diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java index 5b4c28cbe9c3..27942ed5dc26 100644 --- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java +++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java @@ -18,11 +18,9 @@ package org.wso2.carbon.identity.core.dao; -import org.apache.commons.lang.NotImplementedException; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.database.utils.jdbc.NamedPreparedStatement; import org.wso2.carbon.database.utils.jdbc.exceptions.DataAccessException; import org.wso2.carbon.identity.base.IdentityException; @@ -31,14 +29,11 @@ import org.wso2.carbon.identity.core.DatabaseCertificateRetriever; import org.wso2.carbon.identity.core.IdentityRegistryResources; import org.wso2.carbon.identity.core.KeyStoreCertificateRetriever; -import org.wso2.carbon.identity.core.internal.IdentityCoreServiceDataHolder; -import org.wso2.carbon.identity.core.model.ConfigTuple; +import org.wso2.carbon.identity.core.model.SPProperty; import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO; import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.user.api.Tenant; -import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.core.service.RealmService; import java.security.cert.X509Certificate; import java.sql.Connection; @@ -47,7 +42,6 @@ import java.sql.SQLException; import java.util.ArrayList; import java.util.List; -import java.util.UUID; import static org.wso2.carbon.identity.core.util.JdbcUtils.isH2DB; @@ -87,12 +81,10 @@ public class SAMLSSOServiceProviderDAOImpl implements SAMLSSOServiceProviderDAO private static final Log log = LogFactory.getLog(SAMLSSOServiceProviderDAOImpl.class); private final int tenantId; - private static final String CERTIFICATE_PROPERTY_NAME = "CERTIFICATE"; private static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID = "SELECT " + "META.VALUE FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID AND " + "SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?"; - private static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID_H2 = "SELECT " + "META.`VALUE` FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID AND " + "SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?"; @@ -105,48 +97,22 @@ public SAMLSSOServiceProviderDAOImpl(int tenantId) throws IdentityException { @Override public boolean addServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) throws IdentityException { - if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null || - StringUtils.isBlank(serviceProviderDO.getIssuer())) { - throw new IdentityException("Issuer cannot be found in the provided arguments."); - } - - // If an issuer qualifier value is specified, it is appended to the end of the issuer value. - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - serviceProviderDO.setIssuer(getIssuerWithQualifier(serviceProviderDO.getIssuer(), - serviceProviderDO.getIssuerQualifier())); - } + validateServiceProvider(serviceProviderDO); try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { try { - // Check whether the issuer already exists. if (processIsServiceProviderExists(connection, serviceProviderDO.getIssuer())) { if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " - + serviceProviderDO.getIssuerQualifier()); - } else { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + serviceProviderDO.getIssuer()); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " already exists."); } return false; } processAddServiceProvider(connection, serviceProviderDO); - // Add custom properties. - int serviceProviderId = processGetServiceProviderId(connection, serviceProviderDO.getIssuer()); - processAddCustomAttributes(connection, serviceProviderDO); + processAddSPProperties(connection, serviceProviderDO); IdentityDatabaseUtil.commitTransaction(connection); if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " with issuer " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier " + - serviceProviderDO.getIssuerQualifier() + " is added successfully."); - } else { - log.debug( - "SAML2 Service Provider " + serviceProviderDO.getIssuer() + " is added successfully."); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " is added successfully."); } } catch (SQLException e) { IdentityDatabaseUtil.rollbackTransaction(connection); @@ -154,14 +120,7 @@ public boolean addServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) th } return true; } catch (SQLException e) { - String msg; - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - msg = "Error while adding SAML2 Service Provider for issuer: " + getIssuerWithoutQualifier - (serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO - .getIssuerQualifier(); - } else { - msg = "Error while adding SAML2 Service Provider for issuer: " + serviceProviderDO.getIssuer(); - } + String msg = "Error while adding " + serviceProviderInfo(serviceProviderDO); log.error(msg, e); throw new IdentityException(msg, e); } @@ -171,51 +130,25 @@ public boolean addServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) th public boolean updateServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO, String currentIssuer) throws IdentityException { - if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null || - StringUtils.isBlank(serviceProviderDO.getIssuer())) { - throw new IdentityException("Issuer cannot be found in the provided arguments."); - } - - // If an issuer qualifier value is specified, it is appended to the end of the issuer value. - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - serviceProviderDO.setIssuer(getIssuerWithQualifier(serviceProviderDO.getIssuer(), - serviceProviderDO.getIssuerQualifier())); - } + validateServiceProvider(serviceProviderDO); String newIssuer = serviceProviderDO.getIssuer(); boolean isIssuerUpdated = !StringUtils.equals(currentIssuer, newIssuer); try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { try { - // Check if the updated issuer value already exists. if (isIssuerUpdated && processIsServiceProviderExists(connection, newIssuer)) { if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " - + serviceProviderDO.getIssuerQualifier()); - } else { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + serviceProviderDO.getIssuer()); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " already exists."); } return false; } int serviceProviderId = processGetServiceProviderId(connection, currentIssuer); - // Update the resource. processUpdateServiceProvider(connection, serviceProviderDO, serviceProviderId); - // Update custom properties. - processUpdateCustomAttributes(connection, serviceProviderDO, serviceProviderId); + processUpdateSPProperties(connection, serviceProviderDO, serviceProviderId); IdentityDatabaseUtil.commitTransaction(connection); if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " with issuer " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier " + - serviceProviderDO.getIssuerQualifier() + " is updated successfully."); - } else { - log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + - " is updated successfully."); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " is updated successfully."); } return true; } catch (SQLException e) { @@ -223,14 +156,7 @@ public boolean updateServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO, throw e; } } catch (SQLException e) { - String msg; - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - msg = "Error while updating SAML2 Service Provider for issuer: " + getIssuerWithoutQualifier - (serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO - .getIssuerQualifier(); - } else { - msg = "Error while updating SAML2 Service Provider for issuer: " + serviceProviderDO.getIssuer(); - } + String msg = "Error while updating " + serviceProviderInfo(serviceProviderDO); log.error(msg, e); throw new IdentityException(msg, e); } @@ -263,7 +189,6 @@ public boolean removeServiceProvider(String issuer) throws IdentityException { } return false; } - processDeleteServiceProvider(connection, issuer); return true; } catch (SQLException e) { @@ -283,8 +208,8 @@ public SAMLSSOServiceProviderDO getServiceProvider(String issuer) throws Identit serviceProviderDO = processGetServiceProvider(connection, issuer); } } catch (SQLException e) { - throw IdentityException.error(String.format("An error occurred while getting the " + - "application certificate id for validating the requests from the issuer '%s'", issuer), e); + throw IdentityException.error(String.format("An error occurred while retrieving the " + + "the service provider with the issuer '%s'", issuer), e); } if (serviceProviderDO == null) { return null; @@ -292,7 +217,7 @@ public SAMLSSOServiceProviderDO getServiceProvider(String issuer) throws Identit try { String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId); - // Load the certificate stored in the database, if signature validation is enabled.. + // Load the certificate stored in the database, if signature validation is enabled. if (serviceProviderDO.isDoValidateSignatureInRequests() || serviceProviderDO.isDoValidateSignatureInArtifactResolve() || serviceProviderDO.isDoEnableEncryptedAssertion()) { @@ -309,19 +234,22 @@ public SAMLSSOServiceProviderDO getServiceProvider(String issuer) throws Identit } @Override - public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) - throws IdentityException { + public boolean isServiceProviderExists(String issuer) throws IdentityException { - if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null || - StringUtils.isBlank(serviceProviderDO.getIssuer())) { - throw new IdentityException("Issuer cannot be found in the provided arguments."); + try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) { + return processIsServiceProviderExists(connection, issuer); + } catch (SQLException e) { + String msg = "Error while checking existence of Service Provider with issuer: " + issuer; + log.error(msg, e); + throw new IdentityException(msg, e); } + } - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - serviceProviderDO.setIssuer(getIssuerWithQualifier(serviceProviderDO.getIssuer(), - serviceProviderDO.getIssuerQualifier())); - } + @Override + public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) + throws IdentityException { + validateServiceProvider(serviceProviderDO); if (serviceProviderDO.getDefaultAssertionConsumerUrl() == null || StringUtils.isBlank( serviceProviderDO.getDefaultAssertionConsumerUrl())) { throw new IdentityException("No default assertion consumer URL provided for service provider :" + @@ -330,36 +258,19 @@ public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO s try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { try { - // Check whether the issuer already exists. if (processIsServiceProviderExists(connection, serviceProviderDO.getIssuer())) { if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier name " - + serviceProviderDO.getIssuerQualifier()); - } else { - log.debug("SAML2 Service Provider already exists with the same issuer name " - + serviceProviderDO.getIssuer()); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " already exists."); } throw IdentityException.error("A Service Provider already exists."); } processAddServiceProvider(connection, serviceProviderDO); - // Add custom properties. - int serviceProviderId = processGetServiceProviderId(connection, serviceProviderDO.getIssuer()); - processAddCustomAttributes(connection, serviceProviderDO); + processAddSPProperties(connection, serviceProviderDO); IdentityDatabaseUtil.commitTransaction(connection); if (log.isDebugEnabled()) { - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - log.debug("SAML2 Service Provider " + serviceProviderDO.getIssuer() + " with issuer " - + getIssuerWithoutQualifier(serviceProviderDO.getIssuer()) + " and qualifier " + - serviceProviderDO.getIssuerQualifier() + " is added successfully."); - } else { - log.debug( - "SAML2 Service Provider " + serviceProviderDO.getIssuer() + " is added successfully."); - } + log.debug(serviceProviderInfo(serviceProviderDO) + " is added successfully."); } return serviceProviderDO; } catch (SQLException e) { @@ -367,33 +278,12 @@ public SAMLSSOServiceProviderDO uploadServiceProvider(SAMLSSOServiceProviderDO s throw e; } } catch (SQLException e) { - String msg; - if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { - msg = "Error while adding SAML2 Service Provider for issuer: " + getIssuerWithoutQualifier - (serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO - .getIssuerQualifier(); - } else { - msg = "Error while adding SAML2 Service Provider for issuer: " + serviceProviderDO.getIssuer(); - } + String msg = "Error while adding " + serviceProviderInfo(serviceProviderDO); log.error(msg, e); throw new IdentityException(msg, e); } } - @Override - public boolean isServiceProviderExists(String issuer) throws IdentityException { - - try (Connection connection = IdentityDatabaseUtil.getDBConnection(false)) { - return processIsServiceProviderExists(connection, issuer); - } catch (SQLException e) { - String msg = "Error while checking existence of Service Provider with issuer: " + issuer; - log.error(msg, e); - throw new IdentityException(msg, e); - } - } - - // Private methods - private boolean processIsServiceProviderExists(Connection connection, String issuer) throws SQLException { boolean isExist = false; @@ -411,6 +301,146 @@ private boolean processIsServiceProviderExists(Connection connection, String iss return isExist; } + private void validateServiceProvider(SAMLSSOServiceProviderDO serviceProviderDO) throws IdentityException { + + if (serviceProviderDO == null || serviceProviderDO.getIssuer() == null || + StringUtils.isBlank(serviceProviderDO.getIssuer())) { + throw new IdentityException("Issuer cannot be found in the provided arguments."); + } + + if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { + serviceProviderDO.setIssuer( + getIssuerWithQualifier(serviceProviderDO.getIssuer(), serviceProviderDO.getIssuerQualifier())); + } + } + + private String serviceProviderInfo(SAMLSSOServiceProviderDO serviceProviderDO) { + + if (StringUtils.isNotBlank(serviceProviderDO.getIssuerQualifier())) { + return "SAML2 Service Provider with issuer: " + getIssuerWithoutQualifier + (serviceProviderDO.getIssuer()) + " and qualifier name " + serviceProviderDO + .getIssuerQualifier(); + } else { + return "SAML2 Service Provider with issuer: " + serviceProviderDO.getIssuer(); + } + } + + /** + * Get the issuer value to be added to registry by appending the qualifier. + * + * @param issuer value given as 'issuer' when configuring SAML SP. + * @return issuer value with qualifier appended. + */ + private String getIssuerWithQualifier(String issuer, String qualifier) { + + return issuer + IdentityRegistryResources.QUALIFIER_ID + qualifier; + } + + /** + * Get the issuer value by removing the qualifier. + * + * @param issuerWithQualifier issuer value saved in the registry. + * @return issuer value given as 'issuer' when configuring SAML SP. + */ + private String getIssuerWithoutQualifier(String issuerWithQualifier) { + + return StringUtils.substringBeforeLast(issuerWithQualifier, IdentityRegistryResources.QUALIFIER_ID); + } + + private SAMLSSOServiceProviderDO resourceToObject(ResultSet resultSet) throws SQLException { + + SAMLSSOServiceProviderDO serviceProviderDO = new SAMLSSOServiceProviderDO(); + + serviceProviderDO.setIssuer(resultSet.getString(ISSUER)); + serviceProviderDO.setDefaultAssertionConsumerUrl(resultSet.getString(DEFAULT_ASSERTION_CONSUMER_URL)); + serviceProviderDO.setNameIDFormat(resultSet.getString(NAME_ID_FORMAT)); + serviceProviderDO.setCertAlias(resultSet.getString(CERT_ALIAS)); + serviceProviderDO.setDoValidateSignatureInRequests(resultSet.getBoolean(REQ_SIG_VALIDATION)); + serviceProviderDO.setDoSignResponse(resultSet.getBoolean(SIGN_RESPONSE)); + serviceProviderDO.setSigningAlgorithmUri(resultSet.getString(SIGNING_ALGO)); + serviceProviderDO.setDigestAlgorithmUri(resultSet.getString(DIGEST_ALGO)); + serviceProviderDO.setDoEnableEncryptedAssertion(resultSet.getBoolean(ENCRYPT_ASSERTION)); + serviceProviderDO.setAssertionEncryptionAlgorithmUri(resultSet.getString(ASSERTION_ENCRYPTION_ALGO)); + serviceProviderDO.setKeyEncryptionAlgorithmUri(resultSet.getString(KEY_ENCRYPTION_ALGO)); + serviceProviderDO.setEnableAttributesByDefault(resultSet.getBoolean(ATTR_PROFILE_ENABLED)); + serviceProviderDO.setAttributeConsumingServiceIndex(resultSet.getString(ATTR_SERVICE_INDEX)); + serviceProviderDO.setDoSingleLogout(resultSet.getBoolean(SLO_PROFILE_ENABLED)); + serviceProviderDO.setSloResponseURL(resultSet.getString(SLO_RESPONSE_URL)); + serviceProviderDO.setSloRequestURL(resultSet.getString(SLO_REQUEST_URL)); + serviceProviderDO.setIdPInitSSOEnabled(resultSet.getBoolean(IDP_INIT_SSO_ENABLED)); + serviceProviderDO.setIdPInitSLOEnabled(resultSet.getBoolean(IDP_INIT_SLO_ENABLED)); + serviceProviderDO.setAssertionQueryRequestProfileEnabled(resultSet.getBoolean(QUERY_REQUEST_PROFILE_ENABLED)); + serviceProviderDO.setSamlECP(resultSet.getBoolean(ECP_ENABLED)); + serviceProviderDO.setEnableSAML2ArtifactBinding(resultSet.getBoolean(ARTIFACT_BINDING_ENABLED)); + serviceProviderDO.setDoValidateSignatureInArtifactResolve( + resultSet.getBoolean(ARTIFACT_RESOLVE_REQ_SIG_VALIDATION)); + serviceProviderDO.setIdpEntityIDAlias(resultSet.getString(IDP_ENTITY_ID_ALIAS)); + serviceProviderDO.setIssuerQualifier(resultSet.getString(ISSUER_QUALIFIER)); + serviceProviderDO.setSupportedAssertionQueryRequestTypes( + resultSet.getString(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES)); + serviceProviderDO.setDoFrontChannelLogout(!"BackChannel".equals(resultSet.getString(SLO_METHOD))); + if (serviceProviderDO.isDoFrontChannelLogout()) { + serviceProviderDO.setFrontChannelLogoutBinding(resultSet.getString(SLO_METHOD)); + } + serviceProviderDO.setDoSignAssertions(Boolean.TRUE); + + return serviceProviderDO; + } + + private void addProperties(Connection connection, int serviceProviderId, + SAMLSSOServiceProviderDO serviceProviderDO) throws SQLException { + + List properties = new ArrayList<>(); + try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, + SAMLSSOServiceProviderConstants.SQLQueries.GET_SAML_SSO_ATTR_BY_ID)) { + statement.setInt(SP_ID, serviceProviderId); + try (ResultSet resultSet = statement.executeQuery()) { + while (resultSet.next()) { + String key = resultSet.getString(PROPERTY_NAME); + String value = resultSet.getString(PROPERTY_VALUE); + properties.add(new SPProperty(key, value)); + } + serviceProviderDO.addMultiValuedProperties(properties); + } + } + } + + private void setServiceProviderParameters(NamedPreparedStatement statement, + SAMLSSOServiceProviderDO serviceProviderDO) + throws SQLException { + + statement.setInt(TENANT_ID, tenantId); + statement.setString(ISSUER, serviceProviderDO.getIssuer()); + statement.setString(DEFAULT_ASSERTION_CONSUMER_URL, serviceProviderDO.getDefaultAssertionConsumerUrl()); + statement.setString(NAME_ID_FORMAT, serviceProviderDO.getNameIDFormat()); + statement.setString(CERT_ALIAS, serviceProviderDO.getCertAlias()); + statement.setBoolean(REQ_SIG_VALIDATION, serviceProviderDO.isDoValidateSignatureInRequests()); + statement.setBoolean(SIGN_RESPONSE, serviceProviderDO.isDoSignResponse()); + statement.setString(SIGNING_ALGO, serviceProviderDO.getSigningAlgorithmUri()); + statement.setString(DIGEST_ALGO, serviceProviderDO.getDigestAlgorithmUri()); + statement.setBoolean(ENCRYPT_ASSERTION, serviceProviderDO.isDoEnableEncryptedAssertion()); + statement.setString(ASSERTION_ENCRYPTION_ALGO, serviceProviderDO.getAssertionEncryptionAlgorithmUri()); + statement.setString(KEY_ENCRYPTION_ALGO, serviceProviderDO.getKeyEncryptionAlgorithmUri()); + statement.setBoolean(ATTR_PROFILE_ENABLED, serviceProviderDO.isEnableAttributesByDefault()); + statement.setString(ATTR_SERVICE_INDEX, serviceProviderDO.getAttributeConsumingServiceIndex()); + statement.setBoolean(SLO_PROFILE_ENABLED, serviceProviderDO.isDoSingleLogout()); + statement.setString(SLO_METHOD, serviceProviderDO.getSingleLogoutMethod()); + statement.setString(SLO_RESPONSE_URL, serviceProviderDO.getSloResponseURL()); + statement.setString(SLO_REQUEST_URL, serviceProviderDO.getSloRequestURL()); + statement.setBoolean(IDP_INIT_SSO_ENABLED, serviceProviderDO.isIdPInitSSOEnabled()); + statement.setBoolean(IDP_INIT_SLO_ENABLED, serviceProviderDO.isIdPInitSLOEnabled()); + statement.setBoolean(QUERY_REQUEST_PROFILE_ENABLED, + serviceProviderDO.isAssertionQueryRequestProfileEnabled()); + statement.setBoolean(ECP_ENABLED, serviceProviderDO.isSamlECP()); + statement.setBoolean(ARTIFACT_BINDING_ENABLED, serviceProviderDO.isEnableSAML2ArtifactBinding()); + statement.setBoolean(ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, + serviceProviderDO.isDoValidateSignatureInArtifactResolve()); + statement.setString(IDP_ENTITY_ID_ALIAS, serviceProviderDO.getIdpEntityIDAlias()); + statement.setString(ISSUER_QUALIFIER, serviceProviderDO.getIssuerQualifier()); + statement.setString(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, + serviceProviderDO.getSupportedAssertionQueryRequestTypes()); + } + private int processGetServiceProviderId(Connection connection, String issuer) throws SQLException { int serviceProviderId; @@ -435,53 +465,23 @@ private void processAddServiceProvider(Connection connection, SAMLSSOServiceProv try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.ADD_SAML2_SSO_CONFIG)) { - statement.setInt(TENANT_ID, tenantId); - statement.setString(ISSUER, serviceProviderDO.getIssuer()); - statement.setString(DEFAULT_ASSERTION_CONSUMER_URL, serviceProviderDO.getDefaultAssertionConsumerUrl()); - statement.setString(NAME_ID_FORMAT, serviceProviderDO.getNameIDFormat()); - statement.setString(CERT_ALIAS, serviceProviderDO.getCertAlias()); - statement.setBoolean(REQ_SIG_VALIDATION, serviceProviderDO.isDoValidateSignatureInRequests()); - statement.setBoolean(SIGN_RESPONSE, serviceProviderDO.isDoSignResponse()); - statement.setString(SIGNING_ALGO, serviceProviderDO.getSigningAlgorithmUri()); - statement.setString(DIGEST_ALGO, serviceProviderDO.getDigestAlgorithmUri()); - statement.setBoolean(ENCRYPT_ASSERTION, serviceProviderDO.isDoEnableEncryptedAssertion()); - statement.setString(ASSERTION_ENCRYPTION_ALGO, serviceProviderDO.getAssertionEncryptionAlgorithmUri()); - statement.setString(KEY_ENCRYPTION_ALGO, serviceProviderDO.getKeyEncryptionAlgorithmUri()); - statement.setBoolean(ATTR_PROFILE_ENABLED, serviceProviderDO.isEnableAttributesByDefault()); - statement.setString(ATTR_SERVICE_INDEX, serviceProviderDO.getAttributeConsumingServiceIndex()); - statement.setBoolean(SLO_PROFILE_ENABLED, serviceProviderDO.isDoSingleLogout()); - statement.setString(SLO_METHOD, serviceProviderDO.getSingleLogoutMethod()); - statement.setString(SLO_RESPONSE_URL, serviceProviderDO.getSloResponseURL()); - statement.setString(SLO_REQUEST_URL, serviceProviderDO.getSloRequestURL()); - statement.setBoolean(IDP_INIT_SSO_ENABLED, serviceProviderDO.isIdPInitSSOEnabled()); - statement.setBoolean(IDP_INIT_SLO_ENABLED, serviceProviderDO.isIdPInitSLOEnabled()); - statement.setBoolean(QUERY_REQUEST_PROFILE_ENABLED, - serviceProviderDO.isAssertionQueryRequestProfileEnabled()); - statement.setBoolean(ECP_ENABLED, serviceProviderDO.isSamlECP()); - statement.setBoolean(ARTIFACT_BINDING_ENABLED, serviceProviderDO.isEnableSAML2ArtifactBinding()); - statement.setBoolean(ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, - serviceProviderDO.isDoValidateSignatureInArtifactResolve()); - statement.setString(IDP_ENTITY_ID_ALIAS, serviceProviderDO.getIdpEntityIDAlias()); - statement.setString(ISSUER_QUALIFIER, serviceProviderDO.getIssuerQualifier()); - statement.setString(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, - serviceProviderDO.getSupportedAssertionQueryRequestTypes()); - + setServiceProviderParameters(statement, serviceProviderDO); statement.executeUpdate(); } } - private void processAddCustomAttributes(Connection connection, SAMLSSOServiceProviderDO serviceProviderDO) + private void processAddSPProperties(Connection connection, SAMLSSOServiceProviderDO serviceProviderDO) throws SQLException { - List customAttributes = serviceProviderDO.getCustomAttributes(); + List properties = serviceProviderDO.getMultiValuedProperties(); int serviceProviderId = processGetServiceProviderId(connection, serviceProviderDO.getIssuer()); try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.ADD_SAML_SSO_ATTR)) { - for (ConfigTuple customAttribute : customAttributes) { - String key = customAttribute.getKey(); - String value = customAttribute.getValue(); + for (SPProperty property : properties) { + String key = property.getKey(); + String value = property.getValue(); statement.setInt(SP_ID, serviceProviderId); statement.setString(PROPERTY_NAME, key); statement.setString(PROPERTY_VALUE, value); @@ -496,60 +496,28 @@ private void processUpdateServiceProvider(Connection connection, SAMLSSOServiceP try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.UPDATE_SAML2_SSO_CONFIG)) { - statement.setInt(TENANT_ID, tenantId); statement.setInt(ID, serviceProviderId); - statement.setString(ISSUER, serviceProviderDO.getIssuer()); - statement.setString(DEFAULT_ASSERTION_CONSUMER_URL, serviceProviderDO.getDefaultAssertionConsumerUrl()); - statement.setString(NAME_ID_FORMAT, serviceProviderDO.getNameIDFormat()); - statement.setString(CERT_ALIAS, serviceProviderDO.getCertAlias()); - statement.setBoolean(REQ_SIG_VALIDATION, serviceProviderDO.isDoValidateSignatureInRequests()); - statement.setBoolean(SIGN_RESPONSE, serviceProviderDO.isDoSignResponse()); - statement.setString(SIGNING_ALGO, serviceProviderDO.getSigningAlgorithmUri()); - statement.setString(DIGEST_ALGO, serviceProviderDO.getDigestAlgorithmUri()); - statement.setBoolean(ENCRYPT_ASSERTION, serviceProviderDO.isDoEnableEncryptedAssertion()); - statement.setString(ASSERTION_ENCRYPTION_ALGO, serviceProviderDO.getAssertionEncryptionAlgorithmUri()); - statement.setString(KEY_ENCRYPTION_ALGO, serviceProviderDO.getKeyEncryptionAlgorithmUri()); - statement.setBoolean(ATTR_PROFILE_ENABLED, serviceProviderDO.isEnableAttributesByDefault()); - statement.setString(ATTR_SERVICE_INDEX, serviceProviderDO.getAttributeConsumingServiceIndex()); - statement.setBoolean(SLO_PROFILE_ENABLED, serviceProviderDO.isDoSingleLogout()); - statement.setString(SLO_METHOD, serviceProviderDO.getSingleLogoutMethod()); - statement.setString(SLO_RESPONSE_URL, serviceProviderDO.getSloResponseURL()); - statement.setString(SLO_REQUEST_URL, serviceProviderDO.getSloRequestURL()); - statement.setBoolean(IDP_INIT_SSO_ENABLED, serviceProviderDO.isIdPInitSSOEnabled()); - statement.setBoolean(IDP_INIT_SLO_ENABLED, serviceProviderDO.isIdPInitSLOEnabled()); - statement.setBoolean(QUERY_REQUEST_PROFILE_ENABLED, - serviceProviderDO.isAssertionQueryRequestProfileEnabled()); - statement.setBoolean(ECP_ENABLED, serviceProviderDO.isSamlECP()); - statement.setBoolean(ARTIFACT_BINDING_ENABLED, serviceProviderDO.isEnableSAML2ArtifactBinding()); - statement.setBoolean(ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, - serviceProviderDO.isDoValidateSignatureInArtifactResolve()); - statement.setString(IDP_ENTITY_ID_ALIAS, serviceProviderDO.getIdpEntityIDAlias()); - statement.setString(ISSUER_QUALIFIER, serviceProviderDO.getIssuerQualifier()); - statement.setString(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, - serviceProviderDO.getSupportedAssertionQueryRequestTypes()); - + setServiceProviderParameters(statement, serviceProviderDO); statement.executeUpdate(); } } - private void processUpdateCustomAttributes(Connection connection, SAMLSSOServiceProviderDO serviceProviderDO, - int serviceProviderId) throws SQLException { + private void processUpdateSPProperties(Connection connection, SAMLSSOServiceProviderDO serviceProviderDO, + int serviceProviderId) throws SQLException { - List customAttributes = serviceProviderDO.getCustomAttributes(); + List properties = serviceProviderDO.getMultiValuedProperties(); - // Delete existing custom attributes. try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.DELETE_SAML_SSO_ATTR_BY_ID)) { statement.setInt(SP_ID, serviceProviderId); statement.executeUpdate(); } - // Add custom attributes as a batch. try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.ADD_SAML_SSO_ATTR)) { - for (ConfigTuple customAttribute : customAttributes) { - String key = customAttribute.getKey(); - String value = customAttribute.getValue(); + for (SPProperty property : properties) { + String key = property.getKey(); + String value = property.getValue(); statement.setInt(SP_ID, serviceProviderId); statement.setString(PROPERTY_NAME, key); statement.setString(PROPERTY_VALUE, value); @@ -570,7 +538,7 @@ private SAMLSSOServiceProviderDO processGetServiceProvider(Connection connection try (ResultSet resultSet = statement.executeQuery()) { if (resultSet.next()) { serviceProviderDO = resourceToObject(resultSet); - serviceProviderDO = addProperties(connection, resultSet.getInt(1), serviceProviderDO); + addProperties(connection, resultSet.getInt(1), serviceProviderDO); } } } @@ -586,8 +554,7 @@ private List processGetServiceProviders(Connection con try (ResultSet resultSet = statement.executeQuery()) { while (resultSet.next()) { SAMLSSOServiceProviderDO serviceProviderDO = resourceToObject(resultSet); - // Get custom attributes. - serviceProviderDO = addProperties(connection, resultSet.getInt(1), serviceProviderDO); + addProperties(connection, resultSet.getInt(1), serviceProviderDO); serviceProvidersList.add(serviceProviderDO); } } @@ -604,7 +571,6 @@ private void processDeleteServiceProvider(Connection connection, String issuer) statement.executeUpdate(); } - // Delete custom attributes. try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, SAMLSSOServiceProviderConstants.SQLQueries.DELETE_SAML_SSO_ATTR)) { statement.setString(ISSUER, issuer); @@ -613,68 +579,6 @@ private void processDeleteServiceProvider(Connection connection, String issuer) } } - private SAMLSSOServiceProviderDO resourceToObject(ResultSet resultSet) throws SQLException { - - SAMLSSOServiceProviderDO serviceProviderDO = new SAMLSSOServiceProviderDO(); - - serviceProviderDO.setIssuer(resultSet.getString(ISSUER)); - serviceProviderDO.setDefaultAssertionConsumerUrl(resultSet.getString(DEFAULT_ASSERTION_CONSUMER_URL)); - serviceProviderDO.setNameIDFormat(resultSet.getString(NAME_ID_FORMAT)); - serviceProviderDO.setCertAlias(resultSet.getString(CERT_ALIAS)); - serviceProviderDO.setDoValidateSignatureInRequests(resultSet.getBoolean(REQ_SIG_VALIDATION)); - serviceProviderDO.setDoSignResponse(resultSet.getBoolean(SIGN_RESPONSE)); - serviceProviderDO.setSigningAlgorithmUri(resultSet.getString(SIGNING_ALGO)); - serviceProviderDO.setDigestAlgorithmUri(resultSet.getString(DIGEST_ALGO)); - serviceProviderDO.setDoEnableEncryptedAssertion(resultSet.getBoolean(ENCRYPT_ASSERTION)); - serviceProviderDO.setAssertionEncryptionAlgorithmUri(resultSet.getString(ASSERTION_ENCRYPTION_ALGO)); - serviceProviderDO.setKeyEncryptionAlgorithmUri(resultSet.getString(KEY_ENCRYPTION_ALGO)); - serviceProviderDO.setEnableAttributesByDefault(resultSet.getBoolean(ATTR_PROFILE_ENABLED)); - serviceProviderDO.setAttributeConsumingServiceIndex(resultSet.getString(ATTR_SERVICE_INDEX)); - serviceProviderDO.setDoSingleLogout(resultSet.getBoolean(SLO_PROFILE_ENABLED)); - serviceProviderDO.setSloResponseURL(resultSet.getString(SLO_RESPONSE_URL)); - serviceProviderDO.setSloRequestURL(resultSet.getString(SLO_REQUEST_URL)); - serviceProviderDO.setIdPInitSSOEnabled(resultSet.getBoolean(IDP_INIT_SSO_ENABLED)); - serviceProviderDO.setIdPInitSLOEnabled(resultSet.getBoolean(IDP_INIT_SLO_ENABLED)); - serviceProviderDO.setAssertionQueryRequestProfileEnabled(resultSet.getBoolean(QUERY_REQUEST_PROFILE_ENABLED)); - serviceProviderDO.setSamlECP(resultSet.getBoolean(ECP_ENABLED)); - serviceProviderDO.setEnableSAML2ArtifactBinding(resultSet.getBoolean(ARTIFACT_BINDING_ENABLED)); - serviceProviderDO.setDoValidateSignatureInArtifactResolve( - resultSet.getBoolean(ARTIFACT_RESOLVE_REQ_SIG_VALIDATION)); - serviceProviderDO.setIdpEntityIDAlias(resultSet.getString(IDP_ENTITY_ID_ALIAS)); - serviceProviderDO.setIssuerQualifier(resultSet.getString(ISSUER_QUALIFIER)); - serviceProviderDO.setSupportedAssertionQueryRequestTypes( - resultSet.getString(SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES)); - serviceProviderDO.setDoFrontChannelLogout(!"BackChannel".equals(resultSet.getString(SLO_METHOD))); - if (serviceProviderDO.isDoFrontChannelLogout()) { - serviceProviderDO.setFrontChannelLogoutBinding(resultSet.getString(SLO_METHOD)); - } - serviceProviderDO.setDoSignAssertions(Boolean.TRUE); - - return serviceProviderDO; - } - - /** - * Get the issuer value to be added to registry by appending the qualifier. - * - * @param issuer value given as 'issuer' when configuring SAML SP. - * @return issuer value with qualifier appended. - */ - private String getIssuerWithQualifier(String issuer, String qualifier) { - - return issuer + IdentityRegistryResources.QUALIFIER_ID + qualifier; - } - - /** - * Get the issuer value by removing the qualifier. - * - * @param issuerWithQualifier issuer value saved in the registry. - * @return issuer value given as 'issuer' when configuring SAML SP. - */ - private String getIssuerWithoutQualifier(String issuerWithQualifier) { - - return StringUtils.substringBeforeLast(issuerWithQualifier, IdentityRegistryResources.QUALIFIER_ID); - } - /** * Returns the {@link java.security.cert.Certificate} which should used to validate the requests * for the given service provider. @@ -736,23 +640,4 @@ private int getApplicationCertificateId(String issuer, int tenantId) throws SQLE throw new SQLException(errorMsg, e); } } - - private SAMLSSOServiceProviderDO addProperties(Connection connection, int serviceProviderId, - SAMLSSOServiceProviderDO serviceProviderDO) throws SQLException { - - List customAttributes = new ArrayList<>(); - try (NamedPreparedStatement statement = new NamedPreparedStatement(connection, - SAMLSSOServiceProviderConstants.SQLQueries.GET_SAML_SSO_ATTR_BY_ID)) { - statement.setInt(SP_ID, serviceProviderId); - try (ResultSet resultSet = statement.executeQuery()) { - while (resultSet.next()) { - String key = resultSet.getString(PROPERTY_NAME); - String value = resultSet.getString(PROPERTY_VALUE); - customAttributes.add(new ConfigTuple(key, value)); - } - serviceProviderDO.addCustomAttributes(customAttributes); - } - } - return serviceProviderDO; - } } \ No newline at end of file diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java index 283e62934c1a..b3c06b2cc990 100644 --- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java +++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SAMLSSOServiceProviderDO.java @@ -671,55 +671,55 @@ public String getSingleLogoutMethod() { /** * Get optional configs of the SAML SSO IdP. * - * @return List of ConfigTuples. + * @return List of SPProperty. */ - public List getCustomAttributes() { + public List getMultiValuedProperties() { - List customAttributes = new ArrayList<>(); + List multiValuedProperties = new ArrayList<>(); // Multi-valued attributes. getAssertionConsumerUrlList().forEach(assertionConUrl -> - putIfNotNull(customAttributes, ASSERTION_CONSUMER_URLS, + putIfNotNull(multiValuedProperties, ASSERTION_CONSUMER_URLS, assertionConUrl)); getRequestedRecipientsList().forEach(requestedRecipient -> - putIfNotNull(customAttributes, RECIPIENTS, + putIfNotNull(multiValuedProperties, RECIPIENTS, requestedRecipient)); getRequestedAudiencesList().forEach(requestedAudience -> - putIfNotNull(customAttributes, AUDIENCES, + putIfNotNull(multiValuedProperties, AUDIENCES, requestedAudience)); getIdpInitSLOReturnToURLList().forEach(idpInitSLOReturnToURL -> - putIfNotNull(customAttributes, SLO_RETURN_TO_URLS, + putIfNotNull(multiValuedProperties, SLO_RETURN_TO_URLS, idpInitSLOReturnToURL)); - return customAttributes; + return multiValuedProperties; } /** - * Add a list of custom attributes. + * Add a list of multivalued properties. * - * @param customAttributes List of ConfigTuples. + * @param multiValuedProperties List of SPProperty. */ - public void addCustomAttributes(List customAttributes) { + public void addMultiValuedProperties(List multiValuedProperties) { - if (customAttributes == null) { + if (multiValuedProperties == null) { return; } - customAttributes.forEach(this::addCustomAttribute); + multiValuedProperties.forEach(this::addMultiValuedProperty); } /** - * Add a custom attribute. + * Add a multivalued property. * - * @param customAttribute ConfigTuple. + * @param multiValuedProperty SPProperty. */ - private void addCustomAttribute(ConfigTuple customAttribute) { + private void addMultiValuedProperty(SPProperty multiValuedProperty) { - if (customAttribute == null) { + if (multiValuedProperty == null) { return; } - String key = customAttribute.getKey(); - String value = customAttribute.getValue(); + String key = multiValuedProperty.getKey(); + String value = multiValuedProperty.getValue(); if (ASSERTION_CONSUMER_URLS.equals(key)) { List attributeList = getAssertionConsumerUrlList(); @@ -755,14 +755,14 @@ private void addCustomAttribute(ConfigTuple customAttribute) { /** * Put a key value pair to a list if the value is not null. * - * @param list List of ConfigTuples. + * @param list List of SPProperty. * @param key Key. * @param value Value. */ - private void putIfNotNull(List list, String key, String value) { + private void putIfNotNull(List list, String key, String value) { if (StringUtils.isNotBlank(value)) { - list.add(new ConfigTuple(key, value)); + list.add(new SPProperty(key, value)); } } } diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/ConfigTuple.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SPProperty.java similarity index 93% rename from components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/ConfigTuple.java rename to components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SPProperty.java index 22d9267d374c..48cba8e76455 100644 --- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/ConfigTuple.java +++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/model/SPProperty.java @@ -21,12 +21,12 @@ /** * This class represents a tuple of key and value. */ -public class ConfigTuple { +public class SPProperty { private String key; private String value; - public ConfigTuple(String key, String value) { + public SPProperty(String key, String value) { this.key = key; this.value = value; }