/*
*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* /
*/
package org.wso2.carbon.idp.mgt.listener;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.util.IdPManagementConstants;
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
public class IdPMgtValidationListener extends AbstractIdentityProviderMgtListener {
private static final Log log = LogFactory.getLog(IdPMgtValidationListener.class);
@Override
public int getDefaultOrderId() {
return 30;
}
@Override
public boolean doPreDeleteIdP(String idPName, String tenantDomain) throws IdentityProviderManagementException {
if (StringUtils.isEmpty(idPName)) {
throw new IllegalArgumentException("Invalid argument: Identity Provider Name value is empty");
}
String loggedInTenant = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (IdentityApplicationConstants.RESIDENT_IDP_RESERVED_NAME.equals(idPName)) {
if (StringUtils.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, tenantDomain)) {
throw new IdentityProviderManagementException("Cannot delete Resident Identity Provider of Super " +
"Tenant");
} else if(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME != loggedInTenant){
throw new IdentityProviderManagementException("Tenant user of " + loggedInTenant + " cannot delete " +
"Resident Identity Provider of tenant " + tenantDomain);
} else {
log.warn("Deleting Resident Identity Provider for tenant " + tenantDomain);
}
}
return true;
}
public boolean doPreAddIdP(IdentityProvider identityProvider, String tenantDomain) throws
IdentityProviderManagementException {
if (identityProvider == null) {
throw new IllegalArgumentException("Identity provider cannot be null when adding an IdP");
} else if (StringUtils.isEmpty(identityProvider.getIdentityProviderName())) {
throw new IllegalArgumentException("Invalid argument: Identity Provider Name value is empty");
}
return true;
}
public boolean doPreUpdateResidentIdP(IdentityProvider identityProvider,
String tenantDomain)
throws IdentityProviderManagementException {
if (identityProvider == null) {
throw new IllegalArgumentException("Identity provider is null");
}
if (StringUtils.isEmpty(identityProvider.getHomeRealmId())) {
String msg = "Invalid argument: Resident Identity Provider Home Realm Identifier value is empty";
throw new IllegalArgumentException(msg);
}
return true;
}
public boolean doPreUpdateIdP(String oldIdPName, IdentityProvider identityProvider, String tenantDomain)
throws IdentityProviderManagementException {
if (identityProvider == null) {
throw new IllegalArgumentException("Invalid argument: 'newIdentityProvider' is NULL\'");
}
if (StringUtils.isEmpty(oldIdPName)) {
throw new IllegalArgumentException("The IdP name which need to be updated is empty");
}
if (StringUtils.isEmpty(oldIdPName)) {
String msg = "Invalid argument: Existing Identity Provider Name value is empty";
throw new IdentityProviderManagementException(msg);
}
if (StringUtils.isEmpty(identityProvider.getIdentityProviderName())) {
String msg = "Invalid argument: Identity Provider Name value is empty for \'newIdentityProvider\'";
throw new IdentityProviderManagementException(msg);
}
//Updating a non-shared IdP's name to have shared prefix is not allowed
if (oldIdPName != null && !oldIdPName.startsWith(IdPManagementConstants.SHARED_IDP_PREFIX) &&
identityProvider != null && identityProvider.getIdentityProviderName() != null && identityProvider
.getIdentityProviderName().startsWith(IdPManagementConstants.SHARED_IDP_PREFIX)) {
throw new IdentityProviderManagementException("Cannot update Idp name to have '" +
IdPManagementConstants.SHARED_IDP_PREFIX + "' as a prefix (previous name:" + oldIdPName + ", " +
"New name: " + identityProvider.getIdentityProviderName() + ")");
}
return true;
}
public boolean doPreAddResidentIdP(IdentityProvider identityProvider, String tenantDomain) throws
IdentityProviderManagementException {
if (StringUtils.isEmpty(identityProvider.getHomeRealmId())) {
String msg = "Invalid argument: Resident Identity Provider Home Realm Identifier value is empty";
throw new IdentityProviderManagementException(msg);
}
return true;
}
}