Example 1 with StringPolicyType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType in project midpoint by Evolveum.
the class MappingTestEvaluator method createMappingBuilder.
public <T> Mapping.Builder<PrismPropertyValue<T>, PrismPropertyDefinition<T>> createMappingBuilder(String filename, String testName, final StringPolicyType policy, ItemPath defaultTargetPropertyPath, ObjectDelta<UserType> userDelta, PrismObject<UserType> userOld) throws SchemaException, IOException, JAXBException {
MappingType mappingType = PrismTestUtil.parseAtomicValue(new File(TEST_DIR, filename), MappingType.COMPLEX_TYPE);
Mapping.Builder<PrismPropertyValue<T>, PrismPropertyDefinition<T>> mappingBuilder = mappingFactory.createMappingBuilder(mappingType, testName);
// Source context: user
ObjectDeltaObject<UserType> userOdo = new ObjectDeltaObject<>(userOld, userDelta, null);
userOdo.recompute();
mappingBuilder.setSourceContext(userOdo);
// Variable $user
mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_USER, userOdo);
// Variable $account
PrismObject<ShadowType> account = getAccount();
ObjectDeltaObject<ShadowType> accountOdo = new ObjectDeltaObject<ShadowType>(account, null, null);
accountOdo.recompute();
mappingBuilder.addVariableDefinition(ExpressionConstants.VAR_ACCOUNT, accountOdo);
// Target context: user
PrismObjectDefinition<UserType> userDefinition = getUserDefinition();
mappingBuilder.setTargetContext(userDefinition);
StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {
ItemPath outputPath;
ItemDefinition outputDefinition;
@Override
public void setOutputPath(ItemPath outputPath) {
this.outputPath = outputPath;
}
@Override
public void setOutputDefinition(ItemDefinition outputDefinition) {
this.outputDefinition = outputDefinition;
}
@Override
public StringPolicyType resolve() {
return policy;
}
};
mappingBuilder.setStringPolicyResolver(stringPolicyResolver);
// Default target
if (defaultTargetPropertyPath != null) {
PrismPropertyDefinition<T> targetDefDefinition = userDefinition.findItemDefinition(defaultTargetPropertyPath);
if (targetDefDefinition == null) {
throw new IllegalArgumentException("The item path '" + defaultTargetPropertyPath + "' does not have a definition in " + userDefinition);
}
mappingBuilder.setDefaultTargetDefinition(targetDefDefinition);
}
return mappingBuilder;
}
Also used :
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
ObjectDeltaObject(com.evolveum.midpoint.repo.common.expression.ObjectDeltaObject)
File(java.io.File)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 2 with StringPolicyType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType in project midpoint by Evolveum.
the class TestMappingDynamicSimple method generatePolicyNumeric.
private <T> void generatePolicyNumeric(final String TEST_NAME, String mappingFileName, String policyFileName, String extensionPropName, Class<T> clazz) throws Exception {
TestUtil.displayTestTile(TEST_NAME);
// This is just for validation. The expression has to resolve reference of its own
PrismObject<ValuePolicyType> valuePolicy = PrismTestUtil.parseObject(new File(MidPointTestConstants.OBJECTS_DIR, policyFileName));
final StringPolicyType stringPolicy = valuePolicy.asObjectable().getStringPolicy();
// GIVEN
Mapping<PrismPropertyValue<T>, PrismPropertyDefinition<T>> mapping = evaluator.<T>createMappingBuilder(mappingFileName, TEST_NAME, stringPolicy, new ItemPath(UserType.F_EXTENSION, new QName(NS_EXTENSION, extensionPropName)), null).build();
OperationResult opResult = new OperationResult(TEST_NAME);
// WHEN (1)
mapping.evaluate(null, opResult);
// THEN (1)
PrismValueDeltaSetTriple<PrismPropertyValue<T>> outputTriple = mapping.getOutputTriple();
outputTriple.checkConsistence();
T value1 = MappingTestEvaluator.getSingleValue("plus set", outputTriple.getZeroSet());
PrismAsserts.assertTripleNoPlus(outputTriple);
PrismAsserts.assertTripleNoMinus(outputTriple);
System.out.println("Generated value (1): " + value1);
assertNotNull("Generated null value", value1);
// We need to ignore the minLength. Conversion string -> number -> string may lose the leading zeroes
assertGeneratedValue(value1.toString(), stringPolicy, PATTERN_NUMERIC, true, false);
// GIVEN (2)
mapping = evaluator.<T>createMappingBuilder(mappingFileName, TEST_NAME, stringPolicy, new ItemPath(UserType.F_EXTENSION, new QName(NS_EXTENSION, extensionPropName)), null).build();
// WHEN (2)
mapping.evaluate(null, opResult);
// THEN (2)
outputTriple = mapping.getOutputTriple();
outputTriple.checkConsistence();
T value2 = MappingTestEvaluator.getSingleValue("plus set", outputTriple.getZeroSet());
System.out.println("Generated value (2): " + value2);
assertNotNull("Generated null value", value2);
PrismAsserts.assertTripleNoPlus(outputTriple);
PrismAsserts.assertTripleNoMinus(outputTriple);
assertFalse("Generated the same value", value1.equals(value2));
assertGeneratedValue(value1.toString(), stringPolicy, PATTERN_NUMERIC, true, false);
}
Also used :
StringPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType)
ValuePolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
QName(javax.xml.namespace.QName)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
File(java.io.File)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
Example 3 with StringPolicyType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType in project midpoint by Evolveum.
the class ProjectionCredentialsProcessor method processProjectionPasswordMapping.
private <F extends FocusType> void processProjectionPasswordMapping(LensContext<F> context, final LensProjectionContext projCtx, final ValuePolicyType passwordPolicy, XMLGregorianCalendar now, Task task, OperationResult result) throws ExpressionEvaluationException, ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException {
LensFocusContext<F> focusContext = context.getFocusContext();
PrismObject<F> userNew = focusContext.getObjectNew();
if (userNew == null) {
// This must be a user delete or something similar. No point in proceeding
LOGGER.trace("userNew is null, skipping credentials processing");
return;
}
PrismObjectDefinition<ShadowType> accountDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(ShadowType.class);
PrismPropertyDefinition<ProtectedStringType> projPasswordPropertyDefinition = accountDefinition.findPropertyDefinition(SchemaConstants.PATH_PASSWORD_VALUE);
ResourceShadowDiscriminator rsd = projCtx.getResourceShadowDiscriminator();
RefinedObjectClassDefinition refinedProjDef = projCtx.getStructuralObjectClassDefinition();
if (refinedProjDef == null) {
LOGGER.trace("No RefinedObjectClassDefinition, therefore also no password outbound definition, skipping credentials processing for projection {}", rsd);
return;
}
List<MappingType> outboundMappingTypes = refinedProjDef.getPasswordOutbound();
if (outboundMappingTypes == null || outboundMappingTypes.isEmpty()) {
LOGGER.trace("No outbound password mapping for {}, skipping credentials processing", rsd);
return;
}
// HACK
if (!projCtx.isDoReconciliation() && !projCtx.isAdd() && !isActivated(outboundMappingTypes, focusContext.getDelta())) {
LOGGER.trace("Outbound password mappings not activated for type {}, skipping credentials processing", rsd);
return;
}
final ObjectDelta<ShadowType> projDelta = projCtx.getDelta();
final PropertyDelta<ProtectedStringType> projPasswordDelta;
if (projDelta != null && projDelta.getChangeType() == MODIFY) {
projPasswordDelta = projDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
} else {
projPasswordDelta = null;
}
checkExistingDeltaSanity(projCtx, projPasswordDelta);
boolean evaluateWeak = getEvaluateWeak(projCtx);
final ItemDeltaItem<PrismPropertyValue<PasswordType>, PrismPropertyDefinition<ProtectedStringType>> userPasswordIdi = focusContext.getObjectDeltaObject().findIdi(SchemaConstants.PATH_PASSWORD_VALUE);
StringPolicyResolver stringPolicyResolver = new StringPolicyResolver() {
@Override
public void setOutputPath(ItemPath outputPath) {
}
@Override
public void setOutputDefinition(ItemDefinition outputDefinition) {
}
@Override
public StringPolicyType resolve() {
if (passwordPolicy == null) {
return null;
}
return passwordPolicy.getStringPolicy();
}
};
MappingInitializer<PrismPropertyValue<ProtectedStringType>, PrismPropertyDefinition<ProtectedStringType>> initializer = (builder) -> {
builder.defaultTargetDefinition(projPasswordPropertyDefinition);
builder.defaultSource(new Source<>(userPasswordIdi, ExpressionConstants.VAR_INPUT));
builder.stringPolicyResolver(stringPolicyResolver);
return builder;
};
MappingOutputProcessor<PrismPropertyValue<ProtectedStringType>> processor = (mappingOutputPath, outputStruct) -> {
PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = outputStruct.getOutputTriple();
if (outputTriple == null) {
LOGGER.trace("Credentials 'password' expression resulted in null output triple, skipping credentials processing for {}", rsd);
return false;
}
boolean projectionIsNew = projDelta != null && (projDelta.getChangeType() == ChangeType.ADD || projCtx.getSynchronizationPolicyDecision() == SynchronizationPolicyDecision.ADD);
Collection<PrismPropertyValue<ProtectedStringType>> newValues = outputTriple.getPlusSet();
if (projectionIsNew) {
newValues = outputTriple.getNonNegativeValues();
} else {
newValues = outputTriple.getPlusSet();
}
if (!canGetCleartext(newValues)) {
ObjectDelta<ShadowType> projectionPrimaryDelta = projCtx.getPrimaryDelta();
if (projectionPrimaryDelta != null) {
PropertyDelta<ProtectedStringType> passwordPrimaryDelta = projectionPrimaryDelta.findPropertyDelta(SchemaConstants.PATH_PASSWORD_VALUE);
if (passwordPrimaryDelta != null) {
// We have only hashed value coming from the mapping. There are not very useful
// for provisioning. But we have primary projection delta - and that is very likely
// to be better.
// Skip all password mappings in this case. Primary delta trumps everything.
// No weak, normal or even strong mapping can change that.
// We need to disregard even strong mapping in this case. If we would heed the strong
// mapping then account initialization won't be possible.
LOGGER.trace("We have primary password delta in projection, skipping credentials processing");
return false;
}
}
}
return true;
};
mappingEvaluator.evaluateOutboundMapping(context, projCtx, outboundMappingTypes, SchemaConstants.PATH_PASSWORD_VALUE, SchemaConstants.PATH_PASSWORD_VALUE, initializer, processor, now, true, evaluateWeak, "password mapping", task, result);
}
Also used :
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)
ChangeType(com.evolveum.midpoint.prism.delta.ChangeType)
Autowired(org.springframework.beans.factory.annotation.Autowired)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
ExpressionConstants(com.evolveum.midpoint.schema.constants.ExpressionConstants)
MappingInitializer(com.evolveum.midpoint.model.impl.lens.projector.MappingInitializer)
MappingFactory(com.evolveum.midpoint.model.common.mapping.MappingFactory)
LensContext(com.evolveum.midpoint.model.impl.lens.LensContext)
PrismValueDeltaSetTriple(com.evolveum.midpoint.prism.delta.PrismValueDeltaSetTriple)
OriginType(com.evolveum.midpoint.prism.OriginType)
PasswordCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.PasswordCapabilityType)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
PrismProperty(com.evolveum.midpoint.prism.PrismProperty)
ObjectNotFoundException(com.evolveum.midpoint.util.exception.ObjectNotFoundException)
Collection(java.util.Collection)
StringPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType)
MappingEvaluator(com.evolveum.midpoint.model.impl.lens.projector.MappingEvaluator)
ResourceTypeUtil(com.evolveum.midpoint.schema.util.ResourceTypeUtil)
VariableBindingDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.VariableBindingDefinitionType)
Task(com.evolveum.midpoint.task.api.Task)
ResourceShadowDiscriminator(com.evolveum.midpoint.schema.ResourceShadowDiscriminator)
MetadataType(com.evolveum.midpoint.xml.ns._public.common.common_3.MetadataType)
List(java.util.List)
ValuePolicyProcessor(com.evolveum.midpoint.model.common.stringpolicy.ValuePolicyProcessor)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
FocusType(com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ContextLoader(com.evolveum.midpoint.model.impl.lens.projector.ContextLoader)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
PolicyViolationException(com.evolveum.midpoint.util.exception.PolicyViolationException)
MappingType(com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)
PasswordType(com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType)
MappingOutputProcessor(com.evolveum.midpoint.model.impl.lens.projector.MappingOutputProcessor)
SchemaConstants(com.evolveum.midpoint.schema.constants.SchemaConstants)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition)
Trace(com.evolveum.midpoint.util.logging.Trace)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
ValuePolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType)
EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException)
PrismObjectDefinition(com.evolveum.midpoint.prism.PrismObjectDefinition)
ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta)
CredentialsCapabilityType(com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType)
SecurityViolationException(com.evolveum.midpoint.util.exception.SecurityViolationException)
MODIFY(com.evolveum.midpoint.prism.delta.ChangeType.MODIFY)
PrismContext(com.evolveum.midpoint.prism.PrismContext)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
ContainerDelta(com.evolveum.midpoint.prism.delta.ContainerDelta)
ItemDeltaItem(com.evolveum.midpoint.repo.common.expression.ItemDeltaItem)
OperationalDataManager(com.evolveum.midpoint.model.impl.lens.OperationalDataManager)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SynchronizationPolicyDecision(com.evolveum.midpoint.model.api.context.SynchronizationPolicyDecision)
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Component(org.springframework.stereotype.Component)
LensProjectionContext(com.evolveum.midpoint.model.impl.lens.LensProjectionContext)
PrismContainerValue(com.evolveum.midpoint.prism.PrismContainerValue)
Protector(com.evolveum.midpoint.prism.crypto.Protector)
SecurityUtil(com.evolveum.midpoint.security.api.SecurityUtil)
LensFocusContext(com.evolveum.midpoint.model.impl.lens.LensFocusContext)
Source(com.evolveum.midpoint.repo.common.expression.Source)
TraceManager(com.evolveum.midpoint.util.logging.TraceManager)
ItemPathType(com.evolveum.prism.xml.ns._public.types_3.ItemPathType)
PrismPropertyDefinition(com.evolveum.midpoint.prism.PrismPropertyDefinition)
ItemDefinition(com.evolveum.midpoint.prism.ItemDefinition)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
Source(com.evolveum.midpoint.repo.common.expression.Source)
RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition)
PropertyDelta(com.evolveum.midpoint.prism.delta.PropertyDelta)
ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
PrismValueDeltaSetTriple(com.evolveum.midpoint.prism.delta.PrismValueDeltaSetTriple)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
Collection(java.util.Collection)
ResourceShadowDiscriminator(com.evolveum.midpoint.schema.ResourceShadowDiscriminator)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 4 with StringPolicyType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType in project midpoint by Evolveum.
the class GenerateExpressionEvaluator method evaluate.
/*
* (non-Javadoc)
*
* @see
* com.evolveum.midpoint.common.expression.ExpressionEvaluator#evaluate(java
* .util.Collection, java.util.Map, boolean, java.lang.String,
* com.evolveum.midpoint.schema.result.OperationResult)
*/
@Override
public PrismValueDeltaSetTriple<V> evaluate(ExpressionEvaluationContext context) throws SchemaException, ExpressionEvaluationException, ObjectNotFoundException {
StringPolicyType stringPolicyType = null;
ObjectReferenceType generateEvaluatorValuePolicyRef = generateEvaluatorType.getValuePolicyRef();
if (generateEvaluatorValuePolicyRef != null) {
if (generateEvaluatorType.getValuePolicyRef() != null) {
ValuePolicyType valuePolicyType = objectResolver.resolve(generateEvaluatorValuePolicyRef, ValuePolicyType.class, null, "resolving value policy reference in generateExpressionEvaluator", context.getTask(), context.getResult());
stringPolicyType = valuePolicyType.getStringPolicy();
}
}
// would be generated
if (stringPolicyType == null) {
StringPolicyResolver stringPolicyResolver = context.getStringPolicyResolver();
if (stringPolicyResolver != null) {
stringPolicyType = stringPolicyResolver.resolve();
}
}
elementStringPolicy = stringPolicyType;
// } else {
// stringPolicyType = elementStringPolicy;
// }
//
String stringValue = null;
GenerateExpressionEvaluatorModeType mode = generateEvaluatorType.getMode();
Item<V, D> output = outputDefinition.instantiate();
if (mode == null || mode == GenerateExpressionEvaluatorModeType.POLICY) {
PrismObject<? extends ObjectType> object = getObject(context);
// TODO: generate value based on stringPolicyType (if not null)
if (stringPolicyType != null) {
if (isNotEmptyMinLength(stringPolicyType)) {
stringValue = valuePolicyGenerator.generate(output.getPath(), stringPolicyType, DEFAULT_LENGTH, true, object, context.getContextDescription(), context.getTask(), context.getResult());
} else {
stringValue = valuePolicyGenerator.generate(output.getPath(), stringPolicyType, DEFAULT_LENGTH, false, object, context.getContextDescription(), context.getTask(), context.getResult());
}
context.getResult().computeStatus();
if (context.getResult().isError()) {
throw new ExpressionEvaluationException("Failed to generate value according to policy: " + stringPolicyType.getDescription() + ". " + context.getResult().getMessage());
}
}
if (stringValue == null) {
int length = DEFAULT_LENGTH;
RandomString randomString = new RandomString(length);
stringValue = randomString.nextString();
}
} else if (mode == GenerateExpressionEvaluatorModeType.UUID) {
UUID randomUUID = UUID.randomUUID();
stringValue = randomUUID.toString();
} else {
throw new ExpressionEvaluationException("Unknown mode for generate expression: " + mode);
}
Object value = ExpressionUtil.convertToOutputValue(stringValue, outputDefinition, protector);
if (output instanceof PrismProperty) {
PrismPropertyValue<Object> pValue = new PrismPropertyValue<Object>(value);
((PrismProperty<Object>) output).add(pValue);
} else {
throw new UnsupportedOperationException("Can only generate values of property, not " + output.getClass());
}
return ItemDelta.toDeltaSetTriple(output, null);
}
Also used :
StringPolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType)
ExpressionEvaluationException(com.evolveum.midpoint.util.exception.ExpressionEvaluationException)
ValuePolicyType(com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType)
UUID(java.util.UUID)
RandomString(com.evolveum.midpoint.util.RandomString)
StringPolicyResolver(com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)
RandomString(com.evolveum.midpoint.util.RandomString)
ObjectReferenceType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)
PrismProperty(com.evolveum.midpoint.prism.PrismProperty)
PrismObject(com.evolveum.midpoint.prism.PrismObject)
UUID(java.util.UUID)
GenerateExpressionEvaluatorModeType(com.evolveum.midpoint.xml.ns._public.common.common_3.GenerateExpressionEvaluatorModeType)
PrismPropertyValue(com.evolveum.midpoint.prism.PrismPropertyValue)
Example 5 with StringPolicyType
use of com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType in project midpoint by Evolveum.
the class ValuePolicyProcessor method generateAttempt.
private String generateAttempt(StringPolicyType policy, int defaultLength, boolean generateMinimalSize, OperationResult result) {
// if (policy.getLimitations() != null &&
// policy.getLimitations().getMinLength() != null){
// generateMinimalSize = true;
// }
// setup default values where missing
// PasswordPolicyUtils.normalize(pp);
// Optimize usage of limits ass hashmap of limitas and key is set of
// valid chars for each limitation
Map<StringLimitType, List<String>> lims = new HashMap<StringLimitType, List<String>>();
int minLen = defaultLength;
int maxLen = defaultLength;
int unique = defaultLength / 2;
if (policy != null) {
for (StringLimitType l : policy.getLimitations().getLimit()) {
if (null != l.getCharacterClass().getValue()) {
lims.put(l, StringPolicyUtils.stringTokenizer(l.getCharacterClass().getValue()));
} else {
lims.put(l, StringPolicyUtils.stringTokenizer(StringPolicyUtils.collectCharacterClass(policy.getCharacterClass(), l.getCharacterClass().getRef())));
}
}
// Get global limitations
minLen = policy.getLimitations().getMinLength() == null ? 0 : policy.getLimitations().getMinLength().intValue();
if (minLen != 0 && minLen > defaultLength) {
defaultLength = minLen;
}
maxLen = (policy.getLimitations().getMaxLength() == null ? 0 : policy.getLimitations().getMaxLength().intValue());
unique = policy.getLimitations().getMinUniqueChars() == null ? minLen : policy.getLimitations().getMinUniqueChars().intValue();
}
// test correctness of definition
if (unique > minLen) {
minLen = unique;
OperationResult reportBug = new OperationResult("Global limitation check");
reportBug.recordWarning("There is more required uniq characters then definied minimum. Raise minimum to number of required uniq chars.");
}
if (minLen == 0 && maxLen == 0) {
minLen = defaultLength;
maxLen = defaultLength;
generateMinimalSize = true;
}
if (maxLen == 0) {
if (minLen > defaultLength) {
maxLen = minLen;
} else {
maxLen = defaultLength;
}
}
// Initialize generator
StringBuilder password = new StringBuilder();
/*
* ********************************** Try to find best characters to be
* first in password
*/
Map<StringLimitType, List<String>> mustBeFirst = new HashMap<StringLimitType, List<String>>();
for (StringLimitType l : lims.keySet()) {
if (l.isMustBeFirst() != null && l.isMustBeFirst()) {
mustBeFirst.put(l, lims.get(l));
}
}
// If any limitation was found to be first
if (!mustBeFirst.isEmpty()) {
Map<Integer, List<String>> posibleFirstChars = cardinalityCounter(mustBeFirst, null, false, false, result);
int intersectionCardinality = mustBeFirst.keySet().size();
List<String> intersectionCharacters = posibleFirstChars.get(intersectionCardinality);
// If no intersection was found then raise error
if (null == intersectionCharacters || intersectionCharacters.size() == 0) {
result.recordFatalError("No intersection for required first character sets in value policy:" + policy.getDescription());
// Log error
if (LOGGER.isErrorEnabled()) {
LOGGER.error("Unable to generate value for " + getPath() + ": No intersection for required first character sets in value policy: [" + policy.getDescription() + "] following character limitation and sets are used:");
for (StringLimitType l : mustBeFirst.keySet()) {
StrBuilder tmp = new StrBuilder();
tmp.appendSeparator(", ");
tmp.appendAll(mustBeFirst.get(l));
LOGGER.error("L:" + l.getDescription() + " -> [" + tmp + "]");
}
}
// EXIT
return null;
} else {
if (LOGGER.isDebugEnabled()) {
StrBuilder tmp = new StrBuilder();
tmp.appendSeparator(", ");
tmp.appendAll(intersectionCharacters);
LOGGER.trace("Generate first character intersection items [" + tmp + "] into " + getPath() + ".");
}
// Generate random char into password from intersection
password.append(intersectionCharacters.get(RAND.nextInt(intersectionCharacters.size())));
}
}
/*
* ************************************** Generate rest to fulfill
* minimal criteria
*/
boolean uniquenessReached = false;
// Count cardinality of elements
Map<Integer, List<String>> chars;
for (int i = 0; i < minLen; i++) {
// Check if still unique chars are needed
if (password.length() >= unique) {
uniquenessReached = true;
}
// Find all usable characters
chars = cardinalityCounter(lims, StringPolicyUtils.stringTokenizer(password.toString()), false, uniquenessReached, result);
// If something goes badly then go out
if (null == chars) {
return null;
}
if (chars.isEmpty()) {
LOGGER.trace("Minimal criterias was met. No more characters");
break;
}
// Find lowest possible cardinality and then generate char
for (int card = 1; card < lims.keySet().size(); card++) {
if (chars.containsKey(card)) {
List<String> validChars = chars.get(card);
password.append(validChars.get(RAND.nextInt(validChars.size())));
break;
}
}
}
// test if maximum is not exceeded
if (password.length() > maxLen) {
result.recordFatalError("Unable to meet minimal criteria and not exceed maximxal size of " + getPath() + ".");
return null;
}
for (int i = 0; i < minLen; i++) {
// test if max is reached
if (password.length() == maxLen) {
// no more characters maximal size is reached
break;
}
if (password.length() >= minLen && generateMinimalSize) {
// no more characters are needed
break;
}
// Check if still unique chars are needed
if (password.length() >= unique) {
uniquenessReached = true;
}
// find all usable characters
chars = cardinalityCounter(lims, StringPolicyUtils.stringTokenizer(password.toString()), true, uniquenessReached, result);
// If something goes badly then go out
if (null == chars) {
// we hope this never happend.
result.recordFatalError("No valid characters to generate, but no all limitation are reached");
return null;
}
// our work
if (chars.isEmpty()) {
if (i == 0) {
password.append(RandomStringUtils.randomAlphanumeric(minLen));
}
break;
// if (!StringUtils.isBlank(password.toString()) &&
// password.length() >= minLen) {
// break;
// }
// check uf this is a firs cycle and if we need to user some
// default (alphanum) character class.
}
// Find lowest possible cardinality and then generate char
for (int card = 1; card <= lims.keySet().size(); card++) {
if (chars.containsKey(card)) {
List<String> validChars = chars.get(card);
password.append(validChars.get(RAND.nextInt(validChars.size())));
break;
}
}
}
if (password.length() < minLen) {
result.recordFatalError("Unable to generate value for " + getPath() + " and meet minimal size of " + getPath() + ". Actual lenght: " + password.length() + ", required: " + minLen);
LOGGER.trace("Unable to generate value for " + getPath() + " and meet minimal size of " + getPath() + ". Actual lenght: {}, required: {}", password.length(), minLen);
return null;
}
result.recordSuccess();
// Shuffle output to solve pattern like output
StrBuilder sb = new StrBuilder(password.substring(0, 1));
List<String> shuffleBuffer = StringPolicyUtils.stringTokenizer(password.substring(1));
Collections.shuffle(shuffleBuffer);
sb.appendAll(shuffleBuffer);
return sb.toString();
}
Also used :
HashMap(java.util.HashMap)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
StringLimitType(com.evolveum.midpoint.xml.ns._public.common.common_3.StringLimitType)
ArrayList(java.util.ArrayList)
List(java.util.List)
StrBuilder(org.apache.commons.lang.text.StrBuilder)
Aggregations
StringPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.StringPolicyType)8
ValuePolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.ValuePolicyType)8
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)7
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)6
StringPolicyResolver (com.evolveum.midpoint.repo.common.expression.StringPolicyResolver)6
ItemDefinition (com.evolveum.midpoint.prism.ItemDefinition)5
PrismPropertyValue (com.evolveum.midpoint.prism.PrismPropertyValue)5
File (java.io.File)5
PrismPropertyDefinition (com.evolveum.midpoint.prism.PrismPropertyDefinition)4
PrismObject (com.evolveum.midpoint.prism.PrismObject)3
ObjectDeltaObject (com.evolveum.midpoint.repo.common.expression.ObjectDeltaObject)3
ExpressionEvaluationException (com.evolveum.midpoint.util.exception.ExpressionEvaluationException)3
MappingType (com.evolveum.midpoint.xml.ns._public.common.common_3.MappingType)3
ObjectReferenceType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType)3
AbstractInternalModelIntegrationTest (com.evolveum.midpoint.model.impl.AbstractInternalModelIntegrationTest)2
PrismContext (com.evolveum.midpoint.prism.PrismContext)2
PrismProperty (com.evolveum.midpoint.prism.PrismProperty)2
LimitationsType (com.evolveum.midpoint.xml.ns._public.common.common_3.LimitationsType)2
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)2
List (java.util.List)2
