use of eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningOperationService method replaceGuardedStrings.
/**
* Replaces GuardedStrings as ConfidentialStrings in given {@link ProvisioningContext}.
*
* TODO: don't update accountObject in provisioningOperation (needs attribute defensive clone)
*
* @param context
* @return Returns values (key / value) to store in confidential storage.
*/
protected Map<String, Serializable> replaceGuardedStrings(ProvisioningContext context) {
try {
Map<String, Serializable> confidentialValues = new HashMap<>();
if (context == null) {
return confidentialValues;
}
//
Map<ProvisioningAttributeDto, Object> accountObject = context.getAccountObject();
if (accountObject != null) {
for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
if (entry.getValue() == null) {
continue;
}
Object idmValue = entry.getValue();
// single value
if (idmValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) entry.getValue();
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), 0);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
accountObject.put(entry.getKey(), new ConfidentialString(confidentialStorageKey));
} else // array
if (idmValue.getClass().isArray()) {
if (!idmValue.getClass().getComponentType().isPrimitive()) {
// objects only, we dont want pto proces byte, boolean etc.
Object[] idmValues = (Object[]) idmValue;
List<ConfidentialString> processedValues = new ArrayList<>();
for (int j = 0; j < idmValues.length; j++) {
Object singleValue = idmValues[j];
if (singleValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) singleValue;
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), j);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
processedValues.add(new ConfidentialString(confidentialStorageKey));
}
}
if (!processedValues.isEmpty()) {
accountObject.put(entry.getKey(), processedValues.toArray(new ConfidentialString[processedValues.size()]));
}
}
} else // collection
if (idmValue instanceof Collection) {
Collection<?> idmValues = (Collection<?>) idmValue;
List<ConfidentialString> processedValues = new ArrayList<>();
idmValues.forEach(singleValue -> {
if (singleValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) singleValue;
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), processedValues.size());
confidentialValues.put(confidentialStorageKey, guardedString.asString());
processedValues.add(new ConfidentialString(confidentialStorageKey));
}
});
if (!processedValues.isEmpty()) {
accountObject.put(entry.getKey(), processedValues);
}
}
}
}
//
IcConnectorObject connectorObject = context.getConnectorObject();
if (connectorObject != null) {
for (IcAttribute attribute : connectorObject.getAttributes()) {
if (attribute.getValues() != null) {
for (int j = 0; j < attribute.getValues().size(); j++) {
Object attributeValue = attribute.getValues().get(j);
if (attributeValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) attributeValue;
String confidentialStorageKey = createConnectorObjectPropertyKey(attribute, j);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
attribute.getValues().set(j, new ConfidentialString(confidentialStorageKey));
}
}
}
}
}
//
return confidentialValues;
} catch (Exception ex) {
throw new CoreException("Replace guarded strings for provisioning operation failed.", ex);
}
}
Aggregations