Examples with PerunBl cz.metacentrum.perun.core.bl.PerunBl used on opensource projects

Example 6 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class AuthzResolver method getRichAdmins.

/**
	 * Get all richUser administrators for complementary object and role with specified attributes.
	 *
	 * If <b>onlyDirectAdmins</b> is <b>true</b>, return only direct users of the complementary object for role with specific attributes.
	 * If <b>allUserAttributes</b> is <b>true</b>, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
	 *
	 * @param sess perun session
	 * @param complementaryObjectId id of object for which we will get richUser administrators
	 * @param complementaryObjectName name of object for which we will get richUser administrators
	 * @param specificAttributes list of specified attributes which are needed in object richUser
	 * @param role expected role to filter managers by
	 * @param onlyDirectAdmins if true, get only direct user administrators (if false, get both direct and indirect)
	 * @param allUserAttributes if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)
	 *
	 * @return list of richUser administrators for complementary object and role with specified attributes.
	 *
	 * @throws InternalErrorException
	 * @throws PrivilegeException
	 * @throws GroupNotExistsException
	 * @throws VoNotExistsException
	 * @throws FacilityNotExistsException
	 * @throws RoleNotSupportedException
	 * @throws PerunBeanNotSupportedException
	 * @throws UserNotExistsException
	 */
public static List<RichUser> getRichAdmins(PerunSession sess, int complementaryObjectId, String complementaryObjectName, List<String> specificAttributes, Role role, boolean onlyDirectAdmins, boolean allUserAttributes) throws InternalErrorException, PrivilegeException, GroupNotExistsException, VoNotExistsException, FacilityNotExistsException, RoleNotSupportedException, PerunBeanNotSupportedException, UserNotExistsException {
    Utils.checkPerunSession(sess);
    Utils.notNull(role, "role");
    Utils.notNull(complementaryObjectName, "complementaryObjectName");
    if (!allUserAttributes)
        Utils.notNull(specificAttributes, "specificAttributes");
    List<RichUser> richUsers;
    //Try to get complementary Object
    if (complementaryObjectName.equals("Group")) {
        if (!role.equals(Role.GROUPADMIN))
            throw new RoleNotSupportedException("Not supported other role than group manager for object Group.");
        Group group = ((PerunBl) sess.getPerun()).getGroupsManagerBl().getGroupById(sess, complementaryObjectId);
        richUsers = sess.getPerun().getGroupsManager().getRichAdmins(sess, group, specificAttributes, allUserAttributes, onlyDirectAdmins);
    } else if (complementaryObjectName.equals("Vo")) {
        Vo vo = ((PerunBl) sess.getPerun()).getVosManagerBl().getVoById(sess, complementaryObjectId);
        richUsers = sess.getPerun().getVosManager().getRichAdmins(sess, vo, role, specificAttributes, allUserAttributes, onlyDirectAdmins);
    } else if (complementaryObjectName.equals("Facility")) {
        if (!role.equals(Role.FACILITYADMIN))
            throw new RoleNotSupportedException("Not supported other role than facility manager for object Facility.");
        Facility facility = ((PerunBl) sess.getPerun()).getFacilitiesManagerBl().getFacilityById(sess, complementaryObjectId);
        richUsers = sess.getPerun().getFacilitiesManager().getRichAdmins(sess, facility, specificAttributes, allUserAttributes, onlyDirectAdmins);
    } else {
        throw new PerunBeanNotSupportedException("Only Vo, Group and Facility are supported complementary names.");
    }
    return richUsers;
}

Example 7 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class GroupsManagerBlImpl method saveInformationAboutGroupSynchronization.

public void saveInformationAboutGroupSynchronization(PerunSession sess, Group group, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, InternalErrorException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException {
    //get current timestamp of this synchronization
    Date currentTimestamp = new Date();
    String originalExceptionMessage = exceptionMessage;
    //If session is null, throw an exception
    if (sess == null) {
        throw new InternalErrorException("Session is null when trying to save information about synchronization. Group: " + group + ", timestamp: " + currentTimestamp + ",message: " + exceptionMessage);
    }
    //If group is null, throw an exception
    if (group == null) {
        throw new InternalErrorException("Object group is null when trying to save information about synchronization. Timestamp: " + currentTimestamp + ", message: " + exceptionMessage);
    }
    //if exceptionMessage is empty, use "Empty message" instead
    if (exceptionMessage != null && exceptionMessage.isEmpty()) {
        exceptionMessage = "Empty message.";
    //else trim the message on 1000 characters if not null
    } else if (exceptionMessage != null && exceptionMessage.length() > 1000) {
        exceptionMessage = exceptionMessage.substring(0, 1000) + " ... message is too long, other info is in perun log file. If needed, please ask perun administrators.";
    }
    //Set correct format of currentTimestamp
    String correctTimestampString = BeansUtils.getDateFormatter().format(currentTimestamp);
    //Get both attribute definition lastSynchroTimestamp and lastSynchroState
    //Get definitions and values, set values
    Attribute lastSynchronizationTimestamp = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":lastSynchronizationTimestamp"));
    Attribute lastSynchronizationState = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":lastSynchronizationState"));
    lastSynchronizationTimestamp.setValue(correctTimestampString);
    //if exception is null, set null to value => remove attribute instead of setting in method setAttributes
    lastSynchronizationState.setValue(exceptionMessage);
    //attributes to set
    List<Attribute> attrsToSet = new ArrayList<>();
    //Set lastSuccessSynchronizationTimestamp if this one is success
    if (exceptionMessage == null) {
        String attrName = AttributesManager.NS_GROUP_ATTR_DEF + ":lastSuccessSynchronizationTimestamp";
        try {
            Attribute lastSuccessSynchronizationTimestamp = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, attrName));
            lastSuccessSynchronizationTimestamp.setValue(correctTimestampString);
            attrsToSet.add(lastSuccessSynchronizationTimestamp);
        } catch (AttributeNotExistsException ex) {
            log.error("Can't save lastSuccessSynchronizationTimestamp, because there is missing attribute with name {}", attrName);
        }
    } else {
        //Log to auditer_log that synchronization failed or finished with some errors
        if (failedDueToException) {
            getPerunBl().getAuditer().log(sess, "{} synchronization failed because of {}.", group, originalExceptionMessage);
        } else {
            getPerunBl().getAuditer().log(sess, "{} synchronization finished with errors: {}.", group, originalExceptionMessage);
        }
    }
    //set lastSynchronizationState and lastSynchronizationTimestamp
    attrsToSet.add(lastSynchronizationState);
    attrsToSet.add(lastSynchronizationTimestamp);
    ((PerunBl) sess.getPerun()).getAttributesManagerBl().setAttributes(sess, group, attrsToSet);
}

Example 8 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class ELIXIRCILogonDNGenerator method approveApplication.

/**
	 * All new members will get new userExtSource with generated DN according to the CILogon rules:
	 * echo -n "eppn" | openssl dgst -sha256 -binary | base64 | head -c16
	 * where eppn is eduPersonPrincipalName
	 */
@Override
public Application approveApplication(PerunSession session, Application app) throws PerunException {
    if (Application.AppType.INITIAL.equals(app.getType())) {
        // get perun from session
        PerunBl perun = (PerunBl) session.getPerun();
        User user = app.getUser();
        // Get user ELIXIR persistent login
        String elixirLogin = (String) perun.getAttributesManagerBl().getAttribute(session, user, LOGINATTRIBUTE).getValue();
        // Get user displayName
        String utfDisplayName = user.getCommonName();
        // Remove all non-ascii chars and replace them for "X"
        String displayName = Utils.toASCII(utfDisplayName, "X".charAt(0));
        displayName = truncate(displayName, RDN_MAX_SIZE);
        // Compute hash
        MessageDigest md;
        try {
            md = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new InternalErrorException(e);
        }
        try {
            md.update(elixirLogin.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            throw new InternalErrorException(e);
        }
        byte[] digest = md.digest();
        String hash = Base64.encodeBase64String(digest);
        // Get just first 16 bytes as is described in EU CILogon - RCauth.eu CA requirements
        String CILogonHash = hash.substring(0, 16);
        // Based on the RCauth.eu policy, every '/' and '+' must be replaced with '-'
        CILogonHash = CILogonHash.replaceAll("/|\\+", "-");
        // Generate the DN, it must look like /DC=eu/DC=rcauth/DC=rcauth-clients/O=elixir-europe.org/CN=Michal Prochazka rdkfo3rdkfo3kdo
        String dn = DNPREFIX + displayName + " " + CILogonHash;
        // Store the userExtSource
        ExtSource extSource = perun.getExtSourcesManagerBl().checkOrCreateExtSource(session, CADN, ExtSourcesManager.EXTSOURCE_X509);
        UserExtSource userExtSource = new UserExtSource(extSource, dn);
        try {
            perun.getUsersManagerBl().addUserExtSource(session, user, userExtSource);
        } catch (UserExtSourceExistsException e) {
        // This can happen, so we can ignore it.
        }
    }
    return app;
}

Example 9 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class Utils method generateAllVosToWriter.

/**
	 * Method generate all Vos to the text for using in LDIF.
	 * Write all these information to writer in perunInitializer object.
	 *
	 * @param perunInitializer need to be loaded to get all needed dependencies
	 *
	 * @throws InternalErrorException if some problem with initializer or objects in perun-core
	 * @throws IOException if some problem with writer
	 */
public static void generateAllVosToWriter(PerunInitializer perunInitializer) throws InternalErrorException, IOException {
    //Load basic variables
    if (perunInitializer == null)
        throw new InternalErrorException("PerunInitializer must be loaded before using in generating methods!");
    PerunSession perunSession = perunInitializer.getPerunSession();
    PerunBl perun = perunInitializer.getPerunBl();
    BufferedWriter writer = perunInitializer.getOutputWriter();
    //Get list of all vos
    List<Vo> vos = perun.getVosManagerBl().getVos(perunSession);
    //For every vos get needed information and write them to the writer
    for (Vo vo : vos) {
        String dn = "dn: ";
        String desc = "description: ";
        String oc1 = "objectclass: top";
        String oc2 = "objectclass: organization";
        String oc3 = "objectclass: perunVO";
        String o = "o: ";
        String perunVoId = "perunVoId: ";
        perunVoId += String.valueOf(vo.getId());
        o += vo.getShortName();
        desc += vo.getName();
        dn += "perunVoId=" + vo.getId() + ",dc=perun,dc=cesnet,dc=cz";
        writer.write(dn + '\n');
        writer.write(oc1 + '\n');
        writer.write(oc2 + '\n');
        writer.write(oc3 + '\n');
        writer.write(o + '\n');
        writer.write(perunVoId + '\n');
        writer.write(desc + '\n');
        //Generate all members in member groups of this vo and add them here (only members with status Valid)
        List<Member> validMembers = perun.getMembersManagerBl().getMembers(perunSession, vo, Status.VALID);
        for (Member m : validMembers) {
            writer.write("uniqueMember: perunUserId=" + m.getUserId() + ",ou=People,dc=perun,dc=cesnet,dc=cz" + '\n');
        }
        writer.write('\n');
    }
}

Example 10 with PerunBl

use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.

the class Utils method generateAllUsersToWriter.

/**
	 * Method generate all Users to the text for using in LDIF.
	 * Write all these information to writer in perunInitializer object.
	 *
	 * @param perunInitializer need to be loaded to get all needed dependencies
	 *
	 * @throws InternalErrorException if some problem with initializer or objects in perun-core
	 * @throws IOException if some problem with writer
	 * @throws AttributeNotExistsException
	 * @throws WrongAttributeAssignmentException
	 */
public static void generateAllUsersToWriter(PerunInitializer perunInitializer) throws IOException, InternalErrorException, AttributeNotExistsException, WrongAttributeAssignmentException {
    //Load basic variables
    if (perunInitializer == null)
        throw new InternalErrorException("PerunInitializer must be loaded before using in generating methods!");
    PerunSession perunSession = perunInitializer.getPerunSession();
    PerunBl perun = perunInitializer.getPerunBl();
    BufferedWriter writer = perunInitializer.getOutputWriter();
    List<User> users = perun.getUsersManagerBl().getUsers(perunSession);
    for (User user : users) {
        String dn = "dn: ";
        String entryStatus = "entryStatus: active";
        String oc1 = "objectclass: top";
        String oc2 = "objectclass: person";
        String oc3 = "objectclass: organizationalPerson";
        String oc4 = "objectclass: inetOrgPerson";
        String oc5 = "objectclass: perunUser";
        String oc6 = "objectclass: tenOperEntry";
        String oc7 = "objectclass: inetUser";
        String sn = "sn: ";
        String cn = "cn: ";
        String givenName = "givenName: ";
        String perunUserId = "perunUserId: ";
        String mail = "mail: ";
        String preferredMail = "preferredMail: ";
        String o = "o: ";
        String isServiceUser = "isServiceUser: ";
        String isSponsoredUser = "isSponsoredUser: ";
        String userPassword = "userPassword: ";
        List<String> membersOf = new ArrayList<>();
        List<Member> members;
        Set<String> membersOfPerunVo = new HashSet<>();
        members = perun.getMembersManagerBl().getMembersByUser(perunSession, user);
        for (Member member : members) {
            if (member.getStatus().equals(Status.VALID)) {
                membersOfPerunVo.add("memberOfPerunVo: " + member.getVoId());
                List<Group> groups;
                groups = perun.getGroupsManagerBl().getAllMemberGroups(perunSession, member);
                for (Group group : groups) {
                    membersOf.add("memberOf: " + "perunGroupId=" + group.getId() + ",perunVoId=" + group.getVoId() + ",dc=perun,dc=cesnet,dc=cz");
                }
            }
        }
        //Attribute attrMail = perun.getAttributesManagerBl().getAttribute(perunSession, u, AttributesManager.NS_USER_ATTR_DEF + ":mail");
        Attribute attrPreferredMail = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":preferredMail");
        Attribute attrOrganization = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":organization");
        Attribute attrVirtCertDNs = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_VIRT + ":userCertDNs");
        Attribute attrLibraryIDs = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":libraryIDs");
        perunUserId += String.valueOf(user.getId());
        dn += "perunUserId=" + user.getId() + ",ou=People,dc=perun,dc=cesnet,dc=cz";
        String firstName = user.getFirstName();
        String lastName = user.getLastName();
        if (firstName == null)
            firstName = "";
        if (lastName == null || lastName.isEmpty())
            lastName = "N/A";
        sn += lastName;
        cn += firstName + " " + lastName;
        if (user.isServiceUser())
            isServiceUser += "1";
        else
            isServiceUser += "0";
        if (user.isSponsoredUser())
            isSponsoredUser += "1";
        else
            isSponsoredUser += "0";
        if (firstName.isEmpty())
            givenName = null;
        else
            givenName += firstName;
        if (attrPreferredMail == null || attrPreferredMail.getValue() == null)
            mail = null;
        else
            mail += (String) attrPreferredMail.getValue();
        if (attrPreferredMail == null || attrPreferredMail.getValue() == null)
            preferredMail = null;
        else
            preferredMail += (String) attrPreferredMail.getValue();
        if (attrOrganization == null || attrOrganization.getValue() == null)
            o = null;
        else
            o += (String) attrOrganization.getValue();
        Map<String, String> certDNs = null;
        Set<String> certSubjectsWithPrefix = null;
        Set<String> certSubjectsWithoutPrefix = new HashSet<>();
        if (attrVirtCertDNs != null && attrVirtCertDNs.getValue() != null) {
            certDNs = (Map) attrVirtCertDNs.getValue();
            certSubjectsWithPrefix = certDNs.keySet();
            for (String certSubject : certSubjectsWithPrefix) {
                certSubjectsWithoutPrefix.add(certSubject.replaceFirst("^[0-9]+[:]", ""));
            }
        }
        writer.write(dn + '\n');
        writer.write(oc1 + '\n');
        writer.write(oc2 + '\n');
        writer.write(oc3 + '\n');
        writer.write(oc4 + '\n');
        writer.write(oc5 + '\n');
        writer.write(oc6 + '\n');
        writer.write(oc7 + '\n');
        writer.write(entryStatus + '\n');
        writer.write(sn + '\n');
        writer.write(cn + '\n');
        if (givenName != null)
            writer.write(givenName + '\n');
        writer.write(perunUserId + '\n');
        writer.write(isServiceUser + '\n');
        writer.write(isSponsoredUser + '\n');
        if (mail != null)
            writer.write(mail + '\n');
        if (preferredMail != null)
            writer.write(preferredMail + '\n');
        if (o != null)
            writer.write(o + '\n');
        if (certSubjectsWithoutPrefix != null && !certSubjectsWithoutPrefix.isEmpty()) {
            for (String s : certSubjectsWithoutPrefix) {
                writer.write("userCertificateSubject: " + s + '\n');
            }
        }
        List<String> libraryIDs = new ArrayList<>();
        if (attrLibraryIDs.getValue() != null) {
            libraryIDs = (ArrayList) attrLibraryIDs.getValue();
        }
        if (libraryIDs != null && !libraryIDs.isEmpty()) {
            for (String id : libraryIDs) {
                writer.write("libraryIDs: " + id + '\n');
            }
        }
        //GET ALL USERS UIDs
        List<String> similarUids = perun.getAttributesManagerBl().getAllSimilarAttributeNames(perunSession, AttributesManager.NS_USER_ATTR_DEF + ":uid-namespace:");
        if (similarUids != null && !similarUids.isEmpty()) {
            for (String s : similarUids) {
                Attribute uidNamespace = perun.getAttributesManagerBl().getAttribute(perunSession, user, s);
                if (uidNamespace != null && uidNamespace.getValue() != null) {
                    writer.write("uidNumber;x-ns-" + uidNamespace.getFriendlyNameParameter() + ": " + uidNamespace.getValue().toString() + '\n');
                }
            }
        }
        //GET ALL USERS LOGINs
        List<String> similarLogins = perun.getAttributesManagerBl().getAllSimilarAttributeNames(perunSession, AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:");
        if (similarLogins != null && !similarLogins.isEmpty()) {
            for (String s : similarLogins) {
                Attribute loginNamespace = perun.getAttributesManagerBl().getAttribute(perunSession, user, s);
                if (loginNamespace != null && loginNamespace.getValue() != null) {
                    writer.write("login;x-ns-" + loginNamespace.getFriendlyNameParameter() + ": " + loginNamespace.getValue().toString() + '\n');
                    if (loginNamespace.getFriendlyNameParameter().equals("einfra")) {
                        writer.write(userPassword + "{SASL}" + loginNamespace.getValue().toString() + '@' + loginNamespace.getFriendlyNameParameter().toUpperCase() + '\n');
                    }
                }
            }
        }
        //GET ALL USERS EXTlogins FOR EVERY EXTSOURCE WITH TYPE EQUALS IDP
        List<UserExtSource> userExtSources = perun.getUsersManagerBl().getUserExtSources(perunSession, user);
        List<String> extLogins = new ArrayList<>();
        for (UserExtSource ues : userExtSources) {
            if (ues != null && ues.getExtSource() != null) {
                String type = ues.getExtSource().getType();
                if (type != null) {
                    if (type.equals(ExtSourcesManager.EXTSOURCE_IDP)) {
                        String extLogin;
                        extLogin = ues.getLogin();
                        if (extLogin == null)
                            extLogin = "";
                        writer.write("eduPersonPrincipalNames: " + extLogin + '\n');
                    }
                }
            }
        }
        //ADD MEMBEROF ATTRIBUTE TO WRITER
        for (String s : membersOf) {
            writer.write(s + '\n');
        }
        //ADD MEMBEROFPERUNVO ATTRIBUTE TO WRITER
        for (String s : membersOfPerunVo) {
            writer.write(s + '\n');
        }
        writer.write('\n');
    }
}