Examples with AllowedApprovers com.tremolosecurity.provisioning.objects.AllowedApprovers used on opensource projects

Example 1 with AllowedApprovers

use of com.tremolosecurity.provisioning.objects.AllowedApprovers in project OpenUnison by TremoloSecurity.

the class AzUtils method loadDNApprovers.

public static boolean loadDNApprovers(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, int id2, String constraint, boolean sendNotification) throws ProvisioningException {
    ArrayList<String> attrs = new ArrayList<String>();
    attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
    LDAPSearchResults res = null;
    LDAPEntry entry = null;
    boolean found = false;
    try {
        res = cfg.getMyVD().search(constraint, 2, equal("objectClass", cfg.getCfg().getUserObjectClass()).toString(), attrs);
        while (res.hasMore()) {
            entry = res.next();
            Approvers approver = getApproverByDN(approval, emailTemplate, cfg, session, entry.getDN(), sendNotification);
            if (approver == null) {
                continue;
            }
            found = true;
            AllowedApprovers allowedApprover = new AllowedApprovers();
            allowedApprover.setApprovals(approval);
            allowedApprover.setApprovers(approver);
            session.save(allowedApprover);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not find approvers", e);
    }
    return found;
}

Example 2 with AllowedApprovers

use of com.tremolosecurity.provisioning.objects.AllowedApprovers in project OpenUnison by TremoloSecurity.

the class UpdateApprovalAZListener method updateAllowedApprovals.

private void updateAllowedApprovals(ConfigManager cfg, int approvalID, String workflowObj) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, ProvisioningException, SQLException, InvalidAlgorithmParameterException {
    SecretKey decryptionKey = cfg.getSecretKey(cfg.getCfg().getProvisioning().getApprovalDB().getEncryptionKey());
    Gson gson = new Gson();
    Token token = gson.fromJson(workflowObj, Token.class);
    byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
    IvParameterSpec spec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, spec);
    byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
    String json = new String(cipher.doFinal(encBytes));
    Workflow wf = (Workflow) JsonReader.jsonToJava(json);
    Approval approval = (Approval) wf.findCurrentApprovalTask();
    if (approval == null) {
        throw new ProvisioningException("Could not locate approval step");
    }
    Set<Integer> currentApprovers = new HashSet<Integer>();
    Session session = cfg.getProvisioningEngine().getHibernateSessionFactory().openSession();
    try {
        Approvals approvalObj = session.load(Approvals.class, approval.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            currentApprovers.add(approver.getApprovers().getId());
        }
        session.beginTransaction();
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            session.delete(approver);
        }
        approvalObj.getAllowedApproverses().clear();
        approval.updateAllowedApprovals(session, cfg, wf.getRequest());
        // need to write the approval back to the db
        json = JsonWriter.objectToJson(wf);
        cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, decryptionKey);
        byte[] encJson = cipher.doFinal(json.getBytes("UTF-8"));
        String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encJson));
        token = new Token();
        token.setEncryptedRequest(base64d);
        token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
        // String base64 = new String(org.bouncycastle.util.encoders.Base64.encode(baos.toByteArray()));
        approvalObj.setWorkflowObj(gson.toJson(token));
        session.save(approvalObj);
        session.getTransaction().commit();
        approvalObj = session.load(Approvals.class, approvalObj.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            if (!currentApprovers.contains(approver.getApprovers().getId())) {
                this.sendNotification(approval.getEmailTemplate(), cfg, session, approver.getApprovers().getUserKey());
            }
        }
    } catch (Throwable t) {
        try {
            if (session != null) {
                session.getTransaction().rollback();
            }
        } catch (Throwable tx) {
        }
        ;
        throw t;
    } finally {
        if (session != null) {
            session.close();
        }
    }
}

Example 3 with AllowedApprovers

use of com.tremolosecurity.provisioning.objects.AllowedApprovers in project OpenUnison by TremoloSecurity.

the class RemindApprovers method execute.

@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
    if (configManager == null || configManager.getProvisioningEngine() == null) {
        logger.warn("System not fully initialized");
        return;
    }
    String msg = context.getJobDetail().getJobDataMap().getString("message");
    int days = Integer.parseInt(context.getJobDetail().getJobDataMap().getString("days"));
    String mailAttribute = context.getJobDetail().getJobDataMap().getString("mailAttributeName");
    Session session = null;
    try {
        session = configManager.getProvisioningEngine().getHibernateSessionFactory().openSession();
        DateTime approvalsAfterDate = new DateTime().minusDays(days + 1);
        Query query = session.createQuery("FROM Approvals WHERE approved IS NULL AND createTS > :check_date");
        query.setParameter("check_date", new java.sql.Date(approvalsAfterDate.getMillis()));
        List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
        DateTime now = new DateTime();
        for (Approvals apr : approvals) {
            int daysOpen = Days.daysBetween(new DateTime(apr.getCreateTs().getTime()), now).getDays();
            String label = apr.getLabel();
            String mail = null;
            for (AllowedApprovers allowed : apr.getAllowedApproverses()) {
                mail = null;
                for (ApproverAttributes attr : allowed.getApprovers().getApproverAttributeses()) {
                    if (attr.getName().equalsIgnoreCase(mailAttribute)) {
                        mail = attr.getValue();
                    }
                }
                if (mail == null) {
                    logger.warn("No attribute called '" + mailAttribute + "' for user '" + allowed.getApprovers().getUserKey() + "'");
                } else {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Notifying " + mail + " for " + label + " after " + daysOpen + " days");
                    }
                    String toSend = msg.replaceAll("[%]L", label).replaceAll("[%]D", Integer.toString(daysOpen));
                    configManager.getProvisioningEngine().sendNotification(mail, toSend, "Open Approval for " + daysOpen + " days", new User(mail));
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Error reminding open approvers", e);
    } finally {
        if (session != null) {
            session.close();
        }
    }
}

Example 4 with AllowedApprovers

use of com.tremolosecurity.provisioning.objects.AllowedApprovers in project OpenUnison by TremoloSecurity.

the class AzUtils method loadFilterApprovers.

public static boolean loadFilterApprovers(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, int id, String constraint, boolean sendNotification) throws ProvisioningException {
    ArrayList<String> attrs = new ArrayList<String>();
    // attrs.add(cfg.getProvisioningEngine().getUserIDAttribute());
    LDAPSearchResults res = null;
    LDAPEntry entry = null;
    boolean found = false;
    try {
        res = cfg.getMyVD().search(cfg.getCfg().getLdapRoot(), 2, constraint, attrs);
        while (res.hasMore()) {
            entry = res.next();
            LDAPAttribute attr = entry.getAttribute(cfg.getProvisioningEngine().getUserIDAttribute());
            if (attr == null) {
                continue;
            }
            if (sendNotification) {
                if (entry.getAttribute("mail") == null) {
                    StringBuffer b = new StringBuffer();
                    b.append("No email address for ").append(entry.getDN());
                    logger.warn(b.toString());
                } else {
                    String mail = entry.getAttribute("mail").getStringValue();
                    cfg.getProvisioningEngine().sendNotification(mail, emailTemplate, new User(entry));
                }
            }
            String uid = attr.getStringValue();
            Approvers approver = getApprover(approval, emailTemplate, cfg, session, uid, entry);
            if (approver == null) {
                continue;
            }
            found = true;
            AllowedApprovers allowed = new AllowedApprovers();
            allowed.setApprovals(approval);
            allowed.setApprovers(approver);
            session.save(allowed);
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not find approvers", e);
    }
    return found;
}

Example 5 with AllowedApprovers

use of com.tremolosecurity.provisioning.objects.AllowedApprovers in project OpenUnison by TremoloSecurity.

the class AzUtils method loadStaticGroupApprovers.

public static boolean loadStaticGroupApprovers(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, int id, String constraint, boolean sendNotification) throws ProvisioningException {
    ArrayList<String> attrs = new ArrayList<String>();
    attrs.add(cfg.getCfg().getGroupMemberAttribute());
    LDAPSearchResults res = null;
    LDAPEntry entry = null;
    boolean found = false;
    try {
        res = cfg.getMyVD().search(constraint, 0, "(objectClass=*)", attrs);
        if (res.hasMore()) {
            entry = res.next();
        }
    } catch (LDAPException e) {
        throw new ProvisioningException("Could not find group", e);
    }
    if (entry != null) {
        LDAPAttribute members = entry.getAttribute(cfg.getCfg().getGroupMemberAttribute());
        String[] dns = members != null ? members.getStringValueArray() : new String[0];
        if (dns.length == 0) {
            StringBuffer b = new StringBuffer();
            b.append(constraint).append(" does not have any members");
            logger.warn(b.toString());
        }
        try {
            for (String dn : dns) {
                Approvers approver = getApproverByDN(approval, emailTemplate, cfg, session, dn, sendNotification);
                if (approver == null) {
                    continue;
                }
                AllowedApprovers allowed = new AllowedApprovers();
                allowed.setApprovals(approval);
                allowed.setApprovers(approver);
                session.save(allowed);
                found = true;
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not load approvers", e);
        }
    }
    return found;
}