Example 51 with Attribute
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doApproval.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.ProvisioningEngine#doApproval(int, java.lang.String, boolean, java.lang.String)
*/
@Override
public void doApproval(int id, String userID, boolean approved, String reason) throws ProvisioningException {
org.hibernate.Session session = this.sessionFactory.openSession();
try {
StringBuffer b = new StringBuffer();
LDAPSearchResults res = this.cfgMgr.getMyVD().search(this.cfgMgr.getCfg().getLdapRoot(), 2, equal(this.userIDAttributeName, userID).toString(), new ArrayList<String>());
if (!res.hasMore()) {
throw new ProvisioningException("Could not locate approver '" + userID + "'");
}
LDAPEntry approver = res.next();
AuthInfo auinfo = new AuthInfo();
auinfo.setUserDN(approver.getDN());
LDAPAttributeSet attrs = approver.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
auinfo.getAttribs().put(attrib.getName(), attrib);
}
while (res.hasMore()) res.next();
Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
query.setParameter("user_key", userID);
List<Approvers> approvers = query.list();
Approvers approverObj = null;
if (logger.isDebugEnabled()) {
logger.debug("Approver UserID : " + userID);
}
int approverID;
if (approvers.size() == 0) {
approverObj = new Approvers();
approverObj.setUserKey(userID);
session.save(approverObj);
approverID = approverObj.getId();
} else {
approverObj = approvers.get(0);
approverID = approverObj.getId();
}
session.beginTransaction();
boolean changed = false;
for (String attrName : this.getApproverAttributes()) {
boolean found = false;
for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
if (attrName.equalsIgnoreCase(appAttr.getName())) {
found = true;
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
appAttr.setValue(approverAttr.getStringValue());
session.save(appAttr);
}
}
}
}
if (!found) {
ApproverAttributes attr = new ApproverAttributes();
attr.setName(attrName);
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
attr.setValue(approverAttr.getStringValue());
}
attr.setApprovers(approverObj);
approverObj.getApproverAttributeses().add(attr);
session.save(attr);
changed = true;
}
}
Approvals approvals = session.load(Approvals.class, id);
if (approvals == null) {
throw new ProvisioningException("Approval not found");
}
Gson gson = new Gson();
String json = approvals.getWorkflowObj();
Token token = gson.fromJson(json, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String jsonDecr = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(jsonDecr);
Approval approval = (Approval) wf.findCurrentApprovalTask();
if (approval == null) {
throw new ProvisioningException("Could not locate approval step");
}
AzSys az = new AzSys();
for (AzRule rule : approval.getAzRules()) {
if (rule.getCustomAuthorization() != null) {
rule.getCustomAuthorization().loadConfigManager(cfgMgr);
rule.getCustomAuthorization().setWorkflow(wf);
}
}
if (!az.checkRules(auinfo, this.cfgMgr, approval.getAzRules(), wf.getRequest())) {
throw new ProvisioningException("Az of approval failed");
}
DateTime now = new DateTime();
approvals.setWorkflowObj(null);
approvals.setApprovedTs(new Timestamp(now.getMillis()));
approvals.setApprovers(approverObj);
approvals.setApproved(approved ? 1 : 0);
approvals.setReason(reason);
session.save(approvals);
wf.getRequest().put(Approval.APPROVAL_RESULT, new Boolean(approved));
approval.markComplete(approved);
if (approved) {
wf.reInit(cfgMgr);
wf.restart();
} else {
if (wf.getUserNum() != wf.getRequesterNum()) {
wf.getRequester().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getRequester().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getRequester().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getRequester().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getRequester());
}
}
wf.getUser().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getUser().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getUser().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getUser().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getUser());
}
wf.reInit(cfgMgr);
wf.restart();
}
session.getTransaction().commit();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load approver", e);
} catch (SQLException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (IOException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (ClassNotFoundException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (NoSuchAlgorithmException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (NoSuchPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidKeyException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidAlgorithmParameterException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (IllegalBlockSizeException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (BadPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (ProvisioningException e) {
throw e;
} catch (Exception e) {
logger.error("Exception running workflow", e);
throw new ProvisioningException("Exception running workflow", e);
} finally {
if (session != null) {
session.close();
}
}
}
Also used :
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
Query(org.hibernate.Query)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
SQLException(java.sql.SQLException)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
Gson(com.google.gson.Gson)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
Token(com.tremolosecurity.json.Token)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
Timestamp(java.sql.Timestamp)
DateTime(org.joda.time.DateTime)
LDAPEntry(com.novell.ldap.LDAPEntry)
Approvers(com.tremolosecurity.provisioning.objects.Approvers)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
Approval(com.tremolosecurity.provisioning.tasks.Approval)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SocketException(java.net.SocketException)
SQLException(java.sql.SQLException)
SchedulerException(org.quartz.SchedulerException)
IOException(java.io.IOException)
MessagingException(javax.mail.MessagingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
JMSException(javax.jms.JMSException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
BadPaddingException(javax.crypto.BadPaddingException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
AzRule(com.tremolosecurity.proxy.az.AzRule)
Example 52 with Attribute
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class SendMessageThread method initScheduler.
@Override
public void initScheduler() throws ProvisioningException {
if (this.cfgMgr.getCfg().getProvisioning() == null || this.cfgMgr.getCfg().getProvisioning().getScheduler() == null) {
logger.warn("Scheduler not defined");
return;
}
SchedulingType sct = this.cfgMgr.getCfg().getProvisioning().getScheduler();
Properties scheduleProps = new Properties();
scheduleProps.setProperty("org.quartz.scheduler.instanceName", sct.getInstanceLabel());
/*String instanceLabel = null;
try {
Enumeration<NetworkInterface> enumer = NetworkInterface.getNetworkInterfaces();
while (enumer.hasMoreElements()) {
NetworkInterface ni = enumer.nextElement();
Enumeration<InetAddress> enumeri = ni.getInetAddresses();
while (enumeri.hasMoreElements()) {
InetAddress addr = enumeri.nextElement();
if (addr.getHostAddress().startsWith(sct.getInstanceIPMask())) {
instanceLabel = addr.getHostAddress();
}
}
}
} catch (SocketException e) {
throw new ProvisioningException("Could not read network addresses",e);
}
if (instanceLabel == null) {
logger.warn("No IP starts with '" + sct.getInstanceIPMask() + "'");
instanceLabel = "AUTO";
}*/
scheduleProps.setProperty("org.quartz.scheduler.instanceId", UUID.randomUUID().toString());
scheduleProps.setProperty("org.quartz.threadPool.threadCount", Integer.toString(sct.getThreadCount()));
if (sct.isUseDB()) {
scheduleProps.setProperty("org.quartz.jobStore.class", "org.quartz.impl.jdbcjobstore.JobStoreTX");
scheduleProps.setProperty("org.quartz.jobStore.driverDelegateClass", sct.getScheduleDB().getDelegateClassName());
scheduleProps.setProperty("org.quartz.jobStore.dataSource", "scheduleDB");
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.driver", sct.getScheduleDB().getDriver());
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.URL", sct.getScheduleDB().getUrl());
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.user", sct.getScheduleDB().getUser());
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.password", sct.getScheduleDB().getPassword());
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.maxConnections", Integer.toString(sct.getScheduleDB().getMaxConnections()));
scheduleProps.setProperty("org.quartz.dataSource.scheduleDB.validationQuery", sct.getScheduleDB().getValidationQuery());
scheduleProps.setProperty("org.quartz.jobStore.useProperties", "true");
scheduleProps.setProperty("org.quartz.jobStore.isClustered", "true");
} else {
scheduleProps.setProperty("org.quartz.jobStore.class", "org.quartz.simpl.RAMJobStore");
}
try {
/*String classpath = System.getProperty("java.class.path");
String[] classpathEntries = classpath.split(File.pathSeparator);
for (String cp : classpathEntries) {
System.out.println(cp);
}*/
PrintStream out = new PrintStream(new FileOutputStream(System.getProperty(OpenUnisonConstants.UNISON_CONFIG_QUARTZDIR) + "/quartz.properties"));
scheduleProps.store(out, "Unison internal scheduler properties");
out.flush();
out.close();
} catch (IOException e) {
throw new ProvisioningException("Could not write to quartz.properties", e);
}
try {
this.scheduler = StdSchedulerFactory.getDefaultScheduler();
this.scheduler.start();
this.cfgMgr.addThread(new StopScheduler(this.scheduler));
HashSet<String> jobKeys = new HashSet<String>();
for (JobType jobType : sct.getJob()) {
addNewJob(jobKeys, jobType);
}
DynamicPortalUrlsType dynamicJobs = cfgMgr.getCfg().getProvisioning().getScheduler().getDynamicJobs();
if (dynamicJobs != null && dynamicJobs.isEnabled()) {
String className = dynamicJobs.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicJobs.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicJobs dynJobs = null;
try {
dynJobs = (DynamicJobs) Class.forName(className).newInstance();
} catch (InstantiationException | IllegalAccessException e) {
throw new ProvisioningException("Could not create dynmaic job", e);
}
dynJobs.loadDynamicJobs(cfgMgr, this, cfgAttrs, jobKeys);
}
for (String groupName : scheduler.getJobGroupNames()) {
this.deleteRemovedJobs(jobKeys, groupName);
}
} catch (SchedulerException e) {
throw new ProvisioningException("Could not initialize scheduler", e);
} catch (ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize scheduler", e);
}
}
Also used :
PrintStream(java.io.PrintStream)
SchedulerException(org.quartz.SchedulerException)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
SchedulingType(com.tremolosecurity.config.xml.SchedulingType)
IOException(java.io.IOException)
Properties(java.util.Properties)
ParamType(com.tremolosecurity.config.xml.ParamType)
DynamicJobs(com.tremolosecurity.provisioning.jobs.DynamicJobs)
JobType(com.tremolosecurity.config.xml.JobType)
FileOutputStream(java.io.FileOutputStream)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
StopScheduler(com.tremolosecurity.provisioning.scheduler.StopScheduler)
HashSet(java.util.HashSet)
Example 53 with Attribute
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class SendMessageThread method addTarget.
private void addTarget(ConfigManager cfgMgr, TargetType targetCfg) throws ProvisioningException {
HashMap<String, Attribute> cfg = new HashMap<String, Attribute>();
Iterator<ParamType> params = targetCfg.getParams().getParam().iterator();
while (params.hasNext()) {
ParamType param = params.next();
Attribute attr = cfg.get(param.getName());
if (attr == null) {
attr = new Attribute(param.getName());
cfg.put(attr.getName(), attr);
}
attr.getValues().add(param.getValue());
}
UserStoreProvider provider = null;
synchronized (this.userStores) {
try {
provider = (UserStoreProvider) Class.forName(targetCfg.getClassName()).newInstance();
} catch (Exception e) {
throw new ProvisioningException("Could not initialize target " + targetCfg.getName(), e);
}
MapIdentity mapper = new MapIdentity(targetCfg);
this.userStores.put(targetCfg.getName(), new ProvisioningTargetImpl(targetCfg.getName(), provider, mapper));
provider.init(cfg, cfgMgr, targetCfg.getName());
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
MapIdentity(com.tremolosecurity.provisioning.mapping.MapIdentity)
ParamType(com.tremolosecurity.config.xml.ParamType)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SocketException(java.net.SocketException)
SQLException(java.sql.SQLException)
SchedulerException(org.quartz.SchedulerException)
IOException(java.io.IOException)
MessagingException(javax.mail.MessagingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
JMSException(javax.jms.JMSException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
BadPaddingException(javax.crypto.BadPaddingException)
Example 54 with Attribute
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class SendMessageThread method generateTargets.
private void generateTargets(ConfigManager cfgMgr) throws ProvisioningException {
if (cfgMgr.getCfg().getProvisioning() == null) {
return;
}
this.targetIDs = new HashMap<String, Targets>();
Iterator<TargetType> it = cfgMgr.getCfg().getProvisioning().getTargets().getTarget().iterator();
while (it.hasNext()) {
TargetType targetCfg = it.next();
addTarget(cfgMgr, targetCfg);
}
if (cfgMgr.getCfg().getProvisioning().getTargets().getDynamicTargets() != null && cfgMgr.getCfg().getProvisioning().getTargets().getDynamicTargets().isEnabled()) {
DynamicPortalUrlsType dynamicTargets = cfgMgr.getCfg().getProvisioning().getTargets().getDynamicTargets();
String className = dynamicTargets.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicTargets.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
try {
DynamicTargets dynTargets = (DynamicTargets) Class.forName(className).newInstance();
dynTargets.loadDynamicTargets(cfgMgr, this, cfgAttrs);
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
}
}
Also used :
DynamicTargets(com.tremolosecurity.provisioning.targets.DynamicTargets)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
DynamicTargets(com.tremolosecurity.provisioning.targets.DynamicTargets)
Targets(com.tremolosecurity.provisioning.objects.Targets)
ParamType(com.tremolosecurity.config.xml.ParamType)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
TargetType(com.tremolosecurity.config.xml.TargetType)
Example 55 with Attribute
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class SamlTransaction method init.
@Override
public void init(String idpName, ServletContext ctx, HashMap<String, Attribute> init, HashMap<String, HashMap<String, Attribute>> trustCfg, MapIdentity mapper) {
this.idpName = idpName;
this.idpSigKeyName = init.get("sigKey").getValues().get(0);
this.requireSignedAuthn = init.get("requireSignedAuthn") != null && Boolean.parseBoolean(init.get("requireSignedAuthn").getValues().get(0));
this.saml2PostTemplate = init.get("postTemplate") != null ? init.get("postTemplate").getValues().get(0) : Saml2Idp.DEFAULT_SAML2_POST_TEMPLATE;
try {
InitializationService.initialize();
} catch (InitializationException e) {
logger.warn("Could not initialize opensaml", e);
}
this.trusts = new HashMap<String, Saml2Trust>();
for (String name : trustCfg.keySet()) {
HashMap<String, Attribute> trust = trustCfg.get(name);
Saml2Trust samlTrust = new Saml2Trust();
this.trusts.put(name, samlTrust);
samlTrust.params = trust;
samlTrust.name = name;
samlTrust.encAssertion = trust.get("encAssertion") != null && Boolean.parseBoolean(trust.get("encAssertion").getValues().get(0));
samlTrust.signAssertion = trust.get("signAssertion") != null && Boolean.parseBoolean(trust.get("signAssertion").getValues().get(0));
samlTrust.signResponse = trust.get("signResponse") != null && Boolean.parseBoolean(trust.get("signResponse").getValues().get(0));
samlTrust.spEncCert = trust.get("spEncKey").getValues().get(0);
samlTrust.spSigCert = trust.get("spSigKey").getValues().get(0);
samlTrust.authChainMap = new HashMap<String, String>();
samlTrust.nameIDMap = new HashMap<String, String>();
Attribute attr = trust.get("nameIdMap");
for (String val : attr.getValues()) {
String nameidFormat = val.substring(0, val.indexOf('='));
String attrName = val.substring(val.indexOf('=') + 1);
samlTrust.nameIDMap.put(nameidFormat, attrName);
}
attr = trust.get("authCtxMap");
for (String val : attr.getValues()) {
String ctxType = val.substring(0, val.indexOf('='));
String authchain = val.substring(val.indexOf('=') + 1);
samlTrust.authChainMap.put(ctxType, authchain);
}
}
this.mapper = mapper;
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
InitializationException(org.opensaml.core.config.InitializationException)
Aggregations
Attribute (com.tremolosecurity.saml.Attribute)268
LDAPAttribute (com.novell.ldap.LDAPAttribute)90
HashMap (java.util.HashMap)89
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87
IOException (java.io.IOException)69
ArrayList (java.util.ArrayList)53
LDAPException (com.novell.ldap.LDAPException)51
ServletException (javax.servlet.ServletException)48
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46
AuthController (com.tremolosecurity.proxy.auth.AuthController)45
LDAPEntry (com.novell.ldap.LDAPEntry)43
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43
HttpSession (javax.servlet.http.HttpSession)40
Gson (com.google.gson.Gson)35
User (com.tremolosecurity.provisioning.core.User)33
HttpServletRequest (javax.servlet.http.HttpServletRequest)33
UrlHolder (com.tremolosecurity.config.util.UrlHolder)31
UnsupportedEncodingException (java.io.UnsupportedEncodingException)30
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28
HashSet (java.util.HashSet)26
