Commit b6a6059d authored by michael.simon's avatar michael.simon
Browse files

add idp admin page

parent 33eee79c
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.bean.idpadmn;
import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.ViewScoped;
import javax.faces.event.ComponentSystemEvent;
import javax.inject.Inject;
import org.apache.commons.codec.binary.Base64;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlUserEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.identity.IdentityEntity;
import edu.kit.scc.webreg.exc.NotAuthorizedException;
import edu.kit.scc.webreg.service.SamlIdpMetadataService;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.service.identity.IdentityService;
import edu.kit.scc.webreg.service.saml.SamlHelper;
import edu.kit.scc.webreg.session.SessionManager;
@ManagedBean
@ViewScoped
public class IdpAdminIndexBean implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private Logger logger;
@Inject
private SessionManager session;
@Inject
private UserService userService;
@Inject
private IdentityService identityService;
@Inject
private SamlIdpMetadataService idpService;
@Inject
private SamlHelper samlHelper;
private IdentityEntity identity;
private List<UserEntity> userList;
private List<SamlIdpMetadataEntity> idpList;
private SamlIdpMetadataEntity selectedIdp;
private SamlIdpMetadataEntity idp;
private EntityDescriptor entityDescriptor;
private IDPSSODescriptor idpssoDescriptor;
private Map<KeyDescriptor, List<java.security.cert.X509Certificate>> certMap;
public void preRenderView(ComponentSystemEvent ev) {
if (getIdpList().size() == 0) {
throw new NotAuthorizedException("Not authorized");
}
selectedIdp = idpList.get(0);
}
public IdentityEntity getIdentity() {
if (identity == null) {
identity = identityService.findById(session.getIdentityId());
}
return identity;
}
public List<UserEntity> getUserList() {
if (userList == null) {
userList = new ArrayList<UserEntity>();
for (UserEntity user : userService.findByIdentity(getIdentity())) {
userList.add(userService.findByIdWithAttrs(user.getId(), "attributeStore"));
}
}
return userList;
}
public List<SamlIdpMetadataEntity> getIdpList() {
if (idpList == null) {
idpList = new ArrayList<SamlIdpMetadataEntity>();
for (UserEntity user : getUserList()) {
if (user instanceof SamlUserEntity &&
user.getAttributeStore().containsKey("urn:oid:1.3.6.1.4.1.5923.1.1.1.7") &&
user.getAttributeStore().get("urn:oid:1.3.6.1.4.1.5923.1.1.1.7").contains("http://bwidm.scc.kit.edu/entitlement/idp-admin")) {
idpList.add(((SamlUserEntity) user).getIdp());
}
}
}
return idpList;
}
public SamlIdpMetadataEntity getSelectedIdp() {
return selectedIdp;
}
public void setSelectedIdp(SamlIdpMetadataEntity selectedIdp) {
this.selectedIdp = selectedIdp;
}
public SamlIdpMetadataEntity getIdp() {
if (idp == null || (! idp.equals(selectedIdp))) {
idp = idpService.findByIdWithAll(selectedIdp.getId());
certMap = new HashMap<KeyDescriptor, List<java.security.cert.X509Certificate>>();
entityDescriptor = samlHelper.unmarshal(idp.getEntityDescriptor(), EntityDescriptor.class);
idpssoDescriptor = (IDPSSODescriptor) entityDescriptor.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME).get(0);
}
return idp;
}
public List<java.security.cert.X509Certificate> getCert(KeyDescriptor kd) {
if (kd == null)
return null;
if (certMap.containsKey(kd))
return certMap.get(kd);
List<java.security.cert.X509Certificate> certList = new ArrayList<java.security.cert.X509Certificate>();
KeyInfo keyInfo = kd.getKeyInfo();
if (keyInfo == null)
return null;
for (X509Data x509 : keyInfo.getX509Datas()) {
for (X509Certificate x509cert : x509.getX509Certificates()) {
try {
String certValue = x509cert.getValue();
byte[] certBytes = Base64.decodeBase64(certValue.getBytes());
java.security.cert.X509Certificate crt = (java.security.cert.X509Certificate)
CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes));
certList.add(crt);
} catch (Exception e) {
String cause = "";
if (e.getCause() != null)
cause = e.getCause().getMessage();
logger.warn("Unable to parse Certificate: " + e.toString() + " cause: " + cause);
}
}
}
certMap.put(kd, certList);
return certList;
}
public EntityDescriptor getEntityDescriptor() {
return entityDescriptor;
}
public IDPSSODescriptor getIdpssoDescriptor() {
return idpssoDescriptor;
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:bw="http://www.scc.kit.edu/bwfacelets"
xmlns:p="http://primefaces.org/ui"
xmlns:of="http://omnifaces.org/functions">
<head>
<title></title>
</head>
<body>
<f:view>
<f:metadata>
<f:event type="javax.faces.event.PreRenderViewEvent"
listener="#{idpAdminIndexBean.preRenderView}" />
</f:metadata>
<ui:composition template="/template/default.xhtml">
<ui:param name="title" value="#{messages.title}"/>
<ui:define name="content">
<h:form id="form" class="full form">
<h2><h:outputText value="#{messages.idp_admin}"/></h2>
<p:selectOneMenu value="#{idpAdminIndexBean.selectedIdp}"
converter="#{samlIdpMetadataConverter}">
<f:selectItems value="#{idpAdminIndexBean.idpList}"
var="idp" itemLabel="#{idp.entityId}" itemValue="#{idp}"/>
<f:ajax render=":form:idpDetailPanel" />
</p:selectOneMenu>
<p:tabView id="idpDetailPanel" dynamic="true" cache="true">
<p:tab id="tab1" title="#{messages.overview}">
<p:panelGrid id="baseData" columns="2">
<h:outputText value="#{messages.id}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.id}"/>
<h:outputText value="#{messages.entity_id}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.entityId}"/>
<h:outputText value="#{messages.status}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.status}"/>
<h:outputText value="#{messages.artifact_resolution} #{messages.status}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.aqIdpStatus} (changed: #{idpAdminIndexBean.idp.lastAqStatusChange})"/>
<h:outputText value="#{messages.single_sign_on} #{messages.status}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.idIdpStatus} (changed: #{idpAdminIndexBean.idp.lastIdStatusChange})"/>
<h:outputText value="#{messages.name}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.displayName}"/>
<h:outputText value="#{messages.information_url}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.informationUrl}"/>
<h:outputText value="#{messages.org_name}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.orgName}"/>
<h:outputText value="#{messages.description}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.description}"/>
<h:outputText value="#{messages.scopes}:"/>
<h:panelGroup>
<ul>
<ui:repeat var="s" value="#{idpAdminIndexBean.idp.scopes.toArray()}">
<li><h:outputText value="#{s.scope} (is regex: #{s.regex})"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputText value="#{messages.generic_store}:"/>
<h:panelGroup>
<ul>
<ui:repeat var="key" value="#{idpAdminIndexBean.idp.genericStore.keySet().toArray()}">
<li>
<h:panelGrid id="newPropTable" columns="2" columnClasses="labelColumn, elementColumn">
<h:outputText value="#{key}:"/>
<h:outputText value="#{idpAdminIndexBean.idp.genericStore.get(key)}"/>
</h:panelGrid>
</li>
</ui:repeat>
</ul>
</h:panelGroup>
</p:panelGrid>
</p:tab>
<p:tab id="tab2" title="#{messages.saml_detail}">
<p:panelGrid columns="2">
<h:outputLabel value="#{messages.supported_protocols}" />
<h:panelGroup>
<ul>
<ui:repeat var="proto" value="#{idpAdminIndexBean.idpssoDescriptor.supportedProtocols}">
<li><h:outputText value="#{proto}"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.keys}" />
<h:panelGroup>
<ui:repeat var="key" value="#{idpAdminIndexBean.idpssoDescriptor.keyDescriptors}">
<p:panel header="#{key.use}" collapsed="true" toggleable="true">
<p:messages for="certMsg-#{key.hashCode()}" showDetail="true" />
<ui:repeat var="cert" value="#{idpAdminIndexBean.getCert(key)}">
<div style="max-width: 700px; max-height:400px; font-family: courier, monospace; font-size:10px; white-space: pre; overflow: scroll;">
<h:outputText value="#{cert}" />
</div>
</ui:repeat>
</p:panel>
</ui:repeat>
</h:panelGroup>
<h:outputLabel value="#{messages.artifact_resolution}" />
<h:panelGroup>
<ul>
<ui:repeat var="endpoint" value="#{idpAdminIndexBean.idpssoDescriptor.artifactResolutionServices}">
<li><h:outputText value="#{endpoint.binding}"/> - <h:outputText value="#{endpoint.location}"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.single_sign_on}" />
<h:panelGroup>
<ul>
<ui:repeat var="endpoint" value="#{idpAdminIndexBean.idpssoDescriptor.singleSignOnServices}">
<li><h:outputText value="#{endpoint.binding}"/> - <h:outputText value="#{endpoint.location}"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.single_logout}" />
<h:panelGroup>
<ul>
<ui:repeat var="endpoint" value="#{idpAdminIndexBean.idpssoDescriptor.singleLogoutServices}">
<li><h:outputText value="#{endpoint.binding}"/> - <h:outputText value="#{endpoint.location}"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.nameid_format}" />
<h:panelGroup>
<ul>
<ui:repeat var="nidf" value="#{idpAdminIndexBean.idpssoDescriptor.nameIDFormats}">
<li><h:outputText value="#{nidf.format}"/></li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.organisation}" />
<h:panelGroup>
<ul>
<ui:repeat var="org" value="#{idpAdminIndexBean.entityDescriptor.organization.organizationNames}">
<li>OrgName: <h:outputText value="#{org.value}"/> (<h:outputText value="#{org.XMLLang}"/>)</li>
</ui:repeat>
</ul>
<ul>
<ui:repeat var="org" value="#{idpAdminIndexBean.entityDescriptor.organization.displayNames}">
<li>DisplayName: <h:outputText value="#{org.value}"/> (<h:outputText value="#{org.XMLLang}"/>)</li>
</ui:repeat>
</ul>
<ul>
<ui:repeat var="org" value="#{idpAdminIndexBean.entityDescriptor.organization.URLs}">
<li>URL: <h:outputText value="#{org.value}"/> (<h:outputText value="#{org.XMLLang}"/>)</li>
</ui:repeat>
</ul>
</h:panelGroup>
<h:outputLabel value="#{messages.contact_person}" />
<h:panelGroup>
<ul>
<ui:repeat var="person" value="#{idpAdminIndexBean.entityDescriptor.contactPersons}">
<li><h:outputText value="#{person.type}: #{person.surName.name}, #{person.givenName.name}"/>
<ul>
<ui:repeat var="email" value="#{person.emailAddresses}">
<li>Email: <h:outputText value="#{email.address}" /></li>
</ui:repeat>
<ui:repeat var="tel" value="#{person.telephoneNumbers}">
<li>Telefon: <h:outputText value="#{tel.number}" /></li>
</ui:repeat>
</ul>
</li>
</ui:repeat>
</ul>
</h:panelGroup>
</p:panelGrid>
</p:tab>
</p:tabView>
</h:form>
</ui:define>
</ui:composition>
</f:view>
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment