8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: DNMapper.java,v 1.13 2009/11/20 23:52:56 ww203982 Exp $
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington * Portions Copyrighted 2011-2015 ForgeRock AS.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport static org.forgerock.openam.ldap.LDAPUtils.rdnValue;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class is used to convert a DN to iplanet UID and vice versa.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Look for realmEnabled and cache the value.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static boolean realmEnabled = ServiceManager.isRealmEnabled();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This set is used in reversing the realm names to sdk format.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington DN dn = DN.valueOf(SMSEntry.baseDN).child(SMSEntry.SERVICES_RDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Converts orgname which is "/" seperated to DN, else if DN normalize the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DN and return
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String orgNameToDN(String orgName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if it is null or empty
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (orgName == null || orgName.trim().length() == 0
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check in cache
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Check if orgName is a valid DN. If so, check if realmEnabled. if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * realmEnabled, 1) Check if rest of the DN (before the baseDN) has "o"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * as the naming attribute. If not, replace it with 'o' and concat the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value with the previous naming attribute. eg.,if orgName is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * dc=abc,l=xyz,o=coke,ou=services,dc=iplanet,dc=com then, the final
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * string should be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * o=dc_abc,o=l_xyz,o=coke,ou=services,dc=iplanet,dc=com 2) Check if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "ou=services" is present in the orgName. If not add it to the
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // If orgName is either the baseDN or root service's DN
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // return the baseDN
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Check if orgdn is a hidden internal realm, if so return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if (orgdnlc.startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington orgdn = orgdnObject.rdn().toString() + "," + serviceDN;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Add to cache and return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Check for root suffix and SMS base DN
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Add to cache and return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // If realm is enabled, normalize the DN and return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Check for baseDN
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington int indx = orgdn.lastIndexOf(SMSEntry.COMMA);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington if (orgdn.substring(indx).equals(SMSEntry.COMMA)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington debug.message("DNMapper.orgNameToDN():orgdn " + orgdn);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington String answer = normalizeDN(orgdn) + serviceDN;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington debug.message("DNMapper.orgNameToDN(" + orgName + ")="
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Add to cache and return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Check if "ou=services" is present, if present remove it
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington orgdn = replaceString(orgdn, ",ou=services,", ",");
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // Add to cache and return
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // When SMS Migration to 7.0 happens, the coexist mode is
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // 'true' and realm is 'false'. In coexist mode, the
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // 'ou=services' gets removed. But we need the new realm node
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // for data migration from old DIT to new realm tree.
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // So after creation of the realm during SMSMigration70,
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // we set the DNMapper.migration flag to true to avoid
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // removal of 'ou=services' from the newly formed realm DN
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington // and return the orgdn as such to the serviceconfig* class.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // The org name is "/" separated, construct the DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.orgNameToDN(" + orgName + ")="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Add to cache
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static void updateCache(String orgName, String realmName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // %%% TODO Need to check the size and remove least recently used
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Converts realm name to AMSDK compliant organization name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String realmNameToAMSDKName(String realmName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.realmNameToAMSDKName realmName ="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.realmNameToAMSDKName orgDN =" + dn);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check for baseDN and internal hidden realm names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || dnlc.startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If realm is not enabled, remove "ou=services" node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder buf = new StringBuilder(dn.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String orgAttr = OrgConfigViaAMSDK.getNamingAttrForOrg();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // If orgAttr is null or is "o", return after removing "ou=services"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || orgAttr.equalsIgnoreCase(SMSEntry.ORGANIZATION_RDN)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String answer = replaceString(dn, ",ou=services,", ",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.realmNameToAMSDKName sdkName ="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Remove the baseDN and parse the DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Try the baseDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String answer = (index == -1) ? dn : dn.substring(0, index - 1);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington buf.append(orgAttr).append(SMSEntry.EQUALS).append(rdnValue(rdn));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Append baseDN and return
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.realmNameToAMSDKName sdkName ="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns realm name in "/" separated format for the provided
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * realm/organization name in DN format.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Name of organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return DN format "/" separated realm name of organization name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String orgNameToRealmName(String orgName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgName == null) || (orgName.length() == 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (orgName.equalsIgnoreCase(SMSEntry.baseDN) ||
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if orgName ends with baseDN or serviceDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnSet = SMSEntry.parseResult(resultSet, serviceDN, true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (orgdnlc.endsWith(SMSEntry.baseDN)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster returnSet = SMSEntry.parseResult(resultSet, serviceDN, true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (returnSet != null && !returnSet.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster answer.append(returnSet.iterator().next().toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Splits a string and returns the tokens.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param str original String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a String Array object of tokens after split.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Replaces a string with another string in a String object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param originalString original String.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token string to be replaced.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param newString new string to replace token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return a String object after replacement.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static String replaceString(String originalString, String token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (!originalString.startsWith(SMSEntry.SLASH_STR)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster originalString.substring(idx).indexOf(SMSEntry.SLASH_STR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // This is to escape "/" embedded in realm names.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster originalString = originalString.substring(0, slashndx) +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "/" + originalString.substring(slashndx+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster originalString.indexOf(SMSEntry.SLASH_STR, slashndx+5);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster originalString = originalString.substring(0, idx) + newString
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster idx = originalString.indexOf(token, idx + lenToken);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.replaceString() " + originalString);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Normalized the DN as per the Realm requirements for organization name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringBuilder buf = new StringBuilder(orgName.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.normalizeDN():orgName "+ orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgAttr = OrgConfigViaAMSDK.getNamingAttrForOrg();
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington String placeHold = (realmEnabled) ? SMSEntry.ORGANIZATION_RDN : orgAttr;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if orgName is a hidden internal realm,if so prepend with o
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster startsWith(SMSEntry.SUN_INTERNAL_REALM_PREFIX)) {
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington buf.append(SMSEntry.EQUALS).append(rdnValue(rdn)).append(SMSEntry.COMMA);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington debug.message("DNMapper.normalizeDN():finalorgdn {}", buf);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Converts "/" separted organization names to DN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster static StringBuffer convertToDN(String orgName) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String placeHold = (realmEnabled) ? SMSEntry.ORGANIZATION_RDN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer strtok = new StringTokenizer(orgName, "/");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String theOrg = (String) arr.get(size - i - 1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if orgdn is a hidden internal realm, if so prepend with o
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.convertToDN():finalorgdn "+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String realmName = SMSSchema.unescapeName(buf.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.convertToDN():realmName "+realmName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("DNMapper.convertToDN():newRealmName "+