Search in sources :

Example 6 with CredentialsPolicyType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType in project midpoint by Evolveum.

the class SecurityPolicyUtil method getCredentialPolicy.

public static NonceCredentialsPolicyType getCredentialPolicy(String policyName, SecurityPolicyType securityPolicy) throws SchemaException {
    CredentialsPolicyType credentialsPolicy = securityPolicy.getCredentials();
    if (credentialsPolicy == null) {
        return null;
    }
    List<NonceCredentialsPolicyType> noncePolicies = credentialsPolicy.getNonce();
    List<NonceCredentialsPolicyType> availableNoncePolicies = new ArrayList<>();
    for (NonceCredentialsPolicyType noncePolicy : noncePolicies) {
        if (noncePolicy.getName() == null && policyName == null) {
            availableNoncePolicies.add(noncePolicy);
        }
        if (noncePolicy.getName() == null && policyName != null) {
            continue;
        }
        if (noncePolicy.getName() != null && policyName == null) {
            continue;
        }
        if (noncePolicy.getName().equals(policyName)) {
            availableNoncePolicies.add(noncePolicy);
        }
    }
    if (availableNoncePolicies.size() > 1) {
        throw new SchemaException("Found more than one nonce credentials policy. Please review your configuration");
    }
    if (availableNoncePolicies.size() == 0) {
        return null;
    }
    return availableNoncePolicies.iterator().next();
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) NonceCredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType) ArrayList(java.util.ArrayList) CredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType) NonceCredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType)

Example 7 with CredentialsPolicyType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType in project midpoint by Evolveum.

the class TestSecurityBasic method assertCredentialsPolicy.

private void assertCredentialsPolicy(PrismObject<UserType> user) throws ObjectNotFoundException, SchemaException {
    OperationResult result = new OperationResult("assertCredentialsPolicy");
    CredentialsPolicyType credentialsPolicy = modelInteractionService.getCredentialsPolicy(user, null, result);
    result.computeStatus();
    TestUtil.assertSuccess(result);
    assertNotNull("No credentials policy for " + user, credentialsPolicy);
    SecurityQuestionsCredentialsPolicyType securityQuestions = credentialsPolicy.getSecurityQuestions();
    assertEquals("Unexepected number of security questions for " + user, 2, securityQuestions.getQuestion().size());
}
Also used : SecurityQuestionsCredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) SecurityQuestionsCredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType) CredentialsPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)

Example 8 with CredentialsPolicyType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType in project midpoint by Evolveum.

the class CredentialsProcessor method transformFocusExectionDeltaCredential.

private <O extends ObjectType> void transformFocusExectionDeltaCredential(LensContext<O> context, CredentialsPolicyType credsType, CredentialPolicyType credPolicyType, ItemPath valuePropertyPath, ObjectDelta<O> delta) throws SchemaException, EncryptionException {
    if (delta.isDelete()) {
        return;
    }
    CredentialPolicyType defaltCredPolicyType = credsType.getDefault();
    CredentialsStorageMethodType storageMethod = SecurityUtil.getCredPolicyItem(defaltCredPolicyType, credPolicyType, pol -> pol.getStorageMethod());
    if (storageMethod == null) {
        return;
    }
    CredentialsStorageTypeType storageType = storageMethod.getStorageType();
    if (storageType == null || storageType == CredentialsStorageTypeType.ENCRYPTION) {
        return;
    } else if (storageType == CredentialsStorageTypeType.HASHING) {
        PrismPropertyValue<ProtectedStringType> pval = null;
        if (delta.isAdd()) {
            PrismProperty<ProtectedStringType> prop = delta.getObjectToAdd().findProperty(valuePropertyPath);
            hashValues(prop.getValues(), storageMethod);
        } else {
            PropertyDelta<ProtectedStringType> propDelta = delta.findPropertyDelta(valuePropertyPath);
            if (propDelta != null) {
                hashValues(propDelta.getValuesToAdd(), storageMethod);
                hashValues(propDelta.getValuesToReplace(), storageMethod);
                hashValues(propDelta.getValuesToDelete(), storageMethod);
            }
        }
    } else if (storageType == CredentialsStorageTypeType.NONE) {
        if (delta.isAdd()) {
            delta.getObjectToAdd().removeProperty(valuePropertyPath);
        } else {
            PropertyDelta<ProtectedStringType> propDelta = delta.findPropertyDelta(valuePropertyPath);
            if (propDelta != null) {
                // Replace with nothing. We need this to clear any existing value that there might be.
                propDelta.setValueToReplace();
            }
        }
    } else {
        throw new SchemaException("Unkwnon storage type " + storageType);
    }
}
Also used : SchemaException(com.evolveum.midpoint.util.exception.SchemaException) PrismProperty(com.evolveum.midpoint.prism.PrismProperty) CredentialsStorageTypeType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType) CredentialsStorageMethodType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageMethodType) PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) CredentialPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType) PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)

Aggregations

CredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)6 NonceCredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType)3 SecurityQuestionsCredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType)3 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)2 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)2 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2 SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)2 PasswordCredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType)2 SecurityPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType)2 ArrayList (java.util.ArrayList)2 PrismProperty (com.evolveum.midpoint.prism.PrismProperty)1 PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)1 Protector (com.evolveum.midpoint.prism.crypto.Protector)1 PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1 Task (com.evolveum.midpoint.task.api.Task)1 MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)1 CredentialPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType)1 CredentialsStorageMethodType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageMethodType)1 CredentialsStorageTypeType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType)1 ObjectReferenceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)1