use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class ServerEditViewBeanBase method getAttributeValues.
protected Map<String, String> getAttributeValues() {
Map<String, String> map = new HashMap<String, String>();
for (String uiName : activePropertyNames) {
View view = getChild(uiName);
String value;
if (view instanceof CCEditableList) {
CCEditableList list = (CCEditableList) view;
list.restoreStateData();
// Create a comma delimited String from the items in the OptionList for storage.
value = StringUtils.join(getValues(list.getModel().getOptionList()), ",");
} else {
value = (String) getDisplayFieldValue(uiName);
}
String propertyName = getActualPropertyName(uiName);
if (view instanceof CCCheckBox) {
value = (value.equals("true")) ? ServerPropertyValidator.getTrueValue(propertyName) : ServerPropertyValidator.getFalseValue(propertyName);
}
if (view instanceof CCPassword) {
// encrypt and include in the map of attribute values to save
if (!AMPropertySheetModel.passwordRandom.equals(value)) {
value = AccessController.doPrivileged(new EncodeAction(value));
map.put(propertyName, value);
}
} else {
map.put(propertyName, value);
}
}
return map;
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class SessionService method encrypt.
/**
* This method is used to encrypt the InternalSession object before storing
* into HttpSession.
*
* @param obj Object to be encrypted
*/
private String encrypt(Object obj) {
String strUnEncrypted, strEncrypted;
ByteArrayOutputStream byteOut;
ObjectOutputStream objOutStream;
try {
byteOut = new ByteArrayOutputStream();
objOutStream = new ObjectOutputStream(byteOut);
// convert object to byte using streams
objOutStream.writeObject(obj);
// convert byte to string
strUnEncrypted = Base64.encode(byteOut.toByteArray());
// encrypt string
strEncrypted = AccessController.doPrivileged(new EncodeAction(strUnEncrypted, Crypt.getHardcodedKeyEncryptor()));
} catch (Exception e) {
sessionDebug.message("Error in encrypting the Internal Session object");
return null;
}
return strEncrypted;
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class SAMLv2IDPAssertionContentViewBean method handleButton1Request.
public void handleButton1Request(RequestInvocationEvent event) throws ModelControlException {
try {
SAMLv2Model model = (SAMLv2Model) getModel();
AMPropertySheet ps = (AMPropertySheet) getChild(PROPERTY_ATTRIBUTES);
//retrieve the standard metadata values from the property sheet
Map idpStdValues = ps.getAttributeValues(model.getStandardIdentityProviderAttributes(realm, entityName), false, model);
//retrieve the extended metadata values from the property sheet
Map idpExtValues = getExtendedValues();
Map new_idpExtValues = ps.getAttributeValues(model.getIDPEXACDataMap(), false, model);
// password fields are set to AMPropertySheetModel.passwordRandom before they are displayed to the user.
if (new_idpExtValues.containsKey(SAMLv2Model.IDP_SIGN_CERT_KEYPASS)) {
Set value = (Set) new_idpExtValues.get(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
if (value != null && !value.isEmpty()) {
String keyPass = (String) value.iterator().next();
if (AMPropertySheetModel.passwordRandom.equals(keyPass)) {
// User did not change the password => remove fake value to avoid it overriding the stored value
new_idpExtValues.remove(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
} else {
// The value has been updated
Set<String> encodedValue = new HashSet<String>(1);
// If the value is blank, don't encode
if (keyPass.isEmpty()) {
encodedValue.add(keyPass);
} else {
//Since it is plain text we need to encrypt it before storing
encodedValue.add(AccessController.doPrivileged(new EncodeAction(keyPass)));
}
new_idpExtValues.put(SAMLv2Model.IDP_SIGN_CERT_KEYPASS, encodedValue);
}
}
}
idpExtValues.putAll(new_idpExtValues);
//save the standard metadata values for the Idp
model.setIDPStdAttributeValues(realm, entityName, idpStdValues);
//save the extended metadata values for the Idp
model.setIDPExtAttributeValues(realm, entityName, idpExtValues, location);
if (isHosted()) {
//update Authentication Contexts
model.updateIDPAuthenticationContexts(realm, entityName, getAuthenticationContexts());
//save the encryption and signing info
model.updateKeyinfo(realm, entityName, idpExtValues, idpStdValues, true);
}
setInlineAlertMessage(CCAlert.TYPE_INFO, "message.information", "samlv2.idp.property.updated");
} catch (AMConsoleException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
}
forwardTo();
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class HttpConnectionFactory method createSessionAwareConnection.
/**
* Helper function used for remote invocation over HTTP It constructs
* HttpURLConnection using url and adding cookies based on sid and returns
* it to the caller. In order to complete the invocation caller is supposed
* to open input stream
*
* @param url url
* @param sid SessionID
*/
public HttpURLConnection createSessionAwareConnection(URL url, SessionID sid, String extraCookies) throws Exception {
if (!serviceConfig.isSessionFailoverEnabled()) {
return null;
}
HttpURLConnection connection = null;
try {
connection = HttpURLConnectionManager.getConnection(url);
StringBuilder securityCookieValue = new StringBuilder();
securityCookieValue.append(serverConfig.getLocalServerURL().toString());
securityCookieValue.append(Constants.AT);
securityCookieValue.append(System.currentTimeMillis());
String securityCookie = AccessController.doPrivileged(new EncodeAction(securityCookieValue.toString()));
StringBuilder cookie = new StringBuilder();
cookie.append(serviceConfig.getSecurityCookieName());
cookie.append(Constants.EQUALS);
cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(securityCookie) : securityCookie);
if (extraCookies != null) {
cookie.append(Constants.SEMI_COLON);
cookie.append(extraCookies);
}
if (sid != null) {
cookie.append(Constants.SEMI_COLON).append(sessionCookies.getCookieName());
cookie.append(Constants.EQUALS);
cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(sid.toString()) : sid.toString());
String httpId = sid.getTail();
if (httpId != null) {
cookie.append(Constants.SEMI_COLON);
cookie.append(serviceConfig.getHttpSessionTrackingCookieName());
cookie.append(Constants.EQUALS);
cookie.append(serviceConfig.isCookieEncodingEnabled() ? URLEncDec.encode(httpId) : httpId);
}
}
if (sessionDebug.messageEnabled()) {
sessionDebug.message("created cookie value: " + cookie.toString());
}
connection.setRequestProperty("Cookie", cookie.toString());
connection.setRequestMethod("GET");
connection.setDoInput(true);
} catch (Exception ex) {
sessionDebug.message("Failed contacting " + url, ex);
throw ex;
}
return connection;
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class CreateServerConfigXML method modifyXML.
private String modifyXML(String xml) throws CLIException {
String amadminPwds = CLIUtil.getFileContent(getCommandManager(), getStringOptionValue(AccessManagerConstants.ARGUMENT_PASSWORD_FILE), true);
amadminPwds = (String) AccessController.doPrivileged(new EncodeAction(amadminPwds));
String canRootSuffix = canonicalize(basedn);
xml = xml.replaceAll("@DIRECTORY_SERVER@", dsHost);
xml = xml.replaceAll("@DIRECTORY_PORT@", dsPort);
xml = xml.replaceAll("@NORMALIZED_ORGBASE@", DNUtils.normalizeDN(basedn));
xml = xml.replaceAll("@DS_DIRMGRDN@", dsAdmin);
xml = xml.replaceAll("@ENCADMINPASSWD@", dsPassword);
xml = xml.replaceAll("@ENCADADMINPASSWD@", amadminPwds);
xml = xml.replaceAll("@SM_CONFIG_BASEDN@", canRootSuffix);
xml = xml.replaceAll("@ROOT_SUFFIX@", canRootSuffix);
xml = xml.replaceAll("@ORG_BASE@", canRootSuffix);
return xml;
}
Aggregations