001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: ProviderConfig.java,v 1.31 2009/11/16 21:52:58 mallas Exp $
026 *
027 */
028package com.sun.identity.wss.provider; 
029
030import java.io.File;
031import java.io.FileInputStream;
032import java.io.InputStream;
033import java.security.KeyStore;
034import java.security.AccessController;
035import java.util.List;
036import java.util.ArrayList;
037import java.util.Properties;
038import java.util.Set;
039
040import com.sun.identity.common.SystemConfigurationUtil;
041import com.iplanet.services.util.Crypt;
042import com.iplanet.sso.SSOToken;
043import com.iplanet.sso.SSOException;
044import com.iplanet.sso.SSOTokenManager;
045import com.sun.identity.security.AdminTokenAction;
046import com.sun.identity.wss.security.SecurityMechanism;
047
048
049/**
050 * This abstract class <code>ProviderConfig</code> represents the Web Services
051 * Server provider or the Web Services Client provider configuration.  
052 * <p>Pluggable implementation of this abstract class can choose to store this 
053 * configuration in desired configuration store. This pluggable implementation
054 * class can be configured in client's AMConfig.properties as value of 
055 * "com.sun.identity.wss.provider.config.plugin" property.
056 * Having obtained an instance of ProviderConfig, its methods can be called to 
057 * create, delete, modify, retrieve WSS agent profile and configuration for WSC 
058 * and/or WSP attributes (key /value pairs).
059 * 
060 * <p>All the static methods in this class are for the persistent 
061 * operations.
062 * @supported.all.api
063 */
064public abstract class ProviderConfig {
065
066     /**
067      * Constant to define the web services client type.
068      */
069     public static final String WSC = "WSCAgent";
070
071     /**
072      * Constant to define the web services provider type.
073      */
074     public static final String WSP = "WSPAgent";
075     
076    /**
077     * Property for the web services provider configuration plugin.
078     */
079    public static final String WSS_PROVIDER_CONFIG_PLUGIN =
080         "com.sun.identity.wss.provider.config.plugin";
081 
082     protected List secMech = null;
083     protected String serviceURI = null;
084     protected String providerName = null; 
085     protected String wspEndpoint = null;
086     protected String wssProxyEndpoint = null;
087     protected String providerType = null;
088     protected KeyStore keyStore = null;
089     protected String privateKeyAlias = null;
090     protected String privateKeyType = null;
091     protected String publicKeyAlias = null;
092     protected boolean isResponseSigned = false;
093     protected boolean isResponseEncrypted = false;
094     protected boolean isRequestSigned = true;
095     protected boolean isRequestEncrypted = false;
096     protected boolean isRequestHeaderEncrypted = false;
097     protected List trustAuthorities = null;
098     protected String ksPasswd = null;
099     protected String keyPasswd = null;
100     protected String ksFile = null;
101     protected Properties properties = new Properties();
102     protected List usercredentials = null;
103     protected String serviceType = null;
104     protected boolean isDefaultKeyStore = false;
105     protected boolean forceAuthn = false;
106     protected boolean preserveSecHeaders = false;
107     protected String authenticationChain = null;    
108     protected TrustAuthorityConfig taconfig = null;
109     protected Set samlAttributes = null;
110     protected boolean includeMemberships = false;
111     protected String nameIDMapper = null;
112     protected String attributeNS = null;
113     protected String kdcDomain = null;
114     protected String kdcServer = null;
115     protected String ticketCacheDir = null;
116     protected String servicePrincipal = null;
117     protected String keytabFile = null;
118     protected boolean verifyKrbSignature = false;
119     protected boolean usePassThroughToken = false;
120     protected String tokenConversionType = null;
121     protected String encryptionAlgorithm = "DESede";
122     protected int encryptionStrength = 0;
123     protected String signingRefType = "DirectReference";
124     protected static SSOToken customAdminToken = null;
125    
126     protected boolean detectUserTokenReplay = true;
127     protected boolean detectMessageReplay = true;
128     protected String dnsClaim = null;
129     protected List signedElements = new ArrayList();
130     private static Class adapterClass;
131
132    /**
133     * Returns the list of security mechanims that the provider is configured.
134     *
135     * @return list of security mechanisms.
136     */
137    public List getSecurityMechanisms() {
138         return secMech;
139    }
140
141    /**
142     * Sets the list of security mechanisms.
143     *
144     * @param authMech the list of security mechanisms.
145     */
146    public void setSecurityMechanisms(List authMech) {
147        this.secMech = authMech;
148    }
149
150    /**
151     * Returns the name of the Provider.
152     *
153     * @return the provider name.
154     */
155    public String getProviderName() {
156        return providerName;
157    }
158
159    /**
160     * Returns the value of the property.
161     *
162     * @param property the name of property for which value is being retrieved.
163     * 
164     * @return the value of the property.
165     */
166    public String getProperty(String property) {
167        return properties.getProperty(property);
168    }
169
170    /**
171     * Sets the value for the given property in Provider Configuration.
172     *
173     * @param property the name of the property being set.
174     *
175     * @param value the property value being set.
176     */
177    public void setProperty(String property, String value) {
178        properties.put(property, value);
179    }
180
181    /**
182     * Returns the endpoint of the web services provider.
183     *
184     * @return the endpoint of the web services provider.
185     */
186    public String getWSPEndpoint() {
187        return wspEndpoint;        
188    }
189
190    /**
191     * Sets the web services provider endpoint.
192     *
193     * @param endpoint the web services provider endpoint.
194     */
195    public void setWSPEndpoint(String endpoint) {
196        this.wspEndpoint = endpoint;
197    }
198
199    /**
200     * Returns the endpoint of the web services security proxy.
201     *
202     * @return the endpoint of the web services security proxy.
203     */
204    public String getWSSProxyEndpoint() {
205        return wssProxyEndpoint;        
206    }
207
208    /**
209     * Sets the web services security proxy endpoint.
210     *
211     * @param endpoint the web services security proxy endpoint.
212     */
213    public void setWSSProxyEndpoint(String endpoint) {
214        this.wssProxyEndpoint = endpoint;
215    }
216
217    /**
218     * Sets the service type.
219     * @param serviceType the service type.
220     */
221    public void setServiceType(String serviceType) {
222        this.serviceType = serviceType;
223    }
224
225    /**
226     * Returns the service type.
227     *
228     * @return the service type.
229     */
230    public String getServiceType() {
231        return serviceType;
232    }
233
234    /**
235     * Sets the user credentials list.
236     * @param usercredentials list of <code>PasswordCredential</code> objects.
237     */
238    public void setUsers(List usercredentials) {
239        this.usercredentials = usercredentials;
240    }
241
242    /**
243     * Returns the list of <code>PasswordCredential</code>s of the user.
244     *
245     * @return the list of <code>PasswordCredential</code> objects.
246     */
247    public List getUsers() {
248        return usercredentials;
249    }
250            
251    /**
252     * Returns true if the user name token replay is enabled.
253     * @return true if the user name token replay is enabled.
254     */
255    public boolean isUserTokenDetectReplayEnabled() {
256        return detectUserTokenReplay;    
257    }
258    
259    /**
260     * Enable or disable the detection of user token replay
261     * @param enable true if the detection of user token replay is enabled.
262     */
263    public void setDetectUserTokenReplay(boolean enable) {
264        this.detectUserTokenReplay = enable;
265    }
266
267    /**
268     * Returns true if the message replay detection is enabled.
269     * @return true if the message replay detection is enabled.
270     */
271    public boolean isMessageReplayDetectionEnabled() {
272        return detectMessageReplay;
273    }
274    
275    /**
276     * Enable or disable the message replay detection.
277     * @param enable true if the detection of the message replay is enabled.
278     */
279    public void setMessageReplayDetection(boolean enable) {
280        this.detectMessageReplay = enable;
281    }
282    
283    /**
284     * Returns the provider type. It will be {@link #WSP} or {@link #WSC}
285     *
286     * @return the provider type.
287     */
288    public String getProviderType() {
289        return providerType;
290    }
291
292    /**
293     * Returns the provider JKS <code>KeyStore</code> 
294     *
295     * @return the JKS <code>KeyStore</code>
296     */
297    public KeyStore getKeyStore() {
298        return keyStore;
299    }
300
301    /**
302     * Returns the keystore file.
303     *
304     * @return the keystore file name.
305     */
306    public String getKeyStoreFile() {
307        return ksFile;
308    }
309
310    /**
311     * Returns the keystore password.
312     *
313     * @return the keystore password.
314     */
315    public String getKeyStorePassword() {
316        return Crypt.decrypt(ksPasswd);
317    }
318
319    /**
320     * Returns the keystore encrypted password.
321     *
322     * @return the keystore encrypted password.
323     */
324    public String getKeyStoreEncryptedPasswd() {
325         return ksPasswd;
326    }
327
328    /**
329     * Returns the key password in the keystore.
330     *
331     * @return the key password in the keystore.
332     */
333    public String getKeyPassword() {
334        return Crypt.decrypt(keyPasswd);
335    }
336
337    /**
338     * Returns the keystore encrypted password.
339     *
340     * @return the keystore encrypted password.
341     */
342    public String getKeyEncryptedPassword() {
343        return keyPasswd;
344    }
345
346    /**
347     * Sets the keystore for this provider.
348     * 
349     * @param fileName the provider key store fully qualified file name.
350     *
351     * @param keyStorePassword the password required to access the key 
352     *         store file.
353     *
354     * @param keyPassword the password required to access the key from the
355     *        keystore.
356     *
357     * @exception ProviderException if the key store file does not exist
358     *        or an invalid password. 
359     */
360    public void setKeyStore(String fileName, 
361             String keyStorePassword, String keyPassword)
362      throws ProviderException {
363
364        this.ksFile = fileName;
365        this.ksPasswd = Crypt.encrypt(keyStorePassword);
366        this.keyPasswd = Crypt.encrypt(keyPassword);
367        try {
368            File file = new File(fileName);
369            if(file.exists()) {
370               InputStream inputStream = new FileInputStream(fileName);
371               keyStore = KeyStore.getInstance("JKS");
372               keyStore.load(inputStream, keyStorePassword.toCharArray());
373            }
374        } catch (Exception ex) {
375            ProviderUtils.debug.error("ProviderConfig.setKeyStore: Could not" +
376                 "set the key store file information", ex);
377            throw new ProviderException(ProviderUtils.bundle.getString(
378            "invalidKeyStore"));
379        }
380    }
381
382    /**
383     * Sets the keystore for this provider.
384     * 
385     * @param keyStore the provider key store.
386     *
387     * @param password the password required to access the key store file.
388     *
389     */
390    public void setKeyStore(KeyStore keyStore, String password) {
391        this.keyStore = keyStore;
392        this.ksPasswd = password;
393    }
394
395    /**
396     * Returns the key type for this provider.
397     * 
398     * @return the key type of the provider.
399     */
400    public String getKeyType() {
401        return privateKeyType;
402    }
403   
404    /**
405     * Sets the key type for this provider.
406     * 
407     * @param keyType the key type for this provider.
408     */
409    public void setKeyType(String keyType) {
410        this.privateKeyType = keyType;
411    }
412
413    /**
414     * Returns the key alias for this provider.
415     * 
416     * @return the key alias of the provider.
417     */
418    public String getKeyAlias() {
419        return privateKeyAlias;
420    }
421   
422    /**
423     * Sets the key alias for this provider.
424     * 
425     * @param alias the key alias for this provider.
426     */
427    public void setKeyAlias(String alias) {
428        this.privateKeyAlias = alias;
429    }
430
431    /**
432     * Returns the Public key alias for this provider's partner.
433     * 
434     * @return the Public key alias of the provider's partner.
435     */
436    public String getPublicKeyAlias() {
437        return publicKeyAlias;
438    }
439   
440    /**
441     * Sets the Public key alias for this provider's partner.
442     * 
443     * @param alias the Public key alias for this provider's partner.
444     */
445    public void setPublicKeyAlias(String alias) {
446        this.publicKeyAlias = alias;
447    }
448
449    /**
450     * Returns true if the provider uses default keystore.
451     * @return true if the provider uses default keystore.
452     */
453    public boolean useDefaultKeyStore() {
454        return isDefaultKeyStore;
455    }
456
457    /**
458     * Sets the provider to use the default keystore.
459     * @param set boolean variable to enable or disable to use the default
460     *            keystore.
461     */
462    public void setDefaultKeyStore(boolean set) {
463        this.isDefaultKeyStore = set;
464    }
465
466    /**
467     * Returns the SAML Attribute Mapping list. This method is used by the
468     * WSP configuration when enabled for SAML.
469     */
470    public Set getSAMLAttributeMapping() {
471        return samlAttributes;
472    }
473
474    /**
475     * Sets the list of SAML attribute mappings. This method is used by the
476     * WSP configuration when enabled for SAML.
477     * @param attributeMap the list of SAML attribute mapping
478     */
479    public void setSAMLAttributeMapping(Set attributeMap) {
480        this.samlAttributes = attributeMap;
481    }
482
483    /**
484     * Checks if the memberships should be included in the SAML attribute
485     * mapping.
486     * @return true if the  memberships are included.
487     */
488    public boolean shouldIncludeMemberships() {
489        return includeMemberships;
490    }
491
492    /**
493     * Sets a flag to include memberships for SAML attribute mapping.
494     * @param include boolean flag to indicate if the memberships needs to 
495     *                be included.
496     */
497    public void setIncludeMemberships(boolean include) {
498        this.includeMemberships = include;
499    }
500
501    /**
502     * Returns the NameID mapper class
503     * @return returns the nameid mapper class.
504     */
505    public String getNameIDMapper() {
506        return nameIDMapper;
507    }
508
509    /**
510     * Sets the NameID Mapper class.
511     * @param nameIDMapper NameID Mapper class.
512     */
513    public void setNameIDMapper(String nameIDMapper){
514        this.nameIDMapper = nameIDMapper;
515    }
516
517    /**
518     * Returns SAML attribute namespace.
519     * @return returns SAML attribute namespace.
520     */
521    public String getSAMLAttributeNamespace() {
522        return attributeNS;
523    }
524
525    /**
526     * Sets SAML attribute namespace.
527     * @param attributeNS SAML attribute namespace.
528     */
529    public void setSAMLAttributeNamespace(String attributeNS) {
530        this.attributeNS = attributeNS;
531    }
532    
533    /**
534     * Returns Kerberos Domain Controller Domain
535     * @return Kerberos Domain Controller Domain
536     */
537     
538    public String getKDCDomain() {
539        return kdcDomain;
540    }
541    
542    /**
543     * Sets Kerberos Domain Controller Domain
544     * @param domain Kerberos Domain Controller Domain
545     */
546    public void setKDCDomain(String domain) {
547        this.kdcDomain = domain;
548    }
549    
550    /**
551     * Returns Kerberos Domain Controller Server.
552     * @return Kerberos Domain Controller Server.
553     */
554    public String getKDCServer() {
555        return kdcServer;
556    }
557    
558    /**
559     * Sets Kerberos Domain Controller Server
560     * @param kdcServer Kerberos Domain Controller Server
561     */
562    public void setKDCServer(String kdcServer) {
563        this.kdcServer = kdcServer;
564    }
565    
566    /**
567     * This method is used by the web services client to get the kerberos
568     * ticket cache directory.
569     * @return the kerberos ticket cache dir
570     */
571    public String getKerberosTicketCacheDir() {
572        return ticketCacheDir;
573    }
574    
575    /**
576     * Sets kerberos ticket cache dir.
577     * @param cacheDir kerberos ticket cache dir
578     */
579    public void setKerberosTicketCacheDir(String cacheDir) {
580        this.ticketCacheDir = cacheDir;
581    }
582    
583    /**
584     * This method is used by the web services provider to get the key tab file.     
585     * @return the keytab file.
586     */
587    public String getKeyTabFile() {
588        return keytabFile;
589    }
590    
591    /**
592     * Sets the keytab file 
593     * @param file the fully qualified file path
594     */
595    public void setKeyTabFile(String file) {
596        this.keytabFile = file;
597    }
598    
599    /**
600     * Returns kerberos service principal
601     * @return the kerberos service principal
602     */
603    public String getKerberosServicePrincipal() {
604        return servicePrincipal;
605    }
606    
607    /**
608     * Sets kerberos service principal.
609     * @param principal the kerberos service principal.
610     */
611    public void setKerberosServicePrincipal(String principal) {
612        this.servicePrincipal = principal;
613    }
614    
615    /**
616     * Returns true if kerberos signature needs to be validated.
617     * The signature validation is supported only with JDK6 onwards.
618     * @return true if the signature validation needs to be validated.
619     */
620    public boolean isValidateKerberosSignature() {
621        return verifyKrbSignature;
622    }
623    
624    /**
625     * Sets a boolean flag to enable or disable validate kerberos signature.
626     * @param validate boolean flag to enable or disable validate krb signature.
627     */
628    public void setValidateKerberosSignature(boolean validate) {
629        this.verifyKrbSignature = validate;
630    }
631
632    /**
633     * Returns the DNS claim name.
634     * @return the DNS claim name.
635     */
636    public String getDNSClaim() {
637        return dnsClaim;
638    }
639
640    /**
641     * Sets the DNS claim name
642     * @param dnsClaim the DNS claim name
643     */
644    public void setDNSClaim(String dnsClaim) {
645        this.dnsClaim = dnsClaim;
646    }
647
648    /**
649     * Returns the list of signed elements.
650     * @return the list of signed elements.
651     */
652    public List getSignedElements() {
653        return signedElements;
654    }
655
656    /**
657     * Sets the signed elements
658     * @param signedElements the signed elements.
659     */
660    public void setSignedElements(List signedElements) {
661        this.signedElements = signedElements;
662    }
663  
664    /**
665     * Returns the provider's trusted authorities list.
666     *
667     * @return the list of the <code>TrustAuthorityConfig</code>s. 
668     */
669    public TrustAuthorityConfig getTrustAuthorityConfig() {
670        return taconfig;
671    }
672    
673    /**
674     * Sets the trusted authority configurations.
675     * 
676     * @param taconfig instance of the <code>TrustAuthorityConfig</code>.
677     */
678    public void setTrustAuthorityConfig(TrustAuthorityConfig taconfig) {
679        this.taconfig = taconfig;
680    }
681
682    /**
683     * Checks if the response needs to be signed or not.
684     *
685     * @return true if the response needs to be signed.
686     */
687    public boolean isResponseSignEnabled() {
688        return isResponseSigned;
689    }
690
691    /**
692     * Sets the response sign enable flag.
693     *
694     * @param enable enables the response signing.
695     */
696    public void setResponseSignEnabled(boolean enable) {
697         isResponseSigned = enable;
698    }
699    
700    /**
701     * Checks if the response needs to be encrypted or not.
702     *
703     * @return true if the response needs to be encrypted.
704     */
705    public boolean isResponseEncryptEnabled() {
706        return isResponseEncrypted;
707    }
708
709    /**
710     * Sets the response encrypt enable flag.
711     *
712     * @param enable enables the response encryption.
713     */
714    public void setResponseEncryptEnabled(boolean enable) {
715         isResponseEncrypted = enable;
716    }
717    
718    /**
719     * Checks if the request needs to be signed or not.
720     *
721     * @return true if the request needs to be signed.
722     */
723    public boolean isRequestSignEnabled() {
724        return isRequestSigned;
725    }
726
727    /**
728     * Sets the request sign enable flag.
729     *
730     * @param enable enables the request signing.
731     */
732    public void setRequestSignEnabled(boolean enable) {
733         isRequestSigned = enable;
734    }
735    
736    /**
737     * Checks if the request needs to be encrypted or not.
738     *
739     * @return true if the request needs to be encrypted.
740     */
741    public boolean isRequestEncryptEnabled() {
742        return isRequestEncrypted;
743    }
744
745    /**
746     * Sets the request encrypt enable flag.
747     *
748     * @param enable enables the request encryption.
749     */
750    public void setRequestEncryptEnabled(boolean enable) {
751         isRequestEncrypted = enable;
752    }
753
754    /**
755     * Checks if the request header needs to be encrypted or not.
756     *
757     * @return true if the request header needs to be encrypted.
758     */
759    public boolean isRequestHeaderEncryptEnabled() {
760        return isRequestHeaderEncrypted;
761    }
762
763    /**
764     * Sets the request header encrypt enable flag.
765     *
766     * @param enable enables the request header encryption.
767     */
768    public void setRequestHeaderEncryptEnabled(boolean enable) {
769        isRequestHeaderEncrypted = enable;
770    }
771    
772    /**
773     * Returns true if the user force authentication is enabled.
774     * @return true if the user force authentication is enabled.
775     */
776    public boolean forceUserAuthentication() {
777        return forceAuthn;
778    }
779    
780    /**
781     * Sets the user force authentication attribute.
782     * @param forceAuthn the user force authentication attribute.
783     */
784    public void setForceUserAuthentication(boolean forceAuthn) {
785        this.forceAuthn = forceAuthn;
786    }
787
788    /**
789     * Returns true if security header needs to be preserved.
790     * @return true if the security header needs to be preserved.
791     */
792    public boolean preserveSecurityHeader() {
793        return preserveSecHeaders;
794    }
795
796    /**
797     * Sets if security header needs to be preserved.
798     * @param preserve value to be set, true if the security header needs 
799     *    to be preserved, false otherwise.
800     */
801    public void setPreserveSecurityHeader(boolean preserve) {
802        this.preserveSecHeaders = preserve;
803    }
804
805    /**
806     * Returns the authentication chain mechanism to be used. This method
807     * is used only by the WSP configuration.
808     *
809     * @return the name of the authentication chain mechanism.
810     */
811    public String getAuthenticationChain() {
812        return authenticationChain;
813    }
814    /**
815     * Sets the authentication chain mechanism. This method is used only by
816     * the WSP configuration.
817     * @param authenticationChain the name of the authentication chain
818     *        mechanism.
819     */
820    public void setAuthenticationChain(String authenticationChain) {
821        this.authenticationChain = authenticationChain;
822    }
823    
824    /**
825     * Returns true if passthrough security token needs to be used.
826     * This is valid for a proxy web services client.
827     * @return true if passthrough security token needs to be used.
828     */
829    public boolean usePassThroughSecurityToken() {
830        return usePassThroughToken;
831    }
832    
833    /**
834     * Sets if passthrough security token needs to be used
835     * This is valid for a proxy web services client.
836     * @param usepassthrough flag to if the wsc needs to use passthrough
837     *        security token.     
838     */
839    public void setPassThroughSecurityToken(boolean usepassthrough) {
840        this.usePassThroughToken = usepassthrough;
841    }
842    
843    /**
844     * Returns the type of the token that needs to be converted to.
845     * This method is used by the web service providers to convert a
846     * SAMLToken to the desired token type.
847     * @return the type of the token that needs to be converted to.
848     */
849    public String getTokenConversionType() {        
850        return tokenConversionType;
851    }
852    
853    /**
854     * Sets the type of the token that needs to be converted to.     
855     * This method is used by the web service providers to convert a
856     * SAMLToken to the desired token type.
857     * @param tokenType the type of the token that needs to be converted to.
858     */
859    public void setTokenConversionType(String tokenType) {
860        this.tokenConversionType = tokenType;
861    }
862    
863    /**
864     * Returns signing reference type.
865     * @return the signing reference type.     
866     */
867    public String getSigningRefType() {
868        return signingRefType;
869    }
870    
871    /**
872     * Sets the signing reference type.
873     * @param refType the signing reference type.
874     */
875    public void setSigningRefType(String refType) {
876        this.signingRefType = refType;
877    }
878    
879    /**
880     * Returns the encryption algorithm
881     * @return the encryption algorithm
882     */
883    public String getEncryptionAlgorithm() {
884        return encryptionAlgorithm;
885    }
886    
887    /**
888     * Sets the encryption algorithm.
889     * @param encAlg the encryption algorithm.
890     */
891    public void setEncryptionAlgorithm(String encAlg) {
892        this.encryptionAlgorithm = encAlg;
893    }
894    
895    /**
896     * Returns the encryption data strength.
897     * @return the encryption data strength.
898     */
899    public int getEncryptionStrength() {
900        return encryptionStrength;
901    }
902    
903    /**
904     * Sets the encryption data strength.     * 
905     * @param keyStrength the encryption data strength.
906     */
907    public void setEncryptionStrength(int keyStrength) {
908        this.encryptionStrength = keyStrength;
909    }
910    
911    /**
912     * Stores the provider configuration.
913     *
914     * @exception ProviderException if there is any failure.
915     */
916    protected abstract void store() throws ProviderException;
917
918    /**
919     * Deletes the provider configuration.
920     *
921     * @exception ProviderException if there is any failure.
922     */
923    protected abstract void delete() throws ProviderException;
924
925    /**
926     * Checks if the provider configuration exists.
927     *
928     * @return true if the provider exists.
929     */
930     protected abstract boolean isExists();
931
932    /**
933     * Initializes the provider.
934     *
935     * @param providerName the provider name.
936     *
937     * @param providerType the provider type.
938     *
939     * @param token Single Sign-on token.
940     * 
941     * @param isEndPoint Boolean flag indicating whether provider needs to be 
942     * searched based on its end point value.
943     *
944     * @exception ProviderException if there is any failure.
945     */
946    protected abstract void init(String providerName, 
947        String providerType, SSOToken token, boolean isEndPoint) 
948        throws ProviderException;
949
950    /**
951     * Saves the Provider in the configuration repository.
952     *
953     * @param config the provider configuration.
954     *
955     * @exception ProviderException if the creation is failed.
956     */
957    public static void saveProvider(ProviderConfig config)
958                  throws ProviderException {
959        config.store();
960    }
961
962    /**
963     * Returns the provider configuration for a given provider name.
964     *
965     * @param providerName the provider name.
966     *
967     * @param providerType the provider type.
968     *
969     * @exception ProviderException if unable to retrieve.
970     */
971    public static ProviderConfig getProvider(
972           String providerName, String providerType) throws ProviderException {
973
974         ProviderConfig pc = getConfigAdapter(); 
975         SSOToken adminToken = getAdminToken();
976         pc.init(providerName, providerType, adminToken, false);
977         return pc; 
978    }
979    
980    /**
981     * Returns the provider configuration for a given provider name.     
982     * @param providerName the provider name.    
983     * @param providerType the provider type.
984     * @param initialize if set to false the provider configuration will not
985     *        be retrieved from the persistent store and returns just the
986     *        memory image of the provider configuration. Also if set to
987     *        false the provider configuration can not be saved persistently
988     *        using {@link #store()}.
989     * @exception ProviderException if unable to retrieve.
990     */
991    public static ProviderConfig getProvider(
992           String providerName, String providerType, boolean initialize)
993           throws ProviderException {
994           
995         if(!initialize) {
996            return getConfigAdapter();
997         }
998         return getProvider(providerName, providerType);
999    }
1000    
1001    /**
1002     * Returns the provider configuration for a given end point     
1003     *
1004     * @param endpoint the end point is the search string to retrieve the
1005     *        provider configuration.
1006     *
1007     * @param providerType the provider type.
1008     *          
1009     * @exception ProviderException if unable to retrieve.
1010     */
1011    public static ProviderConfig getProviderByEndpoint(
1012        String endpoint, String providerType) 
1013        throws ProviderException {
1014
1015         ProviderConfig pc = getConfigAdapter(); 
1016         SSOToken adminToken = getAdminToken();
1017         pc.init(endpoint, providerType, adminToken, true);
1018         return pc; 
1019    }
1020
1021    /**
1022     * Checks if the provider of given type does exists.
1023     * 
1024     * @param providerName the name of the provider.
1025     *
1026     * @param providerType type of the provider.
1027     *
1028     * @return true if the provider exists with a given name and type.
1029     */
1030    public static boolean isProviderExists(String providerName, 
1031                  String providerType) {
1032        try {
1033            ProviderConfig config = getProvider(providerName, providerType);
1034            return config.isExists();
1035        } catch (ProviderException pe) {
1036            ProviderUtils.debug.error("ProviderConfig.isProviderExists:: " +
1037            "Provider Exception ", pe);
1038            return false;
1039        }
1040    }
1041    
1042    /**
1043     * Checks if the provider of given type does exists.
1044     * 
1045     * @param providerName the name of the provider.
1046     *
1047     * @param providerType type of the provider.
1048     * 
1049     * @param isEndPoint flag to indicate check/search based on WSP end point.
1050     *
1051     * @return true if the provider exists with a given name and type.
1052     */
1053    public static boolean isProviderExists(String providerName, 
1054                  String providerType, boolean isEndPoint) {
1055        try {
1056            ProviderConfig config = getProviderByEndpoint(
1057                    providerName, providerType);
1058            return config.isExists();
1059        } catch (ProviderException pe) {
1060            ProviderUtils.debug.error("ProviderConfig.isProviderExists:: " +
1061            "Provider Exception ", pe);
1062            return false;
1063        }
1064    }
1065
1066    /**
1067     * Removes the provider configuration.
1068     * 
1069     * @param providerName the name of the provider.
1070     * 
1071     * @param providerType the type of the provider.
1072     * 
1073     * @exception ProviderException if any failure.
1074     */
1075    public static void deleteProvider(
1076           String providerName, String providerType) throws ProviderException {
1077
1078        ProviderConfig pc = getConfigAdapter();
1079        pc.init(providerName, providerType, getAdminToken(), false);
1080        pc.delete();
1081    }
1082
1083    /**
1084     * Returns the list of all available security mechanism objects.
1085     *
1086     * @return the list of <code>SecurityMechanism</code> objects.
1087     */ 
1088    public static List getAllSupportedSecurityMech() {
1089        List list = new ArrayList();
1090        list.add(SecurityMechanism.WSS_NULL_SAML_SV);
1091        list.add(SecurityMechanism.WSS_TLS_SAML_SV);
1092        list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_SV);
1093        list.add(SecurityMechanism.WSS_NULL_SAML_HK);
1094        list.add(SecurityMechanism.WSS_TLS_SAML_HK);
1095        list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_HK);
1096        list.add(SecurityMechanism.WSS_NULL_X509_TOKEN);
1097        list.add(SecurityMechanism.WSS_TLS_X509_TOKEN);
1098        list.add(SecurityMechanism.WSS_CLIENT_TLS_X509_TOKEN);
1099        list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN);
1100        list.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN);
1101        list.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN);
1102        list.add(SecurityMechanism.WSS_NULL_SAML2_SV);
1103        list.add(SecurityMechanism.WSS_TLS_SAML2_SV);
1104        list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_SV);
1105        list.add(SecurityMechanism.WSS_NULL_SAML2_HK);
1106        list.add(SecurityMechanism.WSS_TLS_SAML2_HK);
1107        list.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_HK);
1108        list.add(SecurityMechanism.WSS_NULL_ANONYMOUS);
1109        list.add(SecurityMechanism.WSS_TLS_ANONYMOUS);
1110        list.add(SecurityMechanism.WSS_CLIENT_TLS_ANONYMOUS);
1111        list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN);
1112        list.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN_PLAIN);
1113        list.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN);
1114        list.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN);
1115        list.add(SecurityMechanism.WSS_TLS_KERBEROS_TOKEN);
1116        list.add(SecurityMechanism.WSS_CLIENT_TLS_KERBEROS_TOKEN);
1117        list.add(SecurityMechanism.STS_SECURITY);
1118        return list;
1119    }
1120
1121    /**
1122     * Returns the list of message level security mechanism objects.
1123     *
1124     * @return the list of message level <code>SecurityMechanism</code> objects.
1125     */
1126    public static List getAllMessageLevelSecurityMech() {
1127        List list = new ArrayList();
1128        list.add(SecurityMechanism.WSS_NULL_SAML_SV);
1129        list.add(SecurityMechanism.WSS_NULL_SAML_HK);
1130        list.add(SecurityMechanism.WSS_NULL_X509_TOKEN);
1131        list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN);
1132        list.add(SecurityMechanism.WSS_NULL_SAML2_SV);
1133        list.add(SecurityMechanism.WSS_NULL_SAML2_HK);
1134        list.add(SecurityMechanism.WSS_NULL_ANONYMOUS);
1135        list.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN);
1136        list.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN);
1137        list.add(SecurityMechanism.STS_SECURITY);
1138        return list;
1139    }
1140
1141    private static ProviderConfig getConfigAdapter() throws ProviderException {
1142        if (adapterClass == null) {
1143            String adapterName =   SystemConfigurationUtil.getProperty(
1144                WSS_PROVIDER_CONFIG_PLUGIN, 
1145                "com.sun.identity.wss.provider.plugins.AgentProvider");
1146            try {
1147                adapterClass = Class.forName(adapterName);
1148            } catch (Exception ex) {
1149                 ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: " +
1150                     "Failed in obtaining class", ex);
1151                 throw new ProviderException(
1152                     ProviderUtils.bundle.getString("initializationFailed"));
1153            }
1154        }
1155        try {
1156            return ((ProviderConfig) adapterClass.newInstance());
1157        } catch (Exception ex) {
1158             ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: " +
1159                 "Failed in initialization", ex);
1160             throw new ProviderException(
1161                 ProviderUtils.bundle.getString("initializationFailed"));
1162        }
1163    }
1164
1165    private static SSOToken getAdminToken() throws ProviderException {
1166        if (customAdminToken != null) {
1167            return customAdminToken;
1168        }
1169        SSOToken adminToken = null;
1170        try {
1171            adminToken = (SSOToken) AccessController.doPrivileged(
1172                    AdminTokenAction.getInstance());
1173            
1174            if(adminToken != null) {
1175                if (!SSOTokenManager.getInstance().isValidToken(adminToken)) {
1176                    if (ProviderUtils.debug.messageEnabled()) {
1177                        ProviderUtils.debug.message("ProviderConfig." + 
1178                            "getAdminToken: AdminTokenAction returned " + 
1179                            "expired or invalid token, trying again...");
1180                    }
1181                    adminToken = (SSOToken) AccessController.doPrivileged(
1182                            AdminTokenAction.getInstance());
1183                }
1184            }
1185        } catch (SSOException se) {
1186            ProviderUtils.debug.message("ProviderConfig.getAdminToken:: " +
1187                   "Trying second time ....");
1188            adminToken = (SSOToken) AccessController.doPrivileged(
1189                   AdminTokenAction.getInstance());            
1190        }
1191        return adminToken;
1192    }
1193    
1194    /**
1195     * Sets the admin token.
1196     * This admin token is required to be set if "create", "delete" or "save"
1197     * operations are invoked on this <code>ProviderConfig</code> object.
1198     * This admin token needs to be the valid SSOToken of the user who has
1199     * "Agent Administrator" privileges.
1200     * 
1201     * @param adminToken the agent admin token.
1202     */
1203    public void setAdminToken(SSOToken adminToken) {
1204        this.customAdminToken = adminToken;
1205    }
1206}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.