Search in sources :

Example 41 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class ServiceActions method loadApprovalDetails.

public static ApprovalDetails loadApprovalDetails(String approver, int approvalID) throws ProvisioningException {
    Session session = null;
    Gson gson = new Gson();
    try {
        session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
        Query query = session.createQuery("SELECT apprv FROM Approvals apprv JOIN apprv.allowedApproverses allowed JOIN allowed.approvers approver WHERE apprv.id = :approval_id AND approver.userKey = :approver_id");
        query.setParameter("approval_id", approvalID);
        query.setParameter("approver_id", approver);
        List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
        if (approvals.isEmpty()) {
            throw new ServletException("no approval found");
        }
        Approvals approval = approvals.get(0);
        ApprovalDetails sum = new ApprovalDetails();
        sum.setApproval(approval.getId());
        sum.setWorkflow(approval.getWorkflow().getId());
        sum.setLabel(approval.getLabel());
        sum.setUser(approval.getWorkflow().getUsers().getUserKey());
        sum.setWfStart(approval.getWorkflow().getStartTs().getTime());
        sum.setApprovalStart(approval.getCreateTs().getTime());
        sum.setReason(approval.getWorkflow().getRequestReason());
        String json = approval.getWorkflowObj();
        Token token = gson.fromJson(json, Token.class);
        byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
        IvParameterSpec spec = new IvParameterSpec(iv);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
        byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
        json = new String(cipher.doFinal(encBytes));
        Workflow wf = (Workflow) JsonReader.jsonToJava(json);
        sum.setUserObj(wf.getUser());
        String wfName = approval.getWorkflow().getName();
        sum.setWfName(wfName);
        sum.setWfLabel(approval.getWorkflow().getLabel());
        sum.setWfDescription(approval.getWorkflow().getDescription());
        return sum;
    } catch (Throwable t) {
        throw new ProvisioningException("Could not load approval", t);
    } finally {
        if (session != null) {
            session.close();
        }
    }
}
Also used : Query(org.hibernate.Query) Gson(com.google.gson.Gson) Approvals(com.tremolosecurity.provisioning.objects.Approvals) Workflow(com.tremolosecurity.provisioning.core.Workflow) Token(com.tremolosecurity.json.Token) ServletException(javax.servlet.ServletException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) Session(org.hibernate.Session)

Example 42 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UpdateApprovalAZListener method updateAllowedApprovals.

private void updateAllowedApprovals(ConfigManager cfg, int approvalID, String workflowObj) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, ProvisioningException, SQLException, InvalidAlgorithmParameterException {
    SecretKey decryptionKey = cfg.getSecretKey(cfg.getCfg().getProvisioning().getApprovalDB().getEncryptionKey());
    Gson gson = new Gson();
    Token token = gson.fromJson(workflowObj, Token.class);
    byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
    IvParameterSpec spec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, spec);
    byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
    String json = new String(cipher.doFinal(encBytes));
    Workflow wf = (Workflow) JsonReader.jsonToJava(json);
    Approval approval = (Approval) wf.findCurrentApprovalTask();
    if (approval == null) {
        throw new ProvisioningException("Could not locate approval step");
    }
    Set<Integer> currentApprovers = new HashSet<Integer>();
    Session session = cfg.getProvisioningEngine().getHibernateSessionFactory().openSession();
    try {
        Approvals approvalObj = session.load(Approvals.class, approval.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            currentApprovers.add(approver.getApprovers().getId());
        }
        session.beginTransaction();
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            session.delete(approver);
        }
        approvalObj.getAllowedApproverses().clear();
        approval.updateAllowedApprovals(session, cfg, wf.getRequest());
        // need to write the approval back to the db
        json = JsonWriter.objectToJson(wf);
        cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, decryptionKey);
        byte[] encJson = cipher.doFinal(json.getBytes("UTF-8"));
        String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encJson));
        token = new Token();
        token.setEncryptedRequest(base64d);
        token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
        // String base64 = new String(org.bouncycastle.util.encoders.Base64.encode(baos.toByteArray()));
        approvalObj.setWorkflowObj(gson.toJson(token));
        session.save(approvalObj);
        session.getTransaction().commit();
        approvalObj = session.load(Approvals.class, approvalObj.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            if (!currentApprovers.contains(approver.getApprovers().getId())) {
                this.sendNotification(approval.getEmailTemplate(), cfg, session, approver.getApprovers().getUserKey());
            }
        }
    } catch (Throwable t) {
        try {
            if (session != null) {
                session.getTransaction().rollback();
            }
        } catch (Throwable tx) {
        }
        ;
        throw t;
    } finally {
        if (session != null) {
            session.close();
        }
    }
}
Also used : Gson(com.google.gson.Gson) Workflow(com.tremolosecurity.provisioning.core.Workflow) Approvals(com.tremolosecurity.provisioning.objects.Approvals) Token(com.tremolosecurity.json.Token) SecretKey(javax.crypto.SecretKey) AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) Approval(com.tremolosecurity.provisioning.tasks.Approval) HashSet(java.util.HashSet) Session(org.hibernate.Session)

Example 43 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class ExecuteWorkflow method execute.

public void execute(WFCall wfcall, ConfigManager cfgMgr) throws Exception {
    Workflow wf = cfgMgr.getProvisioningEngine().getWorkFlow(wfcall.getName());
    if (wfcall.getEncryptedParams() != null) {
        LastMile lm = new LastMile();
        lm.loadLastMielToken(wfcall.getEncryptedParams(), GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getEncryptionKey()));
        StringBuffer b = new StringBuffer();
        b.append('/').append(URLEncoder.encode(wfcall.getName(), "UTF-8"));
        if (!lm.isValid(b.toString())) {
            throw new ProvisioningException("Invalid parameters");
        } else {
            for (Attribute attr : lm.getAttributes()) {
                wfcall.getRequestParams().put(attr.getName(), attr.getValues().get(0));
            }
        }
    } else {
        boolean resultSet = false;
        for (WorkflowType wft : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
            if (wft.getName().equalsIgnoreCase(wfcall.getName())) {
                if (wft.getDynamicConfiguration() != null && wft.getDynamicConfiguration().isDynamic()) {
                    throw new ProvisioningException("Encrypted parameters not supplied");
                }
            }
        }
    }
    wf.executeWorkflow(wfcall);
}
Also used : LastMile(com.tremolosecurity.lastmile.LastMile) Attribute(com.tremolosecurity.saml.Attribute) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow)

Example 44 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AttributeChange method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    if (request.containsKey("tremolo.azuread.external") && request.get("tremolo.azuread.external").equals("true")) {
        JSONObject root = new JSONObject();
        root.put("invitedUserEmailAddress", user.getAttribs().get("mail").getValues().get(0));
        root.put("inviteRedirectUrl", request.get("tremolo.azuread.invitation.redirect"));
        root.put("sendInvitationMessage", true);
        JSONObject invitation = new JSONObject();
        invitation.put("ccRecipients", new JSONArray());
        invitation.put("customizedMessageBody", request.get("tremolo.azuread.invitation.message"));
        root.put("invitedUserMessageInfo", invitation);
        HttpCon con = null;
        try {
            con = this.createClient();
            String json = this.callWSPostJsonReesponseExpected(con, "/invitations", root.toString());
            root = (JSONObject) new JSONParser().parse(json);
            String id = ((JSONObject) root.get("invitedUser")).get("id").toString();
            String userPrincipalName = this.getUpnFromId(con, id);
            if (userPrincipalName == null) {
                throw new ProvisioningException("user not created");
            }
            user.setUserID(userPrincipalName);
            user.getAttribs().put("userPrincipalName", new Attribute("userPrincipalName", userPrincipalName));
            user.getAttribs().put("id", new Attribute("id", id));
            this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
            this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
            Thread.sleep(10000);
            User fromAzure = this.findUser(userPrincipalName, attributes, request);
            int i = 0;
            while (fromAzure == null) {
                if (i > 100) {
                    throw new ProvisioningException("New user not available");
                }
                Thread.sleep(1000);
                try {
                    fromAzure = this.findUser(userPrincipalName, attributes, request);
                } catch (ProvisioningException e) {
                // do notthing
                }
                i++;
            }
            this.synUser(user, true, attributes, fromAzure, approvalID, workflow);
        } catch (Exception e) {
            throw new ProvisioningException("Could not create invitd user", e);
        } finally {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    } else {
        createInternalUser(user, attributes, request, approvalID, workflow);
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) JSONObject(org.json.simple.JSONObject) Attribute(com.tremolosecurity.saml.Attribute) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) JSONArray(org.json.simple.JSONArray) Workflow(com.tremolosecurity.provisioning.core.Workflow) JSONParser(org.json.simple.parser.JSONParser) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 45 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class AttributeChange method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    HttpCon con = null;
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        con = this.createClient();
        this.callDelete(con, new StringBuilder().append("/users/").append(URLEncoder.encode(user.getUserID(), "UTf-8")).toString());
        this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Delete, approvalID, workflow, "userPrincipalName", user.getUserID());
    } catch (Exception e) {
        throw new ProvisioningException("Could not delete user", e);
    } finally {
        try {
            con.getHttp().close();
        } catch (IOException e) {
        }
        con.getBcm().close();
    }
}
Also used : HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) Workflow(com.tremolosecurity.provisioning.core.Workflow) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Aggregations

Workflow (com.tremolosecurity.provisioning.core.Workflow)78 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)68 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)32 IOException (java.io.IOException)30 UnsupportedEncodingException (java.io.UnsupportedEncodingException)22 ClientProtocolException (org.apache.http.client.ClientProtocolException)21 Attribute (com.tremolosecurity.saml.Attribute)19 ArrayList (java.util.ArrayList)18 LDAPException (com.novell.ldap.LDAPException)17 HashMap (java.util.HashMap)17 User (com.tremolosecurity.provisioning.core.User)16 HashSet (java.util.HashSet)15 ParseException (org.json.simple.parser.ParseException)14 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)12 JSONObject (org.json.simple.JSONObject)12 Gson (com.google.gson.Gson)11 LDAPEntry (com.novell.ldap.LDAPEntry)11 LDAPAttribute (com.novell.ldap.LDAPAttribute)10 GitLabApiException (org.gitlab4j.api.GitLabApiException)10 SQLException (java.sql.SQLException)9