Search in sources :

Example 46 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class UserPrincipal method syncUser.

public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    User fromIPA = null;
    HttpCon con = null;
    try {
        con = this.createClient();
        try {
            fromIPA = this.findUser(user.getUserID(), attributes, request);
        } catch (IPAException ipaException) {
            if (ipaException.getCode() != 4001) {
                throw ipaException;
            }
        }
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        if (fromIPA == null) {
            if (principal.isPrimaryDomain()) {
                this.createUser(user, attributes, request);
            }
        } else {
            if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
                this.createUser(user, attributes, request);
                return;
            }
            // check to see if the attributes from the incoming object match
            for (String attrName : attributes) {
                if (attrName.equalsIgnoreCase("uid")) {
                    continue;
                }
                Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
            }
            if (!addOnly) {
                for (String attrToDel : fromIPA.getAttribs().keySet()) {
                    if (!attrToDel.equalsIgnoreCase("uid")) {
                        // These attributes were no longer on the user, delete them
                        this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
                        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
                    }
                }
            }
            // }
            // check groups
            HashSet<String> curGroups = new HashSet<String>();
            curGroups.addAll(fromIPA.getGroups());
            for (String group : user.getGroups()) {
                if (curGroups.contains(group)) {
                    curGroups.remove(group);
                } else {
                    this.addGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (!addOnly) {
                for (String group : curGroups) {
                    this.removeGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (principal.isPrimaryDomain()) {
                if (this.createShadowAccount) {
                    String password = new BigInteger(130, random).toString(32);
                    password = PBKDF2.generateHash(password);
                    user.setPassword(password);
                    this.setUserPassword(user, request);
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not sync user", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) Workflow(com.tremolosecurity.provisioning.core.Workflow) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BigInteger(java.math.BigInteger) HashSet(java.util.HashSet)

Example 47 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class UserPrincipal method setUserPassword.

public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    if (!principal.isPrimaryDomain()) {
        throw new ProvisioningException("Can not set password on users outside of the primary domain");
    }
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        try {
            HttpCon con = this.createClient();
            try {
                IPACall setPassword = new IPACall();
                setPassword.setId(0);
                setPassword.setMethod("passwd");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                setPassword.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                additionalParams.put("password", user.getPassword());
                setPassword.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(setPassword, con);
                con.getBcm().shutdown();
                // no we need to reset the password, this is a hack.  right way is to tell IPA the user doesn't need to reset their password
                HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
                httppost.addHeader("Referer", this.url + "/ipa/ui/");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("user", principal.getUid()));
                formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
                formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                con = this.createClient(principal.getUid(), user.getPassword());
                CloseableHttpClient http = con.getHttp();
                CloseableHttpResponse httpResp = http.execute(httppost);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
            } finally {
                if (con != null) {
                    con.getBcm().shutdown();
                }
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not run search", e);
        }
    }
}
Also used : IPAResponse(com.tremolosecurity.unison.freeipa.json.IPAResponse) HttpPost(org.apache.http.client.methods.HttpPost) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HashMap(java.util.HashMap) IPACall(com.tremolosecurity.unison.freeipa.json.IPACall) ArrayList(java.util.ArrayList) Workflow(com.tremolosecurity.provisioning.core.Workflow) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) ClientProtocolException(org.apache.http.client.ClientProtocolException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) IPAException(com.tremolosecurity.unison.freeipa.util.IPAException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)

Example 48 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class MailChimp method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    String listID = (String) request.get("listID");
    JSONObject member = new JSONObject();
    member.put("email_address", user.getUserID());
    JSONObject merge = new JSONObject();
    member.put("merge_fields", merge);
    for (Attribute attr : user.getAttribs().values()) {
        if (attributes.contains(attr.getName())) {
            if (attr.getName().equals("tags")) {
                JSONArray tagList = new JSONArray();
                for (String tagName : attr.getValues()) {
                    tagList.add(tagName);
                }
                member.put("tags", tagList);
            } else if (this.mergeAttributes.contains(attr.getName())) {
                merge.put(attr.getName(), attr.getValues().get(0));
            } else {
                member.put(attr.getName(), attr.getValues().get(0));
            }
        }
    }
    String json = member.toJSONString();
    StringBuffer sb = new StringBuffer();
    try {
        sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members");
    } catch (UnsupportedEncodingException e1) {
    }
    String url = sb.toString();
    HttpCon con = null;
    try {
        con = this.createClient();
        HttpPost post = new HttpPost(sb.toString());
        post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
        StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
        post.setEntity(str);
        CloseableHttpResponse resp = con.getHttp().execute(post);
        if (resp.getStatusLine().getStatusCode() != 200) {
            logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode() + " - " + EntityUtils.toString(resp.getEntity()));
        }
        String jsonResp = EntityUtils.toString(resp.getEntity());
    } catch (Exception e) {
        logger.warn("Could not get connection", e);
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
}
Also used : HttpPost(org.apache.http.client.methods.HttpPost) StringEntity(org.apache.http.entity.StringEntity) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) Attribute(com.tremolosecurity.saml.Attribute) JSONArray(org.json.simple.JSONArray) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.apache.http.ParseException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 49 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class MailChimp method getTags.

private Map<String, Long> getTags(String listID) throws Exception {
    HashMap<String, Long> tags = new HashMap<String, Long>();
    StringBuffer sb = new StringBuffer();
    HttpCon con = null;
    try {
        con = this.createClient();
        sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/segments");
        HttpGet get = new HttpGet(sb.toString());
        get.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
        CloseableHttpResponse resp = con.getHttp().execute(get);
        JSONArray segments = (JSONArray) ((JSONObject) new JSONParser().parse(EntityUtils.toString(resp.getEntity()))).get("segments");
        for (Object o : segments) {
            JSONObject tag = (JSONObject) o;
            tags.put((String) tag.get("name"), (Long) tag.get("id"));
        }
        return tags;
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
}
Also used : HashMap(java.util.HashMap) HttpGet(org.apache.http.client.methods.HttpGet) JSONArray(org.json.simple.JSONArray) IOException(java.io.IOException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) JSONParser(org.json.simple.parser.JSONParser) JSONObject(org.json.simple.JSONObject)

Example 50 with HttpCon

use of com.tremolosecurity.provisioning.util.HttpCon in project OpenUnison by TremoloSecurity.

the class MailChimp method deleteUser.

@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    CloseableHttpResponse resp = null;
    String respJson = getUserJSON(user.getUserID(), request, resp);
    if (respJson == null) {
        return;
    }
    JSONObject root;
    try {
        root = (JSONObject) new JSONParser().parse(respJson);
    } catch (ParseException | org.json.simple.parser.ParseException e) {
        logger.warn("Could not parse json", e);
        return;
    }
    JSONObject exactMatches = (JSONObject) root.get("exact_matches");
    JSONArray members = (JSONArray) exactMatches.get("members");
    if (members.size() == 0) {
        logger.error("Could not find '" + user.getUserID() + "'");
        return;
    }
    JSONObject member = (JSONObject) members.get(0);
    String id = (String) member.get("id");
    String listID = (String) request.get("listID");
    StringBuffer sb = new StringBuffer();
    try {
        sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members/").append(URLEncoder.encode(id, "UTF-8"));
    } catch (UnsupportedEncodingException e1) {
    }
    String url = sb.toString();
    HttpCon con = null;
    try {
        con = this.createClient();
        HttpDelete post = new HttpDelete(sb.toString());
        post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
        resp = con.getHttp().execute(post);
        if (resp.getStatusLine().getStatusCode() != 204) {
            logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode());
        }
    } catch (Exception e) {
        logger.warn("Could not get connection", e);
    } finally {
        if (con != null) {
            try {
                con.getHttp().close();
            } catch (IOException e) {
            }
            con.getBcm().close();
        }
    }
}
Also used : HttpDelete(org.apache.http.client.methods.HttpDelete) JSONArray(org.json.simple.JSONArray) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.apache.http.ParseException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) JSONParser(org.json.simple.parser.JSONParser) ParseException(org.apache.http.ParseException)

Aggregations

HttpCon (com.tremolosecurity.provisioning.util.HttpCon)104 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)82 IOException (java.io.IOException)70 ClientProtocolException (org.apache.http.client.ClientProtocolException)49 JSONObject (org.json.simple.JSONObject)43 ParseException (org.json.simple.parser.ParseException)33 Workflow (com.tremolosecurity.provisioning.core.Workflow)32 ArrayList (java.util.ArrayList)32 UnsupportedEncodingException (java.io.UnsupportedEncodingException)31 OpenShiftTarget (com.tremolosecurity.unison.openshiftv3.OpenShiftTarget)27 JSONParser (org.json.simple.parser.JSONParser)25 HashMap (java.util.HashMap)24 JSONArray (org.json.simple.JSONArray)22 User (com.tremolosecurity.provisioning.core.User)18 Attribute (com.tremolosecurity.saml.Attribute)17 Gson (com.google.gson.Gson)16 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)14 HashSet (java.util.HashSet)13 List (java.util.List)13 KSToken (com.tremolosecurity.unison.openstack.util.KSToken)12