001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: TrustAuthorityConfig.java,v 1.14 2009/02/28 00:59:42 mrudul_uchil Exp $
026 *
027 */
028
029package com.sun.identity.wss.provider;
030
031import java.security.AccessController;
032import java.util.List;
033
034import com.sun.identity.shared.debug.Debug;
035import com.sun.identity.common.SystemConfigurationUtil;
036import com.iplanet.sso.SSOException;
037import com.iplanet.sso.SSOToken;
038import com.iplanet.sso.SSOTokenManager;
039import com.sun.identity.security.AdminTokenAction;
040
041/**
042 * This abstract class <code>TrustAuthorityConfig</code> represents the 
043 * configuration of a Trusted Authority entity.  
044 * 
045 * <p>The Trusted Authority configuration is used to register the provider
046 * configuration information at a Trusted Authority.
047 * 
048 * <p>This class can be extended to define the trust authority config
049 * such as Discovery client configuration, WS-Trust protocol based client 
050 * (STS client) configuration.
051 * 
052 * <p>Pluggable implementation of this abstract class can choose to store this 
053 * configuration in desired configuration store. This pluggable implementation
054 * class can be configured in client's AMConfig.properties as value of 
055 * "com.sun.identity.wss.discovery.config.plugin" property for Discovery client 
056 * configuration and "com.sun.identity.wss.sts.config.plugin" property 
057 * for STS client configuration.
058 * 
059 * Having obtained an instance of TrustAuthorityConfig, its methods can be 
060 * called to create, delete, modify, retrieve WSS agent profile and 
061 * configuration for Discovery client or STS client attributes 
062 * (key /value pairs).
063 * 
064 * <p>All the static methods in this class are for the persistent 
065 * operations.
066 * @supported.all.api
067 */
068
069public abstract class TrustAuthorityConfig {
070
071    protected String endpoint;
072    protected String privateKeyAlias = null;
073    protected String publicKeyAlias = null;
074    protected String name;
075    protected String type;
076    protected List secMech = null;
077    protected boolean isResponseSigned = false;
078    protected boolean isResponseEncrypted = false;
079    protected boolean isRequestSigned = true;
080    protected boolean isRequestEncrypted = false;
081    protected boolean isRequestHeaderEncrypted = false;
082    protected List usercredentials = null;
083    protected String encryptionAlgorithm = "DESede";
084    protected int encryptionStrength = 0;
085    protected String signingRefType = "DirectReference";
086    
087    private static Class discoveryConfigClass;
088    private static Class stsConfigClass;
089    private static Debug debug = ProviderUtils.debug;
090    protected static SSOToken customAdminToken = null;
091
092    /**
093     * Property string for the web services discovery client configuration 
094     * plugin.
095    */
096    public static final String WSS_DISCOVERY_CONFIG_PLUGIN =
097        "com.sun.identity.wss.discovery.config.plugin";
098    
099    /**
100     * Property string for the web services STS client configuration plugin.
101     */
102    public static final String WSS_STS_CONFIG_PLUGIN = 
103        "com.sun.identity.wss.sts.config.plugin";
104 
105    /**
106     * Trusted Authority client configuration type.
107     */
108    public static final String DISCOVERY_TRUST_AUTHORITY = "DiscoveryAgent";
109    
110    public static final String STS_TRUST_AUTHORITY = "STSAgent";
111
112    /**
113     * Returns the trust authority name.
114     * @return the name of the trust authority.
115     */
116    public String getName() {
117        return name;
118    }
119    
120    /**
121     * Sets the trust authority name.
122     * @param name the name of the trust authority.
123     */
124    public void setName(String name) {
125        this.name = name;
126    }
127
128    /**
129     * Returns the trust authority type.
130     * @return the type of the trust authority.
131     */
132    public String getType() {
133        return type;
134    }
135
136    /**
137     * Sets the trust authority type.
138     * @param type the type of the trust authority.
139     */
140    public void setType(String type) {
141        this.type = type;
142    }
143
144    /**
145     * Returns the trust authority end point.
146     *
147     * @return the endpoint of the trust authority. 
148     */
149    public String getEndpoint() {
150        return endpoint;
151    }
152
153    /**
154     * Sets the trust authority end point.
155     *
156     * @param endpoint the end point for the trust authority.
157     */
158    public void setEndpoint(String endpoint) {
159        this.endpoint = endpoint;
160    }
161
162    /**
163     * Returns the key alias for this trust authority client.
164     * 
165     * @return the key alias of the trust authority client.
166     */
167    public String getKeyAlias() {
168        return privateKeyAlias;
169    }
170   
171    /**
172     * Sets the key alias for this trust authority client.
173     * 
174     * @param alias the key alias for the trust authority client.
175     */
176    public void setKeyAlias(String alias) {
177        this.privateKeyAlias = alias;
178    }
179
180    /**
181     * Returns the Public key alias for this trust authority client's partner.
182     * 
183     * @return the Public key alias of the trust authority client's partner.
184     */
185    public String getPublicKeyAlias() {
186        return publicKeyAlias;
187    }
188   
189    /**
190     * Sets the Public key alias for this trust authority client's partner.
191     * 
192     * @param alias the Public key alias for this trust authority client's 
193     * partner.
194     */
195    public void setPublicKeyAlias(String alias) {
196        this.publicKeyAlias = alias;
197    }
198    
199    /**
200     * Sets the list of security mechanisms that the trust authority supports.
201     * @param secMech list of security mechanisms that the trust 
202     *                authority supports.
203     */
204    public void setSecurityMechs(List secMech) {
205        this.secMech = secMech;
206    }
207    
208    /**
209     * Returns the list of security mechanisms that the trust authority supports.
210     */
211    public List getSecurityMech() {
212        return secMech;
213    }
214    
215   /**
216     * Checks if the response needs to be signed or not.
217     *
218     * @return true if the response needs to be signed.
219     */
220    public boolean isResponseSignEnabled() {
221        return isResponseSigned;
222    }
223
224    /**
225     * Sets the response sign enable flag.
226     *
227     * @param enable enables the response signing.
228     */
229    public void setResponseSignEnabled(boolean enable) {
230         isResponseSigned = enable;
231    }
232    
233    /**
234     * Checks if the response needs to be encrypted or not.
235     *
236     * @return true if the response needs to be encrypted.
237     */
238    public boolean isResponseEncryptEnabled() {
239        return isResponseEncrypted;
240    }
241
242    /**
243     * Sets the response encrypt enable flag.
244     *
245     * @param enable enables the response encryption.
246     */
247    public void setResponseEncryptEnabled(boolean enable) {
248         isResponseEncrypted = enable;
249    }
250    
251    /**
252     * Checks if the request needs to be signed or not.
253     *
254     * @return true if the request needs to be signed.
255     */
256    public boolean isRequestSignEnabled() {
257        return isRequestSigned;
258    }
259
260    /**
261     * Sets the request sign enable flag.
262     *
263     * @param enable enables the request signing.
264     */
265    public void setRequestSignEnabled(boolean enable) {
266         isRequestSigned = enable;
267    }
268    
269    /**
270     * Checks if the request needs to be encrypted or not.
271     *
272     * @return true if the request needs to be encrypted.
273     */
274    public boolean isRequestEncryptEnabled() {
275        return isRequestEncrypted;
276    }
277
278    /**
279     * Sets the request encrypt enable flag.
280     *
281     * @param enable enables the request encryption.
282     */
283    public void setRequestEncryptEnabled(boolean enable) {
284         isRequestEncrypted = enable;
285    }
286
287    /**
288     * Checks if the request header needs to be encrypted or not.
289     *
290     * @return true if the request header needs to be encrypted.
291     */
292    public boolean isRequestHeaderEncryptEnabled() {
293        return isRequestHeaderEncrypted;
294    }
295
296    /**
297     * Sets the request header encrypt enable flag.
298     *
299     * @param enable enables the request header encryption.
300     */
301    public void setRequestHeaderEncryptEnabled(boolean enable) {
302        isRequestHeaderEncrypted = enable;
303    }
304    
305    /**
306     * Sets the user credentials list.
307     * @param usercredentials list of <code>PasswordCredential</code>objects.
308     */
309    public void setUsers(List usercredentials) {
310        this.usercredentials = usercredentials;
311    }
312
313    /**
314     * Returns the list of <code>PasswordCredential</code>s of the user.
315     *
316     * @return the list of <code>PasswordCredential</code> objects.
317     */
318    public List getUsers() {
319        return usercredentials;
320    }
321    
322    /**
323     * Returns signing reference type.
324     * @return the signing reference type.     
325     */
326    public String getSigningRefType() {
327        return signingRefType;
328    }
329    
330    /**
331     * Sets the signing reference type.
332     * @param refType the signing reference type.
333     */
334    public void setSigningRefType(String refType) {
335        this.signingRefType = refType;
336    }
337    
338    /**
339     * Returns the encryption algorithm.
340     * @return the encryption algorithm
341     */
342    public String getEncryptionAlgorithm() {
343        return encryptionAlgorithm;
344    }
345    
346    /**
347     * Sets the encryption algorithm.
348     * @param encAlg the encryption algorithm.
349     */
350    public void setEncryptionAlgorithm(String encAlg) {
351        this.encryptionAlgorithm = encAlg;
352    }
353    
354    /**
355     * Returns the encryption data strength.
356     * @return the encryption data strength.
357     */
358    public int getEncryptionStrength() {
359        return encryptionStrength;
360    }
361    
362    /**
363     * Sets the encryption data strength.
364     * @param keyStrength the encryption data strength.
365     */
366    public void setEncryptionStrength(int keyStrength) {
367        this.encryptionStrength = keyStrength;
368    }
369    
370    /**
371     * Initialize the trust authority.
372     * @param name the name of the trust authority.
373     * @param type the type of the trust authority.
374     * @param ssoToken Single sign-on token.
375     * @exception ProviderException if the initialization fails.
376     */
377    protected abstract void init(String name, String type, SSOToken ssoToken) 
378        throws ProviderException;
379
380    /**
381     * Saves the trust authority configuration.
382     * @exception ProviderException if the trust authority configuration 
383     *            is unable to save.
384     */
385    protected abstract void store() throws ProviderException;
386
387    /**
388     * Deletes the trust authrority configuration.
389     * @exception ProviderException
390     */
391    protected abstract void delete() throws ProviderException;
392
393    /**
394     * Returns the trust authority configuration object.
395     *
396     * @param name the name of the trust authority.
397     * @param type the type of the trust authority. The type must have
398     *         one of the following values.
399     *         <p> {@link #DISCOVERY_TRUST_AUTHORITY}
400     *         <p> {@link #STS_TRUST_AUTHORITY}
401     * @exception ProviderException if any failure in 
402     *                retrieving the trust authority configuration.
403     */
404    public static TrustAuthorityConfig getConfig(String name, String type)
405        throws ProviderException {
406        TrustAuthorityConfig config = null;
407
408        if (DISCOVERY_TRUST_AUTHORITY.equals(type)) {
409            config = getDiscoveryConfig();
410            config.init(name, type, getAdminToken());
411        } else  if(STS_TRUST_AUTHORITY.equals(type)) {
412            config = getSTSConfig();
413            config.init(name, type, getAdminToken());
414        }else {
415            throw new ProviderException(
416               ProviderUtils.bundle.getString("unsupportedConfigType"));
417        }
418        return config;
419    }
420
421    /**
422     * Saves the trust authority configuration.
423     *
424     * @param config the trust authority configuration.
425     * @exception ProviderException if any failure in 
426     *            saving the configuration.
427     */
428    public static void saveConfig(TrustAuthorityConfig config) 
429        throws ProviderException {
430        config.store();
431    }
432
433    /**
434     * Deletes the trust authority configuration.
435     *
436     * @param name the name of the trust authority configuration.
437     * @param type the type of the trust authority. The type must have
438     *         one of the values.
439     *         <p> {@link #DISCOVERY_TRUST_AUTHORITY}
440     *         <p> {@link #STS_TRUST_AUTHORITY}
441     * @exception ProviderException if any failure in 
442     *            deleting the trust authority configuration.
443     */
444    public static void deleteConfig(String name, String type ) 
445        throws ProviderException {
446        TrustAuthorityConfig config = getConfig(name, type);
447        config.delete();
448    }
449
450    private static DiscoveryConfig getDiscoveryConfig() 
451        throws ProviderException {
452        if (discoveryConfigClass == null) {
453            String adapterName = SystemConfigurationUtil.getProperty(
454                WSS_DISCOVERY_CONFIG_PLUGIN, 
455                "com.sun.identity.wss.provider.plugins.DiscoveryAgent");
456            try {
457                discoveryConfigClass = Class.forName(adapterName);
458            }  catch (Exception ex) {
459                debug.error("TrustAuthorityConfig.getDiscoveryConfig: " +
460                    " Failed in creating the discovery config class.");
461                throw new ProviderException(ex.getMessage());
462            }
463        }
464        try {
465            return ((DiscoveryConfig) discoveryConfigClass.newInstance());
466        } catch (Exception ex) {
467            debug.error("TrustAuthorityConfig.getDiscoveryConfig: " +
468                "Failed in initialization", ex);
469            throw new ProviderException(ex.getMessage());
470        }
471    }
472    
473    private static STSConfig getSTSConfig() throws ProviderException {
474        if (stsConfigClass == null) {
475            String adapterName = SystemConfigurationUtil.getProperty(
476                WSS_STS_CONFIG_PLUGIN, 
477                "com.sun.identity.wss.provider.plugins.STSAgent");
478            try {
479                stsConfigClass = Class.forName(adapterName);
480            }  catch (Exception ex) {
481                debug.error("TrustAuthorityConfig.getSTSConfig: " +
482                    " Failed in creating the STS config class.");
483                throw new ProviderException(ex.getMessage());
484            }
485        }
486        
487        try {
488            return ((STSConfig) stsConfigClass.newInstance());
489        } catch (Exception ex) {
490            debug.error("TrustAuthorityConfig.getSTSConfig: " +
491                "Failed in initialization", ex);
492            throw new ProviderException(ex.getMessage());
493        }
494    }
495
496    private static SSOToken getAdminToken() throws ProviderException {
497        if(customAdminToken != null) {
498           return customAdminToken;
499        }
500        SSOToken adminToken = null;
501        try {
502            adminToken = (SSOToken) AccessController.doPrivileged(
503                    AdminTokenAction.getInstance());
504            
505            if(adminToken != null) {
506                if (!SSOTokenManager.getInstance().isValidToken(adminToken)) {
507                    if (ProviderUtils.debug.messageEnabled()) {
508                        ProviderUtils.debug.message("TrustAuthorityConfig." + 
509                            "getAdminToken:" + "AdminTokenAction returned " + 
510                            " expired or invalid token, trying again...");
511                    }
512                    adminToken = (SSOToken) AccessController.doPrivileged(
513                            AdminTokenAction.getInstance());
514                }
515            }
516        } catch (SSOException se) {
517            ProviderUtils.debug.message(
518                "TrustAuthorityConfig.getAdminToken: Trying second time..");
519            adminToken = (SSOToken) AccessController.doPrivileged(
520            AdminTokenAction.getInstance());
521        }
522        
523        return adminToken;
524    }
525    
526    /**
527     * Sets the admin token.
528     * This admin token is required to be set if "create", "delete" or "save"
529     * operations are invoked on this <code>TrustAuthorityConfig</code> object.
530     * This admin token needs to be the valid SSOToken of the user who has
531     * "Agent Administrator" privileges.
532     * 
533     * @param adminToken the agent admin token.
534     */
535    public void setAdminToken(SSOToken adminToken) {
536        this.customAdminToken = adminToken;
537    }
538}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.