Examples with ProtectedStringType com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType used on opensource projects

Search in sources :

Example 36 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class TestSecurityBasic method test258AutzJackSelfAccountsPartialControlPassword.

@Test
public void test258AutzJackSelfAccountsPartialControlPassword() throws Exception {
    final String TEST_NAME = "test258AutzJackSelfAccountsPartialControlPassword";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_PASSWORD_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    RefinedObjectClassDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null);
    display("Refined objectclass def", rOcDef);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    ProtectedStringType passwordPs = new ProtectedStringType();
    passwordPs.setClearValue("nbusr123");
    assertModifyAllow(UserType.class, USER_JACK_OID, PASSWORD_PATH, passwordPs);
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, PASSWORD_PATH, passwordPs);
    Task task = taskManager.createTaskInstance(TEST_NAME);
    OperationResult result = task.getResult();
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    assertGlobalStateUntouched();
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) Task(com.evolveum.midpoint.task.api.Task) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) QName(javax.xml.namespace.QName) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) Test(org.testng.annotations.Test)

Example 37 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class TestSecurityBasic method test256AutzJackSelfAccountsPartialControl.

@Test
public void test256AutzJackSelfAccountsPartialControl() throws Exception {
    final String TEST_NAME = "test256AutzJackSelfAccountsPartialControl";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    cleanupAutzTest(USER_JACK_OID);
    assignRole(USER_JACK_OID, ROLE_SELF_ACCOUNTS_PARTIAL_CONTROL_OID);
    assumeAssignmentPolicy(AssignmentPolicyEnforcementType.NONE);
    login(USER_JACK_USERNAME);
    // WHEN
    TestUtil.displayWhen(TEST_NAME);
    assertGetAllow(UserType.class, USER_JACK_OID);
    assertGetDeny(UserType.class, USER_GUYBRUSH_OID);
    assertAddDeny();
    assertModifyAllow(UserType.class, USER_JACK_OID, UserType.F_NICK_NAME, PrismTestUtil.createPolyString("jackie"));
    assertModifyDeny(UserType.class, USER_JACK_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Captain"));
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, UserType.F_HONORIFIC_PREFIX, PrismTestUtil.createPolyString("Pirate"));
    assertDeleteDeny();
    assertDeleteDeny(UserType.class, USER_JACK_OID);
    PrismObject<UserType> user = getUser(USER_JACK_OID);
    String accountOid = getSingleLinkOid(user);
    assertGetAllow(ShadowType.class, accountOid);
    PrismObject<ShadowType> shadow = getObject(ShadowType.class, accountOid);
    display("Jack's shadow", shadow);
    RefinedObjectClassDefinition rOcDef = modelInteractionService.getEditObjectClassDefinition(shadow, getDummyResourceObject(), null);
    display("Refined objectclass def", rOcDef);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_UID, true, false, false);
    assertAttributeFlags(rOcDef, SchemaConstants.ICFS_NAME, true, false, false);
    assertAttributeFlags(rOcDef, new QName("location"), true, true, true);
    assertAttributeFlags(rOcDef, new QName("weapon"), true, false, false);
    // Not linked to jack
    assertGetDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    // Not linked to jack
    assertAddDeny(ACCOUNT_JACK_DUMMY_RED_FILE);
    // Not even jack's account
    assertAddDeny(ACCOUNT_GUYBRUSH_DUMMY_FILE);
    ProtectedStringType passwordPs = new ProtectedStringType();
    passwordPs.setClearValue("nbusr123");
    assertModifyDeny(UserType.class, USER_JACK_OID, PASSWORD_PATH, passwordPs);
    assertModifyDeny(UserType.class, USER_GUYBRUSH_OID, PASSWORD_PATH, passwordPs);
    Task task = taskManager.createTaskInstance(TEST_NAME);
    OperationResult result = task.getResult();
    PrismObjectDefinition<UserType> rDef = modelInteractionService.getEditObjectDefinition(user, AuthorizationPhaseType.REQUEST, task, result);
    assertItemFlags(rDef, PASSWORD_PATH, true, false, false);
    //        // Linked to jack
    //        assertAllow("add jack's account to jack", new Attempt() {
    //            @Override
    //            public void run(Task task, OperationResult result) throws Exception {
    //                modifyUserAddAccount(USER_JACK_OID, ACCOUNT_JACK_DUMMY_RED_FILE, task, result);
    //            }
    //        });
    //        user = getUser(USER_JACK_OID);
    //        display("Jack after red account link", user);
    //        String accountRedOid = getLinkRefOid(user, RESOURCE_DUMMY_RED_OID);
    //        assertNotNull("Strange, red account not linked to jack", accountRedOid);
    //
    //        // Linked to other user
    //        assertDeny("add gyubrush's account", new Attempt() {
    //            @Override
    //            public void run(Task task, OperationResult result) throws Exception {
    //                modifyUserAddAccount(USER_LARGO_OID, ACCOUNT_HERMAN_DUMMY_FILE, task, result);
    //            }
    //        });
    //
    //        assertDeleteAllow(ShadowType.class, accountRedOid);
    //        assertDeleteDeny(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
    assertGlobalStateUntouched();
}
Also used : RefinedObjectClassDefinition(com.evolveum.midpoint.common.refinery.RefinedObjectClassDefinition) Task(com.evolveum.midpoint.task.api.Task) ShadowType(com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType) QName(javax.xml.namespace.QName) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) Test(org.testng.annotations.Test)

Example 38 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class TestScriptingBasic method test510GeneratePasswords.

@Test
public void test510GeneratePasswords() throws Exception {
    final String TEST_NAME = "test510GeneratePasswords";
    TestUtil.displayTestTile(this, TEST_NAME);
    // GIVEN
    Task task = createTask(DOT_CLASS + TEST_NAME);
    OperationResult result = task.getResult();
    PrismProperty<ScriptingExpressionType> expression = parseAnyData(GENERATE_PASSWORDS_FILE);
    addObject(PASSWORD_POLICY_GLOBAL_FILE);
    List<ItemDelta<?, ?>> itemDeltas = DeltaBuilder.deltaFor(SecurityPolicyType.class, prismContext).item(SecurityPolicyType.F_CREDENTIALS, CredentialsPolicyType.F_PASSWORD, PasswordCredentialsPolicyType.F_PASSWORD_POLICY_REF).add(new PrismReferenceValue(PASSWORD_POLICY_GLOBAL_OID)).asItemDeltas();
    modifySystemObjectInRepo(SecurityPolicyType.class, SECURITY_POLICY_OID, itemDeltas, result);
    // WHEN
    ExecutionContext output = scriptingExpressionEvaluator.evaluateExpression(expression.getAnyValue().getValue(), task, result);
    // THEN
    dumpOutput(output, result);
    result.computeStatus();
    TestUtil.assertSuccess(result);
    PipelineData data = output.getFinalOutput();
    assertEquals("Unexpected # of items in output", 5, data.getData().size());
    Set<String> realOids = new HashSet<>();
    for (PipelineItem item : data.getData()) {
        PrismValue value = item.getValue();
        UserType user = ((PrismObjectValue<UserType>) value).asObjectable();
        ProtectedStringType passwordValue = user.getCredentials().getPassword().getValue();
        assertNotNull("clearValue for password not set", passwordValue.getClearValue());
        realOids.add(user.getOid());
    }
    assertEquals("Unexpected OIDs in output", Sets.newHashSet(Arrays.asList(USER_ADMINISTRATOR_OID, USER_JACK_OID, USER_BARBOSSA_OID, USER_GUYBRUSH_OID, USER_ELAINE_OID)), realOids);
}
Also used : Task(com.evolveum.midpoint.task.api.Task) PipelineData(com.evolveum.midpoint.model.impl.scripting.PipelineData) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) ItemDelta(com.evolveum.midpoint.prism.delta.ItemDelta) ExecutionContext(com.evolveum.midpoint.model.impl.scripting.ExecutionContext) PipelineItem(com.evolveum.midpoint.model.api.PipelineItem) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) HashSet(java.util.HashSet) Test(org.testng.annotations.Test) AbstractInitializedModelIntegrationTest(com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)

Example 39 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class AbstractIntegrationTest method compareProtectedString.

protected boolean compareProtectedString(String expectedClearValue, ProtectedStringType actualValue, CredentialsStorageTypeType storageType) throws EncryptionException, SchemaException {
    switch(storageType) {
        case NONE:
            return actualValue == null;
        case ENCRYPTION:
            if (actualValue == null) {
                return false;
            }
            if (!actualValue.isEncrypted()) {
                return false;
            }
            String actualClearPassword = protector.decryptString(actualValue);
            return expectedClearValue.equals(actualClearPassword);
        case HASHING:
            if (actualValue == null) {
                return false;
            }
            if (!actualValue.isHashed()) {
                return false;
            }
            ProtectedStringType expectedPs = new ProtectedStringType();
            expectedPs.setClearValue(expectedClearValue);
            return protector.compare(actualValue, expectedPs);
        default:
            throw new IllegalArgumentException("Unknown storage " + storageType);
    }
}
Also used : PolyString(com.evolveum.midpoint.prism.polystring.PolyString) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)

Example 40 with ProtectedStringType

use of com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType in project midpoint by Evolveum.

the class TestSanityLegacy method checkOpenResourceConfiguration.

private void checkOpenResourceConfiguration(PrismObject<ResourceType> resource, String connectorNamespace, String credentialsPropertyName, int numConfigProps, String source) {
    PrismContainer<Containerable> configurationContainer = resource.findContainer(ResourceType.F_CONNECTOR_CONFIGURATION);
    assertNotNull("No configuration container in " + resource + " from " + source, configurationContainer);
    PrismContainer<Containerable> configPropsContainer = configurationContainer.findContainer(SchemaTestConstants.ICFC_CONFIGURATION_PROPERTIES);
    assertNotNull("No configuration properties container in " + resource + " from " + source, configPropsContainer);
    List<? extends Item<?, ?>> configProps = configPropsContainer.getValue().getItems();
    assertEquals("Wrong number of config properties in " + resource + " from " + source, numConfigProps, configProps.size());
    PrismProperty<Object> credentialsProp = configPropsContainer.findProperty(new QName(connectorNamespace, credentialsPropertyName));
    if (credentialsProp == null) {
        // The is the heisenbug we are looking for. Just dump the entire damn thing.
        display("Configuration with the heisenbug", configurationContainer.debugDump());
    }
    assertNotNull("No credentials property in " + resource + " from " + source, credentialsProp);
    assertEquals("Wrong number of credentials property value in " + resource + " from " + source, 1, credentialsProp.getValues().size());
    PrismPropertyValue<Object> credentialsPropertyValue = credentialsProp.getValues().iterator().next();
    assertNotNull("No credentials property value in " + resource + " from " + source, credentialsPropertyValue);
    if (credentialsPropertyValue.isRaw()) {
        Object rawElement = credentialsPropertyValue.getRawElement();
        assertTrue("Wrong element class " + rawElement.getClass() + " in " + resource + " from " + source, rawElement instanceof MapXNode);
        //			Element rawDomElement = (Element)rawElement;
        MapXNode xmap = (MapXNode) rawElement;
        try {
            ProtectedStringType protectedType = new ProtectedStringType();
            XNodeProcessorUtil.parseProtectedType(protectedType, xmap, prismContext);
            //		display("LDAP credentials raw element", DOMUtil.serializeDOMToString(rawDomElement));
            //			assertEquals("Wrong credentials element namespace in "+resource+" from "+source, connectorNamespace, rawDomElement.getNamespaceURI());
            //			assertEquals("Wrong credentials element local name in "+resource+" from "+source, credentialsPropertyName, rawDomElement.getLocalName());
            //			Element encryptedDataElement = DOMUtil.getChildElement(rawDomElement, new QName(DOMUtil.NS_XML_ENC, "EncryptedData"));
            EncryptedDataType encryptedDataType = protectedType.getEncryptedDataType();
            assertNotNull("No EncryptedData element", encryptedDataType);
        } catch (SchemaException ex) {
            throw new IllegalArgumentException(ex);
        }
    //			assertEquals("Wrong EncryptedData element namespace in "+resource+" from "+source, DOMUtil.NS_XML_ENC, encryptedDataType.getNamespaceURI());
    //			assertEquals("Wrong EncryptedData element local name in "+resource+" from "+source, "EncryptedData", encryptedDataType.getLocalName());
    } else {
        Object credentials = credentialsPropertyValue.getValue();
        assertTrue("Wrong type of credentials configuration property in " + resource + " from " + source + ": " + credentials.getClass(), credentials instanceof ProtectedStringType);
        ProtectedStringType credentialsPs = (ProtectedStringType) credentials;
        EncryptedDataType encryptedData = credentialsPs.getEncryptedDataType();
        assertNotNull("No EncryptedData element", encryptedData);
    }
}
Also used : EncryptedDataType(com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType) QName(javax.xml.namespace.QName) MapXNode(com.evolveum.midpoint.prism.xnode.MapXNode) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)

Aggregations

ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)120 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)48 Test (org.testng.annotations.Test)48 Task (com.evolveum.midpoint.task.api.Task)39 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)25 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)24 QName (javax.xml.namespace.QName)20 PolyString (com.evolveum.midpoint.prism.polystring.PolyString)18 PasswordType (com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType)18 CredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)15 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)13 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)11 ShadowType (com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType)10 AbstractInitializedModelIntegrationTest (com.evolveum.midpoint.model.intest.AbstractInitializedModelIntegrationTest)9 AbstractModelIntegrationTest (com.evolveum.midpoint.model.test.AbstractModelIntegrationTest)9 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)9 MapXNode (com.evolveum.midpoint.prism.xnode.MapXNode)9 Document (org.w3c.dom.Document)8 ArrayList (java.util.ArrayList)7 Entry (org.apache.directory.api.ldap.model.entry.Entry)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial