org.cloudfoundry.identity.uaa.impl.config.IdentityZoneConfigurationBootstrap Maven / Gradle / Ivy
/*******************************************************************************
* Cloud Foundry
* Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved.
*
* This product is licensed to you under the Apache License, Version 2.0 (the "License").
* You may not use this product except in compliance with the License.
*
* This product includes a number of subcomponents with
* separate copyright notices and license terms. Your use of these
* subcomponents is subject to the terms and conditions of the
* subcomponent's license, as noted in the LICENSE file.
*******************************************************************************/
package org.cloudfoundry.identity.uaa.impl.config;
import org.cloudfoundry.identity.uaa.login.Prompt;
import org.cloudfoundry.identity.uaa.saml.SamlKey;
import org.cloudfoundry.identity.uaa.util.JsonUtils;
import org.cloudfoundry.identity.uaa.zone.BrandingInformation;
import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneValidator;
import org.cloudfoundry.identity.uaa.zone.InvalidIdentityZoneDetailsException;
import org.cloudfoundry.identity.uaa.zone.TokenPolicy;
import org.springframework.beans.factory.InitializingBean;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import static java.util.Collections.EMPTY_MAP;
import static java.util.Objects.nonNull;
import static java.util.Optional.ofNullable;
import static org.springframework.util.StringUtils.hasText;
public class IdentityZoneConfigurationBootstrap implements InitializingBean {
private ClientSecretPolicy clientSecretPolicy;
private TokenPolicy tokenPolicy;
private IdentityZoneProvisioning provisioning;
private boolean selfServiceLinksEnabled = true;
private String homeRedirect = null;
private Map selfServiceLinks;
private boolean mfaEnabled;
private String mfaProviderName;
private List logoutRedirectWhitelist;
private String logoutRedirectParameterName;
private String logoutDefaultRedirectUrl;
private boolean logoutDisableRedirectParameter = true;
private List prompts;
private String samlSpPrivateKey;
private String samlSpPrivateKeyPassphrase;
private String samlSpCertificate;
private boolean disableSamlInResponseToCheck = false;
private Map> samlKeys;
private String activeKeyId;
private boolean idpDiscoveryEnabled = false;
private boolean accountChooserEnabled;
private Collection defaultUserGroups;
private IdentityZoneValidator validator = (config, mode) -> config;
private Map branding;
public void setValidator(IdentityZoneValidator validator) {
this.validator = validator;
}
public IdentityZoneConfigurationBootstrap(IdentityZoneProvisioning provisioning) {
this.provisioning = provisioning;
}
@Override
public void afterPropertiesSet() throws InvalidIdentityZoneDetailsException {
IdentityZone identityZone = provisioning.retrieve(IdentityZone.getUaa().getId());
IdentityZoneConfiguration definition = new IdentityZoneConfiguration(tokenPolicy);
definition.setClientSecretPolicy(clientSecretPolicy);
definition.getLinks().getSelfService().setSelfServiceLinksEnabled(selfServiceLinksEnabled);
definition.getLinks().setHomeRedirect(homeRedirect);
definition.getSamlConfig().setCertificate(samlSpCertificate);
definition.getSamlConfig().setPrivateKey(samlSpPrivateKey);
definition.getSamlConfig().setPrivateKeyPassword(samlSpPrivateKeyPassphrase);
definition.getSamlConfig().setDisableInResponseToCheck(disableSamlInResponseToCheck);
definition.setIdpDiscoveryEnabled(idpDiscoveryEnabled);
definition.setAccountChooserEnabled(accountChooserEnabled);
definition.getMfaConfig().setEnabled(mfaEnabled);
definition.getMfaConfig().setProviderName(mfaProviderName);
samlKeys = ofNullable(samlKeys).orElse(EMPTY_MAP);
for (Map.Entry> entry : samlKeys.entrySet()) {
SamlKey samlKey = new SamlKey(entry.getValue().get("key"), entry.getValue().get("passphrase"), entry.getValue().get("certificate"));
definition.getSamlConfig().addKey(entry.getKey(), samlKey);
}
definition.getSamlConfig().setActiveKeyId(this.activeKeyId);
if (selfServiceLinks!=null) {
String signup = (String)selfServiceLinks.get("signup");
String passwd = (String)selfServiceLinks.get("passwd");
if (hasText(signup)) {
definition.getLinks().getSelfService().setSignup(signup);
}
if (hasText(passwd)) {
definition.getLinks().getSelfService().setPasswd(passwd);
}
}
if (nonNull(logoutRedirectWhitelist)) {
definition.getLinks().getLogout().setWhitelist(logoutRedirectWhitelist);
}
if (hasText(logoutRedirectParameterName)) {
definition.getLinks().getLogout().setRedirectParameterName(logoutRedirectParameterName);
}
if (hasText(logoutDefaultRedirectUrl)) {
definition.getLinks().getLogout().setRedirectUrl(logoutDefaultRedirectUrl);
}
definition.getLinks().getLogout().setDisableRedirectParameter(logoutDisableRedirectParameter);
if (nonNull(prompts)) {
definition.setPrompts(prompts);
}
BrandingInformation brandingInfo = JsonUtils.convertValue(branding, BrandingInformation.class);
definition.setBranding(brandingInfo);
if (defaultUserGroups!=null) {
definition.getUserConfig().setDefaultGroups(new LinkedList<>(defaultUserGroups));
}
identityZone.setConfig(definition);
identityZone = validator.validate(identityZone, IdentityZoneValidator.Mode.MODIFY);
provisioning.update(identityZone);
}
public void setClientSecretPolicy(ClientSecretPolicy clientSecretPolicy) {
this.clientSecretPolicy = clientSecretPolicy;
}
public void setMfaEnabled(boolean mfaEnabled) {
this.mfaEnabled = mfaEnabled;
}
public void setMfaProviderName(String mfaProviderName) {
this.mfaProviderName = mfaProviderName;
}
public String getMfaProviderName() {
return mfaProviderName;
}
public boolean isMfaEnabled() {
return mfaEnabled;
}
public IdentityZoneConfigurationBootstrap setSamlKeys(Map> samlKeys) {
this.samlKeys = samlKeys;
return this;
}
public IdentityZoneConfigurationBootstrap setActiveKeyId(String activeKeyId) {
this.activeKeyId = activeKeyId;
return this;
}
public void setTokenPolicy(TokenPolicy tokenPolicy) {
this.tokenPolicy = tokenPolicy;
}
public void setSelfServiceLinksEnabled(boolean selfServiceLinksEnabled) {
this.selfServiceLinksEnabled = selfServiceLinksEnabled;
}
public void setHomeRedirect(String homeRedirect) {
this.homeRedirect = homeRedirect;
}
public String getHomeRedirect() {
return homeRedirect;
}
public void setSelfServiceLinks(Map links) {
this.selfServiceLinks = links;
}
public void setLogoutDefaultRedirectUrl(String logoutDefaultRedirectUrl) {
this.logoutDefaultRedirectUrl = logoutDefaultRedirectUrl;
}
public void setLogoutDisableRedirectParameter(boolean logoutDisableRedirectParameter) {
this.logoutDisableRedirectParameter = logoutDisableRedirectParameter;
}
public void setLogoutRedirectParameterName(String logoutRedirectParameterName) {
this.logoutRedirectParameterName = logoutRedirectParameterName;
}
public void setLogoutRedirectWhitelist(List logoutRedirectWhitelist) {
this.logoutRedirectWhitelist = logoutRedirectWhitelist;
}
public void setPrompts(List prompts) {
this.prompts = prompts;
}
public void setSamlSpCertificate(String samlSpCertificate) {
this.samlSpCertificate = samlSpCertificate;
}
public void setSamlSpPrivateKey(String samlSpPrivateKey) {
this.samlSpPrivateKey = samlSpPrivateKey;
}
public void setSamlSpPrivateKeyPassphrase(String samlSpPrivateKeyPassphrase) {
this.samlSpPrivateKeyPassphrase = samlSpPrivateKeyPassphrase;
}
public boolean isIdpDiscoveryEnabled() {
return idpDiscoveryEnabled;
}
public void setIdpDiscoveryEnabled(boolean idpDiscoveryEnabled) {
this.idpDiscoveryEnabled = idpDiscoveryEnabled;
}
public boolean isAccountChooserEnabled() {
return accountChooserEnabled;
}
public void setAccountChooserEnabled(boolean accountChooserEnabled) {
this.accountChooserEnabled = accountChooserEnabled;
}
public void setBranding(Map branding) {
this.branding = branding;
}
public Map getBranding() {
return branding;
}
public void setDefaultUserGroups(Collection defaultUserGroups) {
this.defaultUserGroups = defaultUserGroups;
}
public boolean isDisableSamlInResponseToCheck() {
return disableSamlInResponseToCheck;
}
public void setDisableSamlInResponseToCheck(boolean disableSamlInResponseToCheck) {
this.disableSamlInResponseToCheck = disableSamlInResponseToCheck;
}
}