Search in sources :

Example 96 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class UserPrincipal method addGroup.

@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    IPACall groupSearch = new IPACall();
    groupSearch.setId(0);
    groupSearch.setMethod("group_add");
    ArrayList<String> groupArray = new ArrayList<String>();
    groupArray.add(name);
    groupSearch.getParams().add(groupArray);
    HashMap<String, String> additionalParams = new HashMap<String, String>();
    for (String key : additionalAttributes.keySet()) {
        additionalParams.put(key, additionalAttributes.get(key));
    }
    groupSearch.getParams().add(additionalParams);
    HttpCon con = null;
    try {
        con = this.createClient();
        IPAResponse resp = this.executeIPACall(groupSearch, con);
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
    } catch (Exception e) {
        throw new ProvisioningException("Could not find groups", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 97 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class UserPrincipal method syncUser.

public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    User fromIPA = null;
    HttpCon con = null;
    try {
        con = this.createClient();
        try {
            fromIPA = this.findUser(user.getUserID(), attributes, request);
        } catch (IPAException ipaException) {
            if (ipaException.getCode() != 4001) {
                throw ipaException;
            }
        }
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        if (fromIPA == null) {
            if (principal.isPrimaryDomain()) {
                this.createUser(user, attributes, request);
            }
        } else {
            if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
                this.createUser(user, attributes, request);
                return;
            }
            // check to see if the attributes from the incoming object match
            for (String attrName : attributes) {
                if (attrName.equalsIgnoreCase("uid")) {
                    continue;
                }
                Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
            }
            if (!addOnly) {
                for (String attrToDel : fromIPA.getAttribs().keySet()) {
                    if (!attrToDel.equalsIgnoreCase("uid")) {
                        // These attributes were no longer on the user, delete them
                        this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
                        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
                    }
                }
            }
            // }
            // check groups
            HashSet<String> curGroups = new HashSet<String>();
            curGroups.addAll(fromIPA.getGroups());
            for (String group : user.getGroups()) {
                if (curGroups.contains(group)) {
                    curGroups.remove(group);
                } else {
                    this.addGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (!addOnly) {
                for (String group : curGroups) {
                    this.removeGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (principal.isPrimaryDomain()) {
                if (this.createShadowAccount) {
                    String password = new BigInteger(130, random).toString(32);
                    password = PBKDF2.generateHash(password);
                    user.setPassword(password);
                    this.setUserPassword(user, request);
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not sync user", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BigInteger(java.math.BigInteger) HashSet(java.util.HashSet)

Example 98 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class UserPrincipal method setUserPassword.

public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    if (!principal.isPrimaryDomain()) {
        throw new ProvisioningException("Can not set password on users outside of the primary domain");
    }
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        try {
            HttpCon con = this.createClient();
            try {
                IPACall setPassword = new IPACall();
                setPassword.setId(0);
                setPassword.setMethod("passwd");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                setPassword.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                additionalParams.put("password", user.getPassword());
                setPassword.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(setPassword, con);
                con.getBcm().shutdown();
                // no we need to reset the password, this is a hack.  right way is to tell IPA the user doesn't need to reset their password
                HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
                httppost.addHeader("Referer", this.url + "/ipa/ui/");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("user", principal.getUid()));
                formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
                formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                con = this.createClient(principal.getUid(), user.getPassword());
                CloseableHttpClient http = con.getHttp();
                CloseableHttpResponse httpResp = http.execute(httppost);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
            } finally {
                if (con != null) {
                    con.getBcm().shutdown();
                }
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not run search", e);
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)

Example 99 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class MailChimp method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    String listID = (String) request.get("listID");
    JSONObject member = new JSONObject();
    member.put("email_address", user.getUserID());
    JSONObject merge = new JSONObject();
    member.put("merge_fields", merge);
    for (Attribute attr : user.getAttribs().values()) {
        if (attributes.contains(attr.getName())) {
            if (attr.getName().equals("tags")) {
                JSONArray tagList = new JSONArray();
                for (String tagName : attr.getValues()) {
                    tagList.add(tagName);
                }
                member.put("tags", tagList);
            } else if (this.mergeAttributes.contains(attr.getName())) {
                merge.put(attr.getName(), attr.getValues().get(0));
            } else {
                member.put(attr.getName(), attr.getValues().get(0));
            }
        }
    }
    String json = member.toJSONString();
    StringBuffer sb = new StringBuffer();
    try {
        sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members");
    } catch (UnsupportedEncodingException e1) {
    }
    String url = sb.toString();
    HttpCon con = null;
    try {
        con = this.createClient();
        HttpPost post = new HttpPost(sb.toString());
        post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
        StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
        post.setEntity(str);
        CloseableHttpResponse resp = con.getHttp().execute(post);
        if (resp.getStatusLine().getStatusCode() != 200) {
            logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode() + " - " + EntityUtils.toString(resp.getEntity()));
        }
        String jsonResp = EntityUtils.toString(resp.getEntity());
    } catch (Exception e) {
        logger.warn("Could not get connection", e);
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) Attribute(com.tremolosecurity.saml.Attribute) JSONArray(org.json.simple.JSONArray) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.apache.http.ParseException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 100 with ProvisioningException

use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.

the class MailChimp method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    CloseableHttpResponse resp = null;
    String respJson = getUserJSON(user.getUserID(), request, resp);
    if (respJson == null) {
        return;
    }
    JSONObject root;
    try {
        root = (JSONObject) new JSONParser().parse(respJson);
    } catch (ParseException | org.json.simple.parser.ParseException e) {
        logger.warn("Could not parse json", e);
        return;
    }
    JSONObject exactMatches = (JSONObject) root.get("exact_matches");
    JSONArray members = (JSONArray) exactMatches.get("members");
    if (members.size() == 0) {
        logger.error("Could not find '" + user.getUserID() + "'");
        return;
    }
    JSONObject member = (JSONObject) members.get(0);
    String id = (String) member.get("id");
    String listID = (String) request.get("listID");
    StringBuffer sb = new StringBuffer();
    try {
        sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members/").append(URLEncoder.encode(id, "UTF-8"));
    } catch (UnsupportedEncodingException e1) {
    }
    String url = sb.toString();
    HttpCon con = null;
    try {
        con = this.createClient();
        HttpDelete post = new HttpDelete(sb.toString());
        post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
        resp = con.getHttp().execute(post);
        if (resp.getStatusLine().getStatusCode() != 204) {
            logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode());
        }
    } catch (Exception e) {
        logger.warn("Could not get connection", e);
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
}
Also used : HttpDelete(org.apache.http.client.methods.HttpDelete) JSONArray(org.json.simple.JSONArray) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.apache.http.ParseException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) JSONParser(org.json.simple.parser.JSONParser) ParseException(org.apache.http.ParseException)

Aggregations

ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)265 IOException (java.io.IOException)91 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)79 Attribute (com.tremolosecurity.saml.Attribute)75 Workflow (com.tremolosecurity.provisioning.core.Workflow)67 JSONObject (org.json.simple.JSONObject)67 UnsupportedEncodingException (java.io.UnsupportedEncodingException)57 ClientProtocolException (org.apache.http.client.ClientProtocolException)57 LDAPException (com.novell.ldap.LDAPException)56 ArrayList (java.util.ArrayList)54 ParseException (org.json.simple.parser.ParseException)51 HashMap (java.util.HashMap)50 Gson (com.google.gson.Gson)45 User (com.tremolosecurity.provisioning.core.User)44 JSONParser (org.json.simple.parser.JSONParser)42 SQLException (java.sql.SQLException)39 LDAPAttribute (com.novell.ldap.LDAPAttribute)33 LDAPEntry (com.novell.ldap.LDAPEntry)33 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)30 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)28