/** * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: SMSMigration70.java,v 1.5 2008/07/11 01:46:20 arviranga Exp $ * */ /* * Portions Copyrighted [2011] [ForgeRock AS] */ package com.sun.identity.sm; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; import com.iplanet.sso.SSOException; import com.iplanet.sso.SSOToken; import com.sun.identity.delegation.DelegationException; import com.sun.identity.delegation.DelegationManager; import com.sun.identity.delegation.DelegationPermission; import com.sun.identity.delegation.DelegationPrivilege; public class SMSMigration70 { private static String orgNamingAttr; public static void main(String args[]) { } public static void migrate63To70(SSOToken token, String entryDN) { try { if (ServiceManager.isRealmEnabled()) { System.out.println( "\n\n\nSMSMigration70::main() : Realms enabled. " + "\n\nService Management Migration to " + "7.0 cannot be done. "); throw (new Exception( "\n\n\nSMSMigration70::main() : Realms enabled. " + "\n\nService Management Migration to " + "7.0 cannot be done.")); } // Add AMSDK plugin to root realm before migration of sub-realms // This is similar to SMSEntry.baseDN. entryDN = entryDN.toLowerCase(); addIdRepoAMSDKPlugin(token, entryDN); // Add these organization attributes from root org to root realm. Map addMap = getOrgAttributes(token, entryDN); String rootRealmDN = SMSEntry.SERVICES_RDN + SMSEntry.COMMA + entryDN; OrganizationConfigManager ocmAddAttr = new OrganizationConfigManager(token, rootRealmDN); ocmAddAttr.setAttributes("sunidentityrepositoryservice", addMap); // Migrate sub-orgs to realms migrateToRealms(token, entryDN); // After migration of config data, Set the realmEnabled/realmMode // flag to true in the Global Schema of the identity repository // service. ServiceSchemaManager ssm = new ServiceSchemaManager( ServiceManager.REALM_SERVICE, token); ServiceSchema gss = ssm.getGlobalSchema(); if (gss != null) { Map attrSet = new HashMap(2); Set realmValue = new HashSet(2); realmValue.add("true"); attrSet.put(ServiceManager.REALM_ATTR_NAME, realmValue); Set coExistValue = new HashSet(2); coExistValue.add("false"); attrSet.put(ServiceManager.COEXISTENCE_ATTR_NAME, coExistValue); gss.setAttributeDefaults(attrSet); } // After migration of config data, Set the realmEnabled/realmMode // flag to true ServiceConfigManager scm = new ServiceConfigManager( ServiceManager.REALM_SERVICE, token); ServiceConfig sc = scm.getGlobalConfig(null); if (sc != null) { Map map = new HashMap(2); Set realmSet = new HashSet(2); realmSet.add("true"); map.put(ServiceManager.REALM_ATTR_NAME, realmSet); Set coExistSet = new HashSet(2); coExistSet.add("false"); map.put(ServiceManager.COEXISTENCE_ATTR_NAME, coExistSet); sc.setAttributes(map); } ServiceManager.checkFlags(token); System.out.println("migrateToRealms.REALM is " + ServiceManager.isRealmEnabled()); System.out.println("migrateToRealms.COEXISTENCE is " + ServiceManager.isCoexistenceMode()); } catch (Exception e) { e.printStackTrace(); } } public static void migrateToRealms(SSOToken token, String entryDN) { try { OrganizationConfigManager ocm = new OrganizationConfigManager( token, entryDN); Set subOrgNames = ocm.getSubOrganizationNames("*", false); if (orgNamingAttr == null) { orgNamingAttr = ocm.getNamingAttrForOrg(); } System.out.println("Organization naming attr is " + orgNamingAttr); Iterator subOrgs = subOrgNames.iterator(); System.out.println("SIZE is " + subOrgNames.size()); while (subOrgs.hasNext()) { String org = orgNamingAttr + SMSEntry.EQUALS + (String) subOrgs.next() + SMSEntry.COMMA + entryDN; System.out.println("Organization is " + org); // Add AMSDK plugin before migrating the config data addIdRepoAMSDKPlugin(token, org); // Create corresponding realms and migrate the config data migrateOrganization(token, org); // Migrate the delegation policies before migrating config data migrateDelegationPolicies(token, org); // Look for suborgs too and copy/create subrealms. migrateToRealms(token, org); } } catch (Exception e) { e.printStackTrace(); } } /** * Adds IdRepo AMSDK plugin to the given organization name */ protected static void addIdRepoAMSDKPlugin(SSOToken token, String orgName) throws SMSException, SSOException { ServiceConfigManager scm = new ServiceConfigManager( ServiceManager.REALM_SERVICE, token); ServiceConfig sc = scm.getOrganizationConfig(orgName, null); Map attributes = new HashMap(); Set values = new HashSet(); values.add("com.iplanet.am.sdk.AMSDKRepo"); attributes.put("sunIdRepoClass", values); values = new HashSet(); values .add(DNMapper.realmNameToAMSDKName(DNMapper .orgNameToDN(orgName))); attributes.put("amSDKOrgName", values); sc.addSubConfig("amsdk1", "amSDK", 0, attributes); } /** * Migrate delegation policies to have correct policy name, resource name * and subjects */ protected static void migrateDelegationPolicies(SSOToken token, String orgName) throws SSOException { System.out.println("Migrating delegation policies for org: " + orgName); try { DelegationManager dm = new DelegationManager(token, orgName); Set privileges = dm.getPrivileges(); Set newPrivileges = new HashSet(); for (Iterator items = privileges.iterator(); items.hasNext();) { DelegationPrivilege dp = (DelegationPrivilege) items.next(); String name = dp.getName(); // remove the privilege dm.removePrivilege(name); Set permissions = dp.getPermissions(); DelegationPermission perm = null; int index = -1; for (Iterator perms = permissions.iterator(); perms.hasNext();) { perm = (DelegationPermission) perms.next(); // change the resource name String resource = perm.getOrganizationName(); index = resource.toLowerCase().indexOf( "," + SMSEntry.getRootSuffix()); if (index != -1) { resource = resource.substring(0, index) + "," + DNMapper.serviceDN + resource .substring(index + SMSEntry.getRootSuffix() .length() + 1); perm.setOrganizationName(resource); } } // change the subject name Set subjects = dp.getSubjects(); Set newSubjects = new HashSet(); for (Iterator ss = subjects.iterator(); ss.hasNext();) { String subject = (String) ss.next(); index = subject.toLowerCase().indexOf( "," + SMSEntry.getRootSuffix()); if (index != -1) { subject = subject.substring(0, index) + "," + DNMapper.serviceDN + subject .substring(index + SMSEntry.getRootSuffix() .length() + 1); } newSubjects.add(subject); } dp.setSubjects(newSubjects); newPrivileges.add(dp); } // Normalized orgname to realm name int index = orgName.toLowerCase().indexOf( "," + SMSEntry.getRootSuffix()); if (index != -1) { orgName = orgName.substring(0, index) + "," + DNMapper.serviceDN + orgName.substring(index + 1 + SMSEntry.getRootSuffix().length()); } dm = new DelegationManager(token, orgName); // Add the modified privileges for (Iterator items = newPrivileges.iterator(); items.hasNext();) { DelegationPrivilege dp = (DelegationPrivilege) items.next(); dm.addPrivilege(dp); } System.out.println("Delegation Policies for org: " + orgName + "\n" + privileges); } catch (DelegationException de) { System.out.println(" " + de.getMessage()); } } /** * Adds these two organization attributes to realm. * "sunOrganizationStatus=inetDomainStatus" * * From AM point of view, all these 3 attributes in AMSDK Organization serve * the purpose of identifying the realm give the alias names. * * "sunOrganizationAliases=sunOrganizationAlias" * "sunOrganizationAliases=sunPreferredDomain" * "sunOrganizationAliases=associatedDomain" */ protected static Map getOrgAttributes(SSOToken token, String org) { Map map = new HashMap(); try { OrgConfigViaAMSDK amsdk = new OrgConfigViaAMSDK(token, org, org); Set orgStatus = amsdk.getSDKAttributeValue("inetDomainStatus"); Set orgPrefDom = amsdk.getSDKAttributeValue("sunPreferredDomain"); Set orgAssocDom = amsdk.getSDKAttributeValue("associatedDomain"); Set orgAlias = amsdk.getSDKAttributeValue("sunOrganizationAlias"); orgAlias.addAll(orgPrefDom); orgAlias.addAll(orgAssocDom); map.put("sunOrganizationStatus", orgStatus); map.put("sunOrganizationAliases", orgAlias); System.out.println("\n addIdRepoAMSDKPlugin.Org Status & "); System.out.println("addIdRepoAMSDKPlugin.Org Alias. "); Iterator its = map.keySet().iterator(); while (its.hasNext()) { String st = (String) its.next(); System.out.println(st + "=" + map.get(st)); } } catch (Exception e) { e.printStackTrace(); } return map; } public static void migrateOrganization(SSOToken token, String org) { try { String orglc = org.toLowerCase(); int sdn = orglc.indexOf(SMSEntry.baseDN); if (sdn > 0) { System.out.println("\n migrateOrganization.Org Name: " + org); Map map = getOrgAttributes(token, org); String realm = org; if (!(orgNamingAttr.equalsIgnoreCase( SMSEntry.ORGANIZATION_RDN))) { String tmp = org.substring(0, sdn); realm = DNMapper.replaceString(tmp, orgNamingAttr + SMSEntry.EQUALS, SMSEntry.ORG_PLACEHOLDER_RDN) + org.substring(sdn); } System.out.println("\nmigrateOrganization.realm: " + realm); String orgDN = SMSEntry.SERVICES_RDN + SMSEntry.COMMA + org; System.out .println("\nmigrateOrganization.orgDN Name: " + orgDN); CachedSubEntries cse = CachedSubEntries.getInstance(token, orgDN); Set subEntries = cse.getSubEntries(token); sdn = realm.toLowerCase().indexOf(SMSEntry.baseDN); String realmDN = realm.substring(0, sdn) + SMSEntry.SERVICES_RDN + SMSEntry.COMMA + realm.substring(sdn); System.out.println("\nmigrateOrganization.RealmDN Name: " + realmDN); CreateServiceConfig.createOrganization(token, realmDN); // After creation of the realm, Set the DNMapper.migration // flag to true to avoid removal of 'ou=services' from the // newly formed realm DN. DNMapper.migration = true; OrganizationConfigManager ocmAddAttrs = new OrganizationConfigManager(token, realmDN); ocmAddAttrs.setAttributes("sunidentityrepositoryservice", map); Iterator iter = subEntries.iterator(); while (iter.hasNext()) { String serviceName = (String) iter.next(); System.out.println("\nmigrateOrganization.ServiceName: " + serviceName); // Migrate service config data migrateConfigData(token, realmDN, serviceName, org); } } } catch (Exception e) { e.printStackTrace(); } } public static void migrateConfigData(SSOToken token, String realmDN, String serviceName, String org) { try { System.out.println("Initial value. migrateConfigData.REALM is " + ServiceManager.isRealmEnabled()); System.out.println("initial value. migrateConfigData.COEXISTENCE " + "is " + ServiceManager.isCoexistenceMode()); OrganizationConfigManager ocmAdd = new OrganizationConfigManager( token, realmDN); ServiceConfigManager scmGet = new ServiceConfigManager(serviceName, token); System.out.println("\nMigrating Organization Config data"); ServiceConfig orgServiceConfig = scmGet.getOrganizationConfig(org, null); migrateConfigs(token, orgServiceConfig, serviceName, ocmAdd); } catch (Exception e) { e.printStackTrace(); } } public static void migrateConfigs(SSOToken token, ServiceConfig scGet, String serviceName, OrganizationConfigManager ocmAdd) { try { Map attrResults = scGet.getAttributes(); Iterator it = attrResults.keySet().iterator(); while (it.hasNext()) { String s = (String) it.next(); System.out.println(s + "=" + attrResults.get(s)); } // create sub-config node ServiceConfig newServiceConfig = ocmAdd.addServiceConfig( serviceName, attrResults); Set subConfigNames = scGet.getSubConfigNames(); Iterator itr = subConfigNames.iterator(); for (int j = 0; itr.hasNext(); j++) { String subConfigName = (String) itr.next(); ServiceConfig oldSubConfig = scGet.getSubConfig(subConfigName); String scID = oldSubConfig.getSchemaID(); if (scID == null || scID.length() == 0) { scID = subConfigName; } System.out.println("Sub Config Name " + subConfigName); System.out.println("Sub ConfigID " + scID); Map subConfigMap = oldSubConfig.getAttributes(); newServiceConfig.addSubConfig(subConfigName, scID, scGet .getPriority(), subConfigMap); migrateSubEntries(token, newServiceConfig, oldSubConfig, subConfigName); } } catch (Exception e) { e.printStackTrace(); } } public static void migrateSubEntries(SSOToken token, ServiceConfig newServiceConfig, ServiceConfig oldSubConfig, String subConfigName) { try { Set subEntryNames = oldSubConfig.getSubConfigNames(); if (subEntryNames != null && !subEntryNames.isEmpty()) { Iterator iter = subEntryNames.iterator(); for (int k = 0; iter.hasNext(); k++) { String subEntryName = (String) iter.next(); System.out.println("Sub Config Name1 " + subEntryName); ServiceConfig subEntryConfig = oldSubConfig .getSubConfig(subEntryName); Map subEntryConfigMap = subEntryConfig.getAttributes(); Iterator it1 = subEntryConfigMap.keySet().iterator(); while (it1.hasNext()) { String s1 = (String) it1.next(); System.out .println(s1 + "=" + subEntryConfigMap.get(s1)); } String serviceID = subEntryConfig.getSchemaID(); if (serviceID.length() == 0) { serviceID = subEntryName; } System.out.println("serviceID " + serviceID); StringBuilder sb = new StringBuilder(8); String subConfigDN = "ou=" + subEntryName + SMSEntry.COMMA + "ou=" + subConfigName + SMSEntry.COMMA + newServiceConfig.getDN(); SMSEntry newsubConfigSMSEntry = new SMSEntry(token, subConfigDN); SMSUtils.setAttributeValuePairs(newsubConfigSMSEntry, subEntryConfigMap, Collections.EMPTY_SET); newsubConfigSMSEntry.addAttribute(SMSEntry.ATTR_SERVICE_ID, serviceID); newsubConfigSMSEntry.addAttribute(SMSEntry.ATTR_PRIORITY, sb.append(oldSubConfig.getPriority()).toString()); newsubConfigSMSEntry .addAttribute(SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_SERVICE_COMP); newsubConfigSMSEntry.addAttribute( SMSEntry.ATTR_OBJECTCLASS, SMSEntry.OC_TOP); newsubConfigSMSEntry.save(token); CachedSMSEntry cachedE = CachedSMSEntry.getInstance(token, newsubConfigSMSEntry.getDN()); if (cachedE.isDirty()) { cachedE.refresh(); } cachedE.refresh(newsubConfigSMSEntry); // oldSubConfig = subEntryConfig; migrateSubEntries(token, newServiceConfig, subEntryConfig, subEntryName); } } } catch (Exception e) { e.printStackTrace(); } } }