Examples with ItemDefinition com.evolveum.midpoint.prism.ItemDefinition used on opensource projects

Example 6 with ItemDefinition

use of com.evolveum.midpoint.prism.ItemDefinition in project midpoint by Evolveum.

the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.

private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
    LensFocusContext<F> focusContext = context.getFocusContext();
    PrismObject<F> userNew = focusContext.getObjectNew();
    if (userNew == null) {
        // This must be a user delete or something similar. No point in proceeding
        LOGGER.trace("userNew is null, skipping credentials processing");
        return;
    }
    PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
    PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
    ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
    RefinedObjectClassDefinition refinedProjDef = projCtx.getStructuralObjectClassDefinition();
    if (refinedProjDef == null) {
        LOGGER.trace("No RefinedObjectClassDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", rsd);
        return;
    }
    List<MappingType> outboundMappingTypes = refinedProjDef.getPasswordOutbound();
    if (outboundMappingTypes == null || outboundMappingTypes.isEmpty()) {
        LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
        return;
    }
    // HACK
    if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingTypes, focusContext.getDelta())) {
        LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
        return;
    }
    final ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
    final PropertyDelta<ProtectedStringType> projPasswordDelta;
    if (projDelta != null && projDelta.getChangeType() == MODIFY) {
        projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
    } else {
        projPasswordDelta = null;
    }
    checkExistingDeltaSanity(projCtx, projPasswordDelta);
    boolean evaluateWeak = getEvaluateWeak(projCtx);
    final ItemDeltaItem<PrismPropertyValue<PasswordType>, PrismPropertyDefinition<ProtectedStringType>> userPasswordIdi = focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
    StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {

        @Override
        public void setOutputPath(ItemPath outputPath) {
        }

        @Override
        public void setOutputDefinition(ItemDefinition outputDefinition) {
        }

        @Override
        public StringPolicyType resolve() {
            if (passwordPolicy == null) {
                return null;
            }
            return passwordPolicy.getStringPolicy();
        }
    };
    MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
        builder.defaultTargetDefinition(projPasswordPropertyDefinition);
        builder.defaultSource(new Source<>(userPasswordIdi, ExpressionConstants.VAR_INPUT));
        builder.stringPolicyResolver(stringPolicyResolver);
        return builder;
    };
    MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
        PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
        if (outputTriple == null) {
            LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
            return false;
        }
        boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
        Collection<PrismPropertyValue<ProtectedStringType>> newValues = outputTriple.getPlusSet();
        if (projectionIsNew) {
            newValues = outputTriple.getNonNegativeValues();
        } else {
            newValues = outputTriple.getPlusSet();
        }
        if (!canGetCleartext(newValues)) {
            ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
            if (projectionPrimaryDelta != null) {
                PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
                if (passwordPrimaryDelta != null) {
                    // We have only hashed value coming from the mapping. There are not very useful
                    // for provisioning. But we have primary projection delta - and that is very likely
                    // to be better.
                    // Skip all password mappings in this case. Primary delta trumps everything. 
                    // No weak, normal or even strong mapping can change that.
                    // We need to disregard even strong mapping in this case. If we would heed the strong
                    // mapping then account initialization won't be possible.
                    LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
                    return false;
                }
            }
        }
        return true;
    };
    mappingEvaluator.evaluateOutboundMapping(context, projCtx, outboundMappingTypes, SchemaConstants.PATH_PASSWORD_VALUE, SchemaConstants.PATH_PASSWORD_VALUE, initializer, processor, now, true, evaluateWeak, "password mapping", task, result);
}

Example 7 with ItemDefinition

use of com.evolveum.midpoint.prism.ItemDefinition in project midpoint by Evolveum.

the class RunReportPopupPanel method createUserAttributeListModel.

private IModel<List<String>> createUserAttributeListModel(Class type) {
    final List<String> attrList = new ArrayList();
    PrismObjectDefinition<UserType> userDefinition = getPrismContext().getSchemaRegistry().findObjectDefinitionByCompileTimeClass(UserType.class);
    List<? extends ItemDefinition> itemDefs = userDefinition.getDefinitions();
    for (ItemDefinition id : itemDefs) {
        if (id instanceof PrismPropertyDefinition && ((((PrismPropertyDefinition) id).isIndexed() == null) || (((PrismPropertyDefinition) id).isIndexed() == true))) {
            if (id.getTypeClass() != null && id.getTypeClass().equals(type)) {
                attrList.add(id.getName().getLocalPart());
            }
        }
    }
    return new AbstractReadOnlyModel<List<String>>() {

        @Override
        public List<String> getObject() {
            return attrList;
        }
    };
}

Example 8 with ItemDefinition

use of com.evolveum.midpoint.prism.ItemDefinition in project midpoint by Evolveum.

the class CryptoUtil method checkEncrypted.

private static <T extends ObjectType> void checkEncrypted(PrismPropertyValue<?> pval) {
    Itemable item = pval.getParent();
    if (item == null) {
        return;
    }
    ItemDefinition itemDef = item.getDefinition();
    if (itemDef == null || itemDef.getTypeName() == null) {
        return;
    }
    if (itemDef.getTypeName().equals(ProtectedStringType.COMPLEX_TYPE)) {
        QName propName = item.getElementName();
        PrismPropertyValue<ProtectedStringType> psPval = (PrismPropertyValue<ProtectedStringType>) pval;
        ProtectedStringType ps = psPval.getValue();
        if (ps.getClearValue() != null) {
            throw new IllegalStateException("Unencrypted value in field " + propName);
        }
    } else if (itemDef.getTypeName().equals(NotificationConfigurationType.COMPLEX_TYPE)) {
        // this is really ugly hack needed because currently it is not possible to break NotificationConfigurationType into prism item [pm]
        NotificationConfigurationType ncfg = ((PrismPropertyValue<NotificationConfigurationType>) pval).getValue();
        if (ncfg.getMail() != null) {
            for (MailServerConfigurationType mscfg : ncfg.getMail().getServer()) {
                if (mscfg.getPassword() != null && mscfg.getPassword().getClearValue() != null) {
                    throw new IllegalStateException("Unencrypted value in mail server config password entry");
                }
            }
        }
        if (ncfg.getSms() != null) {
            for (SmsConfigurationType smscfg : ncfg.getSms()) {
                for (SmsGatewayConfigurationType gwcfg : smscfg.getGateway()) {
                    if (gwcfg.getPassword() != null && gwcfg.getPassword().getClearValue() != null) {
                        throw new IllegalStateException("Unencrypted value in SMS gateway config password entry");
                    }
                }
            }
        }
    }
}

Example 9 with ItemDefinition

use of com.evolveum.midpoint.prism.ItemDefinition in project midpoint by Evolveum.

the class CryptoUtil method encryptValue.

private static <T extends ObjectType> void encryptValue(Protector protector, PrismPropertyValue<?> pval) throws EncryptionException {
    Itemable item = pval.getParent();
    if (item == null) {
        return;
    }
    ItemDefinition itemDef = item.getDefinition();
    if (itemDef == null || itemDef.getTypeName() == null) {
        return;
    }
    if (itemDef.getTypeName().equals(ProtectedStringType.COMPLEX_TYPE)) {
        QName propName = item.getElementName();
        PrismPropertyValue<ProtectedStringType> psPval = (PrismPropertyValue<ProtectedStringType>) pval;
        ProtectedStringType ps = psPval.getValue();
        encryptProtectedStringType(protector, ps, propName.getLocalPart());
        if (pval.getParent() == null) {
            pval.setParent(item);
        }
    } else if (itemDef.getTypeName().equals(NotificationConfigurationType.COMPLEX_TYPE)) {
        // this is really ugly hack needed because currently it is not possible to break NotificationConfigurationType into prism item [pm]
        NotificationConfigurationType ncfg = ((PrismPropertyValue<NotificationConfigurationType>) pval).getValue();
        if (ncfg.getMail() != null) {
            for (MailServerConfigurationType mscfg : ncfg.getMail().getServer()) {
                encryptProtectedStringType(protector, mscfg.getPassword(), "mail server password");
            }
        }
        if (ncfg.getSms() != null) {
            for (SmsConfigurationType smscfg : ncfg.getSms()) {
                for (SmsGatewayConfigurationType gwcfg : smscfg.getGateway()) {
                    encryptProtectedStringType(protector, gwcfg.getPassword(), "sms gateway password");
                }
            }
        }
    }
}

Example 10 with ItemDefinition

use of com.evolveum.midpoint.prism.ItemDefinition in project midpoint by Evolveum.

the class TestJaxbSanity method testAssignmentEquals.

@Test
public void testAssignmentEquals() throws JAXBException, SchemaException, FileNotFoundException {
    System.out.println("\n\n ===[testAssnignmentEquals]===\n");
    // GIVEN
    JAXBElement<UserType> userEl1 = JaxbTestUtil.getInstance().unmarshalElement(new File(USER_BARBOSSA_FILENAME), UserType.class);
    UserType user = userEl1.getValue();
    assertNotNull(user);
    AssignmentType userAssignmentType = user.getAssignment().get(0);
    assertNotNull(userAssignmentType);
    System.out.println("\n*** user assignment");
    System.out.println(PrismTestUtil.serializeAnyDataWrapped(userAssignmentType));
    JAXBElement<ObjectModificationType> modEl = JaxbTestUtil.getInstance().unmarshalElement(new File(TEST_DIR, "user-barbossa-modify-delete-assignment-account-opendj-attr.xml"), ObjectModificationType.class);
    ObjectModificationType mod = modEl.getValue();
    assertNotNull(mod);
    //FIXME : modification value -> rawType...
    RawType rawType = mod.getItemDelta().get(0).getValue().get(0);
    ItemDefinition assignmentDefinition = PrismTestUtil.getPrismContext().getSchemaRegistry().findContainerDefinitionByCompileTimeClass(AssignmentType.class);
    assertNotNull(assignmentDefinition);
    AssignmentType assignmentType = ((PrismContainerValue<AssignmentType>) rawType.getParsedValue(assignmentDefinition, null)).getValue();
    //                was: (JAXBElement<AssignmentType>) mod.getItemDelta().get(0).getValue().get(0).getContent().get(0);
    assertNotNull(assignmentType);
    System.out.println("\n*** assignment");
    System.out.println(PrismTestUtil.serializeAnyDataWrapped(assignmentType));
    // WHEN, THEN
    assertTrue("Assignment not equals", userAssignmentType.equals(assignmentType));
    assertTrue("HashCode does not match", userAssignmentType.hashCode() == assignmentType.hashCode());
}