustRelationship, inum, metadata)) {
                         //update = true;
                         updateTRCertificate(trustRelationship, certificate);
 //                                      setEntityId();
                         if(!update){
                             trustRelationship.setStatus(GluuStatus.ACTIVE);
                         }
                     } else {
                         logger.error("Failed to save SP metadata file {}", metadata);
                         return OxTrustConstants.RESULT_FAILURE;
                     }
                 } catch (IOException ex) {
                     logger.error("Failed to download SP metadata", ex);
                     //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to download SP metadata");
 
                     return OxTrustConstants.RESULT_FAILURE;
                 }
 
                 break;
             case URI:
                 try {
                     //if (saveSpMetaDataFileSourceTypeURI()) {
 //                                              setEntityId();
                     boolean result = shibboleth3ConfService.existsResourceUri(trustRelationship.getSpMetaDataURL());
                     if(result){
                         saveSpMetaDataFileSourceTypeURI(trustRelationship);
                     }else{
                         logger.info("There is no resource found Uri : {}", trustRelationship.getSpMetaDataURL());
                     }
                     if(!update){
                         trustRelationship.setStatus(GluuStatus.ACTIVE);
                     }
                     /*} else {
                             log.error("Failed to save SP meta-data file {}", fileWrapper);
                             return OxTrustConstants.RESULT_FAILURE;
                     }*/
                 } catch (Exception e) {
                     //facesMessages.add(FacesMessage.SEVERITY_ERROR, "Unable to download metadata");
                     return "unable_download_metadata";
                 }
                 break;
             case FEDERATION:
                 if(!update){
                     trustRelationship.setStatus(GluuStatus.ACTIVE);
                 }
                 if (trustRelationship.getEntityId() == null) {
                     //facesMessages.add(FacesMessage.SEVERITY_ERROR, "EntityID must be set to a value");
                     return "invalid_entity_id";
                 }
 
                 break;
             default:
 
                 break;
             }
 
             trustService.updateReleasedAttributes(trustRelationship);
 
             // We call it from TR validation timer
             if (trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.GENERATE)
                             || (trustRelationship.getSpMetaDataSourceType().equals(GluuMetadataSourceType.FEDERATION))) {
                 boolean federation = shibboleth3ConfService.isFederation(trustRelationship);
                 trustRelationship.setFederation(federation);
             }
 
             trustContactsAction.saveContacts();
 
             if (update) {
                 try {
                     saveTR(trustRelationship, update);
                 } catch (BasePersistenceException ex) {
                     logger.error("Failed to update trust relationship {}", inum, ex);
                     return OxTrustConstants.RESULT_FAILURE;
                 }
             } else {
                 String dn = trustService.getDnForTrustRelationShip(inum);
                 // Save trustRelationship
                 trustRelationship.setDn(dn);
                 try {
                         saveTR(trustRelationship, update);
                 } catch (BasePersistenceException ex) {
                         logger.error("Failed to add new trust relationship {}", trustRelationship.getInum(), ex);
                         return OxTrustConstants.RESULT_FAILURE;
                 }
 
                 update = true;
             }
 
             if (updateShib3Configuration) {
                 List<GluuSAMLTrustRelationship> trustRelationships = trustService.getAllActiveTrustRelationships();
                 if (!shibboleth3ConfService.generateConfigurationFiles(trustRelationships)) {
                     logger.error("Failed to update Shibboleth v3 configuration");
                     return "Failed to update Shibboleth v3 configuration";
                 } else {
                     logger.info("Shibboleth v3 configuration updated successfully");
                     return "Shibboleth v3 configuration updated successfully";
                 }
             }
         }
         return OxTrustConstants.RESULT_SUCCESS;
     }

◆ saveTR() [2/2]

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.saveTR	(	GluuSAMLTrustRelationship	trustRelationship,
		boolean	isUpdate
	)

inlineprivate

                                                                                        {
         logger.trace("Saving Trust Relationship");
         if (isUpdate) {
             String oldLogoutRedirectUri = trustService.getRelationshipByDn(trustRelationship.getDn()).getSpLogoutURL();
             String newLogoutRedirectUri = trustRelationship.getSpLogoutURL();
             boolean oxClientUpdateNeeded = (oldLogoutRedirectUri != null) && (newLogoutRedirectUri != null) &&
                     !newLogoutRedirectUri.equals(oldLogoutRedirectUri);
 
             boolean parentInactive = trustRelationship.getStatus().equals(GluuStatus.INACTIVE);
 //            if(! federatedSites.isEmpty()){
 //                for (GluuSAMLTrustRelationship trust : federatedSites) {
 //                    if (parentInactive) {
 //                        trust.setStatus(GluuStatus.INACTIVE);
 //                    }
 //                    trustService.updateReleasedAttributes(trust);
 //                    trustService.updateTrustRelationship(trust);
 //                    svnSyncTimer.updateTrustRelationship(trust, identity.getCredentials().getUsername());
 //                }
 //            }
             trustService.updateTrustRelationship(trustRelationship);
 
 
             if(oxClientUpdateNeeded){
                 OxAuthClient client = clientService.getClientByInum(appConfiguration.getOxAuthClientId());
                 Set<String> updatedLogoutRedirectUris = new HashSet<String>();
                 List<GluuSAMLTrustRelationship> trs = trustService.getAllTrustRelationships();
                 if(trs != null && ! trs.isEmpty()){
                     for(GluuSAMLTrustRelationship tr: trs){
                         String logoutRedirectUri = tr.getSpLogoutURL();
                         if(logoutRedirectUri != null && ! logoutRedirectUri.isEmpty()){
                             updatedLogoutRedirectUris.add(logoutRedirectUri);
                         }
                     }
                 }
                 if(updatedLogoutRedirectUris.isEmpty()){
                     client.setPostLogoutRedirectUris(null);
                 }else{
                     client.setPostLogoutRedirectUris(updatedLogoutRedirectUris.toArray(new String[0]));
                 }
                 clientService.updateClient(client);
             }
 
             svnSyncTimer.updateTrustRelationship(trustRelationship, identity.getCredentials().getUsername());
         } else {
             trustService.addTrustRelationship(trustRelationship);
             svnSyncTimer.addTrustRelationship(trustRelationship, identity.getCredentials().getUsername());
         }
     }

◆ searchTrustRelationships()

String org.gluu.oxtrust.api.saml.TrustRelationshipWebService.searchTrustRelationships	(	@QueryParam("pattern") @NotNull String	pattern,
		@QueryParam("size_limit") int	sizeLimit,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                                                            {
         try {
             List<SAMLTrustRelationshipShort> trustRelationships = convertTRtoTRShort(trustService.searchSAMLTrustRelationships(pattern, sizeLimit));
             //convert to JSON
             return objectMapper.writeValueAsString(trustRelationships);
         } catch (Exception e) {
             logger.error("searchTrustRelationships() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
             return OxTrustConstants.RESULT_FAILURE;
         }
     }

◆ setCertificate()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.setCertificate	(	@PathParam("inum") String	trustRelationshipInum,
		String	certificate,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                            {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             
             if (StringHelper.isEmpty(certificate)) {
                 logger.error("Failed to update TR certificate - certificate is empty");
                 return;
             }
             
             updateTRCertificate(trustRelationship, certificate);
         } catch (Exception e) {
             logger.error("Failed to update certificate", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ setContacts()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.setContacts	(	@PathParam("inum") String	trustRelationshipInum,
		String	contacts,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                      {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             
             List<TrustContact> contactsList = objectMapper.readValue(contacts, new TypeReference<List<TrustContact>>() {});
 
             trustService.saveContacts(trustRelationship, contactsList);
         } catch (Exception e) {
             logger.error("setContacts() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ setEntityId()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.setEntityId ( GluuSAMLTrustRelationship trustRelationship )

inlineprivate

Sets entityId according to metadatafile. Works for all TR which have own metadata file.

著者: �Oleksiy Tataryn�

                                                                            {
         String idpMetadataFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + Shibboleth3ConfService.SHIB3_IDP_METADATA_FOLDER + File.separator;
         File metadataFile = new File(idpMetadataFolder + trustRelationship.getSpMetaDataFN());
 
         List<String> entityIdList = SAMLMetadataParser.getEntityIdFromMetadataFile(metadataFile);
         Set<String> entityIdSet = new TreeSet<String>();
 
         if(entityIdList != null && ! entityIdList.isEmpty()){
             Set<String> duplicatesSet = new TreeSet<String>(); 
             for (String entityId : entityIdList) {
                 if (!entityIdSet.add(entityId)) {
                     duplicatesSet.add(entityId);
                 }
             }
         }
 
         trustRelationship.setGluuEntityId(entityIdSet);
     }

◆ setMetadata()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.setMetadata	(	@PathParam("inum") String	trustRelationshipInum,
		@NotNull String	metadata,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                               {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             
             String metadataFileName = trustRelationship.getSpMetaDataFN();
             if (StringHelper.isEmpty(metadataFileName)) {
                 // Generate new file name
                 metadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationshipInum);
             }
             shibboleth3ConfService.saveSpMetadataFile(metadataFileName, metadata.getBytes("UTF8"));
             
             trustRelationship.setSpMetaDataFN(metadataFileName);
             trustRelationship.setSpMetaDataSourceType(GluuMetadataSourceType.FILE);
             trustService.updateTrustRelationship(trustRelationship);
         } catch (Exception e) {
             logger.error("addMetadata() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ setMetadataURL()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.setMetadataURL	(	@PathParam("inum") String	trustRelationshipInum,
		@NotNull String	url,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                             {
         try {
             GluuSAMLTrustRelationship trustRelationship = trustService.getRelationshipByInum(trustRelationshipInum);
             
             String metadataFileName = trustRelationship.getSpMetaDataFN();
             if (StringHelper.isEmpty(metadataFileName)) {
                 // Generate new file name
                 metadataFileName = shibboleth3ConfService.getSpNewMetadataFileName(trustRelationshipInum);
             }
             
             shibboleth3ConfService.saveSpMetadataFile(url, metadataFileName);
             
             trustRelationship.setSpMetaDataFN(metadataFileName);
             trustRelationship.setSpMetaDataSourceType(GluuMetadataSourceType.FILE);
             trustService.updateTrustRelationship(trustRelationship);
         } catch (Exception e) {
             logger.error("addMetadata() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ update()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.update	(	@PathParam("inum") @NotNull String	inum,
		GluuSAMLTrustRelationship	trustRelationship,
		@Context HttpServletResponse	response
	)

inline

                                                                                                                                                     {
         logger.trace("Update Trust Relationship");
         try {
             String dn = trustService.getDnForTrustRelationShip(inum);
             trustRelationship.setDn(dn);
             trustService.updateTrustRelationship(trustRelationship);
         } catch (Exception e) {
             logger.error("update() Exception", e);
             try { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "INTERNAL SERVER ERROR"); } catch (Exception ex) {}
         }
     }

◆ updateTRCertificate()

void org.gluu.oxtrust.api.saml.TrustRelationshipWebService.updateTRCertificate	(	GluuSAMLTrustRelationship	trustRelationship,
		String	certificate
	)		throws IOException

inlineprivate

                                                                                                                          {
         if (StringHelper.isEmpty(certificate)) {
             logger.error("Failed to update TR certificate - certificate is empty");
             return;
         }
         // This regex defines certificate enclosed in X509Certificate tags
         // regardless of namespace(as long as it is not more then 9 characters)
         String certRegEx = "(?ms)(?<=<[^</>]{0,10}X509Certificate>).*(?=</[^</>]{0,10}?X509Certificate>)";
 
         shibboleth3ConfService.saveCert(trustRelationship, certificate);
         shibboleth3ConfService.saveKey(trustRelationship, null);
 
         String metadataFileName = trustRelationship.getSpMetaDataFN();
         File metadataFile = new File(shibboleth3ConfService.getSpMetadataFilePath(metadataFileName));
         String metadata = FileUtils.readFileToString(metadataFile);
         String updatedMetadata = metadata.replaceFirst(certRegEx, certificate);
         FileUtils.writeStringToFile(metadataFile, updatedMetadata);
         trustRelationship.setStatus(GluuStatus.ACTIVE);
     }

メンバ詳解

◆ appConfiguration

AppConfiguration org.gluu.oxtrust.api.saml.TrustRelationshipWebService.appConfiguration

private

◆ clientService

ClientService org.gluu.oxtrust.api.saml.TrustRelationshipWebService.clientService

private

◆ identity

Identity org.gluu.oxtrust.api.saml.TrustRelationshipWebService.identity

private

◆ logger

Logger org.gluu.oxtrust.api.saml.TrustRelationshipWebService.logger

private

◆ metadataValidationTimer

MetadataValidationTimer org.gluu.oxtrust.api.saml.TrustRelationshipWebService.metadataValidationTimer

private

◆ objectMapper

ObjectMapper org.gluu.oxtrust.api.saml.TrustRelationshipWebService.objectMapper

package

◆ shibboleth3ConfService

Shibboleth3ConfService org.gluu.oxtrust.api.saml.TrustRelationshipWebService.shibboleth3ConfService

private

◆ svnSyncTimer

SvnSyncTimer org.gluu.oxtrust.api.saml.TrustRelationshipWebService.svnSyncTimer

private

◆ trustContactsAction

TrustContactsAction org.gluu.oxtrust.api.saml.TrustRelationshipWebService.trustContactsAction

private

◆ trustService

TrustService org.gluu.oxtrust.api.saml.TrustRelationshipWebService.trustService

private

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxTrust/server/src/main/java/org/gluu/oxtrust/api/saml/TrustRelationshipWebService.java

公開メンバ関数

変数

非公開メンバ関数

静的非公開メンバ関数

非公開変数類

詳解

構築子と解体子

◆ TrustRelationshipWebService()

関数詳解

◆ addAttribute()

◆ convertTRtoTRShort()

◆ create()

◆ delete()

◆ generateCertForGeneratedSP()

◆ generateConfigurationFiles()

◆ generateInumForNewTrustRelationship()

◆ generateSpMetaDataFile()

◆ getContacts()

◆ list()

◆ listAllActiveTrustRelationships()

◆ listAllFederations()

◆ listAllOtherFederations()

◆ listAllSAMLTrustRelationships()

◆ listDeconstructedTrustRelationships()

◆ read()

◆ removeAttribute()

◆ saveSpMetaDataFileSourceTypeFile()

◆ saveSpMetaDataFileSourceTypeURI()

◆ saveTR() [1/2]

◆ saveTR() [2/2]

◆ searchTrustRelationships()

◆ setCertificate()

◆ setContacts()

◆ setEntityId()

◆ setMetadata()

◆ setMetadataURL()

◆ update()

◆ updateTRCertificate()

メンバ詳解

◆ appConfiguration

◆ clientService

◆ identity

◆ logger

◆ metadataValidationTimer

◆ objectMapper

◆ shibboleth3ConfService

◆ svnSyncTimer

◆ trustContactsAction

◆ trustService