use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class ServerEditViewBeanBase method getAttributeValues.
protected Map<String, String> getAttributeValues() {
Map<String, String> map = new HashMap<String, String>();
for (String uiName : activePropertyNames) {
View view = getChild(uiName);
String value;
if (view instanceof CCEditableList) {
CCEditableList list = (CCEditableList) view;
list.restoreStateData();
// Create a comma delimited String from the items in the OptionList for storage.
value = StringUtils.join(getValues(list.getModel().getOptionList()), ",");
} else {
value = (String) getDisplayFieldValue(uiName);
}
String propertyName = getActualPropertyName(uiName);
if (view instanceof CCCheckBox) {
value = (value.equals("true")) ? ServerPropertyValidator.getTrueValue(propertyName) : ServerPropertyValidator.getFalseValue(propertyName);
}
if (view instanceof CCPassword) {
// encrypt and include in the map of attribute values to save
if (!AMPropertySheetModel.passwordRandom.equals(value)) {
value = AccessController.doPrivileged(new EncodeAction(value));
map.put(propertyName, value);
}
} else {
map.put(propertyName, value);
}
}
return map;
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class SessionService method encrypt.
/**
* This method is used to encrypt the InternalSession object before storing
* into HttpSession.
*
* @param obj Object to be encrypted
*/
private String encrypt(Object obj) {
String strUnEncrypted, strEncrypted;
ByteArrayOutputStream byteOut;
ObjectOutputStream objOutStream;
try {
byteOut = new ByteArrayOutputStream();
objOutStream = new ObjectOutputStream(byteOut);
// convert object to byte using streams
objOutStream.writeObject(obj);
// convert byte to string
strUnEncrypted = Base64.encode(byteOut.toByteArray());
// encrypt string
strEncrypted = AccessController.doPrivileged(new EncodeAction(strUnEncrypted, Crypt.getHardcodedKeyEncryptor()));
} catch (Exception e) {
sessionDebug.message("Error in encrypting the Internal Session object");
return null;
}
return strEncrypted;
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class SAMLv2IDPAssertionContentViewBean method handleButton1Request.
public void handleButton1Request(RequestInvocationEvent event) throws ModelControlException {
try {
SAMLv2Model model = (SAMLv2Model) getModel();
AMPropertySheet ps = (AMPropertySheet) getChild(PROPERTY_ATTRIBUTES);
//retrieve the standard metadata values from the property sheet
Map idpStdValues = ps.getAttributeValues(model.getStandardIdentityProviderAttributes(realm, entityName), false, model);
//retrieve the extended metadata values from the property sheet
Map idpExtValues = getExtendedValues();
Map new_idpExtValues = ps.getAttributeValues(model.getIDPEXACDataMap(), false, model);
// password fields are set to AMPropertySheetModel.passwordRandom before they are displayed to the user.
if (new_idpExtValues.containsKey(SAMLv2Model.IDP_SIGN_CERT_KEYPASS)) {
Set value = (Set) new_idpExtValues.get(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
if (value != null && !value.isEmpty()) {
String keyPass = (String) value.iterator().next();
if (AMPropertySheetModel.passwordRandom.equals(keyPass)) {
// User did not change the password => remove fake value to avoid it overriding the stored value
new_idpExtValues.remove(SAMLv2Model.IDP_SIGN_CERT_KEYPASS);
} else {
// The value has been updated
Set<String> encodedValue = new HashSet<String>(1);
// If the value is blank, don't encode
if (keyPass.isEmpty()) {
encodedValue.add(keyPass);
} else {
//Since it is plain text we need to encrypt it before storing
encodedValue.add(AccessController.doPrivileged(new EncodeAction(keyPass)));
}
new_idpExtValues.put(SAMLv2Model.IDP_SIGN_CERT_KEYPASS, encodedValue);
}
}
}
idpExtValues.putAll(new_idpExtValues);
//save the standard metadata values for the Idp
model.setIDPStdAttributeValues(realm, entityName, idpStdValues);
//save the extended metadata values for the Idp
model.setIDPExtAttributeValues(realm, entityName, idpExtValues, location);
if (isHosted()) {
//update Authentication Contexts
model.updateIDPAuthenticationContexts(realm, entityName, getAuthenticationContexts());
//save the encryption and signing info
model.updateKeyinfo(realm, entityName, idpExtValues, idpStdValues, true);
}
setInlineAlertMessage(CCAlert.TYPE_INFO, "message.information", "samlv2.idp.property.updated");
} catch (AMConsoleException e) {
setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage());
}
forwardTo();
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class AMSetupServlet method createMonitoringAuthFile.
private static void createMonitoringAuthFile(String basedir, String deployuri) {
SetupProgress.reportStart("configurator.progress.setup.monitorauthfile", null);
/*
* make sure the basedir + "/" + deployuri + "/lib/registration"
* directory exists, and then create the monitoring auth file
* there.
*/
String monAuthFile = basedir + "/" + deployuri + "/openam_mon_auth";
String encpwd = AccessController.doPrivileged(new EncodeAction("changeit"));
try {
File mFileSave = new File(monAuthFile + "~");
File monFile = new File(monAuthFile);
// Check for Existing File
if (monFile.exists()) {
monFile.renameTo(mFileSave);
}
FileWriter fwrtr = new FileWriter(monFile);
String stout = "demo " + encpwd + "\n";
fwrtr.write(stout);
fwrtr.flush();
} catch (IOException ex) {
Debug.getInstance(SetupConstants.DEBUG_NAME).error("AMSetupServlet.createMonitoringAuthFile:failed to create monitoring authentication file");
SetupProgress.reportEnd("emb.failed", null);
}
}
use of com.sun.identity.security.EncodeAction in project OpenAM by OpenRock.
the class AttributeValidator method validateSyntax.
/**
* This method validates the syntax of the Attribute values against what it
* is supposed to be in the ServiceSchema.
*
* @param values
* Set of all the values for this attribute.
* @param encodePassword
* if true, the values will be encrypted if the attribute's
* syntax is password
* @return boolean true or false depending on whether the values are valid.
* @throws SMSException
*/
private boolean validateSyntax(Set values, boolean encodePassword) throws SMSException {
AttributeSchema.Syntax syntax = as.getSyntax();
if (syntax == null)
return (true);
if ((syntax.equals(AttributeSchema.Syntax.STRING)) || (syntax.equals(AttributeSchema.Syntax.PARAGRAPH)) || (syntax.equals(AttributeSchema.Syntax.SCRIPT)) || (syntax.equals(AttributeSchema.Syntax.URL)) || (syntax.equals(AttributeSchema.Syntax.XML)) || (syntax.equals(AttributeSchema.Syntax.BOOLEAN)) || (syntax.equals(AttributeSchema.Syntax.DATE))) {
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.EMAIL)) {
Iterator it = values.iterator();
while (it.hasNext()) {
String val = ((String) it.next()).trim();
/**
* This condition is required because console is
* passing a set of empty string. Without this check,
* mailValidator will validate empty string for email
* address and fail
*/
if ((values.size() == 1) && (val.length() == 0)) {
break;
}
if (!mailValidator.validate(val)) {
return (false);
}
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.PASSWORD) || syntax.equals(AttributeSchema.Syntax.ENCRYPTED_PASSWORD)) {
if (encodePassword) {
// Encrypt the passwords
Set encValues = new HashSet();
Set remValues = new HashSet();
for (Iterator it = values.iterator(); it.hasNext(); ) {
String value = (String) it.next();
try {
encValues.add(AccessController.doPrivileged(new EncodeAction(value)));
} catch (Throwable e) {
debug.error("AttributeValidator: Unable to encode", e);
encValues.add(value);
}
remValues.add(value);
}
values.removeAll(remValues);
values.addAll(encValues);
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.NUMERIC) || syntax.equals(AttributeSchema.Syntax.NUMBER)) {
Iterator it = values.iterator();
while (it.hasNext()) {
if (!numberValidator.validate((String) it.next())) {
return (false);
}
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.PERCENT) || syntax.equals(AttributeSchema.Syntax.DECIMAL_NUMBER)) {
Iterator it = values.iterator();
while (it.hasNext()) {
if (!floatValidator.validate((String) it.next())) {
return (false);
}
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.NUMBER_RANGE)) {
Iterator it = values.iterator();
while (it.hasNext()) {
String s = (String) it.next();
int i, start, end;
try {
i = Integer.parseInt(s);
String startRange = as.getStartRange();
String endRange = as.getEndRange();
if ((startRange == null) && (endRange == null)) {
return (true);
}
start = Integer.parseInt(startRange);
end = Integer.parseInt(endRange);
} catch (Exception e) {
return (false);
}
if ((i < start) || (i > end)) {
return (false);
}
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.DECIMAL_RANGE)) {
Iterator it = values.iterator();
while (it.hasNext()) {
String s = (String) it.next();
float f, start, end;
try {
f = Float.parseFloat(s);
String startRange = as.getStartRange();
String endRange = as.getEndRange();
if ((startRange == null) && (endRange == null)) {
return (true);
}
start = Float.parseFloat(startRange);
end = Float.parseFloat(endRange);
} catch (Exception e) {
return (false);
}
if ((f < start) || (f > end)) {
return (false);
}
}
return (true);
}
if (syntax.equals(AttributeSchema.Syntax.DN)) {
Iterator it = values.iterator();
while (it.hasNext()) {
if (!dnValidator.validate((String) it.next()))
return (false);
}
return (true);
}
// Doesn't fit any of these supported syntax??
String[] args = { as.getName() };
throw new SMSException(IUMSConstants.UMS_BUNDLE_NAME, "sms-invalid_attribute_syntax", args);
}
Aggregations