Search in sources :

Example 6 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class ServerEditViewBeanBase method getAttributeValues.

protected Map<String, String> getAttributeValues() {
    Map<String, String> map = new HashMap<String, String>();
    for (String uiName : activePropertyNames) {
        View view = getChild(uiName);
        String value;
        if (view instanceof CCEditableList) {
            CCEditableList list = (CCEditableList) view;
            list.restoreStateData();
            // Create a comma delimited String from the items in the OptionList for storage.
            value = StringUtils.join(getValues(list.getModel().getOptionList()), ",");
        } else {
            value = (String) getDisplayFieldValue(uiName);
        }
        String propertyName = getActualPropertyName(uiName);
        if (view instanceof CCCheckBox) {
            value = (value.equals("true")) ? ServerPropertyValidator.getTrueValue(propertyName) : ServerPropertyValidator.getFalseValue(propertyName);
        }
        if (view instanceof CCPassword) {
            // encrypt and include in the map of attribute values to save
            if (!AMPropertySheetModel.passwordRandom.equals(value)) {
                value = AccessController.doPrivileged(new EncodeAction(value));
                map.put(propertyName, value);
            }
        } else {
            map.put(propertyName, value);
        }
    }
    return map;
}
Also used : CCEditableList(com.sun.web.ui.view.editablelist.CCEditableList) EncodeAction(com.sun.identity.security.EncodeAction) HashMap(java.util.HashMap) CCCheckBox(com.sun.web.ui.view.html.CCCheckBox) View(com.iplanet.jato.view.View) CCPassword(com.sun.web.ui.view.html.CCPassword)

Example 7 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class SessionService method encrypt.

/**
     * This method is used to encrypt the InternalSession object before storing
     * into HttpSession.
     *
     * @param obj Object to be encrypted
     */
private String encrypt(Object obj) {
    String strUnEncrypted, strEncrypted;
    ByteArrayOutputStream byteOut;
    ObjectOutputStream objOutStream;
    try {
        byteOut = new ByteArrayOutputStream();
        objOutStream = new ObjectOutputStream(byteOut);
        // convert object to byte using streams
        objOutStream.writeObject(obj);
        // convert byte to string
        strUnEncrypted = Base64.encode(byteOut.toByteArray());
        // encrypt string
        strEncrypted = AccessController.doPrivileged(new EncodeAction(strUnEncrypted, Crypt.getHardcodedKeyEncryptor()));
    } catch (Exception e) {
        sessionDebug.message("Error in encrypting the Internal Session object");
        return null;
    }
    return strEncrypted;
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) DelegationException(com.sun.identity.delegation.DelegationException) SSOException(com.iplanet.sso.SSOException) InterruptedIOException(java.io.InterruptedIOException) IdRepoException(com.sun.identity.idm.IdRepoException) ConnectException(java.net.ConnectException) SessionException(com.iplanet.dpro.session.SessionException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException)

Example 8 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class SAMLv2IDPAssertionContentViewBean method handleButton1Request.

public void handleButton1Request(RequestInvocationEvent event) throws ModelControlException {
    try {
        SAMLv2Model model = (SAMLv2Model) getModel();
        AMPropertySheet ps = (AMPropertySheet) getChild(PROPERTY_ATTRIBUTES);
        //retrieve the standard metadata values from the property sheet
        Map idpStdValues = ps.getAttributeValues(model.getStandardIdentityProviderAttributes(realm, entityName), false, model);
        //retrieve the extended metadata values from the property sheet
        Map idpExtValues = getExtendedValues();
        Map new_idpExtValues = ps.getAttributeValues(model.getIDPEXACDataMap(), false, model);
        // password fields are set to AMPropertySheetModel.passwordRandom before they are displayed to the user.
        if (new_idpExtValues.containsKey(SAMLv2Model.IDP_SIGN_CERT_KEYPASS)) {
            Set value = (Set) new_idpExtValues.get(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
            if (value != null && !value.isEmpty()) {
                String keyPass = (String) value.iterator().next();
                if (AMPropertySheetModel.passwordRandom.equals(keyPass)) {
                    // User did not change the password => remove fake value to avoid it overriding the stored value
                    new_idpExtValues.remove(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
                } else {
                    // The value has been updated
                    Set<String> encodedValue = new HashSet<String>(1);
                    // If the value is blank, don't encode
                    if (keyPass.isEmpty()) {
                        encodedValue.add(keyPass);
                    } else {
                        //Since it is plain text we need to encrypt it before storing
                        encodedValue.add(AccessController.doPrivileged(new EncodeAction(keyPass)));
                    }
                    new_idpExtValues.put(SAMLv2Model.IDP_SIGN_CERT_KEYPASS, encodedValue);
                }
            }
        }
        idpExtValues.putAll(new_idpExtValues);
        //save the standard metadata values for the Idp
        model.setIDPStdAttributeValues(realm, entityName, idpStdValues);
        //save the extended metadata values for the Idp
        model.setIDPExtAttributeValues(realm, entityName, idpExtValues, location);
        if (isHosted()) {
            //update Authentication Contexts
            model.updateIDPAuthenticationContexts(realm, entityName, getAuthenticationContexts());
            //save the encryption and signing info
            model.updateKeyinfo(realm, entityName, idpExtValues, idpStdValues, true);
        }
        setInlineAlertMessage(CCAlert.TYPE_INFO, "message.information", "samlv2.idp.property.updated");
    } catch (AMConsoleException e) {
        setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
    }
    forwardTo();
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction) AMPropertySheet(com.sun.identity.console.base.AMPropertySheet) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAMLv2Model(com.sun.identity.console.federation.model.SAMLv2Model)

Example 9 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class AMSetupServlet method createMonitoringAuthFile.

private static void createMonitoringAuthFile(String basedir, String deployuri) {
    SetupProgress.reportStart("configurator.progress.setup.monitorauthfile", null);
    /*
         *  make sure the basedir + "/" + deployuri + "/lib/registration"
         *  directory exists, and then create the monitoring auth file
         *  there.
         */
    String monAuthFile = basedir + "/" + deployuri + "/openam_mon_auth";
    String encpwd = AccessController.doPrivileged(new EncodeAction("changeit"));
    try {
        File mFileSave = new File(monAuthFile + "~");
        File monFile = new File(monAuthFile);
        // Check for Existing File
        if (monFile.exists()) {
            monFile.renameTo(mFileSave);
        }
        FileWriter fwrtr = new FileWriter(monFile);
        String stout = "demo " + encpwd + "\n";
        fwrtr.write(stout);
        fwrtr.flush();
    } catch (IOException ex) {
        Debug.getInstance(SetupConstants.DEBUG_NAME).error("AMSetupServlet.createMonitoringAuthFile:failed to create monitoring authentication file");
        SetupProgress.reportEnd("emb.failed", null);
    }
}
Also used : EncodeAction(com.sun.identity.security.EncodeAction) FileWriter(java.io.FileWriter) IOException(java.io.IOException) File(java.io.File) IOUtils.writeToFile(org.forgerock.openam.utils.IOUtils.writeToFile)

Example 10 with EncodeAction

use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.

the class AttributeValidator method validateSyntax.

/**
     * This method validates the syntax of the Attribute values against what it
     * is supposed to be in the ServiceSchema.
     * 
     * @param values
     *            Set of all the values for this attribute.
     * @param encodePassword
     *            if true, the values will be encrypted if the attribute's
     *            syntax is password
     * @return boolean true or false depending on whether the values are valid.
     * @throws SMSException
     */
private boolean validateSyntax(Set values, boolean encodePassword) throws SMSException {
    AttributeSchema.Syntax syntax = as.getSyntax();
    if (syntax == null)
        return (true);
    if ((syntax.equals(AttributeSchema.Syntax.STRING)) || (syntax.equals(AttributeSchema.Syntax.PARAGRAPH)) || (syntax.equals(AttributeSchema.Syntax.SCRIPT)) || (syntax.equals(AttributeSchema.Syntax.URL)) || (syntax.equals(AttributeSchema.Syntax.XML)) || (syntax.equals(AttributeSchema.Syntax.BOOLEAN)) || (syntax.equals(AttributeSchema.Syntax.DATE))) {
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.EMAIL)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            String val = ((String) it.next()).trim();
            /**
                 * This condition is required because console is
                 * passing a set of empty string. Without this check, 
                 * mailValidator will validate empty string for email 
                 * address and fail
                 */
            if ((values.size() == 1) && (val.length() == 0)) {
                break;
            }
            if (!mailValidator.validate(val)) {
                return (false);
            }
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.PASSWORD) || syntax.equals(AttributeSchema.Syntax.ENCRYPTED_PASSWORD)) {
        if (encodePassword) {
            // Encrypt the passwords
            Set encValues = new HashSet();
            Set remValues = new HashSet();
            for (Iterator it = values.iterator(); it.hasNext(); ) {
                String value = (String) it.next();
                try {
                    encValues.add(AccessController.doPrivileged(new EncodeAction(value)));
                } catch (Throwable e) {
                    debug.error("AttributeValidator: Unable to encode", e);
                    encValues.add(value);
                }
                remValues.add(value);
            }
            values.removeAll(remValues);
            values.addAll(encValues);
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.NUMERIC) || syntax.equals(AttributeSchema.Syntax.NUMBER)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            if (!numberValidator.validate((String) it.next())) {
                return (false);
            }
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.PERCENT) || syntax.equals(AttributeSchema.Syntax.DECIMAL_NUMBER)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            if (!floatValidator.validate((String) it.next())) {
                return (false);
            }
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.NUMBER_RANGE)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            String s = (String) it.next();
            int i, start, end;
            try {
                i = Integer.parseInt(s);
                String startRange = as.getStartRange();
                String endRange = as.getEndRange();
                if ((startRange == null) && (endRange == null)) {
                    return (true);
                }
                start = Integer.parseInt(startRange);
                end = Integer.parseInt(endRange);
            } catch (Exception e) {
                return (false);
            }
            if ((i < start) || (i > end)) {
                return (false);
            }
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.DECIMAL_RANGE)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            String s = (String) it.next();
            float f, start, end;
            try {
                f = Float.parseFloat(s);
                String startRange = as.getStartRange();
                String endRange = as.getEndRange();
                if ((startRange == null) && (endRange == null)) {
                    return (true);
                }
                start = Float.parseFloat(startRange);
                end = Float.parseFloat(endRange);
            } catch (Exception e) {
                return (false);
            }
            if ((f < start) || (f > end)) {
                return (false);
            }
        }
        return (true);
    }
    if (syntax.equals(AttributeSchema.Syntax.DN)) {
        Iterator it = values.iterator();
        while (it.hasNext()) {
            if (!dnValidator.validate((String) it.next()))
                return (false);
        }
        return (true);
    }
    // Doesn't fit any of these supported syntax??
    String[] args = { as.getName() };
    throw new SMSException(IUMSConstants.UMS_BUNDLE_NAME, "sms-invalid_attribute_syntax", args);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) EncodeAction(com.sun.identity.security.EncodeAction) Iterator(java.util.Iterator) HashSet(java.util.HashSet)

Aggregations

EncodeAction (com.sun.identity.security.EncodeAction)23 Iterator (java.util.Iterator)8 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 Set (java.util.Set)4 HashMap (java.util.HashMap)3 NodeList (org.w3c.dom.NodeList)3 DecodeAction (com.sun.identity.security.DecodeAction)2 BufferedReader (java.io.BufferedReader)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 InputStreamReader (java.io.InputStreamReader)2 ObjectOutputStream (java.io.ObjectOutputStream)2 Map (java.util.Map)2 Cookie (javax.servlet.http.Cookie)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Test (org.testng.annotations.Test)2 Document (org.w3c.dom.Document)2 Node (org.w3c.dom.Node)2 SessionException (com.iplanet.dpro.session.SessionException)1 View (com.iplanet.jato.view.View)1