/*
* Copyright 2005,2006 WSO2, Inc. http://www.wso2.org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.identity.provider;
import org.apache.axis2.AxisFault;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.RelyingPartyDO;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.provider.internal.IdentityProviderServiceComponent;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;
import org.wso2.carbon.utils.ServerException;
import java.io.File;
/**
* WSO2 WSAS <code>ServerInitializer</code> implementation to carry out initial configuration setup
* of the Identity Solution : Identity Provider.
*/
public class Initializer {
private Log log = LogFactory.getLog(this.getClass());
/**
* {@inheritDoc} Here we carry out all initialization work of the identity solution : identity
* provider
*/
public void init() throws AxisFault, ServerException {
try {
boolean isInitial = false;
IdentityPersistenceManager dbAdmin = IdentityPersistenceManager
.getPersistanceManager();
if (dbAdmin.getParameter(IdentityTenantUtil.getRegistry(null,null), IdentityConstants.PARAM_CARD_NAME).getValue() == null) {
isInitial = true;
}
CryptoUtil.getDefaultCryptoUtil();
IdentityProviderUtil.setIntial(isInitial);
if(!isKeyStoreExisting(IdentityUtil.getProperty(IdentityConstants.ServerConfig.USER_TRUSTED_RP_STORE_LOCATION))
|| "true".equals(System.getProperty("identity.server.reload.userrp"))){
addKeyStores();
log.info("userRP.jks is reloaded.");
}
if (isInitial) {
addParameters(IdentityTenantUtil.getRegistry(null,null));
// Add the globally trusted relying party
RelyingPartyDO rp = new RelyingPartyDO();
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
if (serverConfig.getFirstProperty("HostName") != null) {
rp.setHostName(serverConfig.getFirstProperty("HostName"));
rp.setAlias(serverConfig.getFirstProperty("HostName"));
} else {
rp.setHostName("localhost");
rp.setAlias("localhost");
}
rp.setAlias(serverConfig.getFirstProperty("Security.KeyStore.KeyAlias"));
dbAdmin.createGloabllyTrustedRelyingParty(IdentityTenantUtil.getRegistry(null,null), rp);
}
} catch (Exception e) {
throw new AxisFault(e.getMessage(), e);
}
}
private void addKeyStores() throws SecurityConfigException, RegistryException, IdentityException {
String storeFilePath = null;
KeyStoreAdmin keyAdmin = null;
String password = null;
String type = null;
String privateKeyPass = null;
storeFilePath = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_TRUSTED_RP_STORE_LOCATION);
password = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_TRUSTED_RP_STORE_PASSWORD);
type = IdentityUtil.getProperty(IdentityConstants.ServerConfig.USER_TRUSTED_RP_STORE_TYPE);
privateKeyPass = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_TRUSTED_RP_KEY_PASSWORD);
keyAdmin = new KeyStoreAdmin(IdentityProviderServiceComponent.getRegistryService().
getGovernanceSystemRegistry());
keyAdmin.addKeyStoreWithFilePath(storeFilePath, new File(storeFilePath).getName(),
password, "", type, privateKeyPass);
}
private void addSSOKeyStores() throws SecurityConfigException, RegistryException, IdentityException {
String storeFilePath = null;
KeyStoreAdmin keyAdmin = null;
String password = null;
String type = null;
String privateKeyPass = null;
storeFilePath = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_SSO_STORE_LOCATION);
password = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_SSO_STORE_PASSWORD);
type = IdentityUtil.getProperty(IdentityConstants.ServerConfig.USER_SSO_STORE_TYPE);
privateKeyPass = IdentityUtil
.getProperty(IdentityConstants.ServerConfig.USER_SSO_KEY_PASSWORD);
keyAdmin = new KeyStoreAdmin(IdentityProviderServiceComponent.getRegistryService().
getGovernanceSystemRegistry());
keyAdmin.addKeyStoreWithFilePath(storeFilePath, new File(storeFilePath).getName(),
password, "", type, privateKeyPass);
}
/**
* Called only when the Identity Solution is coming up for the first time
*/
private void addParameters(Registry registry) throws Exception {
IdentityPersistenceManager admin = IdentityPersistenceManager.getPersistanceManager();
admin.createOrUpdateParameter(registry, IdentityConstants.PARAM_SUPPORTED_TOKEN_TYPES,
IdentityConstants.SAML10_URL + "," + IdentityConstants.SAML11_URL + ","
+ IdentityConstants.SAML20_URL + "," + IdentityConstants.OpenId.OPENID_URL);
admin.createOrUpdateParameter(registry, IdentityConstants.PARAM_CARD_NAME,
IdentityConstants.PARAM_VALUE_CARD_NAME);
admin.createOrUpdateParameter(registry, IdentityConstants.PARAM_VALID_PERIOD,
IdentityConstants.PARAM_VALUE_VALID_PERIOD);
}
/**
* Checks whether the given key store is existing in the Governance Registry of tenant 0
* @param keyStorePath key store path
* @return true, if key store already exists in the registry.
* @throws ServerException failing to read from the registry.
*/
private boolean isKeyStoreExisting(String keyStorePath) throws ServerException {
String keyStoreName = new File(keyStorePath).getName();
String keyStoreLocation = SecurityConstants.KEY_STORES + "/" + keyStoreName;
boolean isKeyStoreExisting = false;
try {
UserRegistry govRegistry = IdentityProviderServiceComponent.getRegistryService().
getGovernanceSystemRegistry();
if(govRegistry.resourceExists(keyStoreLocation)){
isKeyStoreExisting = true;
}
} catch (RegistryException e) {
String errorMsg = "Error when checking the existence of " + keyStorePath + " in the Governance" +
"Registry.";
log.error(errorMsg, e);
throw new ServerException(errorMsg, e);
}
return isKeyStoreExisting;
}
}