001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: AdminUtils.java,v 1.6 2008/06/25 05:41:27 qcheng Exp $ 026 * 027 */ 028 029/** 030 * Portions Copyrighted [2011] [ForgeRock AS] 031 */ 032package com.iplanet.am.util; 033 034import com.iplanet.services.ldap.DSConfigMgr; 035import com.iplanet.services.ldap.LDAPServiceException; 036import com.iplanet.services.ldap.LDAPUser; 037import com.iplanet.services.ldap.ServerInstance; 038import com.iplanet.services.util.Crypt; 039import com.iplanet.ums.IUMSConstants; 040import com.sun.identity.security.ISSecurityPermission; 041import com.sun.identity.security.ServerInstanceAction; 042import com.sun.identity.shared.debug.Debug; 043import java.security.AccessController; 044 045/** 046 * This class contains methods to retrieve Top Level Administrator information. 047 * The information comes from the server configuration file 048 * (<code>serverconfig.xml</code>). 049 * @supported.all.api 050 */ 051public class AdminUtils { 052 053 private static String adminDN = null; 054 055 private static byte[] adminPassword = null; 056 057 private static Debug debug; 058 059 static { 060 initialize(); 061 } 062 063 public static void initialize() { 064 debug = Debug.getInstance(IUMSConstants.UMS_DEBUG); 065 066 try { 067 DSConfigMgr dscMgr = DSConfigMgr.getDSConfigMgr(); 068 ServerInstance svrInstance = dscMgr 069 .getServerInstance(LDAPUser.Type.AUTH_ADMIN); 070 071 if (svrInstance != null) { 072 adminDN = svrInstance.getAuthID(); 073 String adminPW = (String) AccessController 074 .doPrivileged(new ServerInstanceAction(svrInstance)); 075 adminPassword = xor(adminPW.getBytes()); 076 } else { 077 debug.error("AdminUtils.initialize: server instance not found"); 078 } 079 080 } catch (LDAPServiceException e) { 081 if (SystemProperties.isServerMode()) { 082 debug.error("AdminUtils.initialize: Initialize admin info ", e); 083 } else if (debug.messageEnabled()) { 084 debug.message( 085 "AdminUtilsinitialize: Could not initialize admin info message:" 086 + e.getMessage()); 087 } 088 } 089 } 090 091 /** 092 * Returns the DN of the Top Level Administrator. 093 * 094 * @return The DN of the Top Level Administrator; null if the Top Level 095 * Administrator is not defined in the server configuration file. 096 */ 097 public static String getAdminDN() { 098 if (Crypt.checkCaller()) { 099 ISSecurityPermission isp = new ISSecurityPermission("access", 100 "adminpassword"); 101 try { 102 if (Crypt.securityManager != null) { 103 Crypt.securityManager.checkPermission(isp); 104 } 105 106 } catch (SecurityException e) { 107 debug.error( 108 "Security Alert: Unauthorized access to Administative " 109 + "password utility: Returning NULL", e); 110 return null; 111 } 112 } 113 return adminDN; 114 } 115 116 /** 117 * Returns the password of the Top Level Administrator. 118 * 119 * @return The password of the Top Level Administrator; null if the Top 120 * Level Administrator is not defined in the server configuration 121 * file. 122 */ 123 public static byte[] getAdminPassword() { 124 if (Crypt.checkCaller()) { 125 ISSecurityPermission isp = new ISSecurityPermission("access", 126 "adminpassword"); 127 try { 128 if (Crypt.securityManager != null) { 129 Crypt.securityManager.checkPermission(isp); 130 } 131 } catch (SecurityException e) { 132 debug.error( 133 "Security Alert: Unauthorized access to Administative " 134 + "password utility: Returning NULL", e); 135 return null; 136 } 137 } 138 return xor(adminPassword); 139 } 140 141 /** 142 * To encode and decode the password. 143 */ 144 private static byte[] xor(byte[] password) { 145 if (password != null) { 146 int len = password.length; 147 byte[] retPassword = new byte[len]; 148 for (int i = 0; i < len; i++) { 149 retPassword[i] = (byte) (password[i] ^ 1); 150 } 151 return retPassword; 152 } else { 153 return null; 154 } 155 } 156 157}