providers/dpro/SSOTokenImpl.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: SSOTokenImpl.java,v 1.6 2009/04/10 17:57:07 manish_rustagi Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyright 2011-2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.iplanet.sso.providers.dpro;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.Session;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.dpro.session.SessionListener;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOTokenID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOTokenListener;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.internal.AuthContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.internal.InvalidAuthContextException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.Constants;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport org.forgerock.openam.session.SessionURL;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport javax.security.auth.login.LoginException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.net.InetAddress;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.NoSuchProviderException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.SecureRandom;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashMap;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport static org.forgerock.openam.session.SessionConstants.INACTIVE;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshottimport static org.forgerock.openam.session.SessionConstants.VALID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford * This class <code>SSOTokenImpl</code> implements the interface
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford * <code>SSOToken</code> represents the sso token created for the given
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>Session</code> or through a ldap bind
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see com.iplanet.sso.SSOToken
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterclass SSOTokenImpl implements SSOToken {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    /** session */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott     private Session session;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /** regular LDAP connection for SSOToken, false by default */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     private boolean ldapConnect = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /** ldapbind ssotoken */
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     private SSOToken ssoToken = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /** ldapbind */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     private java.security.Principal ldapBindDN;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /** HashMap for the ldap token property*/
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     private HashMap ldapTokenProperty = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    private static final SessionURL sessionURL = SessionURL.getInstance();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Creates <code>SSOTokenImpl</code> for a given <code>Session</code>
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott     * @param session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @see com.iplanet.dpro.session.Session
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    SSOTokenImpl(Session session) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        this.session = session;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        ldapConnect = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * Creates a <code>SSOTokenImpl</code> with regular LDAP authentication
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * service
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @param principal representing a Principal object
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param password password string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @exception SSOException if the single sign on token cannot be created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    SSOTokenImpl(java.security.Principal principal, String password)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // using AuthContext to authentication against local
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // LDAP server
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            AuthContext authContext = new AuthContext(principal, password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    .toCharArray());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (authContext.getLoginStatus() != AuthContext.AUTH_SUCCESS) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                // Authentication Failed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (SSOProviderImpl.debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    SSOProviderImpl.debug.message("SSO Auth failed for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            + principal.getName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                throw new SSOException(SSOProviderBundle.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        "ldapauthfail", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            /* initialize token variables after successful ldap connection */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            ldapBindDN = authContext.getPrincipal();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            ssoToken = authContext.getSSOToken();
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            session = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            ldapConnect = true;
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            SecureRandom secureRandom;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } catch (NoSuchProviderException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                secureRandom = SecureRandom.getInstance("SHA1PRNG");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            String amCtxId = Long.toHexString(secureRandom.nextLong());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            setProperty(Constants.AM_CTX_ID, amCtxId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (LoginException e) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            SSOProviderImpl.debug.error("Ldap Authentication failed for the user " + principal.getName(), e);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            throw new SSOException(SSOProviderBundle.rbName, "ldapauthfail", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (InvalidAuthContextException e) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            SSOProviderImpl.debug.error("Ldap Authentication failed for the user " + principal.getName(), e);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            throw new SSOException(SSOProviderBundle.rbName, "ldapauthfail",  null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            SSOProviderImpl.debug.error("Failed to create the context id for this token " + principal.getName(), e);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            throw new SSOException(SSOProviderBundle.rbName, "ldapauthfail", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the principal name of the SSOToken
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The Principal name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the Principal.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public java.security.Principal getPrincipal() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return ldapBindDN;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            String name = session.getProperty("Principal");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            java.security.Principal principal = new SSOPrincipal(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return principal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.message("Can't get token principal name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the authentication method used for the authentication.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The authentication method.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the authentication method.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getAuthType() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return ("LDAP");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // auth type may be a list of auth types separated by "|". This can
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // happen because of session upgrade. The list is assumed to have
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // a format like "Ldap|Cert|Radius" with no space between separator.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            // this method simply returns the first auth method in that list.
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            String types = session.getProperty("AuthType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            int index = types.indexOf("|");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (index != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return (types.substring(0, index));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return (types);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token authentication type");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the authentication level of the authentication method used for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * for authentication.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The authentication level.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the authentication level.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public int getAuthLevel() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("getAuthLevel");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
4dc32d1e92477080fa1652a865cadc3f63ae04edBrian Bailey            // The property AuthLevel may contain realm information, e.g. "/:10". If so, strip this out.
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            String authLevelFull = session.getProperty("AuthLevel");
3e9693aa1fe0454cabcfcf9020cf1db11258946eBrian Bailey            int indexOfStartOfIntegerPart = authLevelFull.lastIndexOf(":") + 1;
4dc32d1e92477080fa1652a865cadc3f63ae04edBrian Bailey            String authLevelInteger = authLevelFull.substring(indexOfStartOfIntegerPart);
3e9693aa1fe0454cabcfcf9020cf1db11258946eBrian Bailey            return Integer.valueOf(authLevelInteger);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token authentication level");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the IP Address of the client(browser) which sent the request.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The IP Address of the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the IP Address of the client.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public InetAddress getIPAddress() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (ldapConnect == true) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return InetAddress.getLocalHost();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            String host = session.getProperty("Host");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if ((host == null) || (host.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                throw new SSOException(SSOProviderBundle.rbName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    "ipaddressnull", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return InetAddress.getByName(host);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get client's IPAddress");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the host name of the client(browser) which sent the request.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The host name of the client
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the host name of the client.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getHostName() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return (InetAddress.getLocalHost()).getHostName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            String hostName = session.getProperty("HostName");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if ((hostName == null) || (hostName.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                throw new SSOException(SSOProviderBundle.rbName, "hostnull",
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return hostName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get client's token Host name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the time left for this session based on max session time
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The time left for this session
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @throws SSOException if the SSOToken is not VALID or if there are errors in getting the maximum session time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public long getTimeLeft() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("getTimeLeft");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return session.getTimeLeft();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token maximum time");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the maximum session time in minutes.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The maximum session time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the maximum session time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public long getMaxSessionTime() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("getMaxSessionTime");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return session.getMaxSessionTime();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token maximum time");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the session idle time in seconds.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The session idle time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the idle time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public long getIdleTime() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("getIdleTime");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return session.getIdleTime();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token idle time");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the maximum session idle time in minutes.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The maximum session idle time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the maximum idle time.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public long getMaxIdleTime() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("getMaxIdleTime");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return session.getMaxIdleTime();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't get token maximum idle time");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns SSOToken ID object
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return SSOTokenID
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public SSOTokenID getTokenID() {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (ssoToken != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return (ssoToken.getTokenID());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        return (new SSOTokenIDImpl(session.getID()));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Sets a property for this token.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            The property name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            The property value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in setting the property name and value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    public void setProperty(String name, String value) throws SSOException {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            ldapTokenProperty.put(name, value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            session.setProperty(name, value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't set property:  " + name + " "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    private String getPropertyInternal(String name, boolean logError) throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String property = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (ssoToken != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            property = ssoToken.getProperty(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (property == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                property = ((String) ldapTokenProperty.get(name));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                    property = session.getProperty(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if(logError){
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford                        SSOProviderImpl.debug.error("Can't get property: " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }else{
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (SSOProviderImpl.debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            SSOProviderImpl.debug.message("Can't get property: " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return property;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the property stored in this token.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            The property name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The property value in String format.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in getting the property value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    public String getProperty(String name) throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return getPropertyInternal(name, true);
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the property stored in this token.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            The property name.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @param ignoreState
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            ignoreState flag.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The property value in String format.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID and if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         ignoreState is set to false.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    public String getProperty(String name, boolean ignoreState) throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        String property;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (SSOProviderImpl.debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                SSOProviderImpl.debug.message("SSOTokenImpl.getProperty():" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        " Calling getProperty(name)");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            property = getPropertyInternal(name, false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (SSOException e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if(ignoreState) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (SSOProviderImpl.debug.messageEnabled()) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                    SSOProviderImpl.debug.message("SSOTokenImpl.getProperty():  getProperty(name) failed because of:" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    SSOProviderImpl.debug.message("SSOTokenImpl.getProperty():"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        + " Falling back to getPropertyWithoutValidation()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                property = session.getPropertyWithoutValidation(name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (SSOProviderImpl.debug.messageEnabled()) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                    SSOProviderImpl.debug.message("SSOTokenImpl.getProperty(): Value of " + name + " is: " + property);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } else {
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford                throw e;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return property;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Adds a sso token listener for the token change events.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param listener
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            A reference to a SSOTokenListener object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException if the SSOToken is not VALID or if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         there are errors in adding the sso token listener.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public void addSSOTokenListener(SSOTokenListener listener)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (!ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                SessionListener ssoListener = new SSOSessionListener(listener);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                session.addSessionListener(ssoListener);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                SSOProviderImpl.debug.error("Couldn't add listener to the token"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    + getTokenID().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * Returns true if the SSOToken is valid, allowing the token to be refreshed if necessary.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if the SSOToken is valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean isValid() {
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford        return isValid(true);
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford    }
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford    /**
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * Returns true if the SSOToken is valid, allowing the idle time to be reset only if the flag is true.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @param possiblyResetIdleTime possibly reset the idle time if true, never reset it if false
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @return true if the SSOToken is valid, false otherwise.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     */
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford    public boolean isValid(boolean possiblyResetIdleTime) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            int state = session.getState(possiblyResetIdleTime);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return (state == VALID) || (state == INACTIVE);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Checks if the SSOTOken is valid
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException is thrown if the SSOToken is not valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @deprecated THIS METHOD WILL BE REMOVED ON 3/15/01. INSTEAD USE
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *             SSOTokenManager.getInstance().validateToken(SSOToken)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public void validate() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                return;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            int state = session.getState(true);
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            if (state != VALID && state != INACTIVE) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott                throw new SSOException(SSOProviderBundle.rbName, "invalidstate", null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns true if the token is for ldap connection.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if the token is for ldap connection.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean isLdapConnection() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return ldapConnect;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Sets the value of ldapConnect. It is used to destroy this token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param status LDAP Connection status.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    protected void setStatus(boolean status) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        ldapConnect = status;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the encoded URL , rewritten to include the session id.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     * @param url
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *            the URL to be encoded
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return the encoded URL if cookies are not supported or the url if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         cookies are supported.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String encodeURL(String url) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        checkTokenType("encodeURL");
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        return sessionURL.encodeURL(url, session);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Check if the token is created by direct ldap connection. If yes then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * throw unsupported exception
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param methodName Name of the method calling this check.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public void checkTokenType(String methodName) {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        if (ldapConnect) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            String str = methodName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    + "is an unsupported operation for tokens created"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    + "by direct ldap connection";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error(str);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new UnsupportedOperationException(str);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the Session Object.
0c893a059f84246bf91e2f0fbf63e4c92f8e5165Tony Bamford     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return Session object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    Session getSession() {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        return session;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns true if the SSOTokenID associated with this SSOToken is a
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * restricted token, false otherwise.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if the token is restricted
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException If we are unable to determine if the session is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *              restricted
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    public boolean isTokenRestricted() throws SSOException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            return session.isRestricted();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (SessionException se) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(se);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Given a restricted token, returns the SSOTokenID of the master token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * can only be used if the requester is an app token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param requester Must be an app token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param restrictedId The SSOTokenID of the restricted token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return The SSOTokenID string of the master token
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @throws SSOException If the master token cannot be dereferenced
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott    public String  dereferenceRestrictedTokenID(SSOToken requester, String restrictedId) throws SSOException {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott        String masterSID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        try {
35ab1c5bca11317474fe12bdd8d22c17cdaf2697Robert Wapshott            masterSID = session.dereferenceRestrictedTokenID(((SSOTokenImpl)requester).getSession(), restrictedId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } catch (Exception e) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            SSOProviderImpl.debug.error("Can't dereference master token for id :  " + restrictedId, e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            throw new SSOException(e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return masterSID;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}