Examples with ProtectedStringType com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType used on opensource projects

Example 26 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class ModelInteractionServiceImpl method validateValue.

private <T, O extends ObjectType> boolean validateValue(PrismObject<O> object, ValuePolicyType policy, PolicyItemDefinitionType policyItemDefinition, Task task, OperationResult parentResult) throws ExpressionEvaluationException, SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, SecurityViolationException, PolicyViolationException {
    ValuePolicyType stringPolicy = resolveValuePolicy(policyItemDefinition, policy, task, parentResult);
    RawType rawValue = (RawType) policyItemDefinition.getValue();
    String valueToValidate = null;
    List<String> valuesToValidate = new ArrayList<>();
    PolicyItemTargetType target = policyItemDefinition.getTarget();
    ItemPath path = null;
    if (target != null) {
        path = target.getPath().getItemPath();
    }
    if (rawValue != null) {
        valueToValidate = rawValue.getParsedRealValue(String.class);
        valuesToValidate.add(valueToValidate);
    } else {
        if (target == null || target.getPath() == null) {
            LOGGER.error("Target item path must be defined");
            parentResult.recordFatalError("Target item path must be defined");
            throw new SchemaException("Target item path must be defined");
        }
        path = target.getPath().getItemPath();
        PrismProperty<T> property = object.findProperty(path);
        if (property == null || property.isEmpty()) {
            LOGGER.error("Attribute {} has no value. Nothing to validate.", property);
            parentResult.recordFatalError("Attribute " + property + " has no value. Nothing to validate");
            throw new SchemaException("Attribute " + property + " has no value. Nothing to validate");
        }
        PrismPropertyDefinition<T> itemToValidateDefinition = property.getDefinition();
        QName definitionName = itemToValidateDefinition.getTypeName();
        if (!isSupportedType(definitionName)) {
            LOGGER.error("Trying to validate string policy on the property of type {} failed. Unsupported type.", itemToValidateDefinition);
            parentResult.recordFatalError("Trying to validate string policy on the property of type " + itemToValidateDefinition + " failed. Unsupported type.");
            throw new SchemaException("Trying to validate string policy on the property of type " + itemToValidateDefinition + " failed. Unsupported type.");
        }
        if (itemToValidateDefinition.isSingleValue()) {
            if (definitionName.equals(PolyStringType.COMPLEX_TYPE)) {
                valueToValidate = ((PolyString) property.getRealValue()).getOrig();
            } else if (definitionName.equals(ProtectedStringType.COMPLEX_TYPE)) {
                ProtectedStringType protectedString = ((ProtectedStringType) property.getRealValue());
                valueToValidate = getClearValue(protectedString);
            } else {
                valueToValidate = (String) property.getRealValue();
            }
            valuesToValidate.add(valueToValidate);
        } else {
            if (definitionName.equals(DOMUtil.XSD_STRING)) {
                valuesToValidate.addAll(property.getRealValues(String.class));
            } else if (definitionName.equals(ProtectedStringType.COMPLEX_TYPE)) {
                for (ProtectedStringType protectedString : property.getRealValues(ProtectedStringType.class)) {
                    valuesToValidate.add(getClearValue(protectedString));
                }
            } else {
                for (PolyString val : property.getRealValues(PolyString.class)) {
                    valuesToValidate.add(val.getOrig());
                }
            }
        }
    }
    for (String newValue : valuesToValidate) {
        OperationResult result = parentResult.createSubresult(OPERATION_VALIDATE_VALUE + ".value");
        if (path != null)
            result.addParam("path", path);
        result.addParam("valueToValidate", newValue);
        if (!policyProcessor.validateValue(newValue, stringPolicy, object, "validate value " + (path != null ? "for " + path : "") + " for " + object + " value " + valueToValidate, task, result)) {
            result.recordFatalError("Validation for value " + newValue + " against policy " + stringPolicy + " failed");
            LOGGER.error("Validation for value {} against policy {} failed", newValue, stringPolicy);
        }
        result.computeStatusIfUnknown();
    }
    parentResult.computeStatus();
    policyItemDefinition.setResult(parentResult.createOperationResultType());
    return parentResult.isAcceptable();
}

Example 27 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class MidpointFunctionsImpl method takePasswordsFromItemDelta.

private void takePasswordsFromItemDelta(List<ProtectedStringType> passwords, ItemDelta itemDelta) {
    if (itemDelta.isDelete()) {
        return;
    }
    if (itemDelta.getPath().equivalent(new ItemPath(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE))) {
        LOGGER.trace("Found password value add/modify delta");
        Collection<PrismPropertyValue<ProtectedStringType>> values = itemDelta.isAdd() ? itemDelta.getValuesToAdd() : itemDelta.getValuesToReplace();
        for (PrismPropertyValue<ProtectedStringType> value : values) {
            passwords.add(value.getValue());
        }
    } else if (itemDelta.getPath().equivalent(new ItemPath(ShadowType.F_CREDENTIALS, CredentialsType.F_PASSWORD))) {
        LOGGER.trace("Found password add/modify delta");
        Collection<PrismContainerValue<PasswordType>> values = itemDelta.isAdd() ? itemDelta.getValuesToAdd() : itemDelta.getValuesToReplace();
        for (PrismContainerValue<PasswordType> value : values) {
            if (value.asContainerable().getValue() != null) {
                passwords.add(value.asContainerable().getValue());
            }
        }
    } else if (itemDelta.getPath().equivalent(new ItemPath(ShadowType.F_CREDENTIALS))) {
        LOGGER.trace("Found credentials add/modify delta");
        Collection<PrismContainerValue<CredentialsType>> values = itemDelta.isAdd() ? itemDelta.getValuesToAdd() : itemDelta.getValuesToReplace();
        for (PrismContainerValue<CredentialsType> value : values) {
            if (value.asContainerable().getPassword() != null && value.asContainerable().getPassword().getValue() != null) {
                passwords.add(value.asContainerable().getPassword().getValue());
            }
        }
    }
}

Example 28 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class MidpointFunctionsImpl method computeProjectionLifecycle.

@Override
public <F extends FocusType> String computeProjectionLifecycle(F focus, ShadowType shadow, ResourceType resource) {
    if (focus == null || shadow == null) {
        return null;
    }
    if (!(focus instanceof UserType)) {
        return null;
    }
    if (shadow.getKind() != null && shadow.getKind() != ShadowKindType.ACCOUNT) {
        return null;
    }
    ProtectedStringType passwordPs = FocusTypeUtil.getPasswordValue((UserType) focus);
    if (passwordPs != null && passwordPs.canGetCleartext()) {
        return null;
    }
    CredentialsCapabilityType credentialsCapabilityType = ResourceTypeUtil.getEffectiveCapability(resource, CredentialsCapabilityType.class);
    if (credentialsCapabilityType == null) {
        return null;
    }
    PasswordCapabilityType passwordCapabilityType = credentialsCapabilityType.getPassword();
    if (passwordCapabilityType == null) {
        return null;
    }
    if (passwordCapabilityType.isEnabled() == Boolean.FALSE) {
        return null;
    }
    return SchemaConstants.LIFECYCLE_PROPOSED;
}

Example 29 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class BaseProtector method encryptString.

@Override
public ProtectedStringType encryptString(String text) throws EncryptionException {
    ProtectedStringType protectedString = new ProtectedStringType();
    protectedString.setClearValue(text);
    encrypt(protectedString);
    return protectedString;
}

Example 30 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class TestSecurityBasic method test258AutzJackSelfAccountsPartialControlPassword.

@Test
public void test258AutzJackSelfAccountsPartialControlPassword() throws Exception {
    final String TEST_NAME = "test258AutzJackSelfAccountsPartialControlPassword";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    RefinedObjectClassDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null);
    display("Refined objectclass def", rOcDef);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    ProtectedStringType passwordPs = new ProtectedStringType();
    passwordPs.setClearValue("nbusr123");
    assertModifyAllow(UserType.class, USER_JACK_OID, PASSWORD_PATH, passwordPs);
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, PASSWORD_PATH, passwordPs);
    Task task = taskManager.createTaskInstance(TEST_NAME);
    OperationResult result = task.getResult();
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    assertGlobalStateUntouched();
}