Example 46 with ProtectedStringType
use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.
the class AbstractModelIntegrationTest method assertEncryptedUserPassword.
protected void assertEncryptedUserPassword(PrismObject<UserType> user, String expectedClearPassword) throws EncryptionException {
UserType userType = user.asObjectable();
ProtectedStringType protectedActualPassword = userType.getCredentials().getPassword().getValue();
String actualClearPassword = protector.decryptString(protectedActualPassword);
assertEquals("Wrong password for " + user, expectedClearPassword, actualClearPassword);
}
Also used :
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Example 47 with ProtectedStringType
use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.
the class ConnectorInstanceConnIdImpl method addObject.
@Override
public AsynchronousOperationReturnValue<Collection<ResourceAttribute<?>>> addObject(PrismObject<? extends ShadowType> shadow, Collection<Operation> additionalOperations, StateReporter reporter, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SchemaException, ObjectAlreadyExistsException, ConfigurationException {
validateShadow(shadow, "add", false);
ShadowType shadowType = shadow.asObjectable();
ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadow);
OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".addObject");
result.addParam("resourceObject", shadow);
// because of serialization issues
result.addParam("additionalOperations", DebugUtil.debugDump(additionalOperations));
ObjectClassComplexTypeDefinition ocDef;
ResourceAttributeContainerDefinition attrContDef = attributesContainer.getDefinition();
if (attrContDef != null) {
ocDef = attrContDef.getComplexTypeDefinition();
} else {
ocDef = resourceSchema.findObjectClassDefinition(shadow.asObjectable().getObjectClass());
if (ocDef == null) {
throw new SchemaException("Unknown object class " + shadow.asObjectable().getObjectClass());
}
}
// getting icf object class from resource object class
ObjectClass icfObjectClass = connIdNameMapper.objectClassToIcf(shadow, getSchemaNamespace(), connectorType, legacySchema);
if (icfObjectClass == null) {
result.recordFatalError("Couldn't get icf object class from " + shadow);
throw new IllegalArgumentException("Couldn't get icf object class from " + shadow);
}
// setting ifc attributes from resource object attributes
Set<Attribute> attributes = null;
try {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("midPoint object before conversion:\n{}", attributesContainer.debugDump());
}
attributes = connIdConvertor.convertFromResourceObject(attributesContainer, ocDef);
if (shadowType.getCredentials() != null && shadowType.getCredentials().getPassword() != null) {
PasswordType password = shadowType.getCredentials().getPassword();
ProtectedStringType protectedString = password.getValue();
GuardedString guardedPassword = ConnIdUtil.toGuardedString(protectedString, "new password", protector);
if (guardedPassword != null) {
attributes.add(AttributeBuilder.build(OperationalAttributes.PASSWORD_NAME, guardedPassword));
}
}
if (ActivationUtil.hasAdministrativeActivation(shadowType)) {
attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME, ActivationUtil.isAdministrativeEnabled(shadowType)));
}
if (ActivationUtil.hasValidFrom(shadowType)) {
attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidFrom())));
}
if (ActivationUtil.hasValidTo(shadowType)) {
attributes.add(AttributeBuilder.build(OperationalAttributes.DISABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidTo())));
}
if (ActivationUtil.hasLockoutStatus(shadowType)) {
attributes.add(AttributeBuilder.build(OperationalAttributes.LOCK_OUT_NAME, ActivationUtil.isLockedOut(shadowType)));
}
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("ICF attributes after conversion:\n{}", ConnIdUtil.dump(attributes));
}
} catch (SchemaException | RuntimeException ex) {
result.recordFatalError("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
throw new SchemaException("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
}
if (attributes == null) {
result.recordFatalError("Couldn't set attributes for icf.");
throw new IllegalStateException("Couldn't set attributes for icf.");
}
List<String> icfAuxiliaryObjectClasses = new ArrayList<>();
for (QName auxiliaryObjectClass : shadowType.getAuxiliaryObjectClass()) {
icfAuxiliaryObjectClasses.add(connIdNameMapper.objectClassToIcf(auxiliaryObjectClass, resourceSchemaNamespace, connectorType, false).getObjectClassValue());
}
if (!icfAuxiliaryObjectClasses.isEmpty()) {
AttributeBuilder ab = new AttributeBuilder();
ab.setName(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME);
ab.addValue(icfAuxiliaryObjectClasses);
attributes.add(ab.build());
}
OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
OperationOptions options = operationOptionsBuilder.build();
checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.BEFORE, result);
OperationResult connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".create");
connIdResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
connIdResult.addArbitraryCollectionAsParam("auxiliaryObjectClasses", icfAuxiliaryObjectClasses);
connIdResult.addArbitraryCollectionAsParam("attributes", attributes);
connIdResult.addArbitraryObjectAsParam("options", options);
connIdResult.addContext("connector", connIdConnectorFacade.getClass());
Uid uid = null;
try {
// CALL THE ICF FRAMEWORK
InternalMonitor.recordConnectorOperation("create");
// TODO provide object name
recordIcfOperationStart(reporter, ProvisioningOperation.ICF_CREATE, ocDef, null);
uid = connIdConnectorFacade.create(icfObjectClass, attributes, options);
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_CREATE, ocDef, uid);
} catch (Throwable ex) {
// TODO name
recordIcfOperationEnd(reporter, ProvisioningOperation.ICF_CREATE, ocDef, ex, null);
Throwable midpointEx = processIcfException(ex, this, connIdResult);
result.computeStatus("Add object failed");
// exception
if (midpointEx instanceof ObjectAlreadyExistsException) {
throw (ObjectAlreadyExistsException) midpointEx;
} else if (midpointEx instanceof CommunicationException) {
// result.muteError();
throw (CommunicationException) midpointEx;
} else if (midpointEx instanceof GenericFrameworkException) {
throw (GenericFrameworkException) midpointEx;
} else if (midpointEx instanceof SchemaException) {
throw (SchemaException) midpointEx;
} else if (midpointEx instanceof ConfigurationException) {
throw (ConfigurationException) midpointEx;
} else if (midpointEx instanceof RuntimeException) {
throw (RuntimeException) midpointEx;
} else if (midpointEx instanceof Error) {
throw (Error) midpointEx;
} else {
throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
}
}
checkAndExecuteAdditionalOperation(reporter, additionalOperations, BeforeAfterType.AFTER, result);
if (uid == null || uid.getUidValue() == null || uid.getUidValue().isEmpty()) {
connIdResult.recordFatalError("ICF did not returned UID after create");
result.computeStatus("Add object failed");
throw new GenericFrameworkException("ICF did not returned UID after create");
}
Collection<ResourceAttribute<?>> identifiers = ConnIdUtil.convertToIdentifiers(uid, attributesContainer.getDefinition().getComplexTypeDefinition(), resourceSchema);
for (ResourceAttribute<?> identifier : identifiers) {
attributesContainer.getValue().addReplaceExisting(identifier);
}
connIdResult.recordSuccess();
result.recordSuccess();
return AsynchronousOperationReturnValue.wrap(attributesContainer.getAttributes(), result);
}
Also used :
OperationOptions(org.identityconnectors.framework.common.objects.OperationOptions)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
AsynchronousOperationResult(com.evolveum.midpoint.schema.result.AsynchronousOperationResult)
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
PasswordType(com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType)
OperationOptionsBuilder(org.identityconnectors.framework.common.objects.OperationOptionsBuilder)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
ConfigurationException(com.evolveum.midpoint.util.exception.ConfigurationException)
ObjectAlreadyExistsException(com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException)
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
AttributeBuilder(org.identityconnectors.framework.common.objects.AttributeBuilder)
ObjectClass(org.identityconnectors.framework.common.objects.ObjectClass)
CommunicationException(com.evolveum.midpoint.util.exception.CommunicationException)
GenericFrameworkException(com.evolveum.midpoint.provisioning.ucf.api.GenericFrameworkException)
ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)
QName(javax.xml.namespace.QName)
Uid(org.identityconnectors.framework.common.objects.Uid)
QualifiedUid(org.identityconnectors.framework.common.objects.QualifiedUid)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Example 48 with ProtectedStringType
use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.
the class TestEditSchema method assertUntouchedUserDefinition.
private void assertUntouchedUserDefinition() {
// WHEN
PrismObjectDefinition<UserType> userDefinition = prismContext.getSchemaRegistry().findObjectDefinitionByCompileTimeClass(UserType.class);
// THEN
PrismPropertyDefinition<PolyString> descriptionDef = userDefinition.findPropertyDefinition(UserType.F_DESCRIPTION);
assertNotNull("No definition for description in user", descriptionDef);
assertEquals("Wrong description displayName", "ObjectType.description", descriptionDef.getDisplayName());
assertTrue("description not readable", descriptionDef.canRead());
assertTrue("description not creatable", descriptionDef.canAdd());
assertTrue("description not modifiable", descriptionDef.canModify());
PrismPropertyDefinition<PolyString> additionalNameDef = userDefinition.findPropertyDefinition(UserType.F_ADDITIONAL_NAME);
assertNotNull("No definition for additionalName in user", additionalNameDef);
assertEquals("Wrong additionalName displayName", "UserType.additionalName", additionalNameDef.getDisplayName());
assertTrue("additionalName not readable", additionalNameDef.canRead());
assertTrue("additionalName not creatable", additionalNameDef.canAdd());
assertTrue("additionalName not modifiable", additionalNameDef.canModify());
PrismPropertyDefinition<String> costCenterDef = userDefinition.findPropertyDefinition(UserType.F_COST_CENTER);
assertNotNull("No definition for costCenter in user", costCenterDef);
assertEquals("Wrong costCenter displayOrder", (Integer) 420, costCenterDef.getDisplayOrder());
assertTrue("costCenter not readable", costCenterDef.canRead());
assertTrue("costCenter not creatable", costCenterDef.canAdd());
assertTrue("costCenter not modifiable", costCenterDef.canModify());
PrismReferenceValue valueEnumerationRef = costCenterDef.getValueEnumerationRef();
assertNull("valueEnumerationRef for costCente sneaked in", valueEnumerationRef);
PrismPropertyDefinition<String> preferredLanguageDef = userDefinition.findPropertyDefinition(UserType.F_PREFERRED_LANGUAGE);
assertNotNull("No definition for preferredLanguage in user", preferredLanguageDef);
assertEquals("Wrong preferredLanguage displayName", "UserType.preferredLanguage", preferredLanguageDef.getDisplayName());
assertTrue("preferredLanguage not readable", preferredLanguageDef.canRead());
assertTrue("preferredLanguage not creatable", preferredLanguageDef.canAdd());
assertTrue("preferredLanguage not modifiable", preferredLanguageDef.canModify());
valueEnumerationRef = preferredLanguageDef.getValueEnumerationRef();
assertNotNull("valueEnumerationRef for preferredLanguage missing", valueEnumerationRef);
assertEquals("wrong OID in valueEnumerationRef for preferredLanguage missing", SystemObjectsType.LOOKUP_LANGUAGES.value(), valueEnumerationRef.getOid());
PrismContainerDefinition<CredentialsType> credentialsDef = userDefinition.findContainerDefinition(UserType.F_CREDENTIALS);
assertNotNull("No definition for credentials in user", credentialsDef);
assertTrue("Credentials not readable", credentialsDef.canRead());
assertTrue("Credentials not creatable", credentialsDef.canAdd());
assertTrue("Credentials not modifiable", credentialsDef.canModify());
ItemPath passwdValPath = new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE);
PrismPropertyDefinition<ProtectedStringType> passwdValDef = userDefinition.findPropertyDefinition(passwdValPath);
assertNotNull("No definition for " + passwdValPath + " in user", passwdValDef);
assertTrue("Password not readable", passwdValDef.canRead());
assertTrue("Password not creatable", passwdValDef.canAdd());
assertTrue("Password not modifiable", passwdValDef.canModify());
}
Also used :
PrismReferenceValue(com.evolveum.midpoint.prism.PrismReferenceValue)
CredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
ItemPath(com.evolveum.midpoint.prism.path.ItemPath)
Example 49 with ProtectedStringType
use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.
the class TestUserChangeApprovalLegacy method test041UserModifyPasswordChange.
@Test(enabled = true)
public void test041UserModifyPasswordChange() throws Exception {
TestUtil.displayTestTile(this, "test041UserModifyPasswordChange");
login(userAdministrator);
PrismObject<UserType> jack = getUser(USER_JACK_OID);
final ProtectedStringType originalPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue();
LOGGER.trace("password before test = " + originalPasswordValue);
executeTest("test041UserModifyPasswordChange", USER_JACK_OID, new TestDetails() {
@Override
int subtaskCount() {
return 1;
}
@Override
boolean immediate() {
return false;
}
@Override
boolean checkObjectOnSubtasks() {
return true;
}
@Override
public LensContext createModelContext(Task task, OperationResult result) throws Exception {
LensContext<UserType> context = createUserLensContext();
fillContextWithUser(context, USER_JACK_OID, result);
encryptAndAddFocusModificationToContext(context, REQ_USER_JACK_MODIFY_CHANGE_PASSWORD);
//context.setOptions(ModelExecuteOptions.createNoCrypt());
return context;
}
@Override
public void assertsAfterClockworkRun(Task rootTask, List<Task> wfSubtasks, OperationResult result) throws Exception {
ModelContext taskModelContext = wfTaskUtil.getModelContext(rootTask, result);
assertEquals("There are modifications left in primary focus delta", 0, taskModelContext.getFocusContext().getPrimaryDelta().getModifications().size());
}
@Override
void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception {
PrismObject<UserType> jack = getUser(USER_JACK_OID);
ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue();
LOGGER.trace("password after test = " + afterTestPasswordValue);
//assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData());
assertFalse("password was not changed", originalPasswordValue.getEncryptedDataType().equals(afterTestPasswordValue.getEncryptedDataType()));
checkDummyTransportMessages("simpleUserNotifier", 1);
}
@Override
boolean decideOnApproval(String executionId) throws Exception {
login(getUser(USER_ADMINISTRATOR_OID));
return true;
}
});
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
LensContext(com.evolveum.midpoint.model.impl.lens.LensContext)
JAXBException(javax.xml.bind.JAXBException)
ModelContext(com.evolveum.midpoint.model.api.context.ModelContext)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Test(org.testng.annotations.Test)
Example 50 with ProtectedStringType
use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.
the class TestUserChangeApprovalLegacy method test050UserModifyAddRoleAndPasswordChange.
@Test(enabled = true)
public void test050UserModifyAddRoleAndPasswordChange() throws Exception {
TestUtil.displayTestTile(this, "test050UserModifyAddRoleAndPasswordChange");
login(userAdministrator);
PrismObject<UserType> jack = getUser(USER_JACK_OID);
final ProtectedStringType originalPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue();
LOGGER.trace("password before test = " + originalPasswordValue);
executeTest("test050UserModifyAddRoleAndPasswordChange", USER_JACK_OID, new TestDetails() {
@Override
int subtaskCount() {
return 2;
}
@Override
boolean immediate() {
return false;
}
@Override
boolean checkObjectOnSubtasks() {
return true;
}
@Override
public LensContext createModelContext(Task task, OperationResult result) throws Exception {
LensContext<UserType> context = createUserLensContext();
fillContextWithUser(context, USER_JACK_OID, result);
encryptAndAddFocusModificationToContext(context, REQ_USER_JACK_MODIFY_CHANGE_PASSWORD_2);
addFocusModificationToContext(context, REQ_USER_JACK_MODIFY_ADD_ASSIGNMENT_ROLE1);
//context.setOptions(ModelExecuteOptions.createNoCrypt());
return context;
}
@Override
public void assertsAfterClockworkRun(Task rootTask, List<Task> wfSubtasks, OperationResult result) throws Exception {
ModelContext taskModelContext = wfTaskUtil.getModelContext(rootTask, result);
assertEquals("There are modifications left in primary focus delta", 0, taskModelContext.getFocusContext().getPrimaryDelta().getModifications().size());
}
@Override
void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception {
PrismObject<UserType> jack = getUser(USER_JACK_OID);
ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue();
LOGGER.trace("password after test = " + afterTestPasswordValue);
// todo why is password value not set?
//assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData());
//assertFalse("password was not changed", originalPasswordValue.getEncryptedData().equals(afterTestPasswordValue.getEncryptedData()));
assertAssignedRole(jack, ROLE_R1_OID);
checkDummyTransportMessages("simpleUserNotifier", 1);
}
@Override
boolean decideOnApproval(String executionId) throws Exception {
LightweightObjectRef targetRef = (LightweightObjectRef) activitiEngine.getRuntimeService().getVariable(executionId, CommonProcessVariableNames.VARIABLE_TARGET_REF);
if (targetRef != null && RoleType.COMPLEX_TYPE.equals(targetRef.toObjectReferenceType().getType())) {
return decideOnRoleApproval(executionId);
} else {
login(getUser(USER_ADMINISTRATOR_OID));
return true;
}
}
});
}
Also used :
Task(com.evolveum.midpoint.task.api.Task)
OperationResult(com.evolveum.midpoint.schema.result.OperationResult)
PolyString(com.evolveum.midpoint.prism.polystring.PolyString)
LensContext(com.evolveum.midpoint.model.impl.lens.LensContext)
JAXBException(javax.xml.bind.JAXBException)
LightweightObjectRef(com.evolveum.midpoint.wf.impl.processes.common.LightweightObjectRef)
ModelContext(com.evolveum.midpoint.model.api.context.ModelContext)
ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)
Test(org.testng.annotations.Test)
Aggregations
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)120
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)48
Test (org.testng.annotations.Test)48
Task (com.evolveum.midpoint.task.api.Task)39
UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)25
ItemPath (com.evolveum.midpoint.prism.path.ItemPath)24
QName (javax.xml.namespace.QName)20
PolyString (com.evolveum.midpoint.prism.polystring.PolyString)18
PasswordType (com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType)18
CredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)15
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)13
ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)11
ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)10
AbstractInitializedModelIntegrationTest (com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)9
AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)9
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)9
MapXNode (com.evolveum.midpoint.prism.xnode.MapXNode)9
Document (org.w3c.dom.Document)8
ArrayList (java.util.ArrayList)7
Entry (org.apache.directory.api.ldap.model.entry.Entry)7
