/** * Updates signing or encryption key info for SP or IDP. This will update both signing/encryption * alias on extended metadata and certificates in standard metadata. * * @param realm Realm the entity resides. * @param entityID ID of the entity to be updated. * @param certAlias Alias of the certificate to be set to the entity. If null, will remove * existing key information from the SP or IDP. * @param isSigning true if this is signing certificate alias, false if this is encryption * certification alias. * @param isIDP true if this is for IDP signing/encryption alias, false if this is for SP * signing/encryption alias * @param encAlgo Encryption algorithm URI, this is applicable for encryption cert only. * @param keySize Encryption key size, this is applicable for encryption cert only. * @throws SAML2MetaException if failed to update the certificate alias for the entity. */ public static void updateProviderKeyInfo( String realm, String entityID, String certAlias, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws SAML2MetaException { SAML2MetaManager metaManager = new SAML2MetaManager(); EntityConfigElement config = metaManager.getEntityConfig(realm, entityID); if (!config.isHosted()) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotHosted", args); } EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID); if (isIDP) { IDPSSOConfigElement idpConfig = SAML2MetaUtils.getIDPSSOConfig(config); IDPSSODescriptorElement idpDesp = SAML2MetaUtils.getIDPSSODescriptor(desp); if ((idpConfig == null) || (idpDesp == null)) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotIDP", args); } // update standard metadata if ((certAlias == null) || (certAlias.length() == 0)) { // remove key info removeKeyDescriptor(idpDesp, isSigning); if (isSigning) { setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, null); } else { setExtendedAttributeValue(idpConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null); } } else { KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize); updateKeyDescriptor(idpDesp, kde); // update extended metadata Set value = new HashSet(); value.add(certAlias); if (isSigning) { setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, value); } else { setExtendedAttributeValue(idpConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, value); } } metaManager.setEntityDescriptor(realm, desp); metaManager.setEntityConfig(realm, config); } else { SPSSOConfigElement spConfig = SAML2MetaUtils.getSPSSOConfig(config); SPSSODescriptorElement spDesp = SAML2MetaUtils.getSPSSODescriptor(desp); if ((spConfig == null) || (spDesp == null)) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotSP", args); } // update standard metadata if ((certAlias == null) || (certAlias.length() == 0)) { // remove key info removeKeyDescriptor(spDesp, isSigning); if (isSigning) { setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, null); } else { setExtendedAttributeValue(spConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null); } } else { KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize); updateKeyDescriptor(spDesp, kde); // update extended metadata Set value = new HashSet(); value.add(certAlias); if (isSigning) { setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, value); } else { setExtendedAttributeValue(spConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, value); } } metaManager.setEntityDescriptor(realm, desp); metaManager.setEntityConfig(realm, config); } }