Package com.sun.identity.wss.provider

Class ProviderConfig

  • Direct Known Subclasses:
    AgentProvider, AM71AgentProvider
    public abstract class ProviderConfig
extends Object
    This abstract class ProviderConfig represents the Web Services Server provider or the Web Services Client provider configuration.

    Pluggable implementation of this abstract class can choose to store this configuration in desired configuration store. This pluggable implementation class can be configured in client's AMConfig.properties as value of "com.sun.identity.wss.provider.config.plugin" property. Having obtained an instance of ProviderConfig, its methods can be called to create, delete, modify, retrieve WSS agent profile and configuration for WSC and/or WSP attributes (key /value pairs).

    All the static methods in this class are for the persistent operations.

    • Field Detail

      • WSS_PROVIDER_CONFIG_PLUGIN

        public static final String WSS_PROVIDER_CONFIG_PLUGIN
        Property for the web services provider configuration plugin.
        See Also:
        Constant Field Values

      • secMech

        protected List secMech

      • serviceURI

        protected String serviceURI

      • providerName

        protected String providerName

      • wspEndpoint

        protected String wspEndpoint

      • wssProxyEndpoint

        protected String wssProxyEndpoint

      • providerType

        protected String providerType

      • privateKeyAlias

        protected String privateKeyAlias

      • privateKeyType

        protected String privateKeyType

      • publicKeyAlias

        protected String publicKeyAlias

      • isResponseSigned

        protected boolean isResponseSigned

      • isResponseEncrypted

        protected boolean isResponseEncrypted

      • isRequestSigned

        protected boolean isRequestSigned

      • isRequestEncrypted

        protected boolean isRequestEncrypted

      • isRequestHeaderEncrypted

        protected boolean isRequestHeaderEncrypted

      • trustAuthorities

        protected List trustAuthorities

      • ksPasswd

        protected String ksPasswd

      • keyPasswd

        protected String keyPasswd

      • ksFile

        protected String ksFile

      • usercredentials

        protected List usercredentials

      • serviceType

        protected String serviceType

      • isDefaultKeyStore

        protected boolean isDefaultKeyStore

      • forceAuthn

        protected boolean forceAuthn

      • preserveSecHeaders

        protected boolean preserveSecHeaders

      • authenticationChain

        protected String authenticationChain

      • samlAttributes

        protected Set samlAttributes

      • includeMemberships

        protected boolean includeMemberships

      • nameIDMapper

        protected String nameIDMapper

      • attributeNS

        protected String attributeNS

      • kdcDomain

        protected String kdcDomain

      • kdcServer

        protected String kdcServer

      • ticketCacheDir

        protected String ticketCacheDir

      • servicePrincipal

        protected String servicePrincipal

      • keytabFile

        protected String keytabFile

      • verifyKrbSignature

        protected boolean verifyKrbSignature

      • usePassThroughToken

        protected boolean usePassThroughToken

      • tokenConversionType

        protected String tokenConversionType

      • encryptionAlgorithm

        protected String encryptionAlgorithm

      • encryptionStrength

        protected int encryptionStrength

      • signingRefType

        protected String signingRefType

      • customAdminToken

        protected static SSOToken customAdminToken

      • detectUserTokenReplay

        protected boolean detectUserTokenReplay

      • detectMessageReplay

        protected boolean detectMessageReplay

      • dnsClaim

        protected String dnsClaim

      • signedElements

        protected List signedElements

    • Constructor Detail

      • ProviderConfig

        public ProviderConfig()

    • Method Detail

      • getSecurityMechanisms

        public List getSecurityMechanisms()
        Returns the list of security mechanims that the provider is configured.
        Returns:
        list of security mechanisms.

      • setSecurityMechanisms

        public void setSecurityMechanisms​(List authMech)
        Sets the list of security mechanisms.
        Parameters:
        authMech - the list of security mechanisms.

      • getProviderName

        public String getProviderName()
        Returns the name of the Provider.
        Returns:
        the provider name.

      • getProperty

        public String getProperty​(String property)
        Returns the value of the property.
        Parameters:
        property - the name of property for which value is being retrieved.
        Returns:
        the value of the property.

      • setProperty

        public void setProperty​(String property,
                        String value)
        Sets the value for the given property in Provider Configuration.
        Parameters:
        property - the name of the property being set.
        value - the property value being set.

      • getWSPEndpoint

        public String getWSPEndpoint()
        Returns the endpoint of the web services provider.
        Returns:
        the endpoint of the web services provider.

      • setWSPEndpoint

        public void setWSPEndpoint​(String endpoint)
        Sets the web services provider endpoint.
        Parameters:
        endpoint - the web services provider endpoint.

      • getWSSProxyEndpoint

        public String getWSSProxyEndpoint()
        Returns the endpoint of the web services security proxy.
        Returns:
        the endpoint of the web services security proxy.

      • setWSSProxyEndpoint

        public void setWSSProxyEndpoint​(String endpoint)
        Sets the web services security proxy endpoint.
        Parameters:
        endpoint - the web services security proxy endpoint.

      • setServiceType

        public void setServiceType​(String serviceType)
        Sets the service type.
        Parameters:
        serviceType - the service type.

      • getServiceType

        public String getServiceType()
        Returns the service type.
        Returns:
        the service type.

      • setUsers

        public void setUsers​(List usercredentials)
        Sets the user credentials list.
        Parameters:
        usercredentials - list of PasswordCredential objects.

      • getUsers

        public List getUsers()
        Returns the list of PasswordCredentials of the user.
        Returns:
        the list of PasswordCredential objects.

      • isUserTokenDetectReplayEnabled

        public boolean isUserTokenDetectReplayEnabled()
        Returns true if the user name token replay is enabled.
        Returns:
        true if the user name token replay is enabled.

      • setDetectUserTokenReplay

        public void setDetectUserTokenReplay​(boolean enable)
        Enable or disable the detection of user token replay
        Parameters:
        enable - true if the detection of user token replay is enabled.

      • isMessageReplayDetectionEnabled

        public boolean isMessageReplayDetectionEnabled()
        Returns true if the message replay detection is enabled.
        Returns:
        true if the message replay detection is enabled.

      • setMessageReplayDetection

        public void setMessageReplayDetection​(boolean enable)
        Enable or disable the message replay detection.
        Parameters:
        enable - true if the detection of the message replay is enabled.

      • getProviderType

        public String getProviderType()
        Returns the provider type. It will be WSP or WSC
        Returns:
        the provider type.

      • getKeyStore

        public KeyStore getKeyStore()
        Returns the provider JKS KeyStore
        Returns:
        the JKS KeyStore

      • getKeyStoreFile

        public String getKeyStoreFile()
        Returns the keystore file.
        Returns:
        the keystore file name.

      • getKeyStorePassword

        public String getKeyStorePassword()
        Returns the keystore password.
        Returns:
        the keystore password.

      • getKeyStoreEncryptedPasswd

        public String getKeyStoreEncryptedPasswd()
        Returns the keystore encrypted password.
        Returns:
        the keystore encrypted password.

      • getKeyPassword

        public String getKeyPassword()
        Returns the key password in the keystore.
        Returns:
        the key password in the keystore.

      • getKeyEncryptedPassword

        public String getKeyEncryptedPassword()
        Returns the keystore encrypted password.
        Returns:
        the keystore encrypted password.

      • setKeyStore

        public void setKeyStore​(String fileName,
                        String keyStorePassword,
                        String keyPassword)
                 throws ProviderException
        Sets the keystore for this provider.
        Parameters:
        fileName - the provider key store fully qualified file name.
        keyStorePassword - the password required to access the key store file.
        keyPassword - the password required to access the key from the keystore.
        Throws:
        ProviderException - if the key store file does not exist or an invalid password.

      • setKeyStore

        public void setKeyStore​(KeyStore keyStore,
                        String password)
        Sets the keystore for this provider.
        Parameters:
        keyStore - the provider key store.
        password - the password required to access the key store file.

      • getKeyType

        public String getKeyType()
        Returns the key type for this provider.
        Returns:
        the key type of the provider.

      • setKeyType

        public void setKeyType​(String keyType)
        Sets the key type for this provider.
        Parameters:
        keyType - the key type for this provider.

      • getKeyAlias

        public String getKeyAlias()
        Returns the key alias for this provider.
        Returns:
        the key alias of the provider.

      • setKeyAlias

        public void setKeyAlias​(String alias)
        Sets the key alias for this provider.
        Parameters:
        alias - the key alias for this provider.

      • getPublicKeyAlias

        public String getPublicKeyAlias()
        Returns the Public key alias for this provider's partner.
        Returns:
        the Public key alias of the provider's partner.

      • setPublicKeyAlias

        public void setPublicKeyAlias​(String alias)
        Sets the Public key alias for this provider's partner.
        Parameters:
        alias - the Public key alias for this provider's partner.

      • useDefaultKeyStore

        public boolean useDefaultKeyStore()
        Returns true if the provider uses default keystore.
        Returns:
        true if the provider uses default keystore.

      • setDefaultKeyStore

        public void setDefaultKeyStore​(boolean set)
        Sets the provider to use the default keystore.
        Parameters:
        set - boolean variable to enable or disable to use the default keystore.

      • getSAMLAttributeMapping

        public Set getSAMLAttributeMapping()
        Returns the SAML Attribute Mapping list. This method is used by the WSP configuration when enabled for SAML.

      • setSAMLAttributeMapping

        public void setSAMLAttributeMapping​(Set attributeMap)
        Sets the list of SAML attribute mappings. This method is used by the WSP configuration when enabled for SAML.
        Parameters:
        attributeMap - the list of SAML attribute mapping

      • shouldIncludeMemberships

        public boolean shouldIncludeMemberships()
        Checks if the memberships should be included in the SAML attribute mapping.
        Returns:
        true if the memberships are included.

      • setIncludeMemberships

        public void setIncludeMemberships​(boolean include)
        Sets a flag to include memberships for SAML attribute mapping.
        Parameters:
        include - boolean flag to indicate if the memberships needs to be included.

      • getNameIDMapper

        public String getNameIDMapper()
        Returns the NameID mapper class
        Returns:
        returns the nameid mapper class.

      • setNameIDMapper

        public void setNameIDMapper​(String nameIDMapper)
        Sets the NameID Mapper class.
        Parameters:
        nameIDMapper - NameID Mapper class.

      • getSAMLAttributeNamespace

        public String getSAMLAttributeNamespace()
        Returns SAML attribute namespace.
        Returns:
        returns SAML attribute namespace.

      • setSAMLAttributeNamespace

        public void setSAMLAttributeNamespace​(String attributeNS)
        Sets SAML attribute namespace.
        Parameters:
        attributeNS - SAML attribute namespace.

      • getKDCDomain

        public String getKDCDomain()
        Returns Kerberos Domain Controller Domain
        Returns:
        Kerberos Domain Controller Domain

      • setKDCDomain

        public void setKDCDomain​(String domain)
        Sets Kerberos Domain Controller Domain
        Parameters:
        domain - Kerberos Domain Controller Domain

      • getKDCServer

        public String getKDCServer()
        Returns Kerberos Domain Controller Server.
        Returns:
        Kerberos Domain Controller Server.

      • setKDCServer

        public void setKDCServer​(String kdcServer)
        Sets Kerberos Domain Controller Server
        Parameters:
        kdcServer - Kerberos Domain Controller Server

      • getKerberosTicketCacheDir

        public String getKerberosTicketCacheDir()
        This method is used by the web services client to get the kerberos ticket cache directory.
        Returns:
        the kerberos ticket cache dir

      • setKerberosTicketCacheDir

        public void setKerberosTicketCacheDir​(String cacheDir)
        Sets kerberos ticket cache dir.
        Parameters:
        cacheDir - kerberos ticket cache dir

      • getKeyTabFile

        public String getKeyTabFile()
        This method is used by the web services provider to get the key tab file.
        Returns:
        the keytab file.

      • setKeyTabFile

        public void setKeyTabFile​(String file)
        Sets the keytab file
        Parameters:
        file - the fully qualified file path

      • getKerberosServicePrincipal

        public String getKerberosServicePrincipal()
        Returns kerberos service principal
        Returns:
        the kerberos service principal

      • setKerberosServicePrincipal

        public void setKerberosServicePrincipal​(String principal)
        Sets kerberos service principal.
        Parameters:
        principal - the kerberos service principal.

      • isValidateKerberosSignature

        public boolean isValidateKerberosSignature()
        Returns true if kerberos signature needs to be validated. The signature validation is supported only with JDK6 onwards.
        Returns:
        true if the signature validation needs to be validated.

      • setValidateKerberosSignature

        public void setValidateKerberosSignature​(boolean validate)
        Sets a boolean flag to enable or disable validate kerberos signature.
        Parameters:
        validate - boolean flag to enable or disable validate krb signature.

      • getDNSClaim

        public String getDNSClaim()
        Returns the DNS claim name.
        Returns:
        the DNS claim name.

      • setDNSClaim

        public void setDNSClaim​(String dnsClaim)
        Sets the DNS claim name
        Parameters:
        dnsClaim - the DNS claim name

      • getSignedElements

        public List getSignedElements()
        Returns the list of signed elements.
        Returns:
        the list of signed elements.

      • setSignedElements

        public void setSignedElements​(List signedElements)
        Sets the signed elements
        Parameters:
        signedElements - the signed elements.

      • getTrustAuthorityConfig

        public TrustAuthorityConfig getTrustAuthorityConfig()
        Returns the provider's trusted authorities list.
        Returns:
        the list of the TrustAuthorityConfigs.

      • setTrustAuthorityConfig

        public void setTrustAuthorityConfig​(TrustAuthorityConfig taconfig)
        Sets the trusted authority configurations.
        Parameters:
        taconfig - instance of the TrustAuthorityConfig.

      • isResponseSignEnabled

        public boolean isResponseSignEnabled()
        Checks if the response needs to be signed or not.
        Returns:
        true if the response needs to be signed.

      • setResponseSignEnabled

        public void setResponseSignEnabled​(boolean enable)
        Sets the response sign enable flag.
        Parameters:
        enable - enables the response signing.

      • isResponseEncryptEnabled

        public boolean isResponseEncryptEnabled()
        Checks if the response needs to be encrypted or not.
        Returns:
        true if the response needs to be encrypted.

      • setResponseEncryptEnabled

        public void setResponseEncryptEnabled​(boolean enable)
        Sets the response encrypt enable flag.
        Parameters:
        enable - enables the response encryption.

      • isRequestSignEnabled

        public boolean isRequestSignEnabled()
        Checks if the request needs to be signed or not.
        Returns:
        true if the request needs to be signed.

      • setRequestSignEnabled

        public void setRequestSignEnabled​(boolean enable)
        Sets the request sign enable flag.
        Parameters:
        enable - enables the request signing.

      • isRequestEncryptEnabled

        public boolean isRequestEncryptEnabled()
        Checks if the request needs to be encrypted or not.
        Returns:
        true if the request needs to be encrypted.

      • setRequestEncryptEnabled

        public void setRequestEncryptEnabled​(boolean enable)
        Sets the request encrypt enable flag.
        Parameters:
        enable - enables the request encryption.

      • isRequestHeaderEncryptEnabled

        public boolean isRequestHeaderEncryptEnabled()
        Checks if the request header needs to be encrypted or not.
        Returns:
        true if the request header needs to be encrypted.

      • setRequestHeaderEncryptEnabled

        public void setRequestHeaderEncryptEnabled​(boolean enable)
        Sets the request header encrypt enable flag.
        Parameters:
        enable - enables the request header encryption.

      • forceUserAuthentication

        public boolean forceUserAuthentication()
        Returns true if the user force authentication is enabled.
        Returns:
        true if the user force authentication is enabled.

      • setForceUserAuthentication

        public void setForceUserAuthentication​(boolean forceAuthn)
        Sets the user force authentication attribute.
        Parameters:
        forceAuthn - the user force authentication attribute.

      • preserveSecurityHeader

        public boolean preserveSecurityHeader()
        Returns true if security header needs to be preserved.
        Returns:
        true if the security header needs to be preserved.

      • setPreserveSecurityHeader

        public void setPreserveSecurityHeader​(boolean preserve)
        Sets if security header needs to be preserved.
        Parameters:
        preserve - value to be set, true if the security header needs to be preserved, false otherwise.

      • getAuthenticationChain

        public String getAuthenticationChain()
        Returns the authentication chain mechanism to be used. This method is used only by the WSP configuration.
        Returns:
        the name of the authentication chain mechanism.

      • setAuthenticationChain

        public void setAuthenticationChain​(String authenticationChain)
        Sets the authentication chain mechanism. This method is used only by the WSP configuration.
        Parameters:
        authenticationChain - the name of the authentication chain mechanism.

      • usePassThroughSecurityToken

        public boolean usePassThroughSecurityToken()
        Returns true if passthrough security token needs to be used. This is valid for a proxy web services client.
        Returns:
        true if passthrough security token needs to be used.

      • setPassThroughSecurityToken

        public void setPassThroughSecurityToken​(boolean usepassthrough)
        Sets if passthrough security token needs to be used This is valid for a proxy web services client.
        Parameters:
        usepassthrough - flag to if the wsc needs to use passthrough security token.

      • getTokenConversionType

        public String getTokenConversionType()
        Returns the type of the token that needs to be converted to. This method is used by the web service providers to convert a SAMLToken to the desired token type.
        Returns:
        the type of the token that needs to be converted to.

      • setTokenConversionType

        public void setTokenConversionType​(String tokenType)
        Sets the type of the token that needs to be converted to. This method is used by the web service providers to convert a SAMLToken to the desired token type.
        Parameters:
        tokenType - the type of the token that needs to be converted to.

      • getSigningRefType

        public String getSigningRefType()
        Returns signing reference type.
        Returns:
        the signing reference type.

      • setSigningRefType

        public void setSigningRefType​(String refType)
        Sets the signing reference type.
        Parameters:
        refType - the signing reference type.

      • getEncryptionAlgorithm

        public String getEncryptionAlgorithm()
        Returns the encryption algorithm
        Returns:
        the encryption algorithm

      • setEncryptionAlgorithm

        public void setEncryptionAlgorithm​(String encAlg)
        Sets the encryption algorithm.
        Parameters:
        encAlg - the encryption algorithm.

      • getEncryptionStrength

        public int getEncryptionStrength()
        Returns the encryption data strength.
        Returns:
        the encryption data strength.

      • setEncryptionStrength

        public void setEncryptionStrength​(int keyStrength)
        Sets the encryption data strength. *
        Parameters:
        keyStrength - the encryption data strength.

      • isExists

        protected abstract boolean isExists()
        Checks if the provider configuration exists.
        Returns:
        true if the provider exists.

      • init

        protected abstract void init​(String providerName,
                             String providerType,
                             SSOToken token,
                             boolean isEndPoint)
                      throws ProviderException
        Initializes the provider.
        Parameters:
        providerName - the provider name.
        providerType - the provider type.
        token - Single Sign-on token.
        isEndPoint - Boolean flag indicating whether provider needs to be searched based on its end point value.
        Throws:
        ProviderException - if there is any failure.

      • saveProvider

        public static void saveProvider​(ProviderConfig config)
                         throws ProviderException
        Saves the Provider in the configuration repository.
        Parameters:
        config - the provider configuration.
        Throws:
        ProviderException - if the creation is failed.

      • getProvider

        public static ProviderConfig getProvider​(String providerName,
                                         String providerType)
                                  throws ProviderException
        Returns the provider configuration for a given provider name.
        Parameters:
        providerName - the provider name.
        providerType - the provider type.
        Throws:
        ProviderException - if unable to retrieve.

      • getProvider

        public static ProviderConfig getProvider​(String providerName,
                                         String providerType,
                                         boolean initialize)
                                  throws ProviderException
        Returns the provider configuration for a given provider name.
        Parameters:
        providerName - the provider name.
        providerType - the provider type.
        initialize - if set to false the provider configuration will not be retrieved from the persistent store and returns just the memory image of the provider configuration. Also if set to false the provider configuration can not be saved persistently using store().
        Throws:
        ProviderException - if unable to retrieve.

      • getProviderByEndpoint

        public static ProviderConfig getProviderByEndpoint​(String endpoint,
                                                   String providerType)
                                            throws ProviderException
        Returns the provider configuration for a given end point
        Parameters:
        endpoint - the end point is the search string to retrieve the provider configuration.
        providerType - the provider type.
        Throws:
        ProviderException - if unable to retrieve.

      • isProviderExists

        public static boolean isProviderExists​(String providerName,
                                       String providerType)
        Checks if the provider of given type does exists.
        Parameters:
        providerName - the name of the provider.
        providerType - type of the provider.
        Returns:
        true if the provider exists with a given name and type.

      • isProviderExists

        public static boolean isProviderExists​(String providerName,
                                       String providerType,
                                       boolean isEndPoint)
        Checks if the provider of given type does exists.
        Parameters:
        providerName - the name of the provider.
        providerType - type of the provider.
        isEndPoint - flag to indicate check/search based on WSP end point.
        Returns:
        true if the provider exists with a given name and type.

      • deleteProvider

        public static void deleteProvider​(String providerName,
                                  String providerType)
                           throws ProviderException
        Removes the provider configuration.
        Parameters:
        providerName - the name of the provider.
        providerType - the type of the provider.
        Throws:
        ProviderException - if any failure.

      • getAllSupportedSecurityMech

        public static List getAllSupportedSecurityMech()
        Returns the list of all available security mechanism objects.
        Returns:
        the list of SecurityMechanism objects.

      • getAllMessageLevelSecurityMech

        public static List getAllMessageLevelSecurityMech()
        Returns the list of message level security mechanism objects.
        Returns:
        the list of message level SecurityMechanism objects.

      • setAdminToken

        public void setAdminToken​(SSOToken adminToken)
        Sets the admin token. This admin token is required to be set if "create", "delete" or "save" operations are invoked on this ProviderConfig object. This admin token needs to be the valid SSOToken of the user who has "Agent Administrator" privileges.
        Parameters:
        adminToken - the agent admin token.