OneIdentity · bnicholesdell · Sep 24, 2021 · Sep 24, 2021
diff --git a/pom.xml b/pom.xml
@@ -13,7 +13,7 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <revision>6.10.0-SNAPSHOT</revision>
+        <revision>6.11.0-SNAPSHOT</revision>
         <signingcertpath>./signingcert.pfx</signingcertpath>
         <signingcertaliasname>1</signingcertaliasname>
         <signingkeystorepassword>secret</signingkeystorepassword>
@@ -42,33 +42,33 @@
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>3.11.0</version>
+            <version>4.9.1</version>
         </dependency>
         <dependency>
             <groupId>com.microsoft.signalr</groupId>
             <artifactId>signalr</artifactId>
-            <version>5.0.1</version>
+            <version>5.0.10</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>[4.5.13,)</version>
+            <version>4.5.13</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.10.8</version>
+            <version>2.12.5</version>
             <type>jar</type>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.25</version>
+            <version>1.7.32</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.5</version>
+            <version>2.8.8</version>
         </dependency>
     </dependencies>
 

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/ISafeguardConnection.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/ISafeguardConnection.java
@@ -100,6 +100,21 @@ String invokeMethodCsv(Service service, Method method, String relativeUrl,
         Map<String, String> additionalHeaders, Integer timeout)
         throws ObjectDisposedException, SafeguardForJavaException, ArgumentException;
 
+    /**
+     *  Join a Safeguard for Privileged Sessions and a Safeguard appliance. The Safeguard for
+     *  Privileged Sessions appliance needs to enable clustering and be a central search node.
+     *
+     *  @param spsConnection        A connection to the SafeguardForPrivilegedSessions appliance.
+     *  @param certificateChain     The PEM certificate chain of the Safeguard web api.
+     *  @param sppAddress           The address of the Safeguard appliance.
+     *  @returns                    Response with status code, headers, and body as string.
+     *  @throws ObjectDisposedException Object has already been disposed.
+     *  @throws SafeguardForJavaException General Safeguard for Java exception.
+     *  @throws ArgumentException Invalid argument.
+     */
+    FullResponse JoinSps(ISafeguardSessionsConnection spsConnection, String certificateChain, String sppAddress)
+            throws ObjectDisposedException, SafeguardForJavaException, ArgumentException;
+
     /**
      * Provides support for HTTP streaming requests
      * @return IStreamingRequest

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/ISafeguardSessionsConnection.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/ISafeguardSessionsConnection.java
@@ -0,0 +1,45 @@
+package com.oneidentity.safeguard.safeguardjava;
+
+import com.oneidentity.safeguard.safeguardjava.data.FullResponse;
+import com.oneidentity.safeguard.safeguardjava.data.Method;
+import com.oneidentity.safeguard.safeguardjava.exceptions.ArgumentException;
+import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
+import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
+
+/**
+ * This is the reusable connection interface that can be used to call SPS API.
+ */
+public interface ISafeguardSessionsConnection {
+
+    /**
+     *  Call a Safeguard for Privileged Sessions API method and get any response as a string.
+     *  If there is a failure a SafeguardDotNetException will be thrown.
+     * 
+     *  @param method               Safeguard method type to use.
+     *  @param relativeUrl          Relative URL of the service to use.
+     *  @param body                 Request body to pass to the method.
+     *  @return                     Response body as a string.
+     *  @throws ObjectDisposedException Object has already been disposed.
+     *  @throws SafeguardForJavaException General Safeguard for Java exception.
+     *  @throws ArgumentException Invalid argument.
+     */  
+    String InvokeMethod(Method method, String relativeUrl, String body)
+            throws ObjectDisposedException, SafeguardForJavaException, ArgumentException;
+
+    /**
+     *  Call a Safeguard for Privileged Sessions API method and get a detailed response
+     *  with status code, headers, and body. If there is a failure a SafeguardDotNetException
+     *  will be thrown.
+     *
+     *  @param method               Safeguard method type to use.
+     *  @param relativeUrl          Relative URL of the service to use.
+     *  @param body                 Request body to pass to the method.
+     *  @return                     Response with status code, headers, and body as string.
+     *  @throws ObjectDisposedException Object has already been disposed.
+     *  @throws SafeguardForJavaException General Safeguard for Java exception.
+     *  @throws ArgumentException Invalid argument.
+     */  
+    FullResponse InvokeMethodFull(Method method, String relativeUrl, String body)
+            throws ObjectDisposedException, SafeguardForJavaException, ArgumentException;
+
+}
diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/PersistentSafeguardConnection.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/PersistentSafeguardConnection.java
@@ -0,0 +1,86 @@
+package com.oneidentity.safeguard.safeguardjava;
+
+import com.oneidentity.safeguard.safeguardjava.data.FullResponse;
+import com.oneidentity.safeguard.safeguardjava.data.Method;
+import com.oneidentity.safeguard.safeguardjava.data.Service;
+import com.oneidentity.safeguard.safeguardjava.event.ISafeguardEventListener;
+import com.oneidentity.safeguard.safeguardjava.event.SafeguardEventListener;
+import com.oneidentity.safeguard.safeguardjava.exceptions.ArgumentException;
+import com.oneidentity.safeguard.safeguardjava.exceptions.ObjectDisposedException;
+import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
+import java.util.Map;
+
+class PersistentSafeguardConnection implements ISafeguardConnection {
+
+    private final ISafeguardConnection _connection;
+    private boolean disposed;
+
+    public PersistentSafeguardConnection(ISafeguardConnection connection) {
+        _connection = connection;
+    }
+
+    public IStreamingRequest getStreamingRequest() {
+        return _connection.getStreamingRequest();
+    }
+
+    @Override
+    public void dispose()
+    {
+        _connection.dispose();
+    }
+
+    public FullResponse JoinSps(ISafeguardSessionsConnection spsConnection, String certificateChain, String sppAddress) 
+            throws ObjectDisposedException, SafeguardForJavaException, ArgumentException
+    {
+        if (_connection.getAccessTokenLifetimeRemaining() <= 0)
+            _connection.refreshAccessToken();
+        return _connection.JoinSps(spsConnection, certificateChain, sppAddress);
+    }
+
+    @Override
+    public int getAccessTokenLifetimeRemaining() throws ObjectDisposedException, SafeguardForJavaException {
+        return _connection.getAccessTokenLifetimeRemaining();
+    }
+
+    @Override
+    public void refreshAccessToken() throws ObjectDisposedException, SafeguardForJavaException {
+        _connection.refreshAccessToken();
+    }
+
+    @Override
+    public String invokeMethod(Service service, Method method, String relativeUrl, String body, Map<String, String> parameters, Map<String, String> additionalHeaders, Integer timeout) throws ObjectDisposedException, SafeguardForJavaException, ArgumentException {
+        if(_connection.getAccessTokenLifetimeRemaining() <= 0)
+            _connection.refreshAccessToken();
+        return _connection.invokeMethod(service, method, relativeUrl, body, parameters, additionalHeaders, timeout);
+    }
+
+    @Override
+    public FullResponse invokeMethodFull(Service service, Method method, String relativeUrl, String body, Map<String, String> parameters, Map<String, String> additionalHeaders, Integer timeout) throws ObjectDisposedException, SafeguardForJavaException, ArgumentException {
+        if (_connection.getAccessTokenLifetimeRemaining() <= 0)
+            _connection.refreshAccessToken();
+        return _connection.invokeMethodFull(service, method, relativeUrl, body, parameters, additionalHeaders, timeout);
+    }
+
+    @Override
+    public String invokeMethodCsv(Service service, Method method, String relativeUrl, String body, Map<String, String> parameters, Map<String, String> additionalHeaders, Integer timeout) throws ObjectDisposedException, SafeguardForJavaException, ArgumentException {
+        if (_connection.getAccessTokenLifetimeRemaining() <= 0)
+            _connection.refreshAccessToken();
+        return _connection.invokeMethodCsv(service, method, relativeUrl, body, parameters, additionalHeaders, timeout);
+    }
+
+    @Override
+    public SafeguardEventListener getEventListener() throws ObjectDisposedException, ArgumentException {
+        return _connection.getEventListener();
+    }
+
+    @Override
+    public ISafeguardEventListener getPersistentEventListener() throws ObjectDisposedException, SafeguardForJavaException {
+        return _connection.getPersistentEventListener();
+    }
+
+    @Override
+    public void logOut() throws ObjectDisposedException {
+        _connection.logOut();
+    }
+
+}
diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/Safeguard.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/Safeguard.java
@@ -655,7 +655,7 @@ public static ISafeguardConnection connect(String networkAddress, byte[] certifi
      *  @param apiVersion API version.
      *  @param ignoreSsl If set to <code>true</code> ignore ssl.
      * 
-     *  @return The connect.
+     *  @return Reusable Safeguard API connection.
      *  @throws SafeguardForJavaException General Safeguard for Java exception.
      */
     public static ISafeguardConnection connect(String networkAddress, Integer apiVersion, Boolean ignoreSsl) 
@@ -682,7 +682,7 @@ public static ISafeguardConnection connect(String networkAddress, Integer apiVer
      *  @param apiVersion API version.
      *  @param validationCallback Callback function to be executed during SSL certificate validation.
      * 
-     *  @return The connect.
+     *  @return Reusable Safeguard API connection.
      *  @throws SafeguardForJavaException General Safeguard for Java exception.
      */
     public static ISafeguardConnection connect(String networkAddress, HostnameVerifier validationCallback, Integer apiVersion) 
@@ -697,6 +697,17 @@ public static ISafeguardConnection connect(String networkAddress, HostnameVerifi
         return new SafeguardConnection(new AnonymousAuthenticator(networkAddress, version, false, validationCallback));
     }
 
+    /**
+     *  Create a persistent connection to the Safeguard API that automatically renews expired access tokens.
+     * 
+     *  @param connection Connection to be made persistent.
+     *  @return Reusable persistent Safeguard API connection.
+     */ 
+    public static ISafeguardConnection Persist(ISafeguardConnection connection)
+    {
+        return new PersistentSafeguardConnection(connection);
+    }
+
     /**
      *  This static class provides access to Safeguard Event functionality with
      *  persistent event listeners. Persistent event listeners can handle longer

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/SafeguardConnection.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/SafeguardConnection.java
@@ -1,5 +1,6 @@
 package com.oneidentity.safeguard.safeguardjava;
 
+import com.oneidentity.safeguard.safeguardjava.data.JoinRequest;
 import com.oneidentity.safeguard.safeguardjava.authentication.AnonymousAuthenticator;
 import com.oneidentity.safeguard.safeguardjava.authentication.CertificateAuthenticator;
 import com.oneidentity.safeguard.safeguardjava.authentication.IAuthenticationMechanism;
@@ -154,6 +155,26 @@ public String invokeMethodCsv(Service service, Method method, String relativeUrl
 
         return invokeMethodFull(service, method, relativeUrl, body, parameters, additionalHeaders, timeout).getBody();
     }
+
+    @Override
+    public FullResponse JoinSps(ISafeguardSessionsConnection spsConnection, String certificateChain, String sppAddress) 
+            throws ObjectDisposedException, SafeguardForJavaException, ArgumentException {
+
+        if (disposed)
+            throw new ObjectDisposedException("SafeguardConnection");
+
+        JoinRequest request = new JoinRequest();
+        request.setSpp(sppAddress);
+        request.setSpp_api_token(authenticationMechanism.getAccessToken());
+        request.setSpp_cert_chain(certificateChain);
+
+        Logger.getLogger(SafeguardConnection.class.getName()).log(Level.FINEST, "Sending join request.");
+        FullResponse joinResponse = spsConnection.InvokeMethodFull(Method.Post, "cluster/spp", request.toJson());
+
+        logResponseDetails(joinResponse);
+
+        return joinResponse;
+    }
 
     @Override
     public SafeguardEventListener getEventListener() throws ObjectDisposedException, ArgumentException {

diff --git a/src/main/java/com/oneidentity/safeguard/safeguardjava/SafeguardForPrivilegedSessions.java b/src/main/java/com/oneidentity/safeguard/safeguardjava/SafeguardForPrivilegedSessions.java
@@ -0,0 +1,34 @@
+package com.oneidentity.safeguard.safeguardjava;
+
+import com.oneidentity.safeguard.safeguardjava.exceptions.SafeguardForJavaException;
+
+/**
+ *  This static class provides static methods for connecting to Safeguard for Privileged Sessions API.
+ */
+public class SafeguardForPrivilegedSessions {
+    /**
+     * Connect to Safeguard for Privileged Sessions API using a user name and password.
+     *
+     *  @param networkAddress   Network address of Safeguard for Privileged Sessions appliance.
+     *  @param username         User name to use for authentication.
+     *  @param password         User password to use for authentication.
+     *  @param ignoreSsl        Ignore server certificate validation.
+     * 
+     *  @return                 Reusable Safeguard for Privileged Sessions API connection.
+     *  @throws SafeguardForJavaException General Safeguard for Java exception.
+     */ 
+    public static ISafeguardSessionsConnection Connect(String networkAddress, String username,
+            char[] password, boolean ignoreSsl) 
+            throws SafeguardForJavaException
+    {
+        return new SafeguardSessionsConnection(networkAddress, username, password, ignoreSsl, null);
+    }
+
+    //TODO: This class should provide an Connect API with a validationCallback parameter
+//    public static ISafeguardSessionsConnection Connect(String networkAddress, String username,
+//            char[] password, HostnameVerifier validationCallback) 
+//            throws SafeguardForJavaException
+//    {
+//        return new SafeguardSessionsConnection(networkAddress, username, password, ignoreSsl);
+//    }
+}