org.wso2.carbon.identity.base.IdentityException Java Examples

public static String decodeForPost(String encodedStr)
        throws IdentityException {
    try {
        org.apache.commons.codec.binary.Base64 base64Decoder = new org.apache.commons.codec.binary.Base64();
        byte[] xmlBytes = encodedStr.getBytes("UTF-8");
        byte[] base64DecodedByteArray = base64Decoder.decode(xmlBytes);

        String decodedString = new String(base64DecodedByteArray, "UTF-8");
        if (log.isDebugEnabled()) {
            log.debug("Request message " + decodedString);
        }
        return decodedString;

    } catch (IOException e) {
        throw IdentityException.error(
                "Error when decoding the SAML Request.", e);
    }

}
 

private static UserRealm getRealmForAnonymousSession(String domainName, String username)
        throws IdentityException {

    try {
        if (username != null) {
            return AnonymousSessionUtil.getRealmByUserName(registryService, realmService,
                    username);
        }

        if (domainName == null) {
            domainName = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
        }

        return AnonymousSessionUtil.getRealmByTenantDomain(registryService, realmService,
                domainName);

    } catch (CarbonException e) {
        throw IdentityException.error("Error Obtaining a realm for user name: " + username + " and " +
                "domain:" + domainName, e);
    }
}
 

private static void rollbackSAMLSpRemoval(SAMLSSOServiceProviderDTO oldSAMLSp) {

        if (oldSAMLSp != null) {
            if (logger.isDebugEnabled()) {
                String issuer =
                        SAMLSSOUtil.getIssuerWithQualifier(oldSAMLSp.getIssuer(), oldSAMLSp.getIssuerQualifier());
                logger.debug("Error occurred while updating SAML SP with issuer: " + issuer +
                        ". Attempting to rollback by recreating the old SAML SP.");
            }
            try {
                getSamlSsoConfigService().addRPServiceProvider(oldSAMLSp);
            } catch (IdentityException e) {
                throw handleException(e);
            }
        }
    }
 

/**
 * @param authRequest OpenID authentication request
 * @return A set of policies requested
 * @throws IdentityException
 */
public static String[] getAuthenticationPolicies(AuthRequest authRequest) throws IdentityException {

    MessageExtension message = null;
    PapeRequest papeRequest = null;
    List preferredPolicies = null;

    try {
        if (authRequest.hasExtension(PapeMessage.OPENID_NS_PAPE)) {
            message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);

            if (message instanceof PapeRequest) {
                papeRequest = (PapeRequest) message;
                preferredPolicies = papeRequest.getPreferredAuthPoliciesList();
                if (preferredPolicies != null && !preferredPolicies.isEmpty()) {
                    return (String[]) preferredPolicies.toArray(new String[preferredPolicies.size()]);
                }
            }
        }
        return new String[0];
    } catch (MessageException e) {
        throw IdentityException.error("Failed retrieve authentication policies", e);
    }
}
 

/**
 * @param userId
 * @param tenant
 * @throws IdentityException
 */
@Override
public void invalidate(String userId, int tenant) throws IdentityException {

    PreparedStatement prepStmt = null;
    Connection connection = null;
    try {
        connection = IdentityDatabaseUtil.getDBConnection();
        prepStmt = connection.prepareStatement(SQLQuery.INVALIDATE_METADATA);
        prepStmt.setString(1, userId.toLowerCase());
        prepStmt.setInt(2, tenant);
        prepStmt.execute();
        IdentityDatabaseUtil.commitTransaction(connection);
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw IdentityException.error("Error while invalidating user identity data", e);
    } finally {
        IdentityDatabaseUtil.closeStatement(prepStmt);
        IdentityDatabaseUtil.closeConnection(connection);
    }

}
 

private String buildFilter(String filter) {
    if (StringUtils.isNotBlank(filter)) {
        try {

            FilterTreeBuilder filterTreeBuilder = new FilterTreeBuilder(filter);
            Node rootNode = filterTreeBuilder.buildTree();
            if (rootNode instanceof ExpressionNode) {
                ExpressionNode expressionNode = (ExpressionNode) rootNode;
                if (SEARCH_SUPPORTED_FIELDS.contains(expressionNode.getAttributeValue())) {
                    return generateFilterStringForBackend(expressionNode.getAttributeValue(), expressionNode
                            .getOperation(), expressionNode.getValue());
                } else {
                    throw buildClientError(ErrorMessage.UNSUPPORTED_FILTER_ATTRIBUTE, expressionNode
                            .getAttributeValue());
                }

            } else {
                throw buildClientError(ErrorMessage.INVALID_FILTER_FORMAT);
            }
        } catch (IOException | IdentityException e) {
            throw buildClientError(ApplicationManagementConstants.ErrorMessage.INVALID_FILTER_FORMAT, null);
        }
    } else {
        return null;
    }
}
 

/**
 * @param registry
 * @param paramName
 * @param value
 * @throws IdentityException
 */
public void createOrUpdateParameter(Registry registry, String paramName, String value)
        throws IdentityException {

    if (paramName == null || value == null) {
        throw IdentityException.error("Invalid inputs");
    }

    ParameterDO param = null;
    param = new ParameterDO();
    paramName = paramName.trim();
    param.setName(paramName);

    param.setValue(value);

    ParameterDAO dao = new ParameterDAO(registry);
    dao.createOrUpdateParameter(param);
}
 

/**
 * @param metadataSet
 * @throws IdentityException
 */
public void invalidateMetadataSet(IdentityMetadataDO[] metadataSet) throws IdentityException {
    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    try {
        prepStmt = connection.prepareStatement(SQLQuery.INVALIDATE_METADATA);
        for (IdentityMetadataDO metadata : metadataSet) {
            prepStmt.setString(1, metadata.getUserName());
            prepStmt.setInt(2, metadata.getTenantId());
            prepStmt.setString(3, metadata.getMetadataType());
            prepStmt.setString(4, metadata.getMetadata());
            prepStmt.addBatch();
        }
        prepStmt.executeBatch();
        IdentityDatabaseUtil.commitTransaction(connection);
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw IdentityException.error("Error while invalidating user identity data", e);
    } finally {
        IdentityDatabaseUtil.closeStatement(prepStmt);
        IdentityDatabaseUtil.closeConnection(connection);
    }

}
 

protected void loadClaims(String userIdentifier) throws IdentityProviderException {

        IdentityClaimManager claimManager = null;
        Claim[] claims = null;

        if (log.isDebugEnabled()) {
            log.debug("Loading claims");
        }

        try {
            claimManager = IdentityClaimManager.getInstance();
            claims = claimManager.getAllSupportedClaims(UserCoreConstants.DEFAULT_CARBON_DIALECT,
                                                        IdentityTenantUtil.getRealm(null, userIdentifier));
            for (int i = 0; i < claims.length; i++) {
                Claim temp = claims[i];
                supportedClaims.put(temp.getClaimUri(), temp);
            }
        } catch (IdentityException e) {
            log.error("Error while loading claims", e);
            throw new IdentityProviderException("Error while loading claims", e);
        }
    }
 

/**
 * Builds the SAML error response and sets the compressed value to the reqValidationResponseDTO
 *
 * @param id
 * @param status
 * @param statMsg
 * @param destination
 * @return
 * @throws IdentityException
 */
private SAMLSSOReqValidationResponseDTO buildErrorResponse(String id, String status, String statMsg, String
        destination, String responseSigningAlgorithmUri, String responseDigestAlgorithmUri)
        throws IdentityException {
    SAMLSSOReqValidationResponseDTO reqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
    LogoutResponse logoutResp = new SingleLogoutMessageBuilder().buildLogoutResponse(id, status, statMsg,
            destination, false, null, responseSigningAlgorithmUri, responseDigestAlgorithmUri);
    reqValidationResponseDTO.setLogOutReq(true);
    reqValidationResponseDTO.setValid(false);
    try {
        reqValidationResponseDTO.setResponse(SAMLSSOUtil.compressResponse(SAMLSSOUtil.marshall(logoutResp)));
    } catch (IOException e) {
        throw IdentityException.error("Error while creating logout response", e);
    }
    return reqValidationResponseDTO;
}
 

/**
 * This method sets user claim values in user store
 *
 * @param userStoreManager userStoreManager object
 * @param username         user name
 * @param claims           set of claims
 * @param profile          profile
 * @throws IdentityException
 */
protected void setUserClaimsValuesInUserStore(UserStoreManager userStoreManager,
                                              String username,
                                              Map<String, String> claims, String profile) throws IdentityException {

    try {
        // We are calling the doSetUserClaimsValues() method of the userstore to prevent Identity Management
        // listener being called once again for claim value set events.
        if (userStoreManager instanceof JDBCUserStoreManager) {
            ((JDBCUserStoreManager) userStoreManager).doSetUserClaimValues(username, claims, null);
        } else if (userStoreManager instanceof ActiveDirectoryUserStoreManager) {
            ((ActiveDirectoryUserStoreManager) userStoreManager).doSetUserClaimValues(username, claims, null);
        } else if (userStoreManager instanceof ReadWriteLDAPUserStoreManager) {
            ((ReadWriteLDAPUserStoreManager) userStoreManager).doSetUserClaimValues(username, claims, null);
        } else {
            String msg = "Cannot persist identity data to userstore for user:%s. Unsupported userstore type:%s to" +
                    " be used as UserStoreBasedIdentityDataStore.";
            throw IdentityException.error(String.format(msg, username, userStoreManager.getClass().getName()));
        }

    } catch (org.wso2.carbon.user.api.UserStoreException e) {
        throw IdentityException.error("Error while persisting identity user data in to user store for user: "
                + username, e);
    }

}
 

/**
 * @param ppid
 * @return
 * @throws IdentityException
 */
public String getOAuthConsumerSecret(String consumerKey) throws IdentityException {
    String path = null;
    Resource resource = null;

    if (log.isDebugEnabled()) {
        log.debug("Retreiving user for OAuth consumer key  " + consumerKey);
    }

    try {
        path = RegistryConstants.PROFILES_PATH + consumerKey;
        if (registry.resourceExists(path)) {
            resource = registry.get(path);
            return resource.getProperty(IdentityRegistryResources.OAUTH_CONSUMER_PATH);
        } else {
            return null;
        }
    } catch (RegistryException e) {
        log.error("Error while retreiving user for OAuth consumer key  " + consumerKey, e);
        throw IdentityException.error("Error while retreiving user for OAuth consumer key  "
                + consumerKey, e);
    }
}
 

/**
 * get all challenge questions
 *
 * @return array of questions
 * @throws IdentityMgtServiceException if fails
 */
public ChallengeQuestionDTO[] getAllChallengeQuestions() throws IdentityMgtServiceException {

    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.
            getRecoveryProcessor().getQuestionProcessor();
    List<ChallengeQuestionDTO> questionDTOs = null;
    try {
        questionDTOs = processor.getAllChallengeQuestions();
    } catch (IdentityException e) {
        String errorMessage = "Error while loading user challenge questions";
        log.error(errorMessage, e);
        throw new IdentityMgtServiceException(errorMessage);
    }
    return questionDTOs.toArray(new ChallengeQuestionDTO[questionDTOs.size()]);

}
 

private boolean isUserNameWithAllowedDomainName(String userName, UserRealm realm)
        throws IdentityException {
    int index;
    index = userName.indexOf("/");

    // Check whether we have a secondary UserStoreManager setup.
    if (index > 0) {
        // Using the short-circuit. User name comes with the domain name.
        try {
            return !realm.getRealmConfiguration().isRestrictedDomainForSlefSignUp(
                    userName.substring(0, index));
        } catch (UserStoreException e) {
            throw IdentityException.error(e.getMessage(), e);
        }
    }
    return true;
}
 

/**
 * Stores identity data.
 *
 * @throws IdentityException
 */
@Override
public void store(UserRecoveryDataDO recoveryDataDO) throws IdentityException {

    Connection connection = IdentityDatabaseUtil.getDBConnection();
    PreparedStatement prepStmt = null;
    try {
        prepStmt = connection.prepareStatement(SQLQuery.STORE_META_DATA);
        prepStmt.setString(1, recoveryDataDO.getUserName().toLowerCase());
        prepStmt.setInt(2, PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
        prepStmt.setString(3, recoveryDataDO.getCode().toLowerCase());
        prepStmt.setString(4, recoveryDataDO.getSecret());
        prepStmt.setString(5, recoveryDataDO.getExpireTime());
        prepStmt.execute();
        IdentityDatabaseUtil.commitTransaction(connection);
    } catch (SQLException e) {
        IdentityDatabaseUtil.rollbackTransaction(connection);
        throw IdentityException.error("Error while storing user identity data", e);
    } finally {
        IdentityDatabaseUtil.closeStatement(prepStmt);
        IdentityDatabaseUtil.closeConnection(connection);
    }
}
 

private void sendEmail(String userName, int tenantId, String notification) {
    UserRecoveryDTO dto;
    String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);

    if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
        dto = new UserRecoveryDTO(userName);
    } else {
        UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
        userDTO.setTenantId(tenantId);
        dto = new UserRecoveryDTO(userDTO);
    }
    dto.setNotification(notification);
    dto.setNotificationType(EMAIL_NOTIFICATION_TYPE);
    try {
        IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
    } catch (IdentityException e) {
        //proceed with the rest of the flow even if the email is not sent
        log.error("Email notification sending failed for user:" + userName + " for " + notification);
    }
}
 

/**
 * We build the parser using the recursive descent parser technique.
 */
private void factor() throws IdentityException {

    symbol = nextSymbol();
    if (symbol.equals(String.valueOf(IdentityCoreConstants.Filter.NOT))) {
        OperationNode not = new OperationNode(IdentityCoreConstants.Filter.NOT);
        factor();
        not.setRightNode(root);
        root = not;
    } else if (symbol.equals(String.valueOf("("))) {
        expression();
        symbol = nextSymbol(); // We don't care about ')'.
    } else {
        if (!(symbol.equals(String.valueOf(")")))) {
            ExpressionNode expressionNode = new ExpressionNode();
            validateAndBuildFilterExpression(symbol, expressionNode);
            root = expressionNode;
            symbol = nextSymbol();
        } else {
            throw new IdentityException("Invalid argument: Identity Provider filter name value is empty or " +
                    "invalid symbol: " + symbol);
        }
    }
}
 

/**
 * @param request
 * @return
 * @throws AxisFault
 */
private IWAAuthenticatorStub getIWAClient(HttpServletRequest request)
        throws AxisFault, IdentityException {

    HttpSession session = request.getSession();
    ServletContext servletContext = session.getServletContext();
    String backendServerURL = request.getParameter("backendURL");
    if (backendServerURL == null) {
        backendServerURL = CarbonUIUtil.getServerURL(servletContext, request.getSession());
    }

    ConfigurationContext configContext = (ConfigurationContext) servletContext
            .getAttribute(CarbonConstants.CONFIGURATION_CONTEXT);

    String serviceEPR = backendServerURL + "IWAAuthenticator";
    IWAAuthenticatorStub stub = new IWAAuthenticatorStub(configContext, serviceEPR);
    ServiceClient client = stub._getServiceClient();
    client.engageModule("rampart");
    Policy rampartConfig = IdentityBaseUtil.getDefaultRampartConfig();
    Policy signOnly = IdentityBaseUtil.getSignOnlyPolicy();
    Policy mergedPolicy = signOnly.merge(rampartConfig);
    Options options = client.getOptions();
    options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, mergedPolicy);
    options.setManageSession(true);
    return stub;
}
 

/**
 * gets no of verified user challenges
 *
 * @param userDTO bean class that contains user and tenant Information
 * @return no of verified challenges
 * @throws IdentityException if fails
 */
public static int getVerifiedChallenges(UserDTO userDTO) throws IdentityException {

    int noOfChallenges = 0;

    try {
        UserRegistry registry = IdentityMgtServiceComponent.getRegistryService().
                getConfigSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
        String identityKeyMgtPath = IdentityMgtConstants.IDENTITY_MANAGEMENT_CHALLENGES +
                RegistryConstants.PATH_SEPARATOR + userDTO.getUserId() +
                RegistryConstants.PATH_SEPARATOR + userDTO.getUserId();

        Resource resource;
        if (registry.resourceExists(identityKeyMgtPath)) {
            resource = registry.get(identityKeyMgtPath);
            String property = resource.getProperty(IdentityMgtConstants.VERIFIED_CHALLENGES);
            if (property != null) {
                return Integer.parseInt(property);
            }
        }
    } catch (RegistryException e) {
        log.error("Error while processing userKey", e);
    }

    return noOfChallenges;
}
 

/**
 * Returns oAuth consumer secret for a give consumer key.
 *
 * @param consumerKey consumer key
 * @return oAuth consumer secret
 * @throws IdentityException if error occurs while obtaining the consumer secret
 */
public String getOAuthConsumerSecret(String consumerKey) throws IdentityException {
    String path = null;
    Resource resource = null;

    if (log.isDebugEnabled()) {
        log.debug("Retreiving user for OAuth consumer key  " + consumerKey);
    }

    try {
        path = RegistryConstants.PROFILES_PATH + consumerKey;
        if (registry.resourceExists(path)) {
            resource = registry.get(path);
            return resource.getProperty(IdentityRegistryResources.OAUTH_CONSUMER_PATH);
        } else {
            return null;
        }
    } catch (RegistryException e) {
        log.error("Error while retreiving user for OAuth consumer key  " + consumerKey, e);
        throw IdentityException.error("Error while retreiving user for OAuth consumer key  "
                + consumerKey, e);
    }
}
 

private boolean isUserNameWithAllowedDomainName(String userName, UserRealm realm)
        throws IdentityException {
    int index;
    index = userName.indexOf("/");

    // Check whether we have a secondary UserStoreManager setup.
    if (index > 0) {
        // Using the short-circuit. User name comes with the domain name.
        try {
            return !realm.getRealmConfiguration().isRestrictedDomainForSlefSignUp(
                    userName.substring(0, index));
        } catch (UserStoreException e) {
            throw IdentityException.error(e.getMessage(), e);
        }
    }
    return true;
}
 

/**
 * create a expression node from the given values
 *
 * @param attributeValue Attribute value.
 * @param operation      operation value.
 * @param value          the value of the filter
 * @param expressionNode filter index.
 */
private void setExpressionNodeValues(String attributeValue, String operation, String value,
                                     ExpressionNode expressionNode) throws IdentityException {

    if (StringUtils.isNotBlank(attributeValue) || StringUtils.isNotBlank(operation)) {
        expressionNode.setAttributeValue(attributeValue.trim());
        expressionNode.setOperation(operation.trim());
        if (value != null) {
            expressionNode.setValue(value.trim());
        }
    } else {
        throw new IdentityException("Given filter value is empty. attributeValue: " + attributeValue +
                "operation: " + operation);
    }
}
 

/**
 * Returns the first object in a registry path with a given property value.
 *
 * @param path registry path
 * @param propName name of the property to be matched
 * @param value value of the property to be matched
 * @return first objects matching the given property value in the given registry path
 * @throws IdentityException if an error occurs while reading the registry
 */
public T getFirstObjectWithPropertyValue(String path, String propName, String value)
        throws IdentityException {
    Resource resource = null;
    Map<String, String> params = null;
    Resource result = null;
    String[] paths = null;

    try {

        if (log.isErrorEnabled()) {
            log.debug("Retrieving first object from the registry path with property value "
                    + path);
        }
        params = new HashMap<String, String>();
        params.put("1", propName);
        params.put("2", value);
        result = registry.executeQuery(getCustomQuery(), params);
        paths = (String[]) result.getContent();

        if (paths != null && paths.length > 0) {
            resource = registry.get(paths[0]);
        }
    } catch (RegistryException e) {
        String message = "Error while retrieving first object from the registry path with property value";
        log.error(message, e);
        throw IdentityException.error(message, e);
    }

    return resourceToObject(resource);
}
 

/**
 * We build the parser using the recursive descent parser technique.
 */
private void term() throws IdentityException {

    factor();
    while (symbol.equals(String.valueOf(IdentityCoreConstants.Filter.AND))) {
        OperationNode and = new OperationNode(IdentityCoreConstants.Filter.AND);
        and.setLeftNode(root);
        factor();
        and.setRightNode(root);
        root = and;
    }
}
 

/**
 * We build the parser using the recursive descent parser technique.
 */
private void expression() throws IdentityException {

    term();
    while (symbol.equals(String.valueOf(IdentityCoreConstants.Filter.OR))) {
        OperationNode or = new OperationNode(IdentityCoreConstants.Filter.OR);
        or.setLeftNode(root);
        term();
        or.setRightNode(root);
        root = or;
    }
}
 

/**
 * Invalidates the identity metadata
 *
 * @param userName
 * @param tenantId
 * @param metadataType
 * @param metadata
 * @throws IdentityException
 */
public static void invalidateUserIdentityMetadata(String userName, int tenantId, String metadataType,
                                                  String metadata) throws IdentityException {
    JDBCUserRecoveryDataStore store = new JDBCUserRecoveryDataStore();
    UserRecoveryDataDO metadataDO =
            new UserRecoveryDataDO(userName, tenantId, metadataType,
                    metadata);
    store.invalidate(metadataDO);

}
 

/**
 * Create or update the OpenID admin.
 *
 * @param opAdmin openID admin
 * @throws IdentityException if error occurs while creating or updating the OpenID admin
 */
public void createOrUpdate(OpenIDAdminDO opAdmin) throws IdentityException {
    String path = null;
    Resource resource = null;

    try {
        path = IdentityRegistryResources.OPEN_ID_ADMIN_SETTINGS;
        if (!registry.resourceExists(path)) {
            if (log.isDebugEnabled()) {
                log.debug("Creating new openid admin");
            }
            resource = registry.newResource();
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Updating openid admin");
            }
            resource = registry.get(path);
            resource.removeProperty(IdentityRegistryResources.SUB_DOMAIN);
            resource.removeProperty(IdentityRegistryResources.OPENID_PATTERN);
        }
        resource.addProperty(IdentityRegistryResources.SUB_DOMAIN, opAdmin.getSubDomain());
        resource.addProperty(IdentityRegistryResources.OPENID_PATTERN, opAdmin
                .getTenantOpenIDPattern());
        registry.put(path, resource);
    } catch (RegistryException e) {
        log.error("Error while creating/updating openid admin", e);
        throw IdentityException.error("Error while creating/updating openid admin", e);
    }
}
 

private void addThriftSession(ThriftSession thriftSession) throws IdentityException {
    //add to cache
    authenticatedSessions.put(thriftSession.getSessionId(), thriftSession);
    //add to database
    ThriftSessionDAO sessionDAO = this.thriftSessionDAO.getInstance();
    sessionDAO.addSession(thriftSession);
}
 

/**
 * @param userName
 * @param tenantId
 * @return
 */
public List<String> getChallengeQuestionUris(String userName, int tenantId) throws IdentityMgtServiceException{

    if (log.isDebugEnabled()) {
        log.debug("Challenge Question from the user profile.");
    }

    List<String> challenges = new ArrayList<String>();
    String claimValue = null;
    String[] challengesUris;

    try {
        claimValue = Utils.getClaimFromUserStoreManager(userName, tenantId,
                "http://wso2.org/claims/challengeQuestionUris");
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Error while getting cliams.", e);
    }

    if (claimValue != null) {
        if (claimValue.contains(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator())) {
            challengesUris = claimValue.split(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator());
        } else {
            challengesUris = new String[]{claimValue.trim()};
        }

        for (String challengesUri : challengesUris) {
            if (StringUtils.isNotBlank(challengesUri)) {
                challenges.add(challengesUri.trim());
            }
        }
    }

    return challenges;
}
 

/**
 * @param rp
 * @throws IdentityException
 */
public void createOrUpdate(OpenIDAdminDO opAdmin) throws IdentityException {
    String path = null;
    Resource resource = null;

    try {
        path = IdentityRegistryResources.OPEN_ID_ADMIN_SETTINGS;
        if (!registry.resourceExists(path)) {
            if (log.isDebugEnabled()) {
                log.debug("Creating new openid admin");
            }
            resource = registry.newResource();
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Updating openid admin");
            }
            resource = registry.get(path);
            resource.removeProperty(IdentityRegistryResources.SUB_DOMAIN);
            resource.removeProperty(IdentityRegistryResources.OPENID_PATTERN);
        }
        resource.addProperty(IdentityRegistryResources.SUB_DOMAIN, opAdmin.getSubDomain());
        resource.addProperty(IdentityRegistryResources.OPENID_PATTERN, opAdmin
                .getTenantOpenIDPattern());
        registry.put(path, resource);
    } catch (RegistryException e) {
        log.error("Error while creating/updating openid admin", e);
        throw IdentityException.error("Error while creating/updating openid admin", e);
    }
}