Example 1 with CredentialsStorageTypeType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType in project midpoint by Evolveum.
the class CredentialPolicyEvaluator method createAddHistoryDelta.
// TODO: generalize for other credentials
private <F extends FocusType> int createAddHistoryDelta(PrismContainer<R> oldCredentialContainer) throws SchemaException {
R oldCredentialContainerType = oldCredentialContainer.getValue().asContainerable();
MetadataType oldCredentialMetadata = oldCredentialContainerType.getMetadata();
PrismProperty<ProtectedStringType> oldValueProperty = oldCredentialContainer.findProperty(getCredentialRelativeValuePath());
if (oldValueProperty == null) {
return 0;
}
ProtectedStringType newHistoryValue = oldValueProperty.getRealValue();
ProtectedStringType passwordPsForStorage = newHistoryValue.clone();
CredentialsStorageTypeType storageType = SecurityUtil.getCredentialStoragetTypeType(getCredentialPolicy().getHistoryStorageMethod());
if (storageType == null) {
storageType = CredentialsStorageTypeType.HASHING;
}
prepareProtectedStringForStorage(passwordPsForStorage, storageType);
PrismContainerDefinition<PasswordHistoryEntryType> historyEntryDefinition = oldCredentialContainer.getDefinition().findContainerDefinition(PasswordType.F_HISTORY_ENTRY);
PrismContainer<PasswordHistoryEntryType> historyEntry = historyEntryDefinition.instantiate();
PrismContainerValue<PasswordHistoryEntryType> hisotryEntryValue = historyEntry.createNewValue();
PasswordHistoryEntryType entryType = hisotryEntryValue.asContainerable();
entryType.setValue(passwordPsForStorage);
entryType.setMetadata(oldCredentialMetadata == null ? null : oldCredentialMetadata.clone());
entryType.setChangeTimestamp(now);
ContainerDelta<PasswordHistoryEntryType> addHisotryDelta = ContainerDelta.createModificationAdd(new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_HISTORY_ENTRY), UserType.class, prismContext, entryType.clone());
context.getFocusContext().swallowToSecondaryDelta(addHisotryDelta);
return 1;
}
Also used :
CredentialsStorageTypeType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType)
PasswordHistoryEntryType(com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordHistoryEntryType)
MetadataType(com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with CredentialsStorageTypeType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType in project midpoint by Evolveum.
the class CredentialsProcessor method transformFocusExectionDeltaCredential.
private <O extends ObjectType> void transformFocusExectionDeltaCredential(LensContext<O> context, CredentialsPolicyType credsType, CredentialPolicyType credPolicyType, ItemPath valuePropertyPath, ObjectDelta<O> delta) throws SchemaException, EncryptionException {
if (delta.isDelete()) {
return;
}
CredentialPolicyType defaltCredPolicyType = credsType.getDefault();
CredentialsStorageMethodType storageMethod = SecurityUtil.getCredPolicyItem(defaltCredPolicyType, credPolicyType, pol -> pol.getStorageMethod());
if (storageMethod == null) {
return;
}
CredentialsStorageTypeType storageType = storageMethod.getStorageType();
if (storageType == null || storageType == CredentialsStorageTypeType.ENCRYPTION) {
return;
} else if (storageType == CredentialsStorageTypeType.HASHING) {
PrismPropertyValue<ProtectedStringType> pval = null;
if (delta.isAdd()) {
PrismProperty<ProtectedStringType> prop = delta.getObjectToAdd().findProperty(valuePropertyPath);
hashValues(prop.getValues(), storageMethod);
} else {
PropertyDelta<ProtectedStringType> propDelta = delta.findPropertyDelta(valuePropertyPath);
if (propDelta != null) {
hashValues(propDelta.getValuesToAdd(), storageMethod);
hashValues(propDelta.getValuesToReplace(), storageMethod);
hashValues(propDelta.getValuesToDelete(), storageMethod);
}
}
} else if (storageType == CredentialsStorageTypeType.NONE) {
if (delta.isAdd()) {
delta.getObjectToAdd().removeProperty(valuePropertyPath);
} else {
PropertyDelta<ProtectedStringType> propDelta = delta.findPropertyDelta(valuePropertyPath);
if (propDelta != null) {
// Replace with nothing. We need this to clear any existing value that there might be.
propDelta.setValueToReplace();
}
}
} else {
throw new SchemaException("Unkwnon storage type " + storageType);
}
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
PrismProperty(com.evolveum.midpoint.prism.PrismProperty)
CredentialsStorageTypeType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType)
CredentialsStorageMethodType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageMethodType)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
CredentialPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
Aggregations
CredentialsStorageTypeType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageTypeType)2
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)2
PrismProperty (com.evolveum.midpoint.prism.PrismProperty)1
PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)1
PropertyDelta (com.evolveum.midpoint.prism.delta.PropertyDelta)1
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)1
CredentialPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType)1
CredentialsStorageMethodType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsStorageMethodType)1
MetadataType (com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType)1
PasswordHistoryEntryType (com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordHistoryEntryType)1
