Example 1 with ApproverAttributes
use of com.tremolosecurity.provisioning.objects.ApproverAttributes in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doApproval.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.ProvisioningEngine#doApproval(int, java.lang.String, boolean, java.lang.String)
*/
@Override
public void doApproval(int id, String userID, boolean approved, String reason) throws ProvisioningException {
org.hibernate.Session session = this.sessionFactory.openSession();
try {
StringBuffer b = new StringBuffer();
LDAPSearchResults res = this.cfgMgr.getMyVD().search(this.cfgMgr.getCfg().getLdapRoot(), 2, equal(this.userIDAttributeName, userID).toString(), new ArrayList<String>());
if (!res.hasMore()) {
throw new ProvisioningException("Could not locate approver '" + userID + "'");
}
LDAPEntry approver = res.next();
AuthInfo auinfo = new AuthInfo();
auinfo.setUserDN(approver.getDN());
LDAPAttributeSet attrs = approver.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
auinfo.getAttribs().put(attrib.getName(), attrib);
}
while (res.hasMore()) res.next();
Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
query.setParameter("user_key", userID);
List<Approvers> approvers = query.list();
Approvers approverObj = null;
if (logger.isDebugEnabled()) {
logger.debug("Approver UserID : " + userID);
}
int approverID;
if (approvers.size() == 0) {
approverObj = new Approvers();
approverObj.setUserKey(userID);
session.save(approverObj);
approverID = approverObj.getId();
} else {
approverObj = approvers.get(0);
approverID = approverObj.getId();
}
session.beginTransaction();
boolean changed = false;
for (String attrName : this.getApproverAttributes()) {
boolean found = false;
for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
if (attrName.equalsIgnoreCase(appAttr.getName())) {
found = true;
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
appAttr.setValue(approverAttr.getStringValue());
session.save(appAttr);
}
}
}
}
if (!found) {
ApproverAttributes attr = new ApproverAttributes();
attr.setName(attrName);
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
attr.setValue(approverAttr.getStringValue());
}
attr.setApprovers(approverObj);
approverObj.getApproverAttributeses().add(attr);
session.save(attr);
changed = true;
}
}
Approvals approvals = session.load(Approvals.class, id);
if (approvals == null) {
throw new ProvisioningException("Approval not found");
}
Gson gson = new Gson();
String json = approvals.getWorkflowObj();
Token token = gson.fromJson(json, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String jsonDecr = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(jsonDecr);
Approval approval = (Approval) wf.findCurrentApprovalTask();
if (approval == null) {
throw new ProvisioningException("Could not locate approval step");
}
AzSys az = new AzSys();
for (AzRule rule : approval.getAzRules()) {
if (rule.getCustomAuthorization() != null) {
rule.getCustomAuthorization().loadConfigManager(cfgMgr);
rule.getCustomAuthorization().setWorkflow(wf);
}
}
if (!az.checkRules(auinfo, this.cfgMgr, approval.getAzRules(), wf.getRequest())) {
throw new ProvisioningException("Az of approval failed");
}
DateTime now = new DateTime();
approvals.setWorkflowObj(null);
approvals.setApprovedTs(new Timestamp(now.getMillis()));
approvals.setApprovers(approverObj);
approvals.setApproved(approved ? 1 : 0);
approvals.setReason(reason);
session.save(approvals);
wf.getRequest().put(Approval.APPROVAL_RESULT, new Boolean(approved));
approval.markComplete(approved);
if (approved) {
wf.reInit(cfgMgr);
wf.restart();
} else {
if (wf.getUserNum() != wf.getRequesterNum()) {
wf.getRequester().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getRequester().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getRequester().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getRequester().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getRequester());
}
}
wf.getUser().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getUser().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getUser().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getUser().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getUser());
}
wf.reInit(cfgMgr);
wf.restart();
}
session.getTransaction().commit();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load approver", e);
} catch (SQLException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (IOException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (ClassNotFoundException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (NoSuchAlgorithmException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (NoSuchPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidKeyException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidAlgorithmParameterException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (IllegalBlockSizeException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (BadPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (ProvisioningException e) {
throw e;
} catch (Exception e) {
logger.error("Exception running workflow", e);
throw new ProvisioningException("Exception running workflow", e);
} finally {
if (session != null) {
session.close();
}
}
}
Also used :
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
Query(org.hibernate.Query)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
SQLException(java.sql.SQLException)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
Gson(com.google.gson.Gson)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
Token(com.tremolosecurity.json.Token)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
Timestamp(java.sql.Timestamp)
DateTime(org.joda.time.DateTime)
LDAPEntry(com.novell.ldap.LDAPEntry)
Approvers(com.tremolosecurity.provisioning.objects.Approvers)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
Approval(com.tremolosecurity.provisioning.tasks.Approval)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SocketException(java.net.SocketException)
SQLException(java.sql.SQLException)
SchedulerException(org.quartz.SchedulerException)
IOException(java.io.IOException)
MessagingException(javax.mail.MessagingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
JMSException(javax.jms.JMSException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
BadPaddingException(javax.crypto.BadPaddingException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
AzRule(com.tremolosecurity.proxy.az.AzRule)
Example 2 with ApproverAttributes
use of com.tremolosecurity.provisioning.objects.ApproverAttributes in project OpenUnison by TremoloSecurity.
the class RemindApprovers method execute.
@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
if (configManager == null || configManager.getProvisioningEngine() == null) {
logger.warn("System not fully initialized");
return;
}
String msg = context.getJobDetail().getJobDataMap().getString("message");
int days = Integer.parseInt(context.getJobDetail().getJobDataMap().getString("days"));
String mailAttribute = context.getJobDetail().getJobDataMap().getString("mailAttributeName");
Session session = null;
try {
session = configManager.getProvisioningEngine().getHibernateSessionFactory().openSession();
DateTime approvalsAfterDate = new DateTime().minusDays(days + 1);
Query query = session.createQuery("FROM Approvals WHERE approved IS NULL AND createTS > :check_date");
query.setParameter("check_date", new java.sql.Date(approvalsAfterDate.getMillis()));
List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
DateTime now = new DateTime();
for (Approvals apr : approvals) {
int daysOpen = Days.daysBetween(new DateTime(apr.getCreateTs().getTime()), now).getDays();
String label = apr.getLabel();
String mail = null;
for (AllowedApprovers allowed : apr.getAllowedApproverses()) {
mail = null;
for (ApproverAttributes attr : allowed.getApprovers().getApproverAttributeses()) {
if (attr.getName().equalsIgnoreCase(mailAttribute)) {
mail = attr.getValue();
}
}
if (mail == null) {
logger.warn("No attribute called '" + mailAttribute + "' for user '" + allowed.getApprovers().getUserKey() + "'");
} else {
if (logger.isDebugEnabled()) {
logger.debug("Notifying " + mail + " for " + label + " after " + daysOpen + " days");
}
String toSend = msg.replaceAll("[%]L", label).replaceAll("[%]D", Integer.toString(daysOpen));
configManager.getProvisioningEngine().sendNotification(mail, toSend, "Open Approval for " + daysOpen + " days", new User(mail));
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Error reminding open approvers", e);
} finally {
if (session != null) {
session.close();
}
}
}
Also used :
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
User(com.tremolosecurity.provisioning.core.User)
Query(org.hibernate.Query)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
DateTime(org.joda.time.DateTime)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
SQLException(java.sql.SQLException)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Session(org.hibernate.Session)
Example 3 with ApproverAttributes
use of com.tremolosecurity.provisioning.objects.ApproverAttributes in project OpenUnison by TremoloSecurity.
the class AzUtils method getApprover.
public static Approvers getApprover(Approvals approval, String emailTemplate, ConfigManager cfg, Session session, String userID, LDAPEntry approver) throws SQLException {
Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
query.setParameter("user_key", userID);
List<Approvers> approvers = query.list();
Approvers approverObj = null;
if (logger.isDebugEnabled()) {
logger.debug("Approver UserID : " + userID);
}
int approverID;
if (approvers.size() == 0) {
approverObj = new Approvers();
approverObj.setUserKey(userID);
session.save(approverObj);
approverID = approverObj.getId();
} else {
approverObj = approvers.get(0);
approverID = approverObj.getId();
}
boolean changed = false;
for (String attrName : cfg.getProvisioningEngine().getApproverAttributes()) {
boolean found = false;
for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
if (attrName.equalsIgnoreCase(appAttr.getName())) {
found = true;
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
appAttr.setValue(approverAttr.getStringValue());
session.save(appAttr);
}
}
}
}
if (!found) {
ApproverAttributes attr = new ApproverAttributes();
attr.setName(attrName);
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
attr.setValue(approverAttr.getStringValue());
attr.setApprovers(approverObj);
approverObj.getApproverAttributeses().add(attr);
session.save(attr);
}
changed = true;
}
}
return approverObj;
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
Query(org.hibernate.Query)
Approvers(com.tremolosecurity.provisioning.objects.Approvers)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
Aggregations
AllowedApprovers (com.tremolosecurity.provisioning.objects.AllowedApprovers)3
ApproverAttributes (com.tremolosecurity.provisioning.objects.ApproverAttributes)3
Query (org.hibernate.Query)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)2
Approvals (com.tremolosecurity.provisioning.objects.Approvals)2
Approvers (com.tremolosecurity.provisioning.objects.Approvers)2
SQLException (java.sql.SQLException)2
DateTime (org.joda.time.DateTime)2
Gson (com.google.gson.Gson)1
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)1
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPException (com.novell.ldap.LDAPException)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
Token (com.tremolosecurity.json.Token)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
User (com.tremolosecurity.provisioning.core.User)1
Approval (com.tremolosecurity.provisioning.tasks.Approval)1
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1
AzSys (com.tremolosecurity.proxy.auth.AzSys)1
AzRule (com.tremolosecurity.proxy.az.AzRule)1
