Search in sources :

Example 1 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class ServerEditViewBeanBase method getAttributeValues.

protected Map<String, String> getAttributeValues() {
    Map<String, String> map = new HashMap<String, String>();
    for (String uiName : activePropertyNames) {
        View view = getChild(uiName);
        String value;
        if (view instanceof CCEditableList) {
            CCEditableList list = (CCEditableList) view;
            list.restoreStateData();
            // Create a comma delimited String from the items in the OptionList for storage.
            value = StringUtils.join(getValues(list.getModel().getOptionList()), ",");
        } else {
            value = (String) getDisplayFieldValue(uiName);
        }
        String propertyName = getActualPropertyName(uiName);
        if (view instanceof CCCheckBox) {
            value = (value.equals("true")) ? ServerPropertyValidator.getTrueValue(propertyName) : ServerPropertyValidator.getFalseValue(propertyName);
        }
        if (view instanceof CCPassword) {
            // encrypt and include in the map of attribute values to save
            if (!AMPropertySheetModel.passwordRandom.equals(value)) {
                value = AccessController.doPrivileged(new EncodeAction(value));
                map.put(propertyName, value);
            }
        } else {
            map.put(propertyName, value);
        }
    }
    return map;
}
Also used : CCEditableList(com.sun.web.ui.view.editablelist.CCEditableList) EncodeAction(com.sun.identity.security.EncodeAction) HashMap(java.util.HashMap) CCCheckBox(com.sun.web.ui.view.html.CCCheckBox) View(com.iplanet.jato.view.View) CCPassword(com.sun.web.ui.view.html.CCPassword)

Example 2 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class SessionService method encrypt.

/**
     * This method is used to encrypt the InternalSession object before storing
     * into HttpSession.
     *
     * @param obj Object to be encrypted
     */
private String encrypt(Object obj) {
    String strUnEncrypted, strEncrypted;
    ByteArrayOutputStream byteOut;
    ObjectOutputStream objOutStream;
    try {
        byteOut = new ByteArrayOutputStream();
        objOutStream = new ObjectOutputStream(byteOut);
        // convert object to byte using streams
        objOutStream.writeObject(obj);
        // convert byte to string
        strUnEncrypted = Base64.encode(byteOut.toByteArray());
        // encrypt string
        strEncrypted = AccessController.doPrivileged(new EncodeAction(strUnEncrypted, Crypt.getHardcodedKeyEncryptor()));
    } catch (Exception e) {
        sessionDebug.message("Error in encrypting the Internal Session object");
        return null;
    }
    return strEncrypted;
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) DelegationException(com.sun.identity.delegation.DelegationException) SSOException(com.iplanet.sso.SSOException) InterruptedIOException(java.io.InterruptedIOException) IdRepoException(com.sun.identity.idm.IdRepoException) ConnectException(java.net.ConnectException) SessionException(com.iplanet.dpro.session.SessionException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)

Example 3 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class SAMLv2IDPAssertionContentViewBean method handleButton1Request.

public void handleButton1Request(RequestInvocationEvent event) throws ModelControlException {
    try {
        SAMLv2Model model = (SAMLv2Model) getModel();
        AMPropertySheet ps = (AMPropertySheet) getChild(PROPERTY_ATTRIBUTES);
        //retrieve the standard metadata values from the property sheet
        Map idpStdValues = ps.getAttributeValues(model.getStandardIdentityProviderAttributes(realm, entityName), false, model);
        //retrieve the extended metadata values from the property sheet
        Map idpExtValues = getExtendedValues();
        Map new_idpExtValues = ps.getAttributeValues(model.getIDPEXACDataMap(), false, model);
        // password fields are set to AMPropertySheetModel.passwordRandom before they are displayed to the user.
        if (new_idpExtValues.containsKey(SAMLv2Model.IDP_SIGN_CERT_KEYPASS)) {
            Set value = (Set) new_idpExtValues.get(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
            if (value != null && !value.isEmpty()) {
                String keyPass = (String) value.iterator().next();
                if (AMPropertySheetModel.passwordRandom.equals(keyPass)) {
                    // User did not change the password => remove fake value to avoid it overriding the stored value
                    new_idpExtValues.remove(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
                } else {
                    // The value has been updated
                    Set<String> encodedValue = new HashSet<String>(1);
                    // If the value is blank, don't encode
                    if (keyPass.isEmpty()) {
                        encodedValue.add(keyPass);
                    } else {
                        //Since it is plain text we need to encrypt it before storing
                        encodedValue.add(AccessController.doPrivileged(new EncodeAction(keyPass)));
                    }
                    new_idpExtValues.put(SAMLv2Model.IDP_SIGN_CERT_KEYPASS, encodedValue);
                }
            }
        }
        idpExtValues.putAll(new_idpExtValues);
        //save the standard metadata values for the Idp
        model.setIDPStdAttributeValues(realm, entityName, idpStdValues);
        //save the extended metadata values for the Idp
        model.setIDPExtAttributeValues(realm, entityName, idpExtValues, location);
        if (isHosted()) {
            //update Authentication Contexts
            model.updateIDPAuthenticationContexts(realm, entityName, getAuthenticationContexts());
            //save the encryption and signing info
            model.updateKeyinfo(realm, entityName, idpExtValues, idpStdValues, true);
        }
        setInlineAlertMessage(CCAlert.TYPE_INFO, "message.information", "samlv2.idp.property.updated");
    } catch (AMConsoleException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
    }
    forwardTo();
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction) AMPropertySheet(com.sun.identity.console.base.AMPropertySheet) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAMLv2Model(com.sun.identity.console.federation.model.SAMLv2Model)

Example 4 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class HttpConnectionFactory method createSessionAwareConnection.

/**
     * Helper function used for remote invocation over HTTP It constructs
     * HttpURLConnection using url and adding cookies based on sid and returns
     * it to the caller. In order to complete the invocation caller is supposed
     * to open input stream
     *
     * @param url url
     * @param sid SessionID
     */
public HttpURLConnection createSessionAwareConnection(URL url, SessionID sid, String extraCookies) throws Exception {
    if (!serviceConfig.isSessionFailoverEnabled()) {
        return null;
    }
    HttpURLConnection connection = null;
    try {
        connection = HttpURLConnectionManager.getConnection(url);
        StringBuilder securityCookieValue = new StringBuilder();
        securityCookieValue.append(serverConfig.getLocalServerURL().toString());
        securityCookieValue.append(Constants.AT);
        securityCookieValue.append(System.currentTimeMillis());
        String securityCookie = AccessController.doPrivileged(new EncodeAction(securityCookieValue.toString()));
        StringBuilder cookie = new StringBuilder();
        cookie.append(serviceConfig.getSecurityCookieName());
        cookie.append(Constants.EQUALS);
        cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(securityCookie) : securityCookie);
        if (extraCookies != null) {
            cookie.append(Constants.SEMI_COLON);
            cookie.append(extraCookies);
        }
        if (sid != null) {
            cookie.append(Constants.SEMI_COLON).append(sessionCookies.getCookieName());
            cookie.append(Constants.EQUALS);
            cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(sid.toString()) : sid.toString());
            String httpId = sid.getTail();
            if (httpId != null) {
                cookie.append(Constants.SEMI_COLON);
                cookie.append(serviceConfig.getHttpSessionTrackingCookieName());
                cookie.append(Constants.EQUALS);
                cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(httpId) : httpId);
            }
        }
        if (sessionDebug.messageEnabled()) {
            sessionDebug.message("created cookie value: " + cookie.toString());
        }
        connection.setRequestProperty("Cookie", cookie.toString());
        connection.setRequestMethod("GET");
        connection.setDoInput(true);
    } catch (Exception ex) {
        sessionDebug.message("Failed contacting " + url, ex);
        throw ex;
    }
    return connection;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) EncodeAction(com.sun.identity.security.EncodeAction)

Example 5 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class CreateServerConfigXML method modifyXML.

private String modifyXML(String xml) throws CLIException {
    String amadminPwds = CLIUtil.getFileContent(getCommandManager(), getStringOptionValue(AccessManagerConstants.ARGUMENT_PASSWORD_FILE), true);
    amadminPwds = (String) AccessController.doPrivileged(new EncodeAction(amadminPwds));
    String canRootSuffix = canonicalize(basedn);
    xml = xml.replaceAll("@DIRECTORY_SERVER@", dsHost);
    xml = xml.replaceAll("@DIRECTORY_PORT@", dsPort);
    xml = xml.replaceAll("@NORMALIZED_ORGBASE@", DNUtils.normalizeDN(basedn));
    xml = xml.replaceAll("@DS_DIRMGRDN@", dsAdmin);
    xml = xml.replaceAll("@ENCADMINPASSWD@", dsPassword);
    xml = xml.replaceAll("@ENCADADMINPASSWD@", amadminPwds);
    xml = xml.replaceAll("@SM_CONFIG_BASEDN@", canRootSuffix);
    xml = xml.replaceAll("@ROOT_SUFFIX@", canRootSuffix);
    xml = xml.replaceAll("@ORG_BASE@", canRootSuffix);
    return xml;
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction)

Aggregations

EncodeAction (com.sun.identity.security.EncodeAction)23 Iterator (java.util.Iterator)8 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 Set (java.util.Set)4 HashMap (java.util.HashMap)3 NodeList (org.w3c.dom.NodeList)3 DecodeAction (com.sun.identity.security.DecodeAction)2 BufferedReader (java.io.BufferedReader)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStreamReader (java.io.InputStreamReader)2 ObjectOutputStream (java.io.ObjectOutputStream)2 Map (java.util.Map)2 Cookie (javax.servlet.http.Cookie)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Test (org.testng.annotations.Test)2 Document (org.w3c.dom.Document)2 Node (org.w3c.dom.Node)2 SessionException (com.iplanet.dpro.session.SessionException)1 View (com.iplanet.jato.view.View)1