/** * Gets entity id. * * @return the entity id */ public String getEntityId() { return this.entityDescriptor.getEntityID(); }
/** {@inheritDoc} */ @Override public boolean apply(@Nullable final EntityDescriptor input) { if (input == null || input.getEntityID() == null) { return false; } return entityIds.contains(input.getEntityID()); }
private void processEntityDescriptor(EntityDescriptor entityDescriptor) { LOGGER.info("entityId = {}", entityDescriptor.getEntityID()); validateMetadata(entityDescriptor); entityDescriptorMap.put(entityDescriptor.getEntityID(), entityDescriptor); if (updateCallback != null) { updateCallback.accept(entityDescriptor); } }
/** {@inheritDoc} */ public String apply(EntityDescriptor input) { if (input == null) { return null; } return StringSupport.trimOrNull(input.getEntityID()); }
@Override public String getEntityId() { final XMLObject md = getEntityDescriptorElement(); if (md instanceof EntitiesDescriptor) { return ((EntitiesDescriptor) md).getEntityDescriptors().get(0).getEntityID(); } else if (md instanceof EntityDescriptor) { return ((EntityDescriptor) md).getEntityID(); } throw new SAMLException("No idp entityId found"); }
public SAML2IdPEntity put( final EntityDescriptor entityDescriptor, final SAML2IdPTO idpTO) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException { SAML2IdPEntity idp = new SAML2IdPEntity(entityDescriptor, idpTO, loader.getKeyPass()); cache.put(entityDescriptor.getEntityID(), idp); return idp; }
/** {@inheritDoc} */ @Override public XMLObject filter(@Nullable final XMLObject metadata) throws FilterException { if (metadata == null) { return null; } if (metadata instanceof EntitiesDescriptor) { filterEntitiesDescriptor((EntitiesDescriptor) metadata); return metadata; } else if (metadata instanceof EntityDescriptor) { EntityDescriptor entity = (EntityDescriptor) metadata; if (Direction.EXCLUDE.equals(direction) == condition.apply(entity)) { log.trace("Filtering out entity {} ", entity.getEntityID()); return null; } else { return metadata; } } else { log.error("Unrecognised metadata type {}", metadata.getClass().getSimpleName()); return null; } }
/** * Filters entity descriptor roles. * * @param descriptor entity descriptor to filter * * @throws FilterException thrown if an effective role name can not be determined */ protected void filterEntityDescriptor(@Nonnull final EntityDescriptor descriptor) throws FilterException { List<RoleDescriptor> roles = descriptor.getRoleDescriptors(); if (roles != null && !roles.isEmpty()) { Iterator<RoleDescriptor> rolesItr = roles.iterator(); QName roleName; while (rolesItr.hasNext()) { roleName = getRoleName(rolesItr.next()); if (!roleWhiteList.contains(roleName)) { log.trace("Filtering out role {} from entity {}", roleName, descriptor.getEntityID()); rolesItr.remove(); } } } }
/** {@inheritDoc} */ @Override public String apply(final EntityDescriptor input) { if (input == null) { return null; } final String entityID = StringSupport.trimOrNull(input.getEntityID()); if (entityID == null) { return null; } return digester.apply(entityID); }
@Override protected Map<String, Object> getAttributesForSamlRegisteredService(final Map<String, Object> attributes, final SamlRegisteredService service, final ApplicationContext applicationContext, final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredServiceServiceProviderMetadataFacade facade, final EntityDescriptor entityDescriptor) { val pattern = RegexUtils.createPattern(this.entityIds); val entityID = entityDescriptor.getEntityID(); val matcher = pattern.matcher(entityID); val matched = fullMatch ? matcher.matches() : matcher.find(); LOGGER.debug("Pattern [{}] matched against [{}]? [{}]", pattern.pattern(), entityID, BooleanUtils.toStringYesNo(matched)); if (matched) { return authorizeReleaseOfAllowedAttributes(attributes); } return new HashMap<>(0); } }
/** * Index the specified entity descriptor, updating the specified entity backing store instance as necessary. * * @param entityDescriptor the target entity descriptor to process * @param backingStore the backing store instance to update */ protected void indexEntityDescriptor(@Nonnull final EntityDescriptor entityDescriptor, @Nonnull final EntityBackingStore backingStore) { final String entityID = StringSupport.trimOrNull(entityDescriptor.getEntityID()); if (entityID != null) { List<EntityDescriptor> entities = backingStore.getIndexedDescriptors().get(entityID); if (entities == null) { entities = new ArrayList<>(); backingStore.getIndexedDescriptors().put(entityID, entities); } else if (!entities.isEmpty()) { log.warn("{} Detected duplicate EntityDescriptor for entityID: {}", getLogPrefix(), entityID); } entities.add(entityDescriptor); } }
/** * Resolves credentials using a supplied instance of {@link RoleDescriptor}. * * @param criteriaSet the criteria set being processed * @param roleDescriptor the role descriptor being processed * @param usage intended usage of resolved credentials * * @return the resolved credentials or null * * @throws ResolverException thrown if the key, certificate, or CRL information is represented in an unsupported * format */ @Nonnull protected Collection<Credential> resolveFromRoleDescriptor(@Nonnull final CriteriaSet criteriaSet, @Nonnull final RoleDescriptor roleDescriptor, @Nonnull final UsageType usage) throws ResolverException { // EntityID here is optional. Not used in resolution, just info stored on the resolved credential(s). String entityID = null; if (roleDescriptor.getParent() instanceof EntityDescriptor) { entityID = ((EntityDescriptor)roleDescriptor.getParent()).getEntityID(); } log.debug("Resolving credentials from supplied RoleDescriptor using usage: {}. Effective entityID was: {}", usage, entityID); final HashSet<Credential> credentials = new HashSet<>(3); processRoleDescriptor(credentials, roleDescriptor, entityID, usage); return credentials; }
private static void buildPredicateFilterIfNeeded(final SamlRegisteredService service, final List<MetadataFilter> metadataFilterList) { if (StringUtils.isNotBlank(service.getMetadataCriteriaDirection()) && StringUtils.isNotBlank(service.getMetadataCriteriaPattern()) && RegexUtils.isValidRegex(service.getMetadataCriteriaPattern())) { val dir = PredicateFilter.Direction.valueOf(service.getMetadataCriteriaDirection()); LOGGER.debug("Metadata predicate filter configuring with direction [{}] and pattern [{}]", service.getMetadataCriteriaDirection(), service.getMetadataCriteriaPattern()); val filter = new PredicateFilter(dir, entityDescriptor -> StringUtils.isNotBlank(entityDescriptor.getEntityID()) && entityDescriptor.getEntityID().matches(service.getMetadataCriteriaPattern())); metadataFilterList.add(filter); LOGGER.debug("Added metadata predicate filter with direction [{}] and pattern [{}]", service.getMetadataCriteriaDirection(), service.getMetadataCriteriaPattern()); } }
/** * Resolve the entityID from the criteria. * * @param criteria the input criteria * @return the input entityID criterion or null if could not be resolved */ private String resolveEntityID(@Nonnull final CriteriaSet criteria) { if (criteria.contains(EntityIdCriterion.class)) { return criteria.get(EntityIdCriterion.class).getEntityId(); } final EntityDescriptor ed = resolveEntityDescriptor(criteria); if (ed != null) { return ed.getEntityID(); } return null; }
: roleDescriptor.getElementQName(); log.trace("Processing ArtifactResolutionService locations for entityID '{}' with role '{}'", descriptor.getEntityID(), role); new ArtifactSourceLocationMetadataIndexKey(ars.getLocation()); log.trace("For entityID '{}' produced artifact source location index key: {}", descriptor.getEntityID(), key); results.add(key);
/** {@inheritDoc} */ @Override protected void removeByEntityID(final String entityID, final EntityBackingStore backingStore) { if (isPersistentCachingEnabled()) { final List<EntityDescriptor> descriptors = backingStore.getIndexedDescriptors().get(entityID); if (descriptors != null) { for (final EntityDescriptor descriptor : descriptors) { final String key = getPersistentCacheKeyGenerator().apply(descriptor); try { getPersistentCacheManager().remove(key); } catch (final IOException e) { log.warn("{} Error removing EntityDescriptor '{}' from cache store with key '{}'", getLogPrefix(), descriptor.getEntityID(), key); } } } } super.removeByEntityID(entityID, backingStore); }
/** {@inheritDoc} */ @Override public void process(XMLObject metadataNode) throws FilterException { if (metadataNode instanceof EntityDescriptor) { XMLObject currentParent = metadataNode.getParent(); while (currentParent != null) { if (currentParent instanceof EntitiesDescriptor) { String name = StringSupport.trimOrNull(((EntitiesDescriptor)currentParent).getName()); if (name != null) { if (log.isTraceEnabled()) { log.trace("Attaching EntityGroupName '{}' to EntityDescriptor: {}", name, ((EntityDescriptor)metadataNode).getEntityID()); } metadataNode.getObjectMetadata().put(new EntityGroupName(name)); } } currentParent = currentParent.getParent(); } } }
/** {@inheritDoc} */ @Override protected void preProcessEntityDescriptor(@Nonnull final EntityDescriptor entityDescriptor, @Nonnull final EntityBackingStore backingStore) { final String entityID = StringSupport.trimOrNull(entityDescriptor.getEntityID()); removeByEntityID(entityID, backingStore); super.preProcessEntityDescriptor(entityDescriptor, backingStore); final DynamicEntityBackingStore dynamicBackingStore = (DynamicEntityBackingStore) backingStore; final EntityManagementData mgmtData = dynamicBackingStore.getManagementData(entityID); final DateTime now = new DateTime(ISOChronology.getInstanceUTC()); log.debug("{} For metadata expiration and refresh computation, 'now' is : {}", getLogPrefix(), now); mgmtData.setLastUpdateTime(now); mgmtData.setExpirationTime(computeExpirationTime(entityDescriptor, now)); log.debug("{} Computed metadata expiration time: {}", getLogPrefix(), mgmtData.getExpirationTime()); mgmtData.setRefreshTriggerTime(computeRefreshTriggerTime(mgmtData.getExpirationTime(), now)); log.debug("{} Computed refresh trigger time: {}", getLogPrefix(), mgmtData.getRefreshTriggerTime()); }
protected Metadata resolveMetadata(EntityDescriptor parsed) { EntityDescriptor descriptor = parsed; List<? extends Provider> ssoProviders = getSsoProviders(descriptor); Metadata desc = getMetadata(ssoProviders); long duration = descriptor.getCacheDuration() != null ? descriptor.getCacheDuration() : -1; desc.setCacheDuration(toDuration(duration)); desc.setEntityId(descriptor.getEntityID()); desc.setEntityAlias(descriptor.getEntityID()); desc.setId(descriptor.getID()); desc.setValidUntil(descriptor.getValidUntil()); return desc; }
private static void setCASTLSTrustEngineCriteria( final HttpClientContext context, final URI requestUri, final Service service) { final String entityID; if (service.getEntityDescriptor() != null) { entityID = service.getEntityDescriptor().getEntityID(); } else { entityID = service.getName(); } final CriteriaSet criteria = new CriteriaSet( new EntityIdCriterion(entityID), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME), new ProtocolCriterion(AbstractProtocolConfiguration.PROTOCOL_URI), new UsageCriterion(UsageType.SIGNING), new TrustedNamesCriterion(Collections.singleton(requestUri.getHost()))); context.setAttribute(CONTEXT_KEY_CRITERIA_SET, criteria); } }