001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: AdminUtils.java,v 1.6 2008/06/25 05:41:27 qcheng Exp $
026 *
027 */
028
029/**
030 * Portions Copyrighted [2011] [ForgeRock AS]
031 */
032package com.iplanet.am.util;
033
034import com.iplanet.services.ldap.DSConfigMgr;
035import com.iplanet.services.ldap.LDAPServiceException;
036import com.iplanet.services.ldap.LDAPUser;
037import com.iplanet.services.ldap.ServerInstance;
038import com.iplanet.services.util.Crypt;
039import com.iplanet.ums.IUMSConstants;
040import com.sun.identity.security.ISSecurityPermission;
041import com.sun.identity.security.ServerInstanceAction;
042import com.sun.identity.shared.debug.Debug;
043import java.security.AccessController;
044
045/**
046 * This class contains methods to retrieve Top Level Administrator information.
047 * The information comes from the server configuration file 
048 * (<code>serverconfig.xml</code>).
049 * @supported.all.api
050 */
051public class AdminUtils {
052
053    private static String adminDN = null;
054
055    private static byte[] adminPassword = null;
056
057    private static Debug debug;
058
059    static {
060        initialize();
061    }
062    
063    public static void initialize() {
064        debug = Debug.getInstance(IUMSConstants.UMS_DEBUG);
065
066        try {
067            DSConfigMgr dscMgr = DSConfigMgr.getDSConfigMgr();
068            ServerInstance svrInstance = dscMgr
069                    .getServerInstance(LDAPUser.Type.AUTH_ADMIN);
070
071            if (svrInstance != null) {
072                adminDN = svrInstance.getAuthID();
073                String adminPW = (String) AccessController
074                        .doPrivileged(new ServerInstanceAction(svrInstance));
075                adminPassword = xor(adminPW.getBytes());
076            } else {
077                debug.error("AdminUtils.initialize: server instance not found");
078            }
079
080        } catch (LDAPServiceException e) {
081            if (SystemProperties.isServerMode()) {
082                debug.error("AdminUtils.initialize: Initialize admin info ", e);
083            } else if (debug.messageEnabled()) {
084                debug.message(
085                "AdminUtilsinitialize: Could not initialize admin info message:"
086                    + e.getMessage());
087            }
088        }
089    }
090
091    /**
092     * Returns the DN of the Top Level Administrator.
093     * 
094     * @return The DN of the Top Level Administrator; null if the Top Level
095     *         Administrator is not defined in the server configuration file.
096     */
097    public static String getAdminDN() {
098        if (Crypt.checkCaller()) {
099            ISSecurityPermission isp = new ISSecurityPermission("access",
100                    "adminpassword");
101            try {
102                if (Crypt.securityManager != null) {
103                    Crypt.securityManager.checkPermission(isp);
104                }
105
106            } catch (SecurityException e) {
107                debug.error(
108                        "Security Alert: Unauthorized access to Administative "
109                                + "password utility: Returning NULL", e);
110                return null;
111            }
112        }
113        return adminDN;
114    }
115
116    /**
117     * Returns the password of the Top Level Administrator.
118     * 
119     * @return The password of the Top Level Administrator; null if the Top
120     *         Level Administrator is not defined in the server configuration
121     *         file.
122     */
123    public static byte[] getAdminPassword() {
124        if (Crypt.checkCaller()) {
125            ISSecurityPermission isp = new ISSecurityPermission("access",
126                    "adminpassword");
127            try {
128                if (Crypt.securityManager != null) {
129                    Crypt.securityManager.checkPermission(isp);
130                }
131            } catch (SecurityException e) {
132                debug.error(
133                        "Security Alert: Unauthorized access to Administative "
134                                + "password utility: Returning NULL", e);
135                return null;
136            }
137        }
138        return xor(adminPassword);
139    }
140
141    /**
142     * To encode and decode the password.
143     */
144    private static byte[] xor(byte[] password) {
145        if (password != null) {
146            int len = password.length;
147            byte[] retPassword = new byte[len];
148            for (int i = 0; i < len; i++) {
149                retPassword[i] = (byte) (password[i] ^ 1);
150            }
151            return retPassword;
152        } else {
153            return null;
154        }
155    }
156
157}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.