1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.provisioning.java.data;
20
21 import java.util.Optional;
22 import org.apache.syncope.common.lib.SyncopeClientException;
23 import org.apache.syncope.common.lib.to.CASSPClientAppTO;
24 import org.apache.syncope.common.lib.to.ClientAppTO;
25 import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
26 import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
27 import org.apache.syncope.common.lib.types.ClientExceptionType;
28 import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
29 import org.apache.syncope.core.persistence.api.dao.RealmDAO;
30 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
31 import org.apache.syncope.core.persistence.api.entity.Realm;
32 import org.apache.syncope.core.persistence.api.entity.am.CASSPClientApp;
33 import org.apache.syncope.core.persistence.api.entity.am.ClientApp;
34 import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
35 import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp;
36 import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
37 import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
38 import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
39 import org.apache.syncope.core.persistence.api.entity.policy.Policy;
40 import org.apache.syncope.core.persistence.api.entity.policy.TicketExpirationPolicy;
41 import org.apache.syncope.core.provisioning.api.data.ClientAppDataBinder;
42
43 public class ClientAppDataBinderImpl implements ClientAppDataBinder {
44
45 protected final PolicyDAO policyDAO;
46
47 protected final RealmDAO realmDAO;
48
49 protected final EntityFactory entityFactory;
50
51 public ClientAppDataBinderImpl(
52 final PolicyDAO policyDAO,
53 final RealmDAO realmDAO,
54 final EntityFactory entityFactory) {
55
56 this.policyDAO = policyDAO;
57 this.realmDAO = realmDAO;
58 this.entityFactory = entityFactory;
59 }
60
61 @Override
62 @SuppressWarnings("unchecked")
63 public <T extends ClientApp> T create(final ClientAppTO clientAppTO) {
64 if (clientAppTO instanceof SAML2SPClientAppTO) {
65 return (T) doCreate((SAML2SPClientAppTO) clientAppTO);
66 }
67 if (clientAppTO instanceof OIDCRPClientAppTO) {
68 return (T) doCreate((OIDCRPClientAppTO) clientAppTO);
69 }
70 if (clientAppTO instanceof CASSPClientAppTO) {
71 return (T) doCreate((CASSPClientAppTO) clientAppTO);
72 }
73
74 throw new IllegalArgumentException("Unsupported client app: " + clientAppTO.getClass().getName());
75 }
76
77 @Override
78 public <T extends ClientApp> void update(final T clientApp, final ClientAppTO clientAppTO) {
79 if (clientAppTO instanceof SAML2SPClientAppTO) {
80 doUpdate((SAML2SPClientApp) clientApp, (SAML2SPClientAppTO) clientAppTO);
81 } else if (clientAppTO instanceof OIDCRPClientAppTO) {
82 doUpdate((OIDCRPClientApp) clientApp, (OIDCRPClientAppTO) clientAppTO);
83 } else if (clientAppTO instanceof CASSPClientAppTO) {
84 doUpdate((CASSPClientApp) clientApp, (CASSPClientAppTO) clientAppTO);
85 } else {
86 throw new IllegalArgumentException("Unsupported client app: " + clientAppTO.getClass().getName());
87 }
88 }
89
90 @Override
91 @SuppressWarnings("unchecked")
92 public <T extends ClientAppTO> T getClientAppTO(final ClientApp clientApp) {
93 if (clientApp instanceof SAML2SPClientApp) {
94 return (T) getSAMLClientAppTO((SAML2SPClientApp) clientApp);
95 }
96 if (clientApp instanceof OIDCRPClientApp) {
97 return (T) getOIDCClientAppTO((OIDCRPClientApp) clientApp);
98 }
99 if (clientApp instanceof CASSPClientApp) {
100 return (T) getCASClientAppTO((CASSPClientApp) clientApp);
101 }
102 throw new IllegalArgumentException("Unsupported client app: " + clientApp.getClass().getName());
103 }
104
105 protected SAML2SPClientApp doCreate(final SAML2SPClientAppTO clientAppTO) {
106 SAML2SPClientApp saml2sp = entityFactory.newEntity(SAML2SPClientApp.class);
107 update(saml2sp, clientAppTO);
108 return saml2sp;
109 }
110
111 protected CASSPClientApp doCreate(final CASSPClientAppTO clientAppTO) {
112 CASSPClientApp saml2sp = entityFactory.newEntity(CASSPClientApp.class);
113 update(saml2sp, clientAppTO);
114 return saml2sp;
115 }
116
117 protected void doUpdate(final SAML2SPClientApp clientApp, final SAML2SPClientAppTO clientAppTO) {
118 copyToEntity(clientApp, clientAppTO);
119
120 clientApp.setEntityId(clientAppTO.getEntityId());
121 clientApp.setMetadataLocation(clientAppTO.getMetadataLocation());
122 clientApp.setMetadataSignatureLocation(clientAppTO.getMetadataSignatureLocation());
123 clientApp.setSignAssertions(clientAppTO.isSignAssertions());
124 clientApp.setSignResponses(clientAppTO.isSignResponses());
125 clientApp.setEncryptionOptional(clientAppTO.isEncryptionOptional());
126 clientApp.setEncryptAssertions(clientAppTO.isEncryptAssertions());
127 clientApp.setRequiredAuthenticationContextClass(clientAppTO.getRequiredAuthenticationContextClass());
128 clientApp.setRequiredNameIdFormat(clientAppTO.getRequiredNameIdFormat());
129 clientApp.setSkewAllowance(clientAppTO.getSkewAllowance());
130 clientApp.setNameIdQualifier(clientAppTO.getNameIdQualifier());
131 clientApp.getAssertionAudiences().clear();
132 clientApp.getAssertionAudiences().addAll(clientAppTO.getAssertionAudiences());
133 clientApp.setServiceProviderNameIdQualifier(clientAppTO.getServiceProviderNameIdQualifier());
134
135 clientApp.getSigningSignatureAlgorithms().clear();
136 clientApp.getSigningSignatureAlgorithms().addAll(
137 clientAppTO.getSigningSignatureAlgorithms());
138 clientApp.getSigningSignatureReferenceDigestMethods().clear();
139 clientApp.getSigningSignatureReferenceDigestMethods().addAll(
140 clientAppTO.getSigningSignatureReferenceDigestMethods());
141 clientApp.getEncryptionKeyAlgorithms().clear();
142 clientApp.getEncryptionKeyAlgorithms().addAll(
143 clientAppTO.getEncryptionKeyAlgorithms());
144 clientApp.getEncryptionDataAlgorithms().clear();
145 clientApp.getEncryptionDataAlgorithms().addAll(
146 clientAppTO.getEncryptionDataAlgorithms());
147
148 clientApp.getSigningSignatureBlackListedAlgorithms().clear();
149 clientApp.getSigningSignatureBlackListedAlgorithms().
150 addAll(clientAppTO.getSigningSignatureBlackListedAlgorithms());
151 clientApp.getEncryptionBlackListedAlgorithms().clear();
152 clientApp.getEncryptionBlackListedAlgorithms().addAll(
153 clientAppTO.getEncryptionBlackListedAlgorithms());
154 }
155
156 protected void copyToTO(final ClientApp clientApp, final ClientAppTO clientAppTO) {
157 clientAppTO.setKey(clientApp.getKey());
158 clientAppTO.setRealm(Optional.ofNullable(clientApp.getRealm()).map(Realm::getFullPath).orElse(null));
159 clientAppTO.setName(clientApp.getName());
160 clientAppTO.setClientAppId(clientApp.getClientAppId());
161 clientAppTO.setDescription(clientApp.getDescription());
162 clientAppTO.setLogo(clientApp.getLogo());
163 clientAppTO.setTheme(clientApp.getTheme());
164 clientAppTO.setInformationUrl(clientApp.getInformationUrl());
165 clientAppTO.setPrivacyUrl(clientApp.getPrivacyUrl());
166 clientAppTO.setUsernameAttributeProviderConf(clientApp.getUsernameAttributeProviderConf());
167
168 clientAppTO.setAuthPolicy(Optional.ofNullable(clientApp.getAuthPolicy()).
169 map(AuthPolicy::getKey).orElse(null));
170 clientAppTO.setAccessPolicy(Optional.ofNullable(clientApp.getAccessPolicy()).
171 map(AccessPolicy::getKey).orElse(null));
172 clientAppTO.setAttrReleasePolicy(Optional.ofNullable(clientApp.getAttrReleasePolicy()).
173 map(AttrReleasePolicy::getKey).orElse(null));
174 clientAppTO.setTicketExpirationPolicy(Optional.ofNullable(clientApp.getTicketExpirationPolicy()).
175 map(TicketExpirationPolicy::getKey).orElse(null));
176
177 clientAppTO.getProperties().addAll(clientApp.getProperties());
178 clientAppTO.setLogoutType(clientApp.getLogoutType());
179 }
180
181 protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp) {
182 SAML2SPClientAppTO clientAppTO = new SAML2SPClientAppTO();
183 copyToTO(clientApp, clientAppTO);
184
185 clientAppTO.setEntityId(clientApp.getEntityId());
186 clientAppTO.setMetadataLocation(clientApp.getMetadataLocation());
187 clientAppTO.setMetadataSignatureLocation(clientApp.getMetadataSignatureLocation());
188 clientAppTO.setSignAssertions(clientApp.isSignAssertions());
189 clientAppTO.setSignResponses(clientApp.isSignResponses());
190 clientAppTO.setEncryptionOptional(clientApp.isEncryptionOptional());
191 clientAppTO.setEncryptAssertions(clientApp.isEncryptAssertions());
192 clientAppTO.setRequiredAuthenticationContextClass(clientApp.getRequiredAuthenticationContextClass());
193 clientAppTO.setRequiredNameIdFormat(clientApp.getRequiredNameIdFormat());
194 clientAppTO.setSkewAllowance(clientApp.getSkewAllowance());
195 clientAppTO.setNameIdQualifier(clientApp.getNameIdQualifier());
196 clientAppTO.getAssertionAudiences().addAll(clientApp.getAssertionAudiences());
197 clientAppTO.setServiceProviderNameIdQualifier(clientApp.getServiceProviderNameIdQualifier());
198
199 clientAppTO.getSigningSignatureAlgorithms().addAll(
200 clientApp.getSigningSignatureAlgorithms());
201 clientAppTO.getSigningSignatureReferenceDigestMethods().addAll(
202 clientApp.getSigningSignatureReferenceDigestMethods());
203 clientAppTO.getEncryptionKeyAlgorithms().addAll(
204 clientApp.getEncryptionKeyAlgorithms());
205 clientAppTO.getEncryptionDataAlgorithms().addAll(
206 clientApp.getEncryptionDataAlgorithms());
207
208 clientAppTO.getSigningSignatureBlackListedAlgorithms().addAll(
209 clientApp.getSigningSignatureBlackListedAlgorithms());
210 clientAppTO.getEncryptionBlackListedAlgorithms().addAll(
211 clientApp.getEncryptionBlackListedAlgorithms());
212
213 return clientAppTO;
214 }
215
216 protected OIDCRPClientApp doCreate(final OIDCRPClientAppTO clientAppTO) {
217 OIDCRPClientApp oidcrp = entityFactory.newEntity(OIDCRPClientApp.class);
218 update(oidcrp, clientAppTO);
219 return oidcrp;
220 }
221
222 protected void doUpdate(final OIDCRPClientApp clientApp, final OIDCRPClientAppTO clientAppTO) {
223 copyToEntity(clientApp, clientAppTO);
224
225 clientApp.setClientSecret(clientAppTO.getClientSecret());
226 clientApp.setClientId(clientAppTO.getClientId());
227 clientApp.setSignIdToken(clientAppTO.isSignIdToken());
228 clientApp.setJwtAccessToken(clientAppTO.isJwtAccessToken());
229 clientApp.setBypassApprovalPrompt(clientAppTO.isBypassApprovalPrompt());
230 clientApp.setGenerateRefreshToken(clientAppTO.isGenerateRefreshToken());
231 clientApp.setSubjectType(clientAppTO.getSubjectType());
232 clientApp.getRedirectUris().clear();
233 clientApp.getRedirectUris().addAll(clientAppTO.getRedirectUris());
234 clientApp.getSupportedGrantTypes().clear();
235 clientApp.getSupportedGrantTypes().addAll(clientAppTO.getSupportedGrantTypes());
236 clientApp.getSupportedResponseTypes().clear();
237 clientApp.getSupportedResponseTypes().addAll(clientAppTO.getSupportedResponseTypes());
238 clientApp.getScopes().clear();
239 clientApp.getScopes().addAll(clientAppTO.getScopes());
240 clientApp.setLogoutUri(clientAppTO.getLogoutUri());
241 clientApp.setJwks(clientAppTO.getJwks());
242 clientApp.setJwksUri(clientAppTO.getJwksUri());
243 clientApp.setTokenEndpointAuthenticationMethod(clientAppTO.getTokenEndpointAuthenticationMethod());
244 }
245
246 protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp clientApp) {
247 OIDCRPClientAppTO clientAppTO = new OIDCRPClientAppTO();
248 copyToTO(clientApp, clientAppTO);
249
250 clientAppTO.setClientId(clientApp.getClientId());
251 clientAppTO.setClientSecret(clientApp.getClientSecret());
252 clientAppTO.setSignIdToken(clientApp.isSignIdToken());
253 clientAppTO.setSubjectType(clientApp.getSubjectType());
254 clientAppTO.getRedirectUris().addAll(clientApp.getRedirectUris());
255 clientAppTO.getSupportedGrantTypes().addAll(clientApp.getSupportedGrantTypes());
256 clientAppTO.getSupportedResponseTypes().addAll(clientApp.getSupportedResponseTypes());
257 clientAppTO.getScopes().addAll(clientApp.getScopes());
258 clientAppTO.setLogoutUri(clientApp.getLogoutUri());
259 clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
260 clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
261 clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
262 clientAppTO.setJwks(clientApp.getJwks());
263 clientAppTO.setJwksUri(clientApp.getJwksUri());
264 clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
265
266 return clientAppTO;
267 }
268
269 protected void doUpdate(final CASSPClientApp clientApp, final CASSPClientAppTO clientAppTO) {
270 copyToEntity(clientApp, clientAppTO);
271
272 clientApp.setServiceId(clientAppTO.getServiceId());
273 }
274
275 protected CASSPClientAppTO getCASClientAppTO(final CASSPClientApp clientApp) {
276 CASSPClientAppTO clientAppTO = new CASSPClientAppTO();
277 copyToTO(clientApp, clientAppTO);
278 clientAppTO.setServiceId(clientApp.getServiceId());
279 return clientAppTO;
280 }
281
282 protected void copyToEntity(final ClientApp clientApp, final ClientAppTO clientAppTO) {
283 if (clientAppTO.getRealm() == null) {
284 clientApp.setRealm(null);
285 } else {
286 clientApp.setRealm((realmDAO.findByFullPath(clientAppTO.getRealm())));
287 }
288
289 clientApp.setName(clientAppTO.getName());
290 clientApp.setClientAppId(clientAppTO.getClientAppId());
291 clientApp.setDescription(clientAppTO.getDescription());
292 clientApp.setLogo(clientAppTO.getLogo());
293 clientApp.setTheme(clientAppTO.getTheme());
294 clientApp.setInformationUrl(clientAppTO.getInformationUrl());
295 clientApp.setPrivacyUrl(clientAppTO.getPrivacyUrl());
296 clientApp.setUsernameAttributeProviderConf(clientAppTO.getUsernameAttributeProviderConf());
297
298 if (clientAppTO.getAuthPolicy() == null) {
299 clientApp.setAuthPolicy(null);
300 } else {
301 Policy policy = policyDAO.find(clientAppTO.getAuthPolicy());
302 if (policy instanceof AuthPolicy) {
303 clientApp.setAuthPolicy((AuthPolicy) policy);
304 } else {
305 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
306 sce.getElements().add("Expected " + AuthPolicy.class.getSimpleName()
307 + ", found " + policy.getClass().getSimpleName());
308 throw sce;
309 }
310 }
311
312 if (clientAppTO.getAccessPolicy() == null) {
313 clientApp.setAccessPolicy(null);
314 } else {
315 Policy policy = policyDAO.find(clientAppTO.getAccessPolicy());
316 if (policy instanceof AccessPolicy) {
317 clientApp.setAccessPolicy((AccessPolicy) policy);
318 } else {
319 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
320 sce.getElements().add("Expected " + AccessPolicy.class.getSimpleName()
321 + ", found " + policy.getClass().getSimpleName());
322 throw sce;
323 }
324 }
325
326 if (clientAppTO.getAttrReleasePolicy() == null) {
327 clientApp.setAttrReleasePolicy(null);
328 } else {
329 Policy policy = policyDAO.find(clientAppTO.getAttrReleasePolicy());
330 if (policy instanceof AttrReleasePolicy) {
331 clientApp.setAttrReleasePolicy((AttrReleasePolicy) policy);
332 } else {
333 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
334 sce.getElements().add("Expected " + AttrReleasePolicy.class.getSimpleName()
335 + ", found " + policy.getClass().getSimpleName());
336 throw sce;
337 }
338 }
339
340 if (clientAppTO.getTicketExpirationPolicy() == null) {
341 clientApp.setTicketExpirationPolicy(null);
342 } else {
343 Policy policy = policyDAO.find(clientAppTO.getTicketExpirationPolicy());
344 if (policy instanceof TicketExpirationPolicy) {
345 clientApp.setTicketExpirationPolicy((TicketExpirationPolicy) policy);
346 } else {
347 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
348 sce.getElements().add("Expected " + TicketExpirationPolicy.class.getSimpleName()
349 + ", found " + policy.getClass().getSimpleName());
350 throw sce;
351 }
352 }
353
354 clientApp.setProperties(clientAppTO.getProperties());
355 clientApp.setLogoutType(clientAppTO.getLogoutType());
356 }
357 }