8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AttributeValidator.java,v 1.10 2009/11/03 00:06:31 hengming Exp $
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.ums.validation.BooleanValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.ums.validation.FloatValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.ums.validation.MailAddressValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.ums.validation.NumberValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The class <code> AttributeValidator </code> provides methods by which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * ServiceConfig data to be stored in the Directory, can be validated against
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the relevant Service Schema. The validator needs to check against the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * relevant Schema to validate the attribute syntax and type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Static variables
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final MailAddressValidator mailValidator =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final BooleanValidator boolValidator = new BooleanValidator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final NumberValidator numberValidator = new NumberValidator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final URLValidator urlValidator = new URLValidator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final FloatValidator floatValidator = new FloatValidator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static final DNValidator dnValidator = new DNValidator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Instance variables
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the service schema which will be used to validate the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method validates the syntax of the Attribute values against what it
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is supposed to be in the ServiceSchema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Set of all the values for this attribute.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param encodePassword
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if true, the values will be encrypted if the attribute's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * syntax is password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return boolean true or false depending on whether the values are valid.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * @throws SMSException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean validateSyntax(Set values, boolean encodePassword)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema.Syntax syntax = as.getSyntax();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((syntax.equals(AttributeSchema.Syntax.STRING))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || (syntax.equals(AttributeSchema.Syntax.PARAGRAPH))
f56a278c148b90f6c2a675e0c1fa8686ca5abed4Robert Wapshott || (syntax.equals(AttributeSchema.Syntax.SCRIPT))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || (syntax.equals(AttributeSchema.Syntax.BOOLEAN))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || (syntax.equals(AttributeSchema.Syntax.DATE))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.EMAIL)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This condition is required because console is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * passing a set of empty string. Without this check,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * mailValidator will validate empty string for email
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * address and fail
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ( (values.size() == 1) && (val.length() == 0) ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || syntax.equals(AttributeSchema.Syntax.ENCRYPTED_PASSWORD)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Encrypt the passwords
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator it = values.iterator(); it.hasNext();) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AttributeValidator: Unable to encode", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.NUMERIC)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || syntax.equals(AttributeSchema.Syntax.NUMBER)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!numberValidator.validate((String) it.next())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.PERCENT)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || syntax.equals(AttributeSchema.Syntax.DECIMAL_NUMBER)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!floatValidator.validate((String) it.next())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.NUMBER_RANGE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((startRange == null) && (endRange == null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.DECIMAL_RANGE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((startRange == null) && (endRange == null)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (syntax.equals(AttributeSchema.Syntax.DN)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Doesn't fit any of these supported syntax??
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new SMSException(IUMSConstants.UMS_BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method validates the type of the Attribute values against what it is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * supposed to be in the ServiceSchema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Set of all the values for this attribute.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return boolean true or false depending on whether the values are valid.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * @throws SMSException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private boolean validateType(Set values, Map env) throws SMSException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.equals(AttributeSchema.Type.SINGLE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.equals(AttributeSchema.Type.SINGLE_CHOICE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // we may not be able validate choice type attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // correctly during installation time or when importing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String val = (it.hasNext()) ? (String) it.next() : null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.equals(AttributeSchema.Type.MULTIPLE_CHOICE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // we may not be able validate choice type attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // correctly during installation time or when importing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean match = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.equals(AttributeSchema.Type.VALIDATOR)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (type.equals(AttributeSchema.Type.SIGNATURE)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Doesn't fit any of these supported type??
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new SMSException(IUMSConstants.UMS_BUNDLE_NAME,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Validates a map of Attributes and values against Service Schema
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrVals
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Set of attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param i18nFileName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Resource bundle file name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param encodePassword
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if true, the values will be encrypted if the attribute's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * syntax is password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return boolean true or false depending on whether the values are valid.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * @throws SMSException
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * if values is invalid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean validate(Set attrVals, String i18nFileName, boolean encodePassword)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return validate(attrVals, i18nFileName, encodePassword,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Validates a map of Attributes and values against Service Schema
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * definition.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrVals
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Set of attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param i18nFileName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Resource bundle file name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param encodePassword
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if true, the values will be encrypted if the attribute's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * syntax is password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param envParam
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Map of environment parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return boolean true or false depending on whether the values are valid.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * @throws SMSException
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * if values is invalid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean validate(Set attrVals, String i18nFileName, boolean encodePassword,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // removing old values, no need to validate
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((attrVals == null) || (attrVals.isEmpty())){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || !validateSyntax(attrVals, encodePassword)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Validation Failed for attribute: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + as.getName() + " value:" + attrVals + " Env Map: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String[] args = { as.getName(), i18nFileName, as.getI18NKey() };
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "sms-attribute-values-does-not-match-schema", args));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "sms-attribute-values-does-not-match-schema", args));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method checks if the attribute name (as given by the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AttributeSchema) is present, and if missings adds the defaults values.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrs
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * A map of the attributes and their values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A map which is a union of the attributes provided and default
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * attribute values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Inherit the default values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster attrs.put(as.getName(), as.getDefaultValues());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Decrypt the password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator items = values.iterator(); items.hasNext();) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster vals.add(AccessController.doPrivileged(new DecodeAction(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AttributeValidator: Unable to decode", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method checks if attribute schema is of syntax password or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * encoded_password, if so it decrypts the password when it is stored in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrs
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * a Map of the attributes and their values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A map which is has replaced encrypted values with decrypted ones.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Decrypt the password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator items = values.iterator(); items.hasNext();) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster vals.add(AccessController.doPrivileged(new DecodeAction(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("AttributeValidator: Unable to decode", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Encodes attribute value if it is of syntax password or encoded_password.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrs Map of the attributes and their values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param encryptObj Encryptor
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return A map which is has replaced values with encrypted ones.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map encodedAttrs(Map attrs, AMEncryption encryptObj) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Encrypt the password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator items = values.iterator(); items.hasNext();) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster vals.add(AccessController.doPrivileged(new EncodeAction(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AttributeValidator.encodedAttrs: Unable to encode", e);