View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.provisioning.java.data;
20  
21  import java.util.Optional;
22  import org.apache.syncope.common.lib.SyncopeClientException;
23  import org.apache.syncope.common.lib.to.CASSPClientAppTO;
24  import org.apache.syncope.common.lib.to.ClientAppTO;
25  import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
26  import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
27  import org.apache.syncope.common.lib.types.ClientExceptionType;
28  import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
29  import org.apache.syncope.core.persistence.api.dao.RealmDAO;
30  import org.apache.syncope.core.persistence.api.entity.EntityFactory;
31  import org.apache.syncope.core.persistence.api.entity.Realm;
32  import org.apache.syncope.core.persistence.api.entity.am.CASSPClientApp;
33  import org.apache.syncope.core.persistence.api.entity.am.ClientApp;
34  import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
35  import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp;
36  import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
37  import org.apache.syncope.core.persistence.api.entity.policy.AttrReleasePolicy;
38  import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
39  import org.apache.syncope.core.persistence.api.entity.policy.Policy;
40  import org.apache.syncope.core.persistence.api.entity.policy.TicketExpirationPolicy;
41  import org.apache.syncope.core.provisioning.api.data.ClientAppDataBinder;
42  
43  public class ClientAppDataBinderImpl implements ClientAppDataBinder {
44  
45      protected final PolicyDAO policyDAO;
46  
47      protected final RealmDAO realmDAO;
48  
49      protected final EntityFactory entityFactory;
50  
51      public ClientAppDataBinderImpl(
52              final PolicyDAO policyDAO,
53              final RealmDAO realmDAO,
54              final EntityFactory entityFactory) {
55  
56          this.policyDAO = policyDAO;
57          this.realmDAO = realmDAO;
58          this.entityFactory = entityFactory;
59      }
60  
61      @Override
62      @SuppressWarnings("unchecked")
63      public <T extends ClientApp> T create(final ClientAppTO clientAppTO) {
64          if (clientAppTO instanceof SAML2SPClientAppTO) {
65              return (T) doCreate((SAML2SPClientAppTO) clientAppTO);
66          }
67          if (clientAppTO instanceof OIDCRPClientAppTO) {
68              return (T) doCreate((OIDCRPClientAppTO) clientAppTO);
69          }
70          if (clientAppTO instanceof CASSPClientAppTO) {
71              return (T) doCreate((CASSPClientAppTO) clientAppTO);
72          }
73  
74          throw new IllegalArgumentException("Unsupported client app: " + clientAppTO.getClass().getName());
75      }
76  
77      @Override
78      public <T extends ClientApp> void update(final T clientApp, final ClientAppTO clientAppTO) {
79          if (clientAppTO instanceof SAML2SPClientAppTO) {
80              doUpdate((SAML2SPClientApp) clientApp, (SAML2SPClientAppTO) clientAppTO);
81          } else if (clientAppTO instanceof OIDCRPClientAppTO) {
82              doUpdate((OIDCRPClientApp) clientApp, (OIDCRPClientAppTO) clientAppTO);
83          } else if (clientAppTO instanceof CASSPClientAppTO) {
84              doUpdate((CASSPClientApp) clientApp, (CASSPClientAppTO) clientAppTO);
85          } else {
86              throw new IllegalArgumentException("Unsupported client app: " + clientAppTO.getClass().getName());
87          }
88      }
89  
90      @Override
91      @SuppressWarnings("unchecked")
92      public <T extends ClientAppTO> T getClientAppTO(final ClientApp clientApp) {
93          if (clientApp instanceof SAML2SPClientApp) {
94              return (T) getSAMLClientAppTO((SAML2SPClientApp) clientApp);
95          }
96          if (clientApp instanceof OIDCRPClientApp) {
97              return (T) getOIDCClientAppTO((OIDCRPClientApp) clientApp);
98          }
99          if (clientApp instanceof CASSPClientApp) {
100             return (T) getCASClientAppTO((CASSPClientApp) clientApp);
101         }
102         throw new IllegalArgumentException("Unsupported client app: " + clientApp.getClass().getName());
103     }
104 
105     protected SAML2SPClientApp doCreate(final SAML2SPClientAppTO clientAppTO) {
106         SAML2SPClientApp saml2sp = entityFactory.newEntity(SAML2SPClientApp.class);
107         update(saml2sp, clientAppTO);
108         return saml2sp;
109     }
110 
111     protected CASSPClientApp doCreate(final CASSPClientAppTO clientAppTO) {
112         CASSPClientApp saml2sp = entityFactory.newEntity(CASSPClientApp.class);
113         update(saml2sp, clientAppTO);
114         return saml2sp;
115     }
116 
117     protected void doUpdate(final SAML2SPClientApp clientApp, final SAML2SPClientAppTO clientAppTO) {
118         copyToEntity(clientApp, clientAppTO);
119 
120         clientApp.setEntityId(clientAppTO.getEntityId());
121         clientApp.setMetadataLocation(clientAppTO.getMetadataLocation());
122         clientApp.setMetadataSignatureLocation(clientAppTO.getMetadataSignatureLocation());
123         clientApp.setSignAssertions(clientAppTO.isSignAssertions());
124         clientApp.setSignResponses(clientAppTO.isSignResponses());
125         clientApp.setEncryptionOptional(clientAppTO.isEncryptionOptional());
126         clientApp.setEncryptAssertions(clientAppTO.isEncryptAssertions());
127         clientApp.setRequiredAuthenticationContextClass(clientAppTO.getRequiredAuthenticationContextClass());
128         clientApp.setRequiredNameIdFormat(clientAppTO.getRequiredNameIdFormat());
129         clientApp.setSkewAllowance(clientAppTO.getSkewAllowance());
130         clientApp.setNameIdQualifier(clientAppTO.getNameIdQualifier());
131         clientApp.getAssertionAudiences().clear();
132         clientApp.getAssertionAudiences().addAll(clientAppTO.getAssertionAudiences());
133         clientApp.setServiceProviderNameIdQualifier(clientAppTO.getServiceProviderNameIdQualifier());
134 
135         clientApp.getSigningSignatureAlgorithms().clear();
136         clientApp.getSigningSignatureAlgorithms().addAll(
137                 clientAppTO.getSigningSignatureAlgorithms());
138         clientApp.getSigningSignatureReferenceDigestMethods().clear();
139         clientApp.getSigningSignatureReferenceDigestMethods().addAll(
140                 clientAppTO.getSigningSignatureReferenceDigestMethods());
141         clientApp.getEncryptionKeyAlgorithms().clear();
142         clientApp.getEncryptionKeyAlgorithms().addAll(
143                 clientAppTO.getEncryptionKeyAlgorithms());
144         clientApp.getEncryptionDataAlgorithms().clear();
145         clientApp.getEncryptionDataAlgorithms().addAll(
146                 clientAppTO.getEncryptionDataAlgorithms());
147 
148         clientApp.getSigningSignatureBlackListedAlgorithms().clear();
149         clientApp.getSigningSignatureBlackListedAlgorithms().
150                 addAll(clientAppTO.getSigningSignatureBlackListedAlgorithms());
151         clientApp.getEncryptionBlackListedAlgorithms().clear();
152         clientApp.getEncryptionBlackListedAlgorithms().addAll(
153                 clientAppTO.getEncryptionBlackListedAlgorithms());
154     }
155 
156     protected void copyToTO(final ClientApp clientApp, final ClientAppTO clientAppTO) {
157         clientAppTO.setKey(clientApp.getKey());
158         clientAppTO.setRealm(Optional.ofNullable(clientApp.getRealm()).map(Realm::getFullPath).orElse(null));
159         clientAppTO.setName(clientApp.getName());
160         clientAppTO.setClientAppId(clientApp.getClientAppId());
161         clientAppTO.setDescription(clientApp.getDescription());
162         clientAppTO.setLogo(clientApp.getLogo());
163         clientAppTO.setTheme(clientApp.getTheme());
164         clientAppTO.setInformationUrl(clientApp.getInformationUrl());
165         clientAppTO.setPrivacyUrl(clientApp.getPrivacyUrl());
166         clientAppTO.setUsernameAttributeProviderConf(clientApp.getUsernameAttributeProviderConf());
167 
168         clientAppTO.setAuthPolicy(Optional.ofNullable(clientApp.getAuthPolicy()).
169                 map(AuthPolicy::getKey).orElse(null));
170         clientAppTO.setAccessPolicy(Optional.ofNullable(clientApp.getAccessPolicy()).
171                 map(AccessPolicy::getKey).orElse(null));
172         clientAppTO.setAttrReleasePolicy(Optional.ofNullable(clientApp.getAttrReleasePolicy()).
173                 map(AttrReleasePolicy::getKey).orElse(null));
174         clientAppTO.setTicketExpirationPolicy(Optional.ofNullable(clientApp.getTicketExpirationPolicy()).
175                 map(TicketExpirationPolicy::getKey).orElse(null));
176 
177         clientAppTO.getProperties().addAll(clientApp.getProperties());
178         clientAppTO.setLogoutType(clientApp.getLogoutType());
179     }
180 
181     protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp) {
182         SAML2SPClientAppTO clientAppTO = new SAML2SPClientAppTO();
183         copyToTO(clientApp, clientAppTO);
184 
185         clientAppTO.setEntityId(clientApp.getEntityId());
186         clientAppTO.setMetadataLocation(clientApp.getMetadataLocation());
187         clientAppTO.setMetadataSignatureLocation(clientApp.getMetadataSignatureLocation());
188         clientAppTO.setSignAssertions(clientApp.isSignAssertions());
189         clientAppTO.setSignResponses(clientApp.isSignResponses());
190         clientAppTO.setEncryptionOptional(clientApp.isEncryptionOptional());
191         clientAppTO.setEncryptAssertions(clientApp.isEncryptAssertions());
192         clientAppTO.setRequiredAuthenticationContextClass(clientApp.getRequiredAuthenticationContextClass());
193         clientAppTO.setRequiredNameIdFormat(clientApp.getRequiredNameIdFormat());
194         clientAppTO.setSkewAllowance(clientApp.getSkewAllowance());
195         clientAppTO.setNameIdQualifier(clientApp.getNameIdQualifier());
196         clientAppTO.getAssertionAudiences().addAll(clientApp.getAssertionAudiences());
197         clientAppTO.setServiceProviderNameIdQualifier(clientApp.getServiceProviderNameIdQualifier());
198 
199         clientAppTO.getSigningSignatureAlgorithms().addAll(
200                 clientApp.getSigningSignatureAlgorithms());
201         clientAppTO.getSigningSignatureReferenceDigestMethods().addAll(
202                 clientApp.getSigningSignatureReferenceDigestMethods());
203         clientAppTO.getEncryptionKeyAlgorithms().addAll(
204                 clientApp.getEncryptionKeyAlgorithms());
205         clientAppTO.getEncryptionDataAlgorithms().addAll(
206                 clientApp.getEncryptionDataAlgorithms());
207 
208         clientAppTO.getSigningSignatureBlackListedAlgorithms().addAll(
209                 clientApp.getSigningSignatureBlackListedAlgorithms());
210         clientAppTO.getEncryptionBlackListedAlgorithms().addAll(
211                 clientApp.getEncryptionBlackListedAlgorithms());
212 
213         return clientAppTO;
214     }
215 
216     protected OIDCRPClientApp doCreate(final OIDCRPClientAppTO clientAppTO) {
217         OIDCRPClientApp oidcrp = entityFactory.newEntity(OIDCRPClientApp.class);
218         update(oidcrp, clientAppTO);
219         return oidcrp;
220     }
221 
222     protected void doUpdate(final OIDCRPClientApp clientApp, final OIDCRPClientAppTO clientAppTO) {
223         copyToEntity(clientApp, clientAppTO);
224 
225         clientApp.setClientSecret(clientAppTO.getClientSecret());
226         clientApp.setClientId(clientAppTO.getClientId());
227         clientApp.setSignIdToken(clientAppTO.isSignIdToken());
228         clientApp.setJwtAccessToken(clientAppTO.isJwtAccessToken());
229         clientApp.setBypassApprovalPrompt(clientAppTO.isBypassApprovalPrompt());
230         clientApp.setGenerateRefreshToken(clientAppTO.isGenerateRefreshToken());
231         clientApp.setSubjectType(clientAppTO.getSubjectType());
232         clientApp.getRedirectUris().clear();
233         clientApp.getRedirectUris().addAll(clientAppTO.getRedirectUris());
234         clientApp.getSupportedGrantTypes().clear();
235         clientApp.getSupportedGrantTypes().addAll(clientAppTO.getSupportedGrantTypes());
236         clientApp.getSupportedResponseTypes().clear();
237         clientApp.getSupportedResponseTypes().addAll(clientAppTO.getSupportedResponseTypes());
238         clientApp.getScopes().clear();
239         clientApp.getScopes().addAll(clientAppTO.getScopes());
240         clientApp.setLogoutUri(clientAppTO.getLogoutUri());
241         clientApp.setJwks(clientAppTO.getJwks());
242         clientApp.setJwksUri(clientAppTO.getJwksUri());
243         clientApp.setTokenEndpointAuthenticationMethod(clientAppTO.getTokenEndpointAuthenticationMethod());
244     }
245 
246     protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp clientApp) {
247         OIDCRPClientAppTO clientAppTO = new OIDCRPClientAppTO();
248         copyToTO(clientApp, clientAppTO);
249 
250         clientAppTO.setClientId(clientApp.getClientId());
251         clientAppTO.setClientSecret(clientApp.getClientSecret());
252         clientAppTO.setSignIdToken(clientApp.isSignIdToken());
253         clientAppTO.setSubjectType(clientApp.getSubjectType());
254         clientAppTO.getRedirectUris().addAll(clientApp.getRedirectUris());
255         clientAppTO.getSupportedGrantTypes().addAll(clientApp.getSupportedGrantTypes());
256         clientAppTO.getSupportedResponseTypes().addAll(clientApp.getSupportedResponseTypes());
257         clientAppTO.getScopes().addAll(clientApp.getScopes());
258         clientAppTO.setLogoutUri(clientApp.getLogoutUri());
259         clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
260         clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
261         clientAppTO.setGenerateRefreshToken(clientApp.isGenerateRefreshToken());
262         clientAppTO.setJwks(clientApp.getJwks());
263         clientAppTO.setJwksUri(clientApp.getJwksUri());
264         clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
265 
266         return clientAppTO;
267     }
268 
269     protected void doUpdate(final CASSPClientApp clientApp, final CASSPClientAppTO clientAppTO) {
270         copyToEntity(clientApp, clientAppTO);
271 
272         clientApp.setServiceId(clientAppTO.getServiceId());
273     }
274 
275     protected CASSPClientAppTO getCASClientAppTO(final CASSPClientApp clientApp) {
276         CASSPClientAppTO clientAppTO = new CASSPClientAppTO();
277         copyToTO(clientApp, clientAppTO);
278         clientAppTO.setServiceId(clientApp.getServiceId());
279         return clientAppTO;
280     }
281 
282     protected void copyToEntity(final ClientApp clientApp, final ClientAppTO clientAppTO) {
283         if (clientAppTO.getRealm() == null) {
284             clientApp.setRealm(null);
285         } else {
286             clientApp.setRealm((realmDAO.findByFullPath(clientAppTO.getRealm())));
287         }
288 
289         clientApp.setName(clientAppTO.getName());
290         clientApp.setClientAppId(clientAppTO.getClientAppId());
291         clientApp.setDescription(clientAppTO.getDescription());
292         clientApp.setLogo(clientAppTO.getLogo());
293         clientApp.setTheme(clientAppTO.getTheme());
294         clientApp.setInformationUrl(clientAppTO.getInformationUrl());
295         clientApp.setPrivacyUrl(clientAppTO.getPrivacyUrl());
296         clientApp.setUsernameAttributeProviderConf(clientAppTO.getUsernameAttributeProviderConf());
297 
298         if (clientAppTO.getAuthPolicy() == null) {
299             clientApp.setAuthPolicy(null);
300         } else {
301             Policy policy = policyDAO.find(clientAppTO.getAuthPolicy());
302             if (policy instanceof AuthPolicy) {
303                 clientApp.setAuthPolicy((AuthPolicy) policy);
304             } else {
305                 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
306                 sce.getElements().add("Expected " + AuthPolicy.class.getSimpleName()
307                         + ", found " + policy.getClass().getSimpleName());
308                 throw sce;
309             }
310         }
311 
312         if (clientAppTO.getAccessPolicy() == null) {
313             clientApp.setAccessPolicy(null);
314         } else {
315             Policy policy = policyDAO.find(clientAppTO.getAccessPolicy());
316             if (policy instanceof AccessPolicy) {
317                 clientApp.setAccessPolicy((AccessPolicy) policy);
318             } else {
319                 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
320                 sce.getElements().add("Expected " + AccessPolicy.class.getSimpleName()
321                         + ", found " + policy.getClass().getSimpleName());
322                 throw sce;
323             }
324         }
325 
326         if (clientAppTO.getAttrReleasePolicy() == null) {
327             clientApp.setAttrReleasePolicy(null);
328         } else {
329             Policy policy = policyDAO.find(clientAppTO.getAttrReleasePolicy());
330             if (policy instanceof AttrReleasePolicy) {
331                 clientApp.setAttrReleasePolicy((AttrReleasePolicy) policy);
332             } else {
333                 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
334                 sce.getElements().add("Expected " + AttrReleasePolicy.class.getSimpleName()
335                         + ", found " + policy.getClass().getSimpleName());
336                 throw sce;
337             }
338         }
339 
340         if (clientAppTO.getTicketExpirationPolicy() == null) {
341             clientApp.setTicketExpirationPolicy(null);
342         } else {
343             Policy policy = policyDAO.find(clientAppTO.getTicketExpirationPolicy());
344             if (policy instanceof TicketExpirationPolicy) {
345                 clientApp.setTicketExpirationPolicy((TicketExpirationPolicy) policy);
346             } else {
347                 SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidPolicy);
348                 sce.getElements().add("Expected " + TicketExpirationPolicy.class.getSimpleName()
349                         + ", found " + policy.getClass().getSimpleName());
350                 throw sce;
351             }
352         }
353 
354         clientApp.setProperties(clientAppTO.getProperties());
355         clientApp.setLogoutType(clientAppTO.getLogoutType());
356     }
357 }