use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.
the class AuthzResolver method getRichAdmins.
/**
* Get all richUser administrators for complementary object and role with specified attributes.
*
* If <b>onlyDirectAdmins</b> is <b>true</b>, return only direct users of the complementary object for role with specific attributes.
* If <b>allUserAttributes</b> is <b>true</b>, do not specify attributes through list and return them all in objects richUser. Ignoring list of specific attributes.
*
* @param sess perun session
* @param complementaryObjectId id of object for which we will get richUser administrators
* @param complementaryObjectName name of object for which we will get richUser administrators
* @param specificAttributes list of specified attributes which are needed in object richUser
* @param role expected role to filter managers by
* @param onlyDirectAdmins if true, get only direct user administrators (if false, get both direct and indirect)
* @param allUserAttributes if true, get all possible user attributes and ignore list of specificAttributes (if false, get only specific attributes)
*
* @return list of richUser administrators for complementary object and role with specified attributes.
*
* @throws InternalErrorException
* @throws PrivilegeException
* @throws GroupNotExistsException
* @throws VoNotExistsException
* @throws FacilityNotExistsException
* @throws RoleNotSupportedException
* @throws PerunBeanNotSupportedException
* @throws UserNotExistsException
*/
public static List<RichUser> getRichAdmins(PerunSession sess, int complementaryObjectId, String complementaryObjectName, List<String> specificAttributes, Role role, boolean onlyDirectAdmins, boolean allUserAttributes) throws InternalErrorException, PrivilegeException, GroupNotExistsException, VoNotExistsException, FacilityNotExistsException, RoleNotSupportedException, PerunBeanNotSupportedException, UserNotExistsException {
Utils.checkPerunSession(sess);
Utils.notNull(role, "role");
Utils.notNull(complementaryObjectName, "complementaryObjectName");
if (!allUserAttributes)
Utils.notNull(specificAttributes, "specificAttributes");
List<RichUser> richUsers;
//Try to get complementary Object
if (complementaryObjectName.equals("Group")) {
if (!role.equals(Role.GROUPADMIN))
throw new RoleNotSupportedException("Not supported other role than group manager for object Group.");
Group group = ((PerunBl) sess.getPerun()).getGroupsManagerBl().getGroupById(sess, complementaryObjectId);
richUsers = sess.getPerun().getGroupsManager().getRichAdmins(sess, group, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else if (complementaryObjectName.equals("Vo")) {
Vo vo = ((PerunBl) sess.getPerun()).getVosManagerBl().getVoById(sess, complementaryObjectId);
richUsers = sess.getPerun().getVosManager().getRichAdmins(sess, vo, role, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else if (complementaryObjectName.equals("Facility")) {
if (!role.equals(Role.FACILITYADMIN))
throw new RoleNotSupportedException("Not supported other role than facility manager for object Facility.");
Facility facility = ((PerunBl) sess.getPerun()).getFacilitiesManagerBl().getFacilityById(sess, complementaryObjectId);
richUsers = sess.getPerun().getFacilitiesManager().getRichAdmins(sess, facility, specificAttributes, allUserAttributes, onlyDirectAdmins);
} else {
throw new PerunBeanNotSupportedException("Only Vo, Group and Facility are supported complementary names.");
}
return richUsers;
}
use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.
the class GroupsManagerBlImpl method saveInformationAboutGroupSynchronization.
public void saveInformationAboutGroupSynchronization(PerunSession sess, Group group, boolean failedDueToException, String exceptionMessage) throws AttributeNotExistsException, InternalErrorException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException, WrongAttributeValueException {
//get current timestamp of this synchronization
Date currentTimestamp = new Date();
String originalExceptionMessage = exceptionMessage;
//If session is null, throw an exception
if (sess == null) {
throw new InternalErrorException("Session is null when trying to save information about synchronization. Group: " + group + ", timestamp: " + currentTimestamp + ",message: " + exceptionMessage);
}
//If group is null, throw an exception
if (group == null) {
throw new InternalErrorException("Object group is null when trying to save information about synchronization. Timestamp: " + currentTimestamp + ", message: " + exceptionMessage);
}
//if exceptionMessage is empty, use "Empty message" instead
if (exceptionMessage != null && exceptionMessage.isEmpty()) {
exceptionMessage = "Empty message.";
//else trim the message on 1000 characters if not null
} else if (exceptionMessage != null && exceptionMessage.length() > 1000) {
exceptionMessage = exceptionMessage.substring(0, 1000) + " ... message is too long, other info is in perun log file. If needed, please ask perun administrators.";
}
//Set correct format of currentTimestamp
String correctTimestampString = BeansUtils.getDateFormatter().format(currentTimestamp);
//Get both attribute definition lastSynchroTimestamp and lastSynchroState
//Get definitions and values, set values
Attribute lastSynchronizationTimestamp = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":lastSynchronizationTimestamp"));
Attribute lastSynchronizationState = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":lastSynchronizationState"));
lastSynchronizationTimestamp.setValue(correctTimestampString);
//if exception is null, set null to value => remove attribute instead of setting in method setAttributes
lastSynchronizationState.setValue(exceptionMessage);
//attributes to set
List<Attribute> attrsToSet = new ArrayList<>();
//Set lastSuccessSynchronizationTimestamp if this one is success
if (exceptionMessage == null) {
String attrName = AttributesManager.NS_GROUP_ATTR_DEF + ":lastSuccessSynchronizationTimestamp";
try {
Attribute lastSuccessSynchronizationTimestamp = new Attribute(((PerunBl) sess.getPerun()).getAttributesManagerBl().getAttributeDefinition(sess, attrName));
lastSuccessSynchronizationTimestamp.setValue(correctTimestampString);
attrsToSet.add(lastSuccessSynchronizationTimestamp);
} catch (AttributeNotExistsException ex) {
log.error("Can't save lastSuccessSynchronizationTimestamp, because there is missing attribute with name {}", attrName);
}
} else {
//Log to auditer_log that synchronization failed or finished with some errors
if (failedDueToException) {
getPerunBl().getAuditer().log(sess, "{} synchronization failed because of {}.", group, originalExceptionMessage);
} else {
getPerunBl().getAuditer().log(sess, "{} synchronization finished with errors: {}.", group, originalExceptionMessage);
}
}
//set lastSynchronizationState and lastSynchronizationTimestamp
attrsToSet.add(lastSynchronizationState);
attrsToSet.add(lastSynchronizationTimestamp);
((PerunBl) sess.getPerun()).getAttributesManagerBl().setAttributes(sess, group, attrsToSet);
}
use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.
the class ELIXIRCILogonDNGenerator method approveApplication.
/**
* All new members will get new userExtSource with generated DN according to the CILogon rules:
* echo -n "eppn" | openssl dgst -sha256 -binary | base64 | head -c16
* where eppn is eduPersonPrincipalName
*/
@Override
public Application approveApplication(PerunSession session, Application app) throws PerunException {
if (Application.AppType.INITIAL.equals(app.getType())) {
// get perun from session
PerunBl perun = (PerunBl) session.getPerun();
User user = app.getUser();
// Get user ELIXIR persistent login
String elixirLogin = (String) perun.getAttributesManagerBl().getAttribute(session, user, LOGINATTRIBUTE).getValue();
// Get user displayName
String utfDisplayName = user.getCommonName();
// Remove all non-ascii chars and replace them for "X"
String displayName = Utils.toASCII(utfDisplayName, "X".charAt(0));
displayName = truncate(displayName, RDN_MAX_SIZE);
// Compute hash
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new InternalErrorException(e);
}
try {
md.update(elixirLogin.getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
throw new InternalErrorException(e);
}
byte[] digest = md.digest();
String hash = Base64.encodeBase64String(digest);
// Get just first 16 bytes as is described in EU CILogon - RCauth.eu CA requirements
String CILogonHash = hash.substring(0, 16);
// Based on the RCauth.eu policy, every '/' and '+' must be replaced with '-'
CILogonHash = CILogonHash.replaceAll("/|\\+", "-");
// Generate the DN, it must look like /DC=eu/DC=rcauth/DC=rcauth-clients/O=elixir-europe.org/CN=Michal Prochazka rdkfo3rdkfo3kdo
String dn = DNPREFIX + displayName + " " + CILogonHash;
// Store the userExtSource
ExtSource extSource = perun.getExtSourcesManagerBl().checkOrCreateExtSource(session, CADN, ExtSourcesManager.EXTSOURCE_X509);
UserExtSource userExtSource = new UserExtSource(extSource, dn);
try {
perun.getUsersManagerBl().addUserExtSource(session, user, userExtSource);
} catch (UserExtSourceExistsException e) {
// This can happen, so we can ignore it.
}
}
return app;
}
use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.
the class Utils method generateAllVosToWriter.
/**
* Method generate all Vos to the text for using in LDIF.
* Write all these information to writer in perunInitializer object.
*
* @param perunInitializer need to be loaded to get all needed dependencies
*
* @throws InternalErrorException if some problem with initializer or objects in perun-core
* @throws IOException if some problem with writer
*/
public static void generateAllVosToWriter(PerunInitializer perunInitializer) throws InternalErrorException, IOException {
//Load basic variables
if (perunInitializer == null)
throw new InternalErrorException("PerunInitializer must be loaded before using in generating methods!");
PerunSession perunSession = perunInitializer.getPerunSession();
PerunBl perun = perunInitializer.getPerunBl();
BufferedWriter writer = perunInitializer.getOutputWriter();
//Get list of all vos
List<Vo> vos = perun.getVosManagerBl().getVos(perunSession);
//For every vos get needed information and write them to the writer
for (Vo vo : vos) {
String dn = "dn: ";
String desc = "description: ";
String oc1 = "objectclass: top";
String oc2 = "objectclass: organization";
String oc3 = "objectclass: perunVO";
String o = "o: ";
String perunVoId = "perunVoId: ";
perunVoId += String.valueOf(vo.getId());
o += vo.getShortName();
desc += vo.getName();
dn += "perunVoId=" + vo.getId() + ",dc=perun,dc=cesnet,dc=cz";
writer.write(dn + '\n');
writer.write(oc1 + '\n');
writer.write(oc2 + '\n');
writer.write(oc3 + '\n');
writer.write(o + '\n');
writer.write(perunVoId + '\n');
writer.write(desc + '\n');
//Generate all members in member groups of this vo and add them here (only members with status Valid)
List<Member> validMembers = perun.getMembersManagerBl().getMembers(perunSession, vo, Status.VALID);
for (Member m : validMembers) {
writer.write("uniqueMember: perunUserId=" + m.getUserId() + ",ou=People,dc=perun,dc=cesnet,dc=cz" + '\n');
}
writer.write('\n');
}
}
use of cz.metacentrum.perun.core.bl.PerunBl in project perun by CESNET.
the class Utils method generateAllUsersToWriter.
/**
* Method generate all Users to the text for using in LDIF.
* Write all these information to writer in perunInitializer object.
*
* @param perunInitializer need to be loaded to get all needed dependencies
*
* @throws InternalErrorException if some problem with initializer or objects in perun-core
* @throws IOException if some problem with writer
* @throws AttributeNotExistsException
* @throws WrongAttributeAssignmentException
*/
public static void generateAllUsersToWriter(PerunInitializer perunInitializer) throws IOException, InternalErrorException, AttributeNotExistsException, WrongAttributeAssignmentException {
//Load basic variables
if (perunInitializer == null)
throw new InternalErrorException("PerunInitializer must be loaded before using in generating methods!");
PerunSession perunSession = perunInitializer.getPerunSession();
PerunBl perun = perunInitializer.getPerunBl();
BufferedWriter writer = perunInitializer.getOutputWriter();
List<User> users = perun.getUsersManagerBl().getUsers(perunSession);
for (User user : users) {
String dn = "dn: ";
String entryStatus = "entryStatus: active";
String oc1 = "objectclass: top";
String oc2 = "objectclass: person";
String oc3 = "objectclass: organizationalPerson";
String oc4 = "objectclass: inetOrgPerson";
String oc5 = "objectclass: perunUser";
String oc6 = "objectclass: tenOperEntry";
String oc7 = "objectclass: inetUser";
String sn = "sn: ";
String cn = "cn: ";
String givenName = "givenName: ";
String perunUserId = "perunUserId: ";
String mail = "mail: ";
String preferredMail = "preferredMail: ";
String o = "o: ";
String isServiceUser = "isServiceUser: ";
String isSponsoredUser = "isSponsoredUser: ";
String userPassword = "userPassword: ";
List<String> membersOf = new ArrayList<>();
List<Member> members;
Set<String> membersOfPerunVo = new HashSet<>();
members = perun.getMembersManagerBl().getMembersByUser(perunSession, user);
for (Member member : members) {
if (member.getStatus().equals(Status.VALID)) {
membersOfPerunVo.add("memberOfPerunVo: " + member.getVoId());
List<Group> groups;
groups = perun.getGroupsManagerBl().getAllMemberGroups(perunSession, member);
for (Group group : groups) {
membersOf.add("memberOf: " + "perunGroupId=" + group.getId() + ",perunVoId=" + group.getVoId() + ",dc=perun,dc=cesnet,dc=cz");
}
}
}
//Attribute attrMail = perun.getAttributesManagerBl().getAttribute(perunSession, u, AttributesManager.NS_USER_ATTR_DEF + ":mail");
Attribute attrPreferredMail = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":preferredMail");
Attribute attrOrganization = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":organization");
Attribute attrVirtCertDNs = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_VIRT + ":userCertDNs");
Attribute attrLibraryIDs = perun.getAttributesManagerBl().getAttribute(perunSession, user, AttributesManager.NS_USER_ATTR_DEF + ":libraryIDs");
perunUserId += String.valueOf(user.getId());
dn += "perunUserId=" + user.getId() + ",ou=People,dc=perun,dc=cesnet,dc=cz";
String firstName = user.getFirstName();
String lastName = user.getLastName();
if (firstName == null)
firstName = "";
if (lastName == null || lastName.isEmpty())
lastName = "N/A";
sn += lastName;
cn += firstName + " " + lastName;
if (user.isServiceUser())
isServiceUser += "1";
else
isServiceUser += "0";
if (user.isSponsoredUser())
isSponsoredUser += "1";
else
isSponsoredUser += "0";
if (firstName.isEmpty())
givenName = null;
else
givenName += firstName;
if (attrPreferredMail == null || attrPreferredMail.getValue() == null)
mail = null;
else
mail += (String) attrPreferredMail.getValue();
if (attrPreferredMail == null || attrPreferredMail.getValue() == null)
preferredMail = null;
else
preferredMail += (String) attrPreferredMail.getValue();
if (attrOrganization == null || attrOrganization.getValue() == null)
o = null;
else
o += (String) attrOrganization.getValue();
Map<String, String> certDNs = null;
Set<String> certSubjectsWithPrefix = null;
Set<String> certSubjectsWithoutPrefix = new HashSet<>();
if (attrVirtCertDNs != null && attrVirtCertDNs.getValue() != null) {
certDNs = (Map) attrVirtCertDNs.getValue();
certSubjectsWithPrefix = certDNs.keySet();
for (String certSubject : certSubjectsWithPrefix) {
certSubjectsWithoutPrefix.add(certSubject.replaceFirst("^[0-9]+[:]", ""));
}
}
writer.write(dn + '\n');
writer.write(oc1 + '\n');
writer.write(oc2 + '\n');
writer.write(oc3 + '\n');
writer.write(oc4 + '\n');
writer.write(oc5 + '\n');
writer.write(oc6 + '\n');
writer.write(oc7 + '\n');
writer.write(entryStatus + '\n');
writer.write(sn + '\n');
writer.write(cn + '\n');
if (givenName != null)
writer.write(givenName + '\n');
writer.write(perunUserId + '\n');
writer.write(isServiceUser + '\n');
writer.write(isSponsoredUser + '\n');
if (mail != null)
writer.write(mail + '\n');
if (preferredMail != null)
writer.write(preferredMail + '\n');
if (o != null)
writer.write(o + '\n');
if (certSubjectsWithoutPrefix != null && !certSubjectsWithoutPrefix.isEmpty()) {
for (String s : certSubjectsWithoutPrefix) {
writer.write("userCertificateSubject: " + s + '\n');
}
}
List<String> libraryIDs = new ArrayList<>();
if (attrLibraryIDs.getValue() != null) {
libraryIDs = (ArrayList) attrLibraryIDs.getValue();
}
if (libraryIDs != null && !libraryIDs.isEmpty()) {
for (String id : libraryIDs) {
writer.write("libraryIDs: " + id + '\n');
}
}
//GET ALL USERS UIDs
List<String> similarUids = perun.getAttributesManagerBl().getAllSimilarAttributeNames(perunSession, AttributesManager.NS_USER_ATTR_DEF + ":uid-namespace:");
if (similarUids != null && !similarUids.isEmpty()) {
for (String s : similarUids) {
Attribute uidNamespace = perun.getAttributesManagerBl().getAttribute(perunSession, user, s);
if (uidNamespace != null && uidNamespace.getValue() != null) {
writer.write("uidNumber;x-ns-" + uidNamespace.getFriendlyNameParameter() + ": " + uidNamespace.getValue().toString() + '\n');
}
}
}
//GET ALL USERS LOGINs
List<String> similarLogins = perun.getAttributesManagerBl().getAllSimilarAttributeNames(perunSession, AttributesManager.NS_USER_ATTR_DEF + ":login-namespace:");
if (similarLogins != null && !similarLogins.isEmpty()) {
for (String s : similarLogins) {
Attribute loginNamespace = perun.getAttributesManagerBl().getAttribute(perunSession, user, s);
if (loginNamespace != null && loginNamespace.getValue() != null) {
writer.write("login;x-ns-" + loginNamespace.getFriendlyNameParameter() + ": " + loginNamespace.getValue().toString() + '\n');
if (loginNamespace.getFriendlyNameParameter().equals("einfra")) {
writer.write(userPassword + "{SASL}" + loginNamespace.getValue().toString() + '@' + loginNamespace.getFriendlyNameParameter().toUpperCase() + '\n');
}
}
}
}
//GET ALL USERS EXTlogins FOR EVERY EXTSOURCE WITH TYPE EQUALS IDP
List<UserExtSource> userExtSources = perun.getUsersManagerBl().getUserExtSources(perunSession, user);
List<String> extLogins = new ArrayList<>();
for (UserExtSource ues : userExtSources) {
if (ues != null && ues.getExtSource() != null) {
String type = ues.getExtSource().getType();
if (type != null) {
if (type.equals(ExtSourcesManager.EXTSOURCE_IDP)) {
String extLogin;
extLogin = ues.getLogin();
if (extLogin == null)
extLogin = "";
writer.write("eduPersonPrincipalNames: " + extLogin + '\n');
}
}
}
}
//ADD MEMBEROF ATTRIBUTE TO WRITER
for (String s : membersOf) {
writer.write(s + '\n');
}
//ADD MEMBEROFPERUNVO ATTRIBUTE TO WRITER
for (String s : membersOfPerunVo) {
writer.write(s + '\n');
}
writer.write('\n');
}
}
Aggregations