LdapSPValidator.java revision 70893ec9c113a0893a6c128528765eebba7ba5db
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: LdapSPValidator.java,v 1.6 2009/10/29 17:35:07 ericow Exp $
*
*/
/*
* Portions Copyrighted 2011-2015 ForgeRock AS.
* Portions Copyrighted 2012 Open Source Solution Technology Corporation
*/
public class LdapSPValidator implements SPValidator {
private static final String LDAP_ATTR_NAME =
"sunIdentityServerDeviceKeyValue";
private static final String LDAP_STATUS_ATTR_NAME =
"sunIdentityServerDeviceStatus";
private static final int PROVIDER_ID_ATTR_LEN = 13;
private static final int HOSTNAME_ATTR_LEN = 9;
private static final int HTTPS_DEFAULT_PORT = 443;
private static final int HTTP_DEFAULT_PORT = 80;
public LdapSPValidator() {
exception = new IdRepoException(
}
}
/**
* Returns token restriction.
* The method does the following operations:
* <ol>
* <li>Validates the AuthRequest by checking the Provider ID againt the
* agent instances in the directory</li>
* <li>From the agent instance in the directory, checks if the agent is
* active and also checks the gotoURL is protected by the agent</li>
* <li>Combines the hostnames and IP addresses valid for the agent
* and sets them as the restriction for the SSO Token</li>
* </ol>
*
* @param request Federation Service Authentication Request.
* @param gotoURL Goto URL.
* @return token restriction.
*/
) throws Exception {
// Check for initialization exceptions
throw (exception);
}
/*
* Search directory for provider ID and if present
* return DN, valid IP and hostnames as restriction
*/
if (idx != -1) {
}
}
.append("://")
.append(":")
.append("/");
// Search for agent instances
try {
// Make sure there is atleast one entry in the directory
"LdapSPValidator.validateAndGetRestriction: " +
"Invalid Agent Root URL: " + rootPrefix);
}
throw new Exception(
}
// Obtain the DNs and hostlists from the entries
boolean gotoUrlValid = false;
//use default port when port is not specified explicitly
if(gotoPort == -1){
} else {
}
}
if (attributes != null) {
if (isAgentActive(attributes)) {
) {
} else {
}
gotoUrlValid = true;
}
}
}
}
}
if (!gotoUrlValid) {
"LdapSPValidator.validateAndGetRestriction" +
}
throw (new Exception(
"Goto URL not valid for the agent Provider ID"));
}
"LdapSPValidator.validateAndGetRestriction: " +
"Restriction string for: " +
}
return new NoOpTokenRestriction();
} else {
}
"Invalid Agent: Could not get agent for the realm", ex);
throw (new Exception(
"Invalid Agent: Could not get agent for the realm"));
}
}
throws Exception {
/*
* Search for attribute "sunIdentityServerDeviceKeyValue:
* sunIdentityServerAgentRootURL=<rootURL>"
*/
try {
adminToken, realm);
} else {
}
return sr.getResultAttributes();
} catch (IdRepoException ire) {
} catch (SSOException ssoe) {
}
}
boolean agentIsActive = false;
if (attributes != null) {
}
}
return agentIsActive;
}
private boolean validateGotoUrl(
int gotoPort
) throws MalformedURLException {
boolean valid = false;
}
}
return valid;
}
}
}
}
}
}