Example 1 with LocalizedIllegalArgumentException
use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.
the class AMObjectImpl method replaceAciMacros.
protected String replaceAciMacros(String aci, String roleDN, String orgDN, String groupDN, String pcDN) {
String result;
result = replaceAciMacro(aci, "ROLENAME", roleDN);
result = replaceAciMacro(result, "ORGANIZATION", orgDN);
result = replaceAciMacro(result, "GROUPNAME", groupDN);
result = replaceAciMacro(result, "PCNAME", pcDN);
String filter = null;
String adgFilter = "(memberof=*" + entryDN + ")";
String sgFilter = "(iplanet-am-static-group-dn=*" + entryDN + ")";
if (profileType == DYNAMIC_GROUP) {
Set attr = (Set) stringValueModMap.get("memberurl");
if ((attr != null) && attr.iterator().hasNext()) {
String memberurl = (String) attr.iterator().next();
try {
LDAPUrl ldapurl = LDAPUrl.valueOf(memberurl);
filter = "(|" + adgFilter + sgFilter + ldapurl.getFilter() + ")";
} catch (LocalizedIllegalArgumentException ex) {
if (debug.messageEnabled()) {
debug.message("AMObject.create: " + "Invalid member url " + memberurl);
}
}
}
if (filter == null) {
filter = "(|" + adgFilter + sgFilter + ")";
}
} else if ((profileType == ASSIGNABLE_DYNAMIC_GROUP) || (profileType == GROUP)) {
filter = "(|" + adgFilter + sgFilter + ")";
}
if (filter != null) {
result = replaceAciMacro(result, "FILTER", filter);
}
return result;
}
Also used :
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 2 with LocalizedIllegalArgumentException
use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.
the class DynamicGroup method setUrl.
/**
* Creates a new search definition; the change is not persistent until
* save() is called.
*
* @param baseGuid Search base for evaluating members of the group.
* @param filter Search filter for evaluating members of the group.
* @param scope Search scope for evaluating members of the group.
*/
protected void setUrl(Guid baseGuid, Filter filter, SearchScope scope) {
//
if (!SearchScope.SINGLE_LEVEL.equals(scope) && !SearchScope.WHOLE_SUBTREE.equals(scope)) {
String msg = i18n.getString(IUMSConstants.ILLEGAL_GROUP_SCOPE);
throw new IllegalArgumentException(msg);
}
String urlStr = toUrlStr(baseGuid.getDn(), filter, scope);
//
try {
LDAPUrl.valueOf(urlStr);
} catch (LocalizedIllegalArgumentException e) {
throw new IllegalArgumentException(e.getMessage());
}
// TODO: Need to support multiple values of memberUrl? If so, do
// an ADD instead of a replace.
//
modify(new Attr(MEMBER_URL_NAME, urlStr), ModificationType.REPLACE);
}
Also used :
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Attr(com.iplanet.services.ldap.Attr)
Example 3 with LocalizedIllegalArgumentException
use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.
the class DynamicGroup method getUrl.
/**
* Returns the native LDAP URL used to evaluate this dynamic group.
*
* @return LDAP URL for evaluating members of the group
*/
protected LDAPUrl getUrl() {
Attr attr = getAttribute(MEMBER_URL_NAME);
LDAPUrl url = null;
try {
// TODO: Need to support multiple values of memberUrl?
if (attr != null && attr.getStringValues().length > 0) {
// Converting the url string to
// application/x-www-form-urlencoded as expected by
// LDAPUrl constructor.
url = LDAPUrl.valueOf(URLEncDec.encodeLDAPUrl(attr.getStringValues()[0]));
}
} catch (LocalizedIllegalArgumentException ex) {
debug.error("DynamicGroup.setSearchFilter : Exception : " + ex.getMessage());
throw new IllegalArgumentException(ex.getMessage());
}
return url;
}
Also used :
LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Attr(com.iplanet.services.ldap.Attr)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Example 4 with LocalizedIllegalArgumentException
use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.
the class AMCRLStore method getCRLByLdapURI.
/**
* It gets the new CRL from ldap server.
* If it is ldap URI, the URI has to be a dn that can be accessed
* with ldap anonymous bind.
* (example : ldap://server:port/uid=ca,o=company.com)
* This dn entry has to have CRL in attribute certificaterevocationlist
* or certificaterevocationlist;binary.
*
* @param uri
*/
private byte[] getCRLByLdapURI(String uri) {
if (debug.messageEnabled()) {
debug.message("AMCRLStore.getCRLByLdapURI: uri = " + uri);
}
LDAPUrl url;
LDAPConnectionFactory factory;
byte[] crl = null;
try {
url = LDAPUrl.valueOf(uri);
} catch (LocalizedIllegalArgumentException e) {
debug.error("AMCRLStore.getCRLByLdapURI(): Could not parse uri: {}", uri, e);
return null;
}
debug.message("AMCRLStore.getCRLByLdapURI: url.dn = {}", url.getName());
// Check ldap over SSL
if (url.isSecure()) {
try {
factory = new LDAPConnectionFactory(url.getHost(), url.getPort(), Options.defaultOptions().set(LDAPConnectionFactory.SSL_CONTEXT, new SSLContextBuilder().getSSLContext()));
} catch (GeneralSecurityException e) {
debug.error("AMCRLStore.getCRLByLdapURI: Error getting SSL Context", e);
return null;
}
} else {
// non-ssl
factory = new LDAPConnectionFactory(url.getHost(), url.getPort());
}
try (Connection ldc = factory.getConnection()) {
ConnectionEntryReader results = ldc.search(url.asSearchRequest().addControl(TransactionIdControl.newControl(AuditRequestContext.createSubTransactionIdValue())));
if (!results.hasNext()) {
debug.error("verifyCertificate - No CRL distribution Point configured");
return null;
}
if (results.isReference()) {
debug.warning("Getting CRL but got LDAP reference: {}", results.readReference());
return null;
}
SearchResultEntry entry = results.readEntry();
/*
* Retrieve the certificate revocation list if available.
*/
Attribute crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST);
if (crlAttribute == null) {
crlAttribute = entry.getAttribute(CERTIFICATE_REVOCATION_LIST_BINARY);
if (crlAttribute == null) {
debug.error("verifyCertificate - No CRL distribution Point configured");
return null;
}
}
crl = crlAttribute.firstValue().toByteArray();
} catch (Exception e) {
debug.error("getCRLByLdapURI : Error in getting CRL", e);
}
return crl;
}
Also used :
ConnectionEntryReader(org.forgerock.opendj.ldif.ConnectionEntryReader)
LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl)
Attribute(org.forgerock.opendj.ldap.Attribute)
GeneralSecurityException(java.security.GeneralSecurityException)
HttpURLConnection(java.net.HttpURLConnection)
Connection(org.forgerock.opendj.ldap.Connection)
LDAPConnectionFactory(org.forgerock.opendj.ldap.LDAPConnectionFactory)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
SSLContextBuilder(org.forgerock.opendj.ldap.SSLContextBuilder)
LdapException(org.forgerock.opendj.ldap.LdapException)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
SearchResultEntry(org.forgerock.opendj.ldap.responses.SearchResultEntry)
Example 5 with LocalizedIllegalArgumentException
use of org.forgerock.i18n.LocalizedIllegalArgumentException in project OpenAM by OpenRock.
the class GroupResolver method isAssignable.
private boolean isAssignable(String id, String val) {
try {
LDAPUrl url = LDAPUrl.valueOf(val);
String filter = url.getFilter().toString().trim();
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.GroupResolver." + "isAssignable: filter = <" + filter + ">");
}
if ((filter.startsWith("(")) && (filter.endsWith(")"))) {
filter = filter.substring(1, filter.length() - 1);
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.GroupResolver." + "isAssignable: adjusted to <" + filter + ">");
}
}
int ind = filter.indexOf('=');
if (ind > 0) {
String attrName = filter.substring(0, ind);
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.GroupResolver." + "isAssignable: attrName = <" + attrName + ">");
}
if (attrName.equalsIgnoreCase("memberof")) {
String attrVal = filter.substring(ind + 1).trim();
DN dn = DN.valueOf(guidToDN(attrVal));
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.GroupResolver." + "isAssignable: comparing <" + dn + "> to <" + id + ">");
}
return dn.equals(DN.valueOf(guidToDN(id)));
}
}
} catch (LocalizedIllegalArgumentException ex) {
// TODO - Log Exception
if (debug.messageEnabled()) {
debug.message("AssignableDynamicGroup.isAssignable : " + "Exception : " + ex.getMessage());
}
}
return false;
}
Also used :
LDAPUrl(org.forgerock.opendj.ldap.LDAPUrl)
DN(org.forgerock.opendj.ldap.DN)
LocalizedIllegalArgumentException(org.forgerock.i18n.LocalizedIllegalArgumentException)
Aggregations
LocalizedIllegalArgumentException (org.forgerock.i18n.LocalizedIllegalArgumentException)6
LDAPUrl (org.forgerock.opendj.ldap.LDAPUrl)5
Attr (com.iplanet.services.ldap.Attr)2
HashSet (java.util.HashSet)2
Set (java.util.Set)2
Attribute (org.forgerock.opendj.ldap.Attribute)2
Connection (org.forgerock.opendj.ldap.Connection)2
DN (org.forgerock.opendj.ldap.DN)2
LdapException (org.forgerock.opendj.ldap.LdapException)2
SearchResultEntry (org.forgerock.opendj.ldap.responses.SearchResultEntry)2
SSOException (com.iplanet.sso.SSOException)1
InvalidNameException (com.sun.identity.policy.InvalidNameException)1
NameNotFoundException (com.sun.identity.policy.NameNotFoundException)1
PolicyException (com.sun.identity.policy.PolicyException)1
IOException (java.io.IOException)1
HttpURLConnection (java.net.HttpURLConnection)1
GeneralSecurityException (java.security.GeneralSecurityException)1
Iterator (java.util.Iterator)1
TreeSet (java.util.TreeSet)1
ByteString (org.forgerock.opendj.ldap.ByteString)1
