/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FilesRepo.java,v 1.22 2008/07/02 17:21:21 kenwho Exp $
*
* Portions Copyrighted 2011-2016 ForgeRock AS.
*/
/**
* This class stores identity information in flat files using
* <code>java.io.File</code> classes. The directory structure is organized as
* follows: The root directory is specified by the instance configuration
* parameter <code>"sunFilesIdRepoDirectory"</code>. If not specified, it
* Under the root directory are sub-directories for each identity type (i.e.,
* users, roles, agents, etc). In these sub-directories an identity is stored
* as a properties file.
*/
// Class name
"com.sun.identity.idm.plugins.files.FilesRepo";
// SMS Configurations
// Root directory
// User object classes
// Password attribute
// Status attribute
// Attributes to be hashed
// Attributes to be encrypted
// Attribute to enable cache update
// Attribute to define cache update time
// Objectclass attribute
// Supported operations
// Cache of Identity objects
// Cache of time last modified identity objects
// Flag to run a thread to validate the cache
boolean cacheUpdateEnabled;
int updateCacheInterval;
// Default directory to store identity data
// Password attribute
// Status attribute
// User objectclasses attribute
// Role membership attribute
// Group members attribute
// Attributes to be hashed
// Attributes to be encrypted
// IdRepo listner to send notifications
// Initialization exception
// Initialize supported types and operations
static {
}
public FilesRepo() {
// do nothing
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#initialize(java.util.Map)
*/
super.initialize(configParams);
// Get the directory to store the identity information
try {
} catch (IdRepoException ide) {
}
}
// Get password attribute
}
// Get objectclass attribute
}
// Get status attribute
}
// Get attributes to be hashed
}
// Get attributes to be encyrpted
}
// Flag to update cache
cacheUpdateEnabled = true;
try {
value);
} catch (NumberFormatException nfe) {
// Default to 10 minutes
updateCacheInterval = 10;
}
}
new CacheUpdateRunnable(this), new Date(
((currentTimeMillis() + (updateCacheInterval *
60 * 1000)) / 1000) * 1000));
}
}
if (debug.messageEnabled()) {
"\n\tUser Objectclasses: " + userOCs +
"\n\tPassword Attr: " + passwordAttribute +
"\n\tStatus Attr: " + statusAttribute +
"\n\tAttrs Hashed: " + hashAttributes +
"\n\tAttrs Encyrpted: " + encryptAttributes +
"\n\tUpdate Cache: " + cacheUpdateEnabled +
"\n\tUpdate Interval: " + updateCacheInterval);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#addListener(com.iplanet.sso.SSOToken,
* com.iplanet.am.sdk.IdRepoListener)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
return 0;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#assignService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
+ "\n\tSchema=" + stype);
}
if (initializationException != null) {
throw (initializationException);
}
// Update the objectclass and set attributes
&& serviceOcs != null) {
// Update objectclasses
}
} else {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#create(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
throw (initializationException);
}
// Check if identity exists
// If type is user, add the configured object classes
} else {
}
// Create the identity
// %%% Send notification (must be via a different thread)
if (repoListener != null) {
}
} else {
// throw exception
}
} else {
}
return (name);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#delete(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
throw (initializationException);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAssignedServices(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Map)
*/
if (debug.messageEnabled()) {
+ "\n\tmapOfServicesAndOCs=" + mapOfServicesAndOCs);
}
if (initializationException != null) {
"FilesRepo.getAssignedServices: throwing initialization exception");
throw (initializationException);
}
// Get objectclasses for the identity
return (Collections.EMPTY_SET);
}
// Check ocs against the mapOfServicesAndOCs
.hasNext();) {
}
}
return (answer);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Set)
*/
if (debug.messageEnabled()) {
+ "\n\treturn attributes=" + attrNames);
}
if (initializationException != null) {
"FilesRepo.getAttributes: throwing initialization exception");
throw (initializationException);
}
// Get all the attributes and return the subset
} else {
}
}
}
return (answer);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw (initializationException);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
.hasNext();) {
int i = 0;
try {
}
} catch (UnsupportedEncodingException e) {
// Ignore the exception
}
}
return (binaryAttributes);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setBinaryAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Map, boolean)
*/
public void setBinaryAttributes(
boolean isAdd
) throws IdRepoException, SSOException {
if (attributes == null) {
return;
}
// Convert byte[][] attributes values to Set and save it
{
try {
for (int i = 0; i < size; i++) {
}
} catch (UnsupportedEncodingException e) {
// Ignore the exception
}
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMembers(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String,
* com.sun.identity.idm.IdType)
*/
) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
": " + membersType);
}
if (initializationException != null) {
"FilesRepo.getMembers: throwing initialization exception");
throw (initializationException);
}
// Memers can be returned for roles and groups
"FilesRepo.getMembers supported for roles and groups");
throw new IdRepoException(IdRepoBundle.getString(IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED),
}
// Set to maintain the members
// Process group members
// Read the group files and return the membership attribute
// Iterate through members and add to results only if "membersType"
// matches
}
}
}
// Get the list of all "membersType" and check if they belong
// to the group
) {
i.hasNext(); ) {
// Check if user belongs to the role
}
}
}
} else {
// throw unsupported operation exception
}
return (results);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getMemberships(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, com.sun.identity.idm.IdType)
*/
if (debug.messageEnabled()) {
}
if (initializationException != null) {
"FilesRepo.getMemeberships: throwing initialization exception");
throw (initializationException);
}
// Memerships can be returned for users and agents
"FilesRepo:getMemberships supported for users and agents");
throw (new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args));
}
// Set to maintain the members
// Get the role attribute and return
}
}
// Get the list of groups and search for memberships
) {
// Prefix name with IdType
}
}
}
} else {
// throw unsupported operation exception
membershipType.getName() };
}
return (results);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
attrNames, true));
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* java.util.Set)
*/
throws IdRepoException, SSOException {
attrNames, false));
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getServiceAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.lang.String, java.util.Set)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
if (initializationException != null) {
"FilesRepo.getServiceAttributes: throwing initialization exception");
throw (initializationException);
}
) {
// Unsupported Operation
}
// Get attributes from Identity Object
}
// For types role and realm, return the attributes
return (results);
}
// Get the roles for the identity and add the service attributes
try {
} catch (FilesRepoEntryNotFoundException fnf) {
}
// Add the attributes to results
if (idAttrValues == null) {
} else {
if (isString) {
} else {
byte[][] resultsArr =
byte[][] roleArr =
}
}
}
}
// Get the service attributes for the realm and add it
"ContainerDefaultTemplateRole", attrNames)
"ContainerDefaultTemplateRole", attrNames));
// Add the attributes to results
if (idAttrValues == null) {
} else {
// combine the values
if (isString) {
} else {
}
}
}
return (results);
}
if (resultsArr != null) {
byte[][] tmpSet = new byte[combinedSize][];
tmpSet[i] = (byte[]) resultsArr[i];
}
}
resultsArr = tmpSet;
} else {
}
return(resultsArr);
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#isExists(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
throw (initializationException);
}
boolean entryExists = true;
try {
} catch (FilesRepoEntryNotFoundException fe) {
entryExists = false;
}
return entryExists;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyMemberShip(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set, com.sun.identity.idm.IdType, int)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
if (initializationException != null) {
"FilesRepo.modifyMemberShip: throwing initialization exception");
throw (initializationException);
}
}
if (debug.messageEnabled()) {
+ "Membership to users and agents is not supported");
}
throw new IdRepoException(IdRepoBundle.getString(IdRepoErrorCode.MEMBERSHIP_TO_USERS_AND_AGENTS_NOT_ALLOWED),
}
) {
if (debug.messageEnabled()) {
"type cannot be made a member of any identity" +
membersType.getName());
}
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIPS_FOR_NOT_USERS_NOT_ALLOWED, args);
}
// add the identities to the user's group membership
}
} else {
}
}
// Save the results
// Get role attribute
}
}
} else {
}
// Save the attribute
}
} else {
throw new IdRepoException(IdRepoBundle.BUNDLE_NAME, IdRepoErrorCode.MEMBERSHIP_CANNOT_BE_MODIFIED, args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#modifyService(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.lang.String,
* com.sun.identity.sm.SchemaType, java.util.Map)
*/
throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
if (initializationException != null) {
"FilesRepo.modifyService: throwing initialization exception");
throw (initializationException);
}
) {
// Set the attributes
} else {
"305", args);
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeAttributes(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.util.Set)
*/
}
// %%% Send notification (must be via a different thread)
if (repoListener != null) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#removeListener()
*/
public void removeListener() {
repoListener = null;
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map, boolean)
*/
if (crestQuery.hasQueryId()) {
}
throw new IdRepoException("FilesRepo.search does not support queryFilter searches");
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, int, int,
* java.util.Set, boolean, int, java.util.Map, boolean)
*/
if (initializationException != null) {
throw (initializationException);
}
if (debug.messageEnabled()) {
}
// Directory to start the search
}
// Check if attribute mapping has to be done
// Check if the attributes match
) {
) {
// Check if the attribute is present
addResult = true;
break;
}
addResult = false;
break;
}
} else {
// Check if the values are present
if (matchValues != null &&
addResult = true;
break;
}
addResult = false;
break;
}
}
}
if (addResult) {
}
}
} else {
}
// Build RepoSearchResults
} else if (returnAttrs.isEmpty()) {
} else {
returnAttrs));
}
}
if (debug.messageEnabled()) {
}
resultsWithAttrs, type));
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#search(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean, int, int, java.util.Set)
*/
boolean recursive,
int maxResults,
int maxTime,
) throws IdRepoException, SSOException {
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#setAttributes(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String, java.util.Map,
* boolean)
*/
public void setAttributes(
boolean isAdd
) throws IdRepoException, SSOException {
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw (initializationException);
}
}
// Hash the new attributes, if any
if (!isAdd) {
} else {
) {
} else {
}
}
}
// %%% Send notification (must be via a different thread)
if (repoListener != null) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#unassignService(
* com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
* java.lang.String, java.lang.String, java.util.Map)
*/
if (debug.messageEnabled()) {
}
if (initializationException != null) {
throw (initializationException);
}
// Need to selectively remove the objectclassess
// First get the objectclasses
(serviceOCs != null)
) {
}
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getSupportedOperations(
* com.sun.identity.idm.IdType)
*/
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#getSupportedTypes()
*/
return supportedOps.keySet();
}
/*
* (non-Javadoc)
*
* @see com.sun.identity.idm.IdRepo#isActive(com.iplanet.sso.SSOToken,
* com.sun.identity.idm.IdType, java.lang.String)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
throw (initializationException);
}
if (attributes == null) {
}
return true;
} else {
}
}
/* (non-Javadoc)
* @see com.sun.identity.idm.IdRepo#setActiveStatus(
com.iplanet.sso.SSOToken, com.sun.identity.idm.IdType,
java.lang.String, boolean)
*/
throws IdRepoException, SSOException {
if (initializationException != null) {
throw (initializationException);
}
if (active) {
} else {
}
}
private static void loadSupportedOps() {
if (debug.messageEnabled()) {
}
}
if (initializationException != null) {
throw (initializationException);
}
null);
}
}
public boolean supportsAuthentication() {
return (true);
}
if (initializationException != null) {
throw (initializationException);
}
// Obtain user name and password from credentials and authenticate
if (credentials[i] instanceof NameCallback) {
if (debug.messageEnabled()) {
username);
}
} else if (credentials[i] instanceof PasswordCallback) {
}
}
}
return (false);
}
// Get user's password attribute
// Try agent
}
) {
// Could not find user or agent, return false
return (false);
}
if (debug.messageEnabled()) {
}
return (false);
}
}
if (debug.messageEnabled()) {
}
}
throws IdRepoException
{
try {
if (debug.messageEnabled()) {
}
} catch (FilesRepoEntryNotFoundException fe) {
if (debug.messageEnabled()) {
}
} catch (SSOException ssoe) {
// Can ignore this as this won't happen. No token was passed.
}
return attributes;
}
// -----------------------------------------------
// private methods to manage directory structure
// -----------------------------------------------
// Methods for cache management
// Initialize, read and write methods
// Check if roor dir exists, if not create
// Unable to create the directory
} else if (!root.isDirectory()) {
// Not a directory
}
// Check sub-directories
// Unable to create the directory
args);
} else if (!dir.isDirectory()) {
// Not a directory
args);
}
// Create realm ContainerDefaultTemplateRole
// Write an empyt map to the file
}
}
}
}
// Construct file name
}
// Convert Map to AttributeValuePairs and write to file
try {
// update the cache
if (debug.messageEnabled()) {
}
} catch (IOException e) {
if (debug.messageEnabled()) {
}
} finally {
}
}
}
// Check in cache & if time is curent
if ((lastModified != null) &&
return (answer);
}
// At times the incoming object name is all normalized to
// lowercase. This avoids the filenotfound exception when the
// object in flatfile repository is saved as mixed case filenames.
break;
}
} else {
break;
}
}
try {
}
// Convert HashMap to CaseInsensitiveHashMap
answer = new CaseInsensitiveHashMap();
}
// Add to cache
} catch (FileNotFoundException fn) {
if (debug.messageEnabled()) {
}
} catch (IOException e) {
if (debug.messageEnabled()) {
fileName, e);
}
} finally {
try {
} catch (IOException e) {
if (debug.warningEnabled()) {
"FilesRepo.redFile: read error: " + fileName, e);
}
}
}
}
return (answer);
}
public static void clearCache() {
identityCache = new CaseInsensitiveHashMap();
}
// Convert to CaseInsensitiveHashMap
}
try {
}
} catch (Throwable e) {
// Printing the attribute value could be security issue
"FilesRepo.processAttributes: unable to encode", e);
}
} else {
}
}
return (answer);
}
return (attrs);
}
// Decode the attributes
try {
} catch (Throwable e) {
// Printing the attribute value could be security issue
}
}
}
}
return (attrs);
}
// Method to compare wild card attribute values
return (true);
}
}
return (true);
}
}
return (false);
}
// File name filter inner class
// Pattern to match
// Default constructor
// Replace "*" with ".*"
while (idx != -1) {
}
}
}
return (true);
} else {
}
}
}
// Cache update thread
repo = r;
}
public void run() {
file.lastModified())) {
if (debug.messageEnabled()) {
"File modified: " + fileName);
}
// send notficiation to supported type.
while (supTypeIter.hasNext()) {
// Send notification
} else {
}
}
if (debug.messageEnabled()) {
"Notification Sent: " + fileName);
}
}
}
}
return false;
}
return false;
}
public boolean isEmpty() {
return false;
}
public long getRunPeriod() {
}
}
}