authentication/audit/AbstractAuthenticationEventAuditor.java

563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste/*
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * The contents of this file are subject to the terms of the Common Development and
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * Distribution License (the License). You may not use this file except in compliance with the
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * License.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * specific language governing permission and limitations under the License.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * When distributing Covered Software, include this CDDL Header Notice in each file and include
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * Header, with the fields enclosed by brackets [] replaced by your own identifying
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * information: "Portions copyright [year] [name of copyright owner]".
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * Copyright 2015 ForgeRock AS.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joostepackage com.sun.identity.authentication.audit;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport static java.util.Collections.singleton;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport static org.forgerock.openam.audit.AuditConstants.NO_REALM;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport static org.forgerock.openam.utils.StringUtils.isNotEmpty;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.iplanet.dpro.session.service.InternalSession;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.iplanet.sso.SSOException;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.iplanet.sso.SSOToken;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.authentication.service.LoginState;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.authentication.util.ISAuthConstants;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.idm.AMIdentity;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.idm.IdUtils;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.shared.Constants;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport com.sun.identity.sm.DNMapper;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport org.forgerock.openam.audit.AuditEventFactory;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport org.forgerock.openam.audit.AuditEventPublisher;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport java.util.Collections;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joosteimport java.util.Set;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste/**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * Abstract auditor for constructing and logging authentication events.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste * @since 13.0.0
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Joostepublic abstract class AbstractAuthenticationEventAuditor {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected final AuditEventPublisher eventPublisher;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected final AuditEventFactory eventFactory;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    /**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * Constructor for {@link AbstractAuthenticationEventAuditor}.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param eventPublisher The publisher responsible for logging the events.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param eventFactory The factory that can be used to create the events.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    public AbstractAuthenticationEventAuditor(AuditEventPublisher eventPublisher, AuditEventFactory eventFactory) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        this.eventFactory = eventFactory;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        this.eventPublisher = eventPublisher;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    /**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * Get the universal user ID.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param principalName The principal name.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param realm The realm.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @return The universal user ID or an empty string if it could not be found.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected String getUserId(String principalName, String realm) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        if (isNotEmpty(principalName) && isNotEmpty(realm)) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            AMIdentity identity = IdUtils.getIdentity(principalName, realm);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            if (identity != null) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste                return identity.getUniversalId();
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        return "";
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    /**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * Get the tracking ID from the login state of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param loginState The login state of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @return The tracking ID or an empty string if it could not be found.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected Set<String> getTrackingIds(LoginState loginState) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        InternalSession session = loginState == null ? null : loginState.getSession();
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        String sessionContext = session == null ? null : session.getProperty(Constants.AM_CTX_ID);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        return sessionContext == null ? Collections.<String>emptySet() : singleton(sessionContext);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    /**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * Get the realm from the login state of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param loginState The login state of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @return The realm or null if it could not be found.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected String getRealmFromState(LoginState loginState) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        String orgDN = loginState == null ? null : loginState.getOrgDN();
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        return orgDN == null ? NO_REALM : DNMapper.orgNameToRealmName(orgDN);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    /**
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * Get the realm from the {@Link SSOToken} of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     *
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @param token The {@Link SSOToken} of the event.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     * @return The realm or null if it could not be found.
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste     */
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    protected String getRealmFromToken(SSOToken token) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        try {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            String orgDN = token == null ? null : token.getProperty(ISAuthConstants.ORGANIZATION);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            return orgDN == null ? NO_REALM : DNMapper.orgNameToRealmName(orgDN);
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        } catch (SSOException e) {
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste            return NO_REALM;
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste        }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste    }
563b922249eadd0562ddea89c52ed308c2d31c0aJaco Jooste}