/**
* Updates signing or encryption key info for SP or IDP. This will update both signing/encryption
* alias on extended metadata and certificates in standard metadata.
*
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If null, will remove
* existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if this is encryption
* certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false if this is for SP
* signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for encryption cert only.
* @param keySize Encryption key size, this is applicable for encryption cert only.
* @throws SAML2MetaException if failed to update the certificate alias for the entity.
*/
public static void updateProviderKeyInfo(
String realm,
String entityID,
String certAlias,
boolean isSigning,
boolean isIDP,
String encAlgo,
int keySize)
throws SAML2MetaException {
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = {entityID, realm};
throw new SAML2MetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPSSOConfigElement idpConfig = SAML2MetaUtils.getIDPSSOConfig(config);
IDPSSODescriptorElement idpDesp = SAML2MetaUtils.getIDPSSODescriptor(desp);
if ((idpConfig == null) || (idpDesp == null)) {
String[] args = {entityID, realm};
throw new SAML2MetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(idpDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(idpConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(idpDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(idpConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
} else {
SPSSOConfigElement spConfig = SAML2MetaUtils.getSPSSOConfig(config);
SPSSODescriptorElement spDesp = SAML2MetaUtils.getSPSSODescriptor(desp);
if ((spConfig == null) || (spDesp == null)) {
String[] args = {entityID, realm};
throw new SAML2MetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(spDesp, isSigning);
if (isSigning) {
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(spConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
KeyDescriptorElement kde = getKeyDescriptor(certAlias, isSigning, encAlgo, keySize);
updateKeyDescriptor(spDesp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
if (isSigning) {
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
} else {
setExtendedAttributeValue(spConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, value);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
}
