001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: ProviderConfig.java,v 1.31 2009/11/16 21:52:58 mallas Exp $ 026 * 027 */ 028package com.sun.identity.wss.provider; 029 030import java.io.File; 031import java.io.FileInputStream; 032import java.io.InputStream; 033import java.security.KeyStore; 034import java.security.AccessController; 035import java.util.List; 036import java.util.ArrayList; 037import java.util.Properties; 038import java.util.Set; 039 040import com.sun.identity.common.SystemConfigurationUtil; 041import com.iplanet.services.util.Crypt; 042import com.iplanet.sso.SSOToken; 043import com.iplanet.sso.SSOException; 044import com.iplanet.sso.SSOTokenManager; 045import com.sun.identity.security.AdminTokenAction; 046import com.sun.identity.wss.security.SecurityMechanism; 047 048 049/** 050 * This abstract class <code>ProviderConfig</code> represents the Web Services 051 * Server provider or the Web Services Client provider configuration. 052 * <p>Pluggable implementation of this abstract class can choose to store this 053 * configuration in desired configuration store. This pluggable implementation 054 * class can be configured in client's AMConfig.properties as value of 055 * "com.sun.identity.wss.provider.config.plugin" property. 056 * Having obtained an instance of ProviderConfig, its methods can be called to 057 * create, delete, modify, retrieve WSS agent profile and configuration for WSC 058 * and/or WSP attributes (key /value pairs). 059 * 060 * <p>All the static methods in this class are for the persistent 061 * operations. 062 * @supported.all.api 063 */ 064public abstract class ProviderConfig { 065 066 /** 067 * Constant to define the web services client type. 068 */ 069 public static final String WSC = "WSCAgent"; 070 071 /** 072 * Constant to define the web services provider type. 073 */ 074 public static final String WSP = "WSPAgent"; 075 076 /** 077 * Property for the web services provider configuration plugin. 078 */ 079 public static final String WSS_PROVIDER_CONFIG_PLUGIN = 080 "com.sun.identity.wss.provider.config.plugin"; 081 082 protected List secMech = null; 083 protected String serviceURI = null; 084 protected String providerName = null; 085 protected String wspEndpoint = null; 086 protected String wssProxyEndpoint = null; 087 protected String providerType = null; 088 protected KeyStore keyStore = null; 089 protected String privateKeyAlias = null; 090 protected String privateKeyType = null; 091 protected String publicKeyAlias = null; 092 protected boolean isResponseSigned = false; 093 protected boolean isResponseEncrypted = false; 094 protected boolean isRequestSigned = true; 095 protected boolean isRequestEncrypted = false; 096 protected boolean isRequestHeaderEncrypted = false; 097 protected List trustAuthorities = null; 098 protected String ksPasswd = null; 099 protected String keyPasswd = null; 100 protected String ksFile = null; 101 protected Properties properties = new Properties(); 102 protected List usercredentials = null; 103 protected String serviceType = null; 104 protected boolean isDefaultKeyStore = false; 105 protected boolean forceAuthn = false; 106 protected boolean preserveSecHeaders = false; 107 protected String authenticationChain = null; 108 protected TrustAuthorityConfig taconfig = null; 109 protected Set samlAttributes = null; 110 protected boolean includeMemberships = false; 111 protected String nameIDMapper = null; 112 protected String attributeNS = null; 113 protected String kdcDomain = null; 114 protected String kdcServer = null; 115 protected String ticketCacheDir = null; 116 protected String servicePrincipal = null; 117 protected String keytabFile = null; 118 protected boolean verifyKrbSignature = false; 119 protected boolean usePassThroughToken = false; 120 protected String tokenConversionType = null; 121 protected String encryptionAlgorithm = "DESede"; 122 protected int encryptionStrength = 0; 123 protected String signingRefType = "DirectReference"; 124 protected static SSOToken customAdminToken = null; 125 126 protected boolean detectUserTokenReplay = true; 127 protected boolean detectMessageReplay = true; 128 protected String dnsClaim = null; 129 protected List signedElements = new ArrayList(); 130 private static Class adapterClass; 131 132 /** 133 * Returns the list of security mechanims that the provider is configured. 134 * 135 * @return list of security mechanisms. 136 */ 137 public List getSecurityMechanisms() { 138 return secMech; 139 } 140 141 /** 142 * Sets the list of security mechanisms. 143 * 144 * @param authMech the list of security mechanisms. 145 */ 146 public void setSecurityMechanisms(List authMech) { 147 this.secMech = authMech; 148 } 149 150 /** 151 * Returns the name of the Provider. 152 * 153 * @return the provider name. 154 */ 155 public String getProviderName() { 156 return providerName; 157 } 158 159 /** 160 * Returns the value of the property. 161 * 162 * @param property the name of property for which value is being retrieved. 163 * 164 * @return the value of the property. 165 */ 166 public String getProperty(String property) { 167 return properties.getProperty(property); 168 } 169 170 /** 171 * Sets the value for the given property in Provider Configuration. 172 * 173 * @param property the name of the property being set. 174 * 175 * @param value the property value being set. 176 */ 177 public void setProperty(String property, String value) { 178 properties.put(property, value); 179 } 180 181 /** 182 * Returns the endpoint of the web services provider. 183 * 184 * @return the endpoint of the web services provider. 185 */ 186 public String getWSPEndpoint() { 187 return wspEndpoint; 188 } 189 190 /** 191 * Sets the web services provider endpoint. 192 * 193 * @param endpoint the web services provider endpoint. 194 */ 195 public void setWSPEndpoint(String endpoint) { 196 this.wspEndpoint = endpoint; 197 } 198 199 /** 200 * Returns the endpoint of the web services security proxy. 201 * 202 * @return the endpoint of the web services security proxy. 203 */ 204 public String getWSSProxyEndpoint() { 205 return wssProxyEndpoint; 206 } 207 208 /** 209 * Sets the web services security proxy endpoint. 210 * 211 * @param endpoint the web services security proxy endpoint. 212 */ 213 public void setWSSProxyEndpoint(String endpoint) { 214 this.wssProxyEndpoint = endpoint; 215 } 216 217 /** 218 * Sets the service type. 219 * @param serviceType the service type. 220 */ 221 public void setServiceType(String serviceType) { 222 this.serviceType = serviceType; 223 } 224 225 /** 226 * Returns the service type. 227 * 228 * @return the service type. 229 */ 230 public String getServiceType() { 231 return serviceType; 232 } 233 234 /** 235 * Sets the user credentials list. 236 * @param usercredentials list of <code>PasswordCredential</code> objects. 237 */ 238 public void setUsers(List usercredentials) { 239 this.usercredentials = usercredentials; 240 } 241 242 /** 243 * Returns the list of <code>PasswordCredential</code>s of the user. 244 * 245 * @return the list of <code>PasswordCredential</code> objects. 246 */ 247 public List getUsers() { 248 return usercredentials; 249 } 250 251 /** 252 * Returns true if the user name token replay is enabled. 253 * @return true if the user name token replay is enabled. 254 */ 255 public boolean isUserTokenDetectReplayEnabled() { 256 return detectUserTokenReplay; 257 } 258 259 /** 260 * Enable or disable the detection of user token replay 261 * @param enable true if the detection of user token replay is enabled. 262 */ 263 public void setDetectUserTokenReplay(boolean enable) { 264 this.detectUserTokenReplay = enable; 265 } 266 267 /** 268 * Returns true if the message replay detection is enabled. 269 * @return true if the message replay detection is enabled. 270 */ 271 public boolean isMessageReplayDetectionEnabled() { 272 return detectMessageReplay; 273 } 274 275 /** 276 * Enable or disable the message replay detection. 277 * @param enable true if the detection of the message replay is enabled. 278 */ 279 public void setMessageReplayDetection(boolean enable) { 280 this.detectMessageReplay = enable; 281 } 282 283 /** 284 * Returns the provider type. It will be {@link #WSP} or {@link #WSC} 285 * 286 * @return the provider type. 287 */ 288 public String getProviderType() { 289 return providerType; 290 } 291 292 /** 293 * Returns the provider JKS <code>KeyStore</code> 294 * 295 * @return the JKS <code>KeyStore</code> 296 */ 297 public KeyStore getKeyStore() { 298 return keyStore; 299 } 300 301 /** 302 * Returns the keystore file. 303 * 304 * @return the keystore file name. 305 */ 306 public String getKeyStoreFile() { 307 return ksFile; 308 } 309 310 /** 311 * Returns the keystore password. 312 * 313 * @return the keystore password. 314 */ 315 public String getKeyStorePassword() { 316 return Crypt.decrypt(ksPasswd); 317 } 318 319 /** 320 * Returns the keystore encrypted password. 321 * 322 * @return the keystore encrypted password. 323 */ 324 public String getKeyStoreEncryptedPasswd() { 325 return ksPasswd; 326 } 327 328 /** 329 * Returns the key password in the keystore. 330 * 331 * @return the key password in the keystore. 332 */ 333 public String getKeyPassword() { 334 return Crypt.decrypt(keyPasswd); 335 } 336 337 /** 338 * Returns the keystore encrypted password. 339 * 340 * @return the keystore encrypted password. 341 */ 342 public String getKeyEncryptedPassword() { 343 return keyPasswd; 344 } 345 346 /** 347 * Sets the keystore for this provider. 348 * 349 * @param fileName the provider key store fully qualified file name. 350 * 351 * @param keyStorePassword the password required to access the key 352 * store file. 353 * 354 * @param keyPassword the password required to access the key from the 355 * keystore. 356 * 357 * @exception ProviderException if the key store file does not exist 358 * or an invalid password. 359 */ 360 public void setKeyStore(String fileName, 361 String keyStorePassword, String keyPassword) 362 throws ProviderException { 363 364 this.ksFile = fileName; 365 this.ksPasswd = Crypt.encrypt(keyStorePassword); 366 this.keyPasswd = Crypt.encrypt(keyPassword); 367 try { 368 File file = new File(fileName); 369 if(file.exists()) { 370 InputStream inputStream = new FileInputStream(fileName); 371 keyStore = KeyStore.getInstance("JKS"); 372 keyStore.load(inputStream, keyStorePassword.toCharArray()); 373 } 374 } catch (Exception ex) { 375 ProviderUtils.debug.error("ProviderConfig.setKeyStore: Could not" + 376 "set the key store file information", ex); 377 throw new ProviderException(ProviderUtils.bundle.getString( 378 "invalidKeyStore")); 379 } 380 } 381 382 /** 383 * Sets the keystore for this provider. 384 * 385 * @param keyStore the provider key store. 386 * 387 * @param password the password required to access the key store file. 388 * 389 */ 390 public void setKeyStore(KeyStore keyStore, String password) { 391 this.keyStore = keyStore; 392 this.ksPasswd = password; 393 } 394 395 /** 396 * Returns the key type for this provider. 397 * 398 * @return the key type of the provider. 399 */ 400 public String getKeyType() { 401 return privateKeyType; 402 } 403 404 /** 405 * Sets the key type for this provider. 406 * 407 * @param keyType the key type for this provider. 408 */ 409 public void setKeyType(String keyType) { 410 this.privateKeyType = keyType; 411 } 412 413 /** 414 * Returns the key alias for this provider. 415 * 416 * @return the key alias of the provider. 417 */ 418 public String getKeyAlias() { 419 return privateKeyAlias; 420 } 421 422 /** 423 * Sets the key alias for this provider. 424 * 425 * @param alias the key alias for this provider. 426 */ 427 public void setKeyAlias(String alias) { 428 this.privateKeyAlias = alias; 429 } 430 431 /** 432 * Returns the Public key alias for this provider's partner. 433 * 434 * @return the Public key alias of the provider's partner. 435 */ 436 public String getPublicKeyAlias() { 437 return publicKeyAlias; 438 } 439 440 /** 441 * Sets the Public key alias for this provider's partner. 442 * 443 * @param alias the Public key alias for this provider's partner. 444 */ 445 public void setPublicKeyAlias(String alias) { 446 this.publicKeyAlias = alias; 447 } 448 449 /** 450 * Returns true if the provider uses default keystore. 451 * @return true if the provider uses default keystore. 452 */ 453 public boolean useDefaultKeyStore() { 454 return isDefaultKeyStore; 455 } 456 457 /** 458 * Sets the provider to use the default keystore. 459 * @param set boolean variable to enable or disable to use the default 460 * keystore. 461 */ 462 public void setDefaultKeyStore(boolean set) { 463 this.isDefaultKeyStore = set; 464 } 465 466 /** 467 * Returns the SAML Attribute Mapping list. This method is used by the 468 * WSP configuration when enabled for SAML. 469 */ 470 public Set getSAMLAttributeMapping() { 471 return samlAttributes; 472 } 473 474 /** 475 * Sets the list of SAML attribute mappings. This method is used by the 476 * WSP configuration when enabled for SAML. 477 * @param attributeMap the list of SAML attribute mapping 478 */ 479 public void setSAMLAttributeMapping(Set attributeMap) { 480 this.samlAttributes = attributeMap; 481 } 482 483 /** 484 * Checks if the memberships should be included in the SAML attribute 485 * mapping. 486 * @return true if the memberships are included. 487 */ 488 public boolean shouldIncludeMemberships() { 489 return includeMemberships; 490 } 491 492 /** 493 * Sets a flag to include memberships for SAML attribute mapping. 494 * @param include boolean flag to indicate if the memberships needs to 495 * be included. 496 */ 497 public void setIncludeMemberships(boolean include) { 498 this.includeMemberships = include; 499 } 500 501 /** 502 * Returns the NameID mapper class 503 * @return returns the nameid mapper class. 504 */ 505 public String getNameIDMapper() { 506 return nameIDMapper; 507 } 508 509 /** 510 * Sets the NameID Mapper class. 511 * @param nameIDMapper NameID Mapper class. 512 */ 513 public void setNameIDMapper(String nameIDMapper){ 514 this.nameIDMapper = nameIDMapper; 515 } 516 517 /** 518 * Returns SAML attribute namespace. 519 * @return returns SAML attribute namespace. 520 */ 521 public String getSAMLAttributeNamespace() { 522 return attributeNS; 523 } 524 525 /** 526 * Sets SAML attribute namespace. 527 * @param attributeNS SAML attribute namespace. 528 */ 529 public void setSAMLAttributeNamespace(String attributeNS) { 530 this.attributeNS = attributeNS; 531 } 532 533 /** 534 * Returns Kerberos Domain Controller Domain 535 * @return Kerberos Domain Controller Domain 536 */ 537 538 public String getKDCDomain() { 539 return kdcDomain; 540 } 541 542 /** 543 * Sets Kerberos Domain Controller Domain 544 * @param domain Kerberos Domain Controller Domain 545 */ 546 public void setKDCDomain(String domain) { 547 this.kdcDomain = domain; 548 } 549 550 /** 551 * Returns Kerberos Domain Controller Server. 552 * @return Kerberos Domain Controller Server. 553 */ 554 public String getKDCServer() { 555 return kdcServer; 556 } 557 558 /** 559 * Sets Kerberos Domain Controller Server 560 * @param kdcServer Kerberos Domain Controller Server 561 */ 562 public void setKDCServer(String kdcServer) { 563 this.kdcServer = kdcServer; 564 } 565 566 /** 567 * This method is used by the web services client to get the kerberos 568 * ticket cache directory. 569 * @return the kerberos ticket cache dir 570 */ 571 public String getKerberosTicketCacheDir() { 572 return ticketCacheDir; 573 } 574 575 /** 576 * Sets kerberos ticket cache dir. 577 * @param cacheDir kerberos ticket cache dir 578 */ 579 public void setKerberosTicketCacheDir(String cacheDir) { 580 this.ticketCacheDir = cacheDir; 581 } 582 583 /** 584 * This method is used by the web services provider to get the key tab file. 585 * @return the keytab file. 586 */ 587 public String getKeyTabFile() { 588 return keytabFile; 589 } 590 591 /** 592 * Sets the keytab file 593 * @param file the fully qualified file path 594 */ 595 public void setKeyTabFile(String file) { 596 this.keytabFile = file; 597 } 598 599 /** 600 * Returns kerberos service principal 601 * @return the kerberos service principal 602 */ 603 public String getKerberosServicePrincipal() { 604 return servicePrincipal; 605 } 606 607 /** 608 * Sets kerberos service principal. 609 * @param principal the kerberos service principal. 610 */ 611 public void setKerberosServicePrincipal(String principal) { 612 this.servicePrincipal = principal; 613 } 614 615 /** 616 * Returns true if kerberos signature needs to be validated. 617 * The signature validation is supported only with JDK6 onwards. 618 * @return true if the signature validation needs to be validated. 619 */ 620 public boolean isValidateKerberosSignature() { 621 return verifyKrbSignature; 622 } 623 624 /** 625 * Sets a boolean flag to enable or disable validate kerberos signature. 626 * @param validate boolean flag to enable or disable validate krb signature. 627 */ 628 public void setValidateKerberosSignature(boolean validate) { 629 this.verifyKrbSignature = validate; 630 } 631 632 /** 633 * Returns the DNS claim name. 634 * @return the DNS claim name. 635 */ 636 public String getDNSClaim() { 637 return dnsClaim; 638 } 639 640 /** 641 * Sets the DNS claim name 642 * @param dnsClaim the DNS claim name 643 */ 644 public void setDNSClaim(String dnsClaim) { 645 this.dnsClaim = dnsClaim; 646 } 647 648 /** 649 * Returns the list of signed elements. 650 * @return the list of signed elements. 651 */ 652 public List getSignedElements() { 653 return signedElements; 654 } 655 656 /** 657 * Sets the signed elements 658 * @param signedElements the signed elements. 659 */ 660 public void setSignedElements(List signedElements) { 661 this.signedElements = signedElements; 662 } 663 664 /** 665 * Returns the provider's trusted authorities list. 666 * 667 * @return the list of the <code>TrustAuthorityConfig</code>s. 668 */ 669 public TrustAuthorityConfig getTrustAuthorityConfig() { 670 return taconfig; 671 } 672 673 /** 674 * Sets the trusted authority configurations. 675 * 676 * @param taconfig instance of the <code>TrustAuthorityConfig</code>. 677 */ 678 public void setTrustAuthorityConfig(TrustAuthorityConfig taconfig) { 679 this.taconfig = taconfig; 680 } 681 682 /** 683 * Checks if the response needs to be signed or not. 684 * 685 * @return true if the response needs to be signed. 686 */ 687 public boolean isResponseSignEnabled() { 688 return isResponseSigned; 689 } 690 691 /** 692 * Sets the response sign enable flag. 693 * 694 * @param enable enables the response signing. 695 */ 696 public void setResponseSignEnabled(boolean enable) { 697 isResponseSigned = enable; 698 } 699 700 /** 701 * Checks if the response needs to be encrypted or not. 702 * 703 * @return true if the response needs to be encrypted. 704 */ 705 public boolean isResponseEncryptEnabled() { 706 return isResponseEncrypted; 707 } 708 709 /** 710 * Sets the response encrypt enable flag. 711 * 712 * @param enable enables the response encryption. 713 */ 714 public void setResponseEncryptEnabled(boolean enable) { 715 isResponseEncrypted = enable; 716 } 717 718 /** 719 * Checks if the request needs to be signed or not. 720 * 721 * @return true if the request needs to be signed. 722 */ 723 public boolean isRequestSignEnabled() { 724 return isRequestSigned; 725 } 726 727 /** 728 * Sets the request sign enable flag. 729 * 730 * @param enable enables the request signing. 731 */ 732 public void setRequestSignEnabled(boolean enable) { 733 isRequestSigned = enable; 734 } 735 736 /** 737 * Checks if the request needs to be encrypted or not. 738 * 739 * @return true if the request needs to be encrypted. 740 */ 741 public boolean isRequestEncryptEnabled() { 742 return isRequestEncrypted; 743 } 744 745 /** 746 * Sets the request encrypt enable flag. 747 * 748 * @param enable enables the request encryption. 749 */ 750 public void setRequestEncryptEnabled(boolean enable) { 751 isRequestEncrypted = enable; 752 } 753 754 /** 755 * Checks if the request header needs to be encrypted or not. 756 * 757 * @return true if the request header needs to be encrypted. 758 */ 759 public boolean isRequestHeaderEncryptEnabled() { 760 return isRequestHeaderEncrypted; 761 } 762 763 /** 764 * Sets the request header encrypt enable flag. 765 * 766 * @param enable enables the request header encryption. 767 */ 768 public void setRequestHeaderEncryptEnabled(boolean enable) { 769 isRequestHeaderEncrypted = enable; 770 } 771 772 /** 773 * Returns true if the user force authentication is enabled. 774 * @return true if the user force authentication is enabled. 775 */ 776 public boolean forceUserAuthentication() { 777 return forceAuthn; 778 } 779 780 /** 781 * Sets the user force authentication attribute. 782 * @param forceAuthn the user force authentication attribute. 783 */ 784 public void setForceUserAuthentication(boolean forceAuthn) { 785 this.forceAuthn = forceAuthn; 786 } 787 788 /** 789 * Returns true if security header needs to be preserved. 790 * @return true if the security header needs to be preserved. 791 */ 792 public boolean preserveSecurityHeader() { 793 return preserveSecHeaders; 794 } 795 796 /** 797 * Sets if security header needs to be preserved. 798 * @param preserve value to be set, true if the security header needs 799 * to be preserved, false otherwise. 800 */ 801 public void setPreserveSecurityHeader(boolean preserve) { 802 this.preserveSecHeaders = preserve; 803 } 804 805 /** 806 * Returns the authentication chain mechanism to be used. This method 807 * is used only by the WSP configuration. 808 * 809 * @return the name of the authentication chain mechanism. 810 */ 811 public String getAuthenticationChain() { 812 return authenticationChain; 813 } 814 /** 815 * Sets the authentication chain mechanism. This method is used only by 816 * the WSP configuration. 817 * @param authenticationChain the name of the authentication chain 818 * mechanism. 819 */ 820 public void setAuthenticationChain(String authenticationChain) { 821 this.authenticationChain = authenticationChain; 822 } 823 824 /** 825 * Returns true if passthrough security token needs to be used. 826 * This is valid for a proxy web services client. 827 * @return true if passthrough security token needs to be used. 828 */ 829 public boolean usePassThroughSecurityToken() { 830 return usePassThroughToken; 831 } 832 833 /** 834 * Sets if passthrough security token needs to be used 835 * This is valid for a proxy web services client. 836 * @param usepassthrough flag to if the wsc needs to use passthrough 837 * security token. 838 */ 839 public void setPassThroughSecurityToken(boolean usepassthrough) { 840 this.usePassThroughToken = usepassthrough; 841 } 842 843 /** 844 * Returns the type of the token that needs to be converted to. 845 * This method is used by the web service providers to convert a 846 * SAMLToken to the desired token type. 847 * @return the type of the token that needs to be converted to. 848 */ 849 public String getTokenConversionType() { 850 return tokenConversionType; 851 } 852 853 /** 854 * Sets the type of the token that needs to be converted to. 855 * This method is used by the web service providers to convert a 856 * SAMLToken to the desired token type. 857 * @param tokenType the type of the token that needs to be converted to. 858 */ 859 public void setTokenConversionType(String tokenType) { 860 this.tokenConversionType = tokenType; 861 } 862 863 /** 864 * Returns signing reference type. 865 * @return the signing reference type. 866 */ 867 public String getSigningRefType() { 868 return signingRefType; 869 } 870 871 /** 872 * Sets the signing reference type. 873 * @param refType the signing reference type. 874 */ 875 public void setSigningRefType(String refType) { 876 this.signingRefType = refType; 877 } 878 879 /** 880 * Returns the encryption algorithm 881 * @return the encryption algorithm 882 */ 883 public String getEncryptionAlgorithm() { 884 return encryptionAlgorithm; 885 } 886 887 /** 888 * Sets the encryption algorithm. 889 * @param encAlg the encryption algorithm. 890 */ 891 public void setEncryptionAlgorithm(String encAlg) { 892 this.encryptionAlgorithm = encAlg; 893 } 894 895 /** 896 * Returns the encryption data strength. 897 * @return the encryption data strength. 898 */ 899 public int getEncryptionStrength() { 900 return encryptionStrength; 901 } 902 903 /** 904 * Sets the encryption data strength. * 905 * @param keyStrength the encryption data strength. 906 */ 907 public void setEncryptionStrength(int keyStrength) { 908 this.encryptionStrength = keyStrength; 909 } 910 911 /** 912 * Stores the provider configuration. 913 * 914 * @exception ProviderException if there is any failure. 915 */ 916 protected abstract void store() throws ProviderException; 917 918 /** 919 * Deletes the provider configuration. 920 * 921 * @exception ProviderException if there is any failure. 922 */ 923 protected abstract void delete() throws ProviderException; 924 925 /** 926 * Checks if the provider configuration exists. 927 * 928 * @return true if the provider exists. 929 */ 930 protected abstract boolean isExists(); 931 932 /** 933 * Initializes the provider. 934 * 935 * @param providerName the provider name. 936 * 937 * @param providerType the provider type. 938 * 939 * @param token Single Sign-on token. 940 * 941 * @param isEndPoint Boolean flag indicating whether provider needs to be 942 * searched based on its end point value. 943 * 944 * @exception ProviderException if there is any failure. 945 */ 946 protected abstract void init(String providerName, 947 String providerType, SSOToken token, boolean isEndPoint) 948 throws ProviderException; 949 950 /** 951 * Saves the Provider in the configuration repository. 952 * 953 * @param config the provider configuration. 954 * 955 * @exception ProviderException if the creation is failed. 956 */ 957 public static void saveProvider(ProviderConfig config) 958 throws ProviderException { 959 config.store(); 960 } 961 962 /** 963 * Returns the provider configuration for a given provider name. 964 * 965 * @param providerName the provider name. 966 * 967 * @param providerType the provider type. 968 * 969 * @exception ProviderException if unable to retrieve. 970 */ 971 public static ProviderConfig getProvider( 972 String providerName, String providerType) throws ProviderException { 973 974 ProviderConfig pc = getConfigAdapter(); 975 SSOToken adminToken = getAdminToken(); 976 pc.init(providerName, providerType, adminToken, false); 977 return pc; 978 } 979 980 /** 981 * Returns the provider configuration for a given provider name. 982 * @param providerName the provider name. 983 * @param providerType the provider type. 984 * @param initialize if set to false the provider configuration will not 985 * be retrieved from the persistent store and returns just the 986 * memory image of the provider configuration. Also if set to 987 * false the provider configuration can not be saved persistently 988 * using {@link #store()}. 989 * @exception ProviderException if unable to retrieve. 990 */ 991 public static ProviderConfig getProvider( 992 String providerName, String providerType, boolean initialize) 993 throws ProviderException { 994 995 if(!initialize) { 996 return getConfigAdapter(); 997 } 998 return getProvider(providerName, providerType); 999 } 1000 1001 /** 1002 * Returns the provider configuration for a given end point 1003 * 1004 * @param endpoint the end point is the search string to retrieve the 1005 * provider configuration. 1006 * 1007 * @param providerType the provider type. 1008 * 1009 * @exception ProviderException if unable to retrieve. 1010 */ 1011 public static ProviderConfig getProviderByEndpoint( 1012 String endpoint, String providerType) 1013 throws ProviderException { 1014 1015 ProviderConfig pc = getConfigAdapter(); 1016 SSOToken adminToken = getAdminToken(); 1017 pc.init(endpoint, providerType, adminToken, true); 1018 return pc; 1019 } 1020 1021 /** 1022 * Checks if the provider of given type does exists. 1023 * 1024 * @param providerName the name of the provider. 1025 * 1026 * @param providerType type of the provider. 1027 * 1028 * @return true if the provider exists with a given name and type. 1029 */ 1030 public static boolean isProviderExists(String providerName, 1031 String providerType) { 1032 try { 1033 ProviderConfig config = getProvider(providerName, providerType); 1034 return config.isExists(); 1035 } catch (ProviderException pe) { 1036 ProviderUtils.debug.error("ProviderConfig.isProviderExists:: " + 1037 "Provider Exception ", pe); 1038 return false; 1039 } 1040 } 1041 1042 /** 1043 * Checks if the provider of given type does exists. 1044 * 1045 * @param providerName the name of the provider. 1046 * 1047 * @param providerType type of the provider. 1048 * 1049 * @param isEndPoint flag to indicate check/search based on WSP end point. 1050 * 1051 * @return true if the provider exists with a given name and type. 1052 */ 1053 public static boolean isProviderExists(String providerName, 1054 String providerType, boolean isEndPoint) { 1055 try { 1056 ProviderConfig config = getProviderByEndpoint( 1057 providerName, providerType); 1058 return config.isExists(); 1059 } catch (ProviderException pe) { 1060 ProviderUtils.debug.error("ProviderConfig.isProviderExists:: " + 1061 "Provider Exception ", pe); 1062 return false; 1063 } 1064 } 1065 1066 /** 1067 * Removes the provider configuration. 1068 * 1069 * @param providerName the name of the provider. 1070 * 1071 * @param providerType the type of the provider. 1072 * 1073 * @exception ProviderException if any failure. 1074 */ 1075 public static void deleteProvider( 1076 String providerName, String providerType) throws ProviderException { 1077 1078 ProviderConfig pc = getConfigAdapter(); 1079 pc.init(providerName, providerType, getAdminToken(), false); 1080 pc.delete(); 1081 } 1082 1083 /** 1084 * Returns the list of all available security mechanism objects. 1085 * 1086 * @return the list of <code>SecurityMechanism</code> objects. 1087 */ 1088 public static List getAllSupportedSecurityMech() { 1089 List list = new ArrayList(); 1090 list.add(SecurityMechanism.WSS_NULL_SAML_SV); 1091 list.add(SecurityMechanism.WSS_TLS_SAML_SV); 1092 list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_SV); 1093 list.add(SecurityMechanism.WSS_NULL_SAML_HK); 1094 list.add(SecurityMechanism.WSS_TLS_SAML_HK); 1095 list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_HK); 1096 list.add(SecurityMechanism.WSS_NULL_X509_TOKEN); 1097 list.add(SecurityMechanism.WSS_TLS_X509_TOKEN); 1098 list.add(SecurityMechanism.WSS_CLIENT_TLS_X509_TOKEN); 1099 list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN); 1100 list.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN); 1101 list.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN); 1102 list.add(SecurityMechanism.WSS_NULL_SAML2_SV); 1103 list.add(SecurityMechanism.WSS_TLS_SAML2_SV); 1104 list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_SV); 1105 list.add(SecurityMechanism.WSS_NULL_SAML2_HK); 1106 list.add(SecurityMechanism.WSS_TLS_SAML2_HK); 1107 list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_HK); 1108 list.add(SecurityMechanism.WSS_NULL_ANONYMOUS); 1109 list.add(SecurityMechanism.WSS_TLS_ANONYMOUS); 1110 list.add(SecurityMechanism.WSS_CLIENT_TLS_ANONYMOUS); 1111 list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN); 1112 list.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN_PLAIN); 1113 list.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN); 1114 list.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN); 1115 list.add(SecurityMechanism.WSS_TLS_KERBEROS_TOKEN); 1116 list.add(SecurityMechanism.WSS_CLIENT_TLS_KERBEROS_TOKEN); 1117 list.add(SecurityMechanism.STS_SECURITY); 1118 return list; 1119 } 1120 1121 /** 1122 * Returns the list of message level security mechanism objects. 1123 * 1124 * @return the list of message level <code>SecurityMechanism</code> objects. 1125 */ 1126 public static List getAllMessageLevelSecurityMech() { 1127 List list = new ArrayList(); 1128 list.add(SecurityMechanism.WSS_NULL_SAML_SV); 1129 list.add(SecurityMechanism.WSS_NULL_SAML_HK); 1130 list.add(SecurityMechanism.WSS_NULL_X509_TOKEN); 1131 list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN); 1132 list.add(SecurityMechanism.WSS_NULL_SAML2_SV); 1133 list.add(SecurityMechanism.WSS_NULL_SAML2_HK); 1134 list.add(SecurityMechanism.WSS_NULL_ANONYMOUS); 1135 list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN); 1136 list.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN); 1137 list.add(SecurityMechanism.STS_SECURITY); 1138 return list; 1139 } 1140 1141 private static ProviderConfig getConfigAdapter() throws ProviderException { 1142 if (adapterClass == null) { 1143 String adapterName = SystemConfigurationUtil.getProperty( 1144 WSS_PROVIDER_CONFIG_PLUGIN, 1145 "com.sun.identity.wss.provider.plugins.AgentProvider"); 1146 try { 1147 adapterClass = Class.forName(adapterName); 1148 } catch (Exception ex) { 1149 ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: " + 1150 "Failed in obtaining class", ex); 1151 throw new ProviderException( 1152 ProviderUtils.bundle.getString("initializationFailed")); 1153 } 1154 } 1155 try { 1156 return ((ProviderConfig) adapterClass.newInstance()); 1157 } catch (Exception ex) { 1158 ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: " + 1159 "Failed in initialization", ex); 1160 throw new ProviderException( 1161 ProviderUtils.bundle.getString("initializationFailed")); 1162 } 1163 } 1164 1165 private static SSOToken getAdminToken() throws ProviderException { 1166 if (customAdminToken != null) { 1167 return customAdminToken; 1168 } 1169 SSOToken adminToken = null; 1170 try { 1171 adminToken = (SSOToken) AccessController.doPrivileged( 1172 AdminTokenAction.getInstance()); 1173 1174 if(adminToken != null) { 1175 if (!SSOTokenManager.getInstance().isValidToken(adminToken)) { 1176 if (ProviderUtils.debug.messageEnabled()) { 1177 ProviderUtils.debug.message("ProviderConfig." + 1178 "getAdminToken: AdminTokenAction returned " + 1179 "expired or invalid token, trying again..."); 1180 } 1181 adminToken = (SSOToken) AccessController.doPrivileged( 1182 AdminTokenAction.getInstance()); 1183 } 1184 } 1185 } catch (SSOException se) { 1186 ProviderUtils.debug.message("ProviderConfig.getAdminToken:: " + 1187 "Trying second time ...."); 1188 adminToken = (SSOToken) AccessController.doPrivileged( 1189 AdminTokenAction.getInstance()); 1190 } 1191 return adminToken; 1192 } 1193 1194 /** 1195 * Sets the admin token. 1196 * This admin token is required to be set if "create", "delete" or "save" 1197 * operations are invoked on this <code>ProviderConfig</code> object. 1198 * This admin token needs to be the valid SSOToken of the user who has 1199 * "Agent Administrator" privileges. 1200 * 1201 * @param adminToken the agent admin token. 1202 */ 1203 public void setAdminToken(SSOToken adminToken) { 1204 this.customAdminToken = adminToken; 1205 } 1206}