PolicyUtils.java revision a14393818a78c503f7715c393044b33c86e90195
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: PolicyUtils.java,v 1.16 2010/01/13 03:01:15 dillidorai Exp $
*
* Portions Copyrighted 2011-2015 ForgeRock AS.
* Portions Copyrighted 2014 Nomura Research Institute, Ltd
*/
/**
* The class <code>PolicyUtils</code> provides utility(static) methods
* that would be used by policy pacakge
*/
public class PolicyUtils {
public static boolean logStatus = false;
private static LogMessageProvider msgProvider;
private static Logger accessLogger;
private static Logger errorLogger;
private static Logger delegationLogger;
static {
if (logStatus) {
"amPolicyDelegation.access");
}
}
/**
* Adds a map to another map
* @param mapToAdd map that needs to be added
* Each key should be a String
* Each value would be a Set of String values
* @param toMap map the map to which the mapToAdd would be added
* Each key should be a String
* Each value would be a Set of String values
* @return the combined map which is also the toMap
* The combined map is formed by replacing the values
* for each key found in the addToMap to the toMap
*/
}
}
return toMap;
}
/**
* Appends a map to another map
* @param mapToAdd map that needs to be added
* Each key should be a String
* Each value would be a Set of String values
* @param toMap map the map to which the mapToAdd would be added
* Each key should be a String
* Each value would be a Set of String values
* @return the combined map which is also the toMap
* The combined map is formed by adding the values
* for each key found in the addToMap to the toMap.
* If a key was found both in addToMap and toMap,
* the new value for the key is the combined set of
* values for the key from the addToMap and original
* toMap
*/
}
}
return toMap;
}
/**
* @param key a String valued key
* @param values a set of String values
* Each key of the map should be a String
* Each value of the map should be a Set of String values
* @return the combined map which is also the toMap
* The combined map is formed by replacing the values
* for key in the toMap with argument values
*/
}
return toMap;
}
/**
* @param key a String valued key
* @param values a set of String values
* Each key of the map should be a String
* Each value of the map should be a Set of String values
* @return the combined map which is also the toMap
* The combined map is formed by adding the values
* for argument key to the toMap with the argument values.
* If the key is already present in addToMap,
* the new value for the key is the combined set of
* values for the key from argument values and original
* toMap
*/
} else {
}
}
return toMap;
}
/**
* Returns the display name for a given dn
* This implementation assumes the display name to be the value of
* the naming attribute of the entry. So, the value of the naming
* attribute is the return value.
* @param dn dn of the entry for which to get the display name
* @return disaplay name for the entry, this is same as the
* value of the naming attribute of the entry
*/
}
/**
* Appends a policy decision to another policy decision.
* i.e. Merges one policy decision to anothe policy decision.
* @param pd1 policy decision to be added
* @param pd2 policy decision to be merged into
* @return merged policy decision
* @throws PolicyException if the decision can not be merged
*/
while ( actionNames.hasNext()) {
}
return pd2;
}
/**
* Parses an XML node which represents a collection of
* the environment parameters and returns a map which contains
* these parameters.
* @param pNode the XML DOM node for the environment parameters.
* @return a map which contains the environment parameters
* @throws PolicyException if the node can not be parsed into a map
*/
throws PolicyException
{
}
if (attributeName == null) {
+ " missing attribute name");
}
+ " missing attribute value");
}
}
return envParams;
}
/**
* Parses an XML node which represents a collection of
* user response attributes and returns a set which contains the
* names of these attributes
* @param pNode the XML DOM node for the response attributes
* @return a set which contains the names of these attributes
* @throws PolicyException if the node can not be parsed into a set
*/
throws PolicyException
{
+ " missing element " + ATTRIBUTE);
}
+ " missing attribute " + ATTRIBUTE_NAME);
}
}
return attrs;
}
/**
* Parses an XML node which represents Attribute-Value pairs
* and returns a map of such values.
* @param pNode the XML DOM node containing Attribute-Value pairs
* as child nodes.
* @return a map which contains Attribute-Value pairs
*/
+"missing element " + ATTRIBUTE_VALUE_PAIR);
return null;
}
if (attributeName == null) {
+"():missing attribute name");
return null;
}
+"():missing attribute value");
return null;
}
}
return attrValuePairs;
}
/**
* Parses an XML node which represents an
* AttributeValuePair and returns the attribute name.
* @param pNode the XML DOM node for an AttributeValuePair
* @return the attribute name of the AttributeValuePair
*/
{
+"missing element " + ATTRIBUTE);
return null;
}
+ ATTRIBUTE);
return null;
}
return attrName;
}
/**
* Parses an XML node which represents an
* AttributeValuePair and returns the attribute values.
* @param pNode the XML DOM node for an AttributeValuePair
* @return the set of attribute values of the AttributeValuePair
*/
{
+"missing element " + VALUE);
return null;
}
}
else {
}
}
return values;
}
/**
* Converts a map which stores a set of
* environment parameters into its XML string representation.
* @param envMap a map respresents a collection of the parameters
* @return its XML string representation
*/
{
}
}
/**
* Converts a set which stores a set of
* response attribute names into its XML string representation.
* @param attrs a set of response attribute names
* @return XML string representation of set of attributes
*/
{
}
}
/**
* Converts a map
* to its XML string representation.
* @param envMap a map that has String valued keys. Value corresponding
* to each key should be a set of String(s).
* @return its XML string representation of env map
*/
{
}
}
/**
* Converts an attribute value pair into
* its XML string representation.
* @param name the attribute name of the attribute value pair
* @param values the attribute values of the attribute value pair
* @return XML string representation of attribue value pair
*/
{
}
}
}
/**
* Return a quoted string
* Surrounds a string on either side with double quote and returns
* the quoted string
* @param s string to be quoted
* @return quoted string
*/
if ( s == null ) {
s= "";
}
return "\"" + s + "\"";
}
/**
* Return a quoted string, quoting an <code>int</code>.
* Converts an <code>int</code> to string and quotes it on either side
* with double quote and returns the quoted string
* @param i <code>int</code> to be quoted
* @return quoted string
*/
}
/**
* Return a quoted string, quoting a <code>long</code>.
* Converts a <code>long</code> to string and quotes it
* on either side
* with double quote and returns the quoted string
* @param l <code>long</code> to be quoted
* @return quoted string
*/
}
/**
* Logs an access message
* @param msgIdName name of message id
* @param data array of data to be logged
* @param token session token of the user who did the operation
* that triggered this logging
*/
public static void logAccessMessage(
) throws SSOException {
}
public static void logAccessMessage(
) throws SSOException {
try {
if (msgProvider == null) {
}
} catch (IOException e) {
+ "disabling logging");
logStatus = false;
}
} else {
}
}
}
}
/**
* Logs an error message
* @param msgIdName name of message id
* @param data array of data to be logged
* @param token session token of the user who did the operation
* that triggered this logging
*/
public static void logErrorMessage(
) throws SSOException {
try {
if (msgProvider == null) {
}
} catch (IOException e) {
+ "disabling logging");
logStatus = false;
}
}
}
}
/**
* Returns the LDAP server host used by Access Manager SDK stored
* in <code>serverconfig.xml</code> file.
* For multiple hosts, the returned value is a space-delimited list
* of hosts.
*
* @return the LDAP server host used by Access Manager SDK. Returns null
* if unable to get the host.
*/
public static String getISDSHostName() {
try {
} catch (LDAPServiceException e) {
"Unable to get LDAP server host from DSConfigMgr: ", e);
return null;
}
}
/**
* Checks if the <code>hostName</code> is the same as
* the one used by the OpenAM SDK.
*
* @param hostName host name to compare against OpenAM SDK config store host
*
* @return true if <code>hostName</code> is the same as the one used by the
* OpenAM SDK, false otherwise
* @throws PolicyException if host names comparison does not succeed
*/
}
}
/**
* Constructs a search filter used in subject evaluation.
* If aliasEnabled is true, the user aliases will also be used
* to construct the search filter.
*
* @param token SSO token
* @param userRDNAttrName naming attribute
* @param userName the value of the user name
* @param aliasEnabled if true, user alias list will be used to construct
* the search filter
*
* @return search filter
*
* @throws SSOException if there is error when trying to retrieve
* token properties
*/
throws SSOException {
if (aliasEnabled) {
if (principalsString != null) {
while (st.hasMoreTokens()) {
continue;
}
}
}
}
}
}
// if alias is disabled or no alias found from token
} else {
}
if (debug.messageEnabled()) {
"PolicyUtils.constructUserFilter(): filter: " +
userFilter.toString());
}
return userFilter.toString();
}
/**
* Removes policy rules defined for a service.
* All the policy rules defined for a service in the system
* are removed.
* @param token session token of the user doing the operation
* @param serviceName name of the service
*/
throws SSOException,AMException {
try {
Policy p;
if (!p.isReferralPolicy()) {
if ((rule.getServiceTypeName())
if (PolicyManager.
{
"PolicyUtils.removePolicyRules():"+
+ruleName);
}
if (ruleDeleted != null ) {
}
}
}
} else {
//store the policies corresponding to DNs
} else {
}
//store DNs corresponding to levels wrt root
} else {
}
}
}
}
if ((rule.getServiceTypeName())
if (debug.messageEnabled(
)) {
"PolicyUtils.removePolicyRules():"+
"referral policy: " + policyName +
",rule: "+ruleName);
}
if (ruleDeleted != null ) {
}
}
}
}
}
}
} catch (PolicyException pe){
"PolicyUtils.removePolicyRules():" ,pe);
}
}
/**
* Parses a string into a set using the specified delimiter
* @param str string to be parsed
* @param delimiter delimiter used in the string
* @return the parsed set
*/
while (st.hasMoreTokens()) {
}
return valSet;
}
/**
* Returns a display string for an LDAP distinguished name.
*
* @param strDN distinguished name.
* @return display string for the LDAP distinguished name.
*/
/*
* Given a value of cn=Accounting Managers,ou=groups,dc=iplanet,dc=com,
* this method returns com > iplanet > groups > Accounting Managers
*/
} else {
}
}
}
}
return displayString;
}
/**
* Parses an XML string representation of policy advices and
* returns a Map of advices. The keys of returned map would be advice name
* keys. Each key is a String object. The values against each key is a
* Set of String(s) of advice values
*
* @param advicesXML XML string representation of policy advices conforming
* to the following DTD. The input string may not be validated against the
* dtd for performance reasons.
<!-- This DTD defines the Advices that could be included in
ActionDecision nested in PolicyDecision. Agents would post this
Advices to authentication service URL
Unique Declaration name for DOCTYPE tag:
"iPlanet Policy Advices Interface 1.0 DTD"
-->
<!ELEMENT AttributeValuePair (Attribute, Value*) >
<!-- Attribute defines the attribute name i.e., a configuration
parameter.
-->
<!ELEMENT Attribute EMPTY >
<!ATTLIST Attribute
name NMTOKEN #REQUIRED
>
<!-- Value element represents a value string.
-->
<!ELEMENT Value ( #PCDATA ) >
<!-- Advices element provides some additional info which may help the
client could use to influence the policy decision
-->
<!ELEMENT Advices ( AttributeValuePair+ ) >
*
* @return the map of policy advices parsed from the passed in advicesXML
* If the passed in advicesXML is null, null would be returned
* @throws PolicyException if there is any error parsing the passed in
* advicesXML
*/
throws PolicyException {
if(debug.messageEnabled()) {
+ " entering, advicesXML= " + advicesXML);
}
if (advicesXML != null) {
debug);
if (advicesNode != null) {
} else {
if(debug.messageEnabled()) {
"PolicyUtils.parseAdvicesXML():"
+ " advicesNode is null");
}
}
} else {
if(debug.messageEnabled()) {
"PolicyUtils.parseAdvicesXML():"
+ " document is null");
}
}
}
if(debug.messageEnabled()) {
+ " returning, advices= " + advices);
}
return advices;
}
/**
* Returns XML string representation of a <code>Map</code> of policy advices
* @param advices <code>Map</code> of policy advices
* @return XML string representation of policy advices
* @throws PolicyException if there is any error while converting
*/
throws PolicyException {
}
return advicesXML;
}
/**
* Checks if principal name and uuid are same in the session
* @param token session token
* @return <code>true</code> if the principal name and uuid
* are same in the session. Otherwise, <code>false</code>
* @throws SSOException if the session token is not valid
*/
throws SSOException {
}
/**
* Creates policy objects given an input stream of policy XML which
* confines to <code>com/sun/identity/policy/policyAdmin.dtd</code>.
*
* @param pm Policy manager.
* @param xmlPolicies Policy XML input stream.
* @throws PolicyException if policies cannot be created.
* @throws SSOException if Single Sign On token used to create policy
* manager is no longer valid.
*/
throws PolicyException, SSOException {
// Overload common method
}
/**
* Creates or replaces policy objects given an input stream of policy XML
* which confines to <code>com/sun/identity/policy/policyAdmin.dtd</code>.
*
* @param pm Policy manager.
* @param xmlPolicies Policy XML input stream.
* @param replace True if the policies should be replaced, otherwise create.
* @throws PolicyException if policies cannot be updated.
* @throws SSOException if Single Sign On token used to update policy
* manager is no longer valid.
*/
public static void createOrReplacePolicies(PolicyManager pm, InputStream xmlPolicies, boolean replace)
throws PolicyException, SSOException {
try {
for (int i = 0; i < len; i++) {
) {
if (replace) {
} else {
}
}
}
} catch (IOException e) {
} catch (SAXException e) {
} catch (ParserConfigurationException e) {
}
}
/**
* Returns deep copy of a <code>Map</Map>
* The passed in <code>Map</code> should have <code>String</code>
* object as keys and <code>Set</code> of <code>String</code>
* objects as values
*
* @param map <code>Map</code> that needs to be copied
* @return a deep copy of passed in <code>Map</code>
*/
} else {
}
}
}
return clonedMap;
}
} else {
return plainText;
}
}
if (encryptedText != null) {
} else {
return encryptedText;
}
}
}