Search in sources :

Example 6 with ConfidentialString

use of eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString in project CzechIdMng by bcvsolutions.

the class DefaultSysProvisioningOperationService method replaceGuardedStrings.

/**
 * Replaces GuardedStrings as ConfidentialStrings in given {@link ProvisioningContext}.
 *
 * TODO: don't update accountObject in provisioningOperation (needs attribute defensive clone)
 *
 * @param context
 * @return Returns values (key / value) to store in confidential storage.
 */
protected Map<String, Serializable> replaceGuardedStrings(ProvisioningContext context) {
    try {
        Map<String, Serializable> confidentialValues = new HashMap<>();
        if (context == null) {
            return confidentialValues;
        }
        // 
        Map<ProvisioningAttributeDto, Object> accountObject = context.getAccountObject();
        if (accountObject != null) {
            for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
                if (entry.getValue() == null) {
                    continue;
                }
                Object idmValue = entry.getValue();
                // single value
                if (idmValue instanceof GuardedString) {
                    GuardedString guardedString = (GuardedString) entry.getValue();
                    // save value into confidential storage
                    String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), 0);
                    confidentialValues.put(confidentialStorageKey, guardedString.asString());
                    accountObject.put(entry.getKey(), new ConfidentialString(confidentialStorageKey));
                } else // array
                if (idmValue.getClass().isArray()) {
                    if (!idmValue.getClass().getComponentType().isPrimitive()) {
                        // objects only, we dont want pto proces byte, boolean etc.
                        Object[] idmValues = (Object[]) idmValue;
                        List<ConfidentialString> processedValues = new ArrayList<>();
                        for (int j = 0; j < idmValues.length; j++) {
                            Object singleValue = idmValues[j];
                            if (singleValue instanceof GuardedString) {
                                GuardedString guardedString = (GuardedString) singleValue;
                                // save value into confidential storage
                                String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), j);
                                confidentialValues.put(confidentialStorageKey, guardedString.asString());
                                processedValues.add(new ConfidentialString(confidentialStorageKey));
                            }
                        }
                        if (!processedValues.isEmpty()) {
                            accountObject.put(entry.getKey(), processedValues.toArray(new ConfidentialString[processedValues.size()]));
                        }
                    }
                } else // collection
                if (idmValue instanceof Collection) {
                    Collection<?> idmValues = (Collection<?>) idmValue;
                    List<ConfidentialString> processedValues = new ArrayList<>();
                    idmValues.forEach(singleValue -> {
                        if (singleValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) singleValue;
                            // save value into confidential storage
                            String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), processedValues.size());
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            processedValues.add(new ConfidentialString(confidentialStorageKey));
                        }
                    });
                    if (!processedValues.isEmpty()) {
                        accountObject.put(entry.getKey(), processedValues);
                    }
                }
            }
        }
        // 
        IcConnectorObject connectorObject = context.getConnectorObject();
        if (connectorObject != null) {
            for (IcAttribute attribute : connectorObject.getAttributes()) {
                if (attribute.getValues() != null) {
                    for (int j = 0; j < attribute.getValues().size(); j++) {
                        Object attributeValue = attribute.getValues().get(j);
                        if (attributeValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) attributeValue;
                            String confidentialStorageKey = createConnectorObjectPropertyKey(attribute, j);
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            attribute.getValues().set(j, new ConfidentialString(confidentialStorageKey));
                        }
                    }
                }
            }
        }
        // 
        return confidentialValues;
    } catch (Exception ex) {
        throw new CoreException("Replace guarded strings for provisioning operation failed.", ex);
    }
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ConfidentialString(eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) ConfidentialString(eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Collection(java.util.Collection) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) List(java.util.List) ArrayList(java.util.ArrayList)

Aggregations

ConfidentialString (eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString)6 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)5 GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)5 ProvisioningContext (eu.bcvsolutions.idm.acc.domain.ProvisioningContext)4 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)4 Serializable (java.io.Serializable)4 List (java.util.List)4 SysProvisioningOperation (eu.bcvsolutions.idm.acc.entity.SysProvisioningOperation)3 IcAttribute (eu.bcvsolutions.idm.ic.api.IcAttribute)3 ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 CoreException (eu.bcvsolutions.idm.core.api.exception.CoreException)2 IcPasswordAttribute (eu.bcvsolutions.idm.ic.api.IcPasswordAttribute)2 IcAttributeImpl (eu.bcvsolutions.idm.ic.impl.IcAttributeImpl)2 IcConnectorObjectImpl (eu.bcvsolutions.idm.ic.impl.IcConnectorObjectImpl)2 IcPasswordAttributeImpl (eu.bcvsolutions.idm.ic.impl.IcPasswordAttributeImpl)2 AbstractVerifiableUnitTest (eu.bcvsolutions.idm.test.api.AbstractVerifiableUnitTest)2 Collection (java.util.Collection)2 Test (org.junit.Test)2 ImmutableMap (com.google.common.collect.ImmutableMap)1