use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class ExecutedWorkflows method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String userKey = req.getParameter("user");
Session session = null;
try {
session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
// PreparedStatement ps = con.prepareStatement("select workflows.id,workflows.name from workflows inner join users on users.id=workflows.userid where workflows.completeTS IS NOT NULL AND userKey=?");
Query query = session.createQuery("FROM Workflows WHERE Workflows.completeTS IS NOT NULL AND Workflows.users.userKey = :user_key");
query.setParameter("user_key", userKey);
List<com.tremolosecurity.provisioning.objects.Workflows> workflows = query.list();
ArrayList<String> workflowids = new ArrayList<String>();
for (Workflows wf : workflows) {
if (wf.getApprovals().isEmpty()) {
workflowids.add(wf.getName());
} else {
boolean approved = true;
for (Approvals approval : wf.getApprovals()) {
approved = approved && (approval.getApproved() == 1 && approval.getApprovedTs() != null);
}
}
}
Gson gson = new Gson();
ProvisioningResult resObj = new ProvisioningResult();
resObj.setSuccess(true);
resObj.setWorkflowIds(workflowids);
resp.getOutputStream().println(gson.toJson(resObj));
} catch (Exception e) {
ProvisioningError pe = new ProvisioningError();
pe.setError("Could not load executed workflows : " + e.getMessage());
ProvisioningResult res = new ProvisioningResult();
res.setSuccess(false);
res.setError(pe);
Gson gson = new Gson();
resp.getWriter().write(gson.toJson(res));
} finally {
if (session != null) {
session.close();
}
}
}
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doApproval.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.ProvisioningEngine#doApproval(int, java.lang.String, boolean, java.lang.String)
*/
@Override
public void doApproval(int id, String userID, boolean approved, String reason) throws ProvisioningException {
org.hibernate.Session session = this.sessionFactory.openSession();
try {
StringBuffer b = new StringBuffer();
LDAPSearchResults res = this.cfgMgr.getMyVD().search(this.cfgMgr.getCfg().getLdapRoot(), 2, equal(this.userIDAttributeName, userID).toString(), new ArrayList<String>());
if (!res.hasMore()) {
throw new ProvisioningException("Could not locate approver '" + userID + "'");
}
LDAPEntry approver = res.next();
AuthInfo auinfo = new AuthInfo();
auinfo.setUserDN(approver.getDN());
LDAPAttributeSet attrs = approver.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
auinfo.getAttribs().put(attrib.getName(), attrib);
}
while (res.hasMore()) res.next();
Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
query.setParameter("user_key", userID);
List<Approvers> approvers = query.list();
Approvers approverObj = null;
if (logger.isDebugEnabled()) {
logger.debug("Approver UserID : " + userID);
}
int approverID;
if (approvers.size() == 0) {
approverObj = new Approvers();
approverObj.setUserKey(userID);
session.save(approverObj);
approverID = approverObj.getId();
} else {
approverObj = approvers.get(0);
approverID = approverObj.getId();
}
session.beginTransaction();
boolean changed = false;
for (String attrName : this.getApproverAttributes()) {
boolean found = false;
for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
if (attrName.equalsIgnoreCase(appAttr.getName())) {
found = true;
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
appAttr.setValue(approverAttr.getStringValue());
session.save(appAttr);
}
}
}
}
if (!found) {
ApproverAttributes attr = new ApproverAttributes();
attr.setName(attrName);
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
attr.setValue(approverAttr.getStringValue());
}
attr.setApprovers(approverObj);
approverObj.getApproverAttributeses().add(attr);
session.save(attr);
changed = true;
}
}
Approvals approvals = session.load(Approvals.class, id);
if (approvals == null) {
throw new ProvisioningException("Approval not found");
}
Gson gson = new Gson();
String json = approvals.getWorkflowObj();
Token token = gson.fromJson(json, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String jsonDecr = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(jsonDecr);
Approval approval = (Approval) wf.findCurrentApprovalTask();
if (approval == null) {
throw new ProvisioningException("Could not locate approval step");
}
AzSys az = new AzSys();
for (AzRule rule : approval.getAzRules()) {
if (rule.getCustomAuthorization() != null) {
rule.getCustomAuthorization().loadConfigManager(cfgMgr);
rule.getCustomAuthorization().setWorkflow(wf);
}
}
if (!az.checkRules(auinfo, this.cfgMgr, approval.getAzRules(), wf.getRequest())) {
throw new ProvisioningException("Az of approval failed");
}
DateTime now = new DateTime();
approvals.setWorkflowObj(null);
approvals.setApprovedTs(new Timestamp(now.getMillis()));
approvals.setApprovers(approverObj);
approvals.setApproved(approved ? 1 : 0);
approvals.setReason(reason);
session.save(approvals);
wf.getRequest().put(Approval.APPROVAL_RESULT, new Boolean(approved));
approval.markComplete(approved);
if (approved) {
wf.reInit(cfgMgr);
wf.restart();
} else {
if (wf.getUserNum() != wf.getRequesterNum()) {
wf.getRequester().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getRequester().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getRequester().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getRequester().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getRequester());
}
}
wf.getUser().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getUser().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getUser().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getUser().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getUser());
}
wf.reInit(cfgMgr);
wf.restart();
}
session.getTransaction().commit();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load approver", e);
} catch (SQLException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (IOException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (ClassNotFoundException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (NoSuchAlgorithmException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (NoSuchPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidKeyException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidAlgorithmParameterException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (IllegalBlockSizeException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (BadPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (ProvisioningException e) {
throw e;
} catch (Exception e) {
logger.error("Exception running workflow", e);
throw new ProvisioningException("Exception running workflow", e);
} finally {
if (session != null) {
session.close();
}
}
}
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class ServiceActions method listOpenApprovals.
public static ApprovalSummaries listOpenApprovals(String approver, String displayNameAttribute, ConfigManager cfgMgr) throws ProvisioningException {
Session session = null;
try {
// PreparedStatement ps = con.prepareStatement("SELECT workflows.requestReason AS wfreason, workflows.name AS wfName,workflows.id AS workflow, workflows.startTS AS wfStart, approvals.id AS approval,approvals.label AS label,approvals.createTS AS approvalTS, users.userKey AS userid FROM approvals INNER JOIN workflows ON approvals.workflow=workflows.id INNER JOIN allowedApprovers ON allowedApprovers.approval=approvals.id INNER JOIN approvers ON approvers.id=allowedApprovers.approver INNER JOIN users ON users.id=workflows.userid WHERE approvers.userKey=? AND approvals.approved IS NULL");
session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
Query query = session.createQuery("SELECT aprv FROM Approvals aprv JOIN aprv.allowedApproverses allowed JOIN allowed.approvers apprv WHERE aprv.approved IS NULL AND apprv.userKey = :user_key");
query.setParameter("user_key", approver);
List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
ArrayList<ApprovalSummary> summaries = new ArrayList<ApprovalSummary>();
for (Approvals appr : approvals) {
ApprovalSummary sum = new ApprovalSummary();
sum.setApproval(appr.getId());
sum.setWorkflow(appr.getWorkflow().getId());
sum.setLabel(appr.getLabel());
sum.setUser(appr.getWorkflow().getUsers().getUserKey());
String filter = equal(cfgMgr.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute(), appr.getWorkflow().getUsers().getUserKey()).toString();
ArrayList<String> attributes = new ArrayList<String>();
attributes.add(displayNameAttribute);
LDAPSearchResults res = cfgMgr.getMyVD().search(cfgMgr.getCfg().getLdapRoot(), 2, filter, attributes);
if (res.hasMore()) {
LDAPEntry entry = res.next();
LDAPAttribute attr = entry.getAttribute(displayNameAttribute);
if (attr != null) {
sum.setDisplayName(attr.getStringValue());
} else {
sum.setDisplayName(approver);
}
while (res.hasMore()) res.next();
} else {
// TODO decrypt object
if (displayNameAttribute.equalsIgnoreCase(cfgMgr.getCfg().getProvisioning().getApprovalDB().getUserIdAttribute())) {
sum.setDisplayName(appr.getWorkflow().getUsers().getUserKey());
} else {
boolean found = false;
Set<UserAttributes> fromReportData = appr.getWorkflow().getUsers().getUserAttributeses();
for (UserAttributes attr : fromReportData) {
if (attr.getName().equalsIgnoreCase(displayNameAttribute)) {
sum.setDisplayName(attr.getValue());
found = true;
break;
}
}
if (!found) {
sum.setDisplayName(appr.getWorkflow().getUsers().getUserKey());
}
}
}
sum.setWfStart(appr.getWorkflow().getStartTs().getTime());
sum.setApprovalStart(appr.getCreateTs().getTime());
sum.setReason(appr.getWorkflow().getRequestReason());
String wfName = appr.getWorkflow().getName();
sum.setWfName(wfName);
sum.setWfLabel(appr.getWorkflow().getLabel());
sum.setWfDescription(appr.getWorkflow().getDescription());
summaries.add(sum);
}
Gson gson = new Gson();
ApprovalSummaries sums = new ApprovalSummaries();
sums.setApprovals(summaries);
return sums;
} catch (Throwable t) {
throw new ProvisioningException("Could not load approvals", t);
} finally {
if (session != null) {
session.close();
}
}
}
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class ServiceActions method loadApprovalDetails.
public static ApprovalDetails loadApprovalDetails(String approver, int approvalID) throws ProvisioningException {
Session session = null;
Gson gson = new Gson();
try {
session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
Query query = session.createQuery("SELECT apprv FROM Approvals apprv JOIN apprv.allowedApproverses allowed JOIN allowed.approvers approver WHERE apprv.id = :approval_id AND approver.userKey = :approver_id");
query.setParameter("approval_id", approvalID);
query.setParameter("approver_id", approver);
List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
if (approvals.isEmpty()) {
throw new ServletException("no approval found");
}
Approvals approval = approvals.get(0);
ApprovalDetails sum = new ApprovalDetails();
sum.setApproval(approval.getId());
sum.setWorkflow(approval.getWorkflow().getId());
sum.setLabel(approval.getLabel());
sum.setUser(approval.getWorkflow().getUsers().getUserKey());
sum.setWfStart(approval.getWorkflow().getStartTs().getTime());
sum.setApprovalStart(approval.getCreateTs().getTime());
sum.setReason(approval.getWorkflow().getRequestReason());
String json = approval.getWorkflowObj();
Token token = gson.fromJson(json, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
json = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(json);
sum.setUserObj(wf.getUser());
String wfName = approval.getWorkflow().getName();
sum.setWfName(wfName);
sum.setWfLabel(approval.getWorkflow().getLabel());
sum.setWfDescription(approval.getWorkflow().getDescription());
return sum;
} catch (Throwable t) {
throw new ProvisioningException("Could not load approval", t);
} finally {
if (session != null) {
session.close();
}
}
}
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class UpdateApprovalAZListener method updateAllowedApprovals.
private void updateAllowedApprovals(ConfigManager cfg, int approvalID, String workflowObj) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, ProvisioningException, SQLException, InvalidAlgorithmParameterException {
SecretKey decryptionKey = cfg.getSecretKey(cfg.getCfg().getProvisioning().getApprovalDB().getEncryptionKey());
Gson gson = new Gson();
Token token = gson.fromJson(workflowObj, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String json = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(json);
Approval approval = (Approval) wf.findCurrentApprovalTask();
if (approval == null) {
throw new ProvisioningException("Could not locate approval step");
}
Set<Integer> currentApprovers = new HashSet<Integer>();
Session session = cfg.getProvisioningEngine().getHibernateSessionFactory().openSession();
try {
Approvals approvalObj = session.load(Approvals.class, approval.getId());
for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
currentApprovers.add(approver.getApprovers().getId());
}
session.beginTransaction();
for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
session.delete(approver);
}
approvalObj.getAllowedApproverses().clear();
approval.updateAllowedApprovals(session, cfg, wf.getRequest());
// need to write the approval back to the db
json = JsonWriter.objectToJson(wf);
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, decryptionKey);
byte[] encJson = cipher.doFinal(json.getBytes("UTF-8"));
String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encJson));
token = new Token();
token.setEncryptedRequest(base64d);
token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
// String base64 = new String(org.bouncycastle.util.encoders.Base64.encode(baos.toByteArray()));
approvalObj.setWorkflowObj(gson.toJson(token));
session.save(approvalObj);
session.getTransaction().commit();
approvalObj = session.load(Approvals.class, approvalObj.getId());
for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
if (!currentApprovers.contains(approver.getApprovers().getId())) {
this.sendNotification(approval.getEmailTemplate(), cfg, session, approver.getApprovers().getUserKey());
}
}
} catch (Throwable t) {
try {
if (session != null) {
session.getTransaction().rollback();
}
} catch (Throwable tx) {
}
;
throw t;
} finally {
if (session != null) {
session.close();
}
}
}
Aggregations