Examples with Approval com.tremolosecurity.provisioning.tasks.Approval used on opensource projects

Search in sources :

Example 1 with Approval

use of com.tremolosecurity.provisioning.tasks.Approval in project OpenUnison by TremoloSecurity.

the class SendMessageThread method doApproval.

/* (non-Javadoc)
	 * @see com.tremolosecurity.provisioning.core.ProvisioningEngine#doApproval(int, java.lang.String, boolean, java.lang.String)
	 */
@Override
public void doApproval(int id, String userID, boolean approved, String reason) throws ProvisioningException {
    org.hibernate.Session session = this.sessionFactory.openSession();
    try {
        StringBuffer b = new StringBuffer();
        LDAPSearchResults res = this.cfgMgr.getMyVD().search(this.cfgMgr.getCfg().getLdapRoot(), 2, equal(this.userIDAttributeName, userID).toString(), new ArrayList<String>());
        if (!res.hasMore()) {
            throw new ProvisioningException("Could not locate approver '" + userID + "'");
        }
        LDAPEntry approver = res.next();
        AuthInfo auinfo = new AuthInfo();
        auinfo.setUserDN(approver.getDN());
        LDAPAttributeSet attrs = approver.getAttributeSet();
        for (Object obj : attrs) {
            LDAPAttribute attr = (LDAPAttribute) obj;
            Attribute attrib = new Attribute(attr.getName());
            String[] vals = attr.getStringValueArray();
            for (String val : vals) {
                attrib.getValues().add(val);
            }
            auinfo.getAttribs().put(attrib.getName(), attrib);
        }
        while (res.hasMore()) res.next();
        Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
        query.setParameter("user_key", userID);
        List<Approvers> approvers = query.list();
        Approvers approverObj = null;
        if (logger.isDebugEnabled()) {
            logger.debug("Approver UserID : " + userID);
        }
        int approverID;
        if (approvers.size() == 0) {
            approverObj = new Approvers();
            approverObj.setUserKey(userID);
            session.save(approverObj);
            approverID = approverObj.getId();
        } else {
            approverObj = approvers.get(0);
            approverID = approverObj.getId();
        }
        session.beginTransaction();
        boolean changed = false;
        for (String attrName : this.getApproverAttributes()) {
            boolean found = false;
            for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
                if (attrName.equalsIgnoreCase(appAttr.getName())) {
                    found = true;
                    LDAPAttribute approverAttr = approver.getAttribute(attrName);
                    if (approverAttr != null) {
                        if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
                            appAttr.setValue(approverAttr.getStringValue());
                            session.save(appAttr);
                        }
                    }
                }
            }
            if (!found) {
                ApproverAttributes attr = new ApproverAttributes();
                attr.setName(attrName);
                LDAPAttribute approverAttr = approver.getAttribute(attrName);
                if (approverAttr != null) {
                    attr.setValue(approverAttr.getStringValue());
                }
                attr.setApprovers(approverObj);
                approverObj.getApproverAttributeses().add(attr);
                session.save(attr);
                changed = true;
            }
        }
        Approvals approvals = session.load(Approvals.class, id);
        if (approvals == null) {
            throw new ProvisioningException("Approval not found");
        }
        Gson gson = new Gson();
        String json = approvals.getWorkflowObj();
        Token token = gson.fromJson(json, Token.class);
        byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
        IvParameterSpec spec = new IvParameterSpec(iv);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
        byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
        String jsonDecr = new String(cipher.doFinal(encBytes));
        Workflow wf = (Workflow) JsonReader.jsonToJava(jsonDecr);
        Approval approval = (Approval) wf.findCurrentApprovalTask();
        if (approval == null) {
            throw new ProvisioningException("Could not locate approval step");
        }
        AzSys az = new AzSys();
        for (AzRule rule : approval.getAzRules()) {
            if (rule.getCustomAuthorization() != null) {
                rule.getCustomAuthorization().loadConfigManager(cfgMgr);
                rule.getCustomAuthorization().setWorkflow(wf);
            }
        }
        if (!az.checkRules(auinfo, this.cfgMgr, approval.getAzRules(), wf.getRequest())) {
            throw new ProvisioningException("Az of approval failed");
        }
        DateTime now = new DateTime();
        approvals.setWorkflowObj(null);
        approvals.setApprovedTs(new Timestamp(now.getMillis()));
        approvals.setApprovers(approverObj);
        approvals.setApproved(approved ? 1 : 0);
        approvals.setReason(reason);
        session.save(approvals);
        wf.getRequest().put(Approval.APPROVAL_RESULT, new Boolean(approved));
        approval.markComplete(approved);
        if (approved) {
            wf.reInit(cfgMgr);
            wf.restart();
        } else {
            if (wf.getUserNum() != wf.getRequesterNum()) {
                wf.getRequester().getAttribs().put("reason", new Attribute("reason", reason));
                if (!wf.getRequester().getAttribs().containsKey(approval.getMailAttr())) {
                    logger.warn("Can not send failure notification to " + wf.getRequester().getUserID() + ", no mail found");
                } else {
                    this.sendNotification(wf.getRequester().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getRequester());
                }
            }
            wf.getUser().getAttribs().put("reason", new Attribute("reason", reason));
            if (!wf.getUser().getAttribs().containsKey(approval.getMailAttr())) {
                logger.warn("Can not send failure notification to " + wf.getUser().getUserID() + ", no mail found");
            } else {
                this.sendNotification(wf.getUser().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getUser());
            }
            wf.reInit(cfgMgr);
            wf.restart();
        }
        session.getTransaction().commit();
    } catch (LDAPException e) {
        throw new ProvisioningException("Could not load approver", e);
    } catch (SQLException e) {
        throw new ProvisioningException("Could not load saved workflow", e);
    } catch (IOException e) {
        throw new ProvisioningException("Could not load saved workflow", e);
    } catch (ClassNotFoundException e) {
        throw new ProvisioningException("Could not load saved workflow", e);
    } catch (NoSuchAlgorithmException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (NoSuchPaddingException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (InvalidKeyException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (IllegalBlockSizeException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (BadPaddingException e) {
        throw new ProvisioningException("Could not decrypt workflow object", e);
    } catch (ProvisioningException e) {
        throw e;
    } catch (Exception e) {
        logger.error("Exception running workflow", e);
        throw new ProvisioningException("Exception running workflow", e);
    } finally {
        if (session != null) {
            session.close();
        }
    }
}
Also used : ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes) Query(org.hibernate.Query) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) SQLException(java.sql.SQLException) Approvals(com.tremolosecurity.provisioning.objects.Approvals) Gson(com.google.gson.Gson) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Token(com.tremolosecurity.json.Token) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) Timestamp(java.sql.Timestamp) DateTime(org.joda.time.DateTime) LDAPEntry(com.novell.ldap.LDAPEntry) Approvers(com.tremolosecurity.provisioning.objects.Approvers) AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers) Approval(com.tremolosecurity.provisioning.tasks.Approval) LDAPAttribute(com.novell.ldap.LDAPAttribute) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) InvocationTargetException(java.lang.reflect.InvocationTargetException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) LDAPException(com.novell.ldap.LDAPException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) SocketException(java.net.SocketException) SQLException(java.sql.SQLException) SchedulerException(org.quartz.SchedulerException) IOException(java.io.IOException) MessagingException(javax.mail.MessagingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) JMSException(javax.jms.JMSException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) BadPaddingException(javax.crypto.BadPaddingException) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) AzSys(com.tremolosecurity.proxy.auth.AzSys) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) AzRule(com.tremolosecurity.proxy.az.AzRule)

Example 2 with Approval

use of com.tremolosecurity.provisioning.tasks.Approval in project OpenUnison by TremoloSecurity.

the class UpdateApprovalAZListener method updateAllowedApprovals.

private void updateAllowedApprovals(ConfigManager cfg, int approvalID, String workflowObj) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, ProvisioningException, SQLException, InvalidAlgorithmParameterException {
    SecretKey decryptionKey = cfg.getSecretKey(cfg.getCfg().getProvisioning().getApprovalDB().getEncryptionKey());
    Gson gson = new Gson();
    Token token = gson.fromJson(workflowObj, Token.class);
    byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
    IvParameterSpec spec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, spec);
    byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
    String json = new String(cipher.doFinal(encBytes));
    Workflow wf = (Workflow) JsonReader.jsonToJava(json);
    Approval approval = (Approval) wf.findCurrentApprovalTask();
    if (approval == null) {
        throw new ProvisioningException("Could not locate approval step");
    }
    Set<Integer> currentApprovers = new HashSet<Integer>();
    Session session = cfg.getProvisioningEngine().getHibernateSessionFactory().openSession();
    try {
        Approvals approvalObj = session.load(Approvals.class, approval.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            currentApprovers.add(approver.getApprovers().getId());
        }
        session.beginTransaction();
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            session.delete(approver);
        }
        approvalObj.getAllowedApproverses().clear();
        approval.updateAllowedApprovals(session, cfg, wf.getRequest());
        // need to write the approval back to the db
        json = JsonWriter.objectToJson(wf);
        cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, decryptionKey);
        byte[] encJson = cipher.doFinal(json.getBytes("UTF-8"));
        String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encJson));
        token = new Token();
        token.setEncryptedRequest(base64d);
        token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
        // String base64 = new String(org.bouncycastle.util.encoders.Base64.encode(baos.toByteArray()));
        approvalObj.setWorkflowObj(gson.toJson(token));
        session.save(approvalObj);
        session.getTransaction().commit();
        approvalObj = session.load(Approvals.class, approvalObj.getId());
        for (AllowedApprovers approver : approvalObj.getAllowedApproverses()) {
            if (!currentApprovers.contains(approver.getApprovers().getId())) {
                this.sendNotification(approval.getEmailTemplate(), cfg, session, approver.getApprovers().getUserKey());
            }
        }
    } catch (Throwable t) {
        try {
            if (session != null) {
                session.getTransaction().rollback();
            }
        } catch (Throwable tx) {
        }
        ;
        throw t;
    } finally {
        if (session != null) {
            session.close();
        }
    }
}
Also used : Gson(com.google.gson.Gson) Workflow(com.tremolosecurity.provisioning.core.Workflow) Approvals(com.tremolosecurity.provisioning.objects.Approvals) Token(com.tremolosecurity.json.Token) SecretKey(javax.crypto.SecretKey) AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) Approval(com.tremolosecurity.provisioning.tasks.Approval) HashSet(java.util.HashSet) Session(org.hibernate.Session)

Aggregations

Gson (com.google.gson.Gson)2 Token (com.tremolosecurity.json.Token)2 AllowedApprovers (com.tremolosecurity.provisioning.objects.AllowedApprovers)2 Approvals (com.tremolosecurity.provisioning.objects.Approvals)2 Approval (com.tremolosecurity.provisioning.tasks.Approval)2 Cipher (javax.crypto.Cipher)2 IvParameterSpec (javax.crypto.spec.IvParameterSpec)2 LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)1 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPException (com.novell.ldap.LDAPException)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1 Workflow (com.tremolosecurity.provisioning.core.Workflow)1 ApproverAttributes (com.tremolosecurity.provisioning.objects.ApproverAttributes)1 Approvers (com.tremolosecurity.provisioning.objects.Approvers)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 AzSys (com.tremolosecurity.proxy.auth.AzSys)1 AzRule (com.tremolosecurity.proxy.az.AzRule)1 Attribute (com.tremolosecurity.saml.Attribute)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial