Search in sources :

Example 71 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordServiceIntegrationTest method testTwoPoliciesSecondValidTillNull.

@Test
public void testTwoPoliciesSecondValidTillNull() {
    IdmPasswordPolicyDto policy1 = getTestPolicy(false, IdmPasswordPolicyType.VALIDATE, null);
    IdmPasswordPolicyDto policy2 = getTestPolicy(true, IdmPasswordPolicyType.VALIDATE, 5);
    IdmIdentityDto identity = testHelper.createIdentity();
    // 
    IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
    assertEquals(LocalDate.now(), password.getValidFrom());
    assertEquals(identity.getId(), password.getIdentity());
    assertEquals(LocalDate.now().plusDays(policy2.getMaxPasswordAge()), password.getValidTill());
    // 
    policy1.setDefaultPolicy(true);
    policy1 = policyService.save(policy1);
    PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
    passwordChangeDto.setAll(true);
    passwordChangeDto.setIdm(true);
    passwordChangeDto.setNewPassword(new GuardedString("testPassword"));
    identityService.passwordChange(identity, passwordChangeDto);
    password = passwordService.findOneByIdentity(identity.getId());
    assertNull(password.getValidTill());
}
Also used : IdmPasswordPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordPolicyDto) PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) IdmPasswordDto(eu.bcvsolutions.idm.core.api.dto.IdmPasswordDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Example 72 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultIdmPasswordServiceIntegrationTest method testSuccessfulLoginTimestamp.

@Test
@Transactional
public void testSuccessfulLoginTimestamp() {
    IdmIdentityDto identity = testHelper.createIdentity();
    identity.setPassword(new GuardedString("SomePasswd"));
    identity = identityService.save(identity);
    // first login
    LoginDto loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(new GuardedString("SomePasswd"));
    loginController.login(loginDto);
    DateTime timestamp = passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin();
    assertNotNull(passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin());
    // second login
    loginDto = new LoginDto();
    loginDto.setUsername(identity.getUsername());
    loginDto.setPassword(new GuardedString("SomePasswd"));
    loginController.login(loginDto);
    DateTime timestamp2 = passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin();
    assertTrue(timestamp2.isAfter(timestamp));
}
Also used : GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) LoginDto(eu.bcvsolutions.idm.core.security.api.dto.LoginDto) DateTime(org.joda.time.DateTime) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test) Transactional(org.springframework.transaction.annotation.Transactional)

Example 73 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultIdmConfidentialStorageIntegrationTest method testSaveAndReadGuardedString.

@Test
@Transactional
public void testSaveAndReadGuardedString() {
    IdmIdentity identity = identityRepository.findOneByUsername(InitTestData.TEST_USER_2);
    String password = "heslo_save";
    confidentalStorage.saveGuardedString(identity.getId(), IdmIdentity.class, STORAGE_KEY_ONE, new GuardedString(password));
    GuardedString savedPassword = confidentalStorage.getGuardedString(identity.getId(), IdmIdentity.class, STORAGE_KEY_ONE);
    assertEquals(password, savedPassword.asString());
}
Also used : GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) Test(org.junit.Test) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Transactional(org.springframework.transaction.annotation.Transactional)

Example 74 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class IdentitySaveProcessor method process.

@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
    IdmIdentityDto identity = event.getContent();
    GuardedString password = identity.getPassword();
    identity = service.saveInternal(identity);
    // 
    event.setContent(identity);
    // save password
    if (password != null) {
        PasswordChangeDto passwordDto = new PasswordChangeDto();
        passwordDto.setNewPassword(password);
        passwordProcessor.savePassword(identity, passwordDto);
    }
    // 
    // create default identity contract
    boolean skipCreationDefaultContract = getBooleanProperty(IdmIdentityContractService.SKIP_CREATION_OF_DEFAULT_POSITION, event.getProperties());
    if (!skipCreationDefaultContract && IdentityEventType.CREATE.name() == event.getType().name() && identityConfiguration.isCreateDefaultContractEnabled()) {
        // TODO: skip publish event? But contract is created properly ...
        identityContractService.save(identityContractService.prepareMainContract(identity.getId()));
    }
    // 
    return new DefaultEventResult<>(event, this);
}
Also used : PasswordChangeDto(eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto) DefaultEventResult(eu.bcvsolutions.idm.core.api.event.DefaultEventResult) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 75 with GuardedString

use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.

the class DefaultSysProvisioningOperationService method replaceGuardedStrings.

/**
 * Replaces GuardedStrings as ConfidentialStrings in given {@link ProvisioningContext}.
 *
 * TODO: don't update accountObject in provisioningOperation (needs attribute defensive clone)
 *
 * @param context
 * @return Returns values (key / value) to store in confidential storage.
 */
protected Map<String, Serializable> replaceGuardedStrings(ProvisioningContext context) {
    try {
        Map<String, Serializable> confidentialValues = new HashMap<>();
        if (context == null) {
            return confidentialValues;
        }
        // 
        Map<ProvisioningAttributeDto, Object> accountObject = context.getAccountObject();
        if (accountObject != null) {
            for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
                if (entry.getValue() == null) {
                    continue;
                }
                Object idmValue = entry.getValue();
                // single value
                if (idmValue instanceof GuardedString) {
                    GuardedString guardedString = (GuardedString) entry.getValue();
                    // save value into confidential storage
                    String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), 0);
                    confidentialValues.put(confidentialStorageKey, guardedString.asString());
                    accountObject.put(entry.getKey(), new ConfidentialString(confidentialStorageKey));
                } else // array
                if (idmValue.getClass().isArray()) {
                    if (!idmValue.getClass().getComponentType().isPrimitive()) {
                        // objects only, we dont want pto proces byte, boolean etc.
                        Object[] idmValues = (Object[]) idmValue;
                        List<ConfidentialString> processedValues = new ArrayList<>();
                        for (int j = 0; j < idmValues.length; j++) {
                            Object singleValue = idmValues[j];
                            if (singleValue instanceof GuardedString) {
                                GuardedString guardedString = (GuardedString) singleValue;
                                // save value into confidential storage
                                String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), j);
                                confidentialValues.put(confidentialStorageKey, guardedString.asString());
                                processedValues.add(new ConfidentialString(confidentialStorageKey));
                            }
                        }
                        if (!processedValues.isEmpty()) {
                            accountObject.put(entry.getKey(), processedValues.toArray(new ConfidentialString[processedValues.size()]));
                        }
                    }
                } else // collection
                if (idmValue instanceof Collection) {
                    Collection<?> idmValues = (Collection<?>) idmValue;
                    List<ConfidentialString> processedValues = new ArrayList<>();
                    idmValues.forEach(singleValue -> {
                        if (singleValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) singleValue;
                            // save value into confidential storage
                            String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), processedValues.size());
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            processedValues.add(new ConfidentialString(confidentialStorageKey));
                        }
                    });
                    if (!processedValues.isEmpty()) {
                        accountObject.put(entry.getKey(), processedValues);
                    }
                }
            }
        }
        // 
        IcConnectorObject connectorObject = context.getConnectorObject();
        if (connectorObject != null) {
            for (IcAttribute attribute : connectorObject.getAttributes()) {
                if (attribute.getValues() != null) {
                    for (int j = 0; j < attribute.getValues().size(); j++) {
                        Object attributeValue = attribute.getValues().get(j);
                        if (attributeValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) attributeValue;
                            String confidentialStorageKey = createConnectorObjectPropertyKey(attribute, j);
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            attribute.getValues().set(j, new ConfidentialString(confidentialStorageKey));
                        }
                    }
                }
            }
        }
        // 
        return confidentialValues;
    } catch (Exception ex) {
        throw new CoreException("Replace guarded strings for provisioning operation failed.", ex);
    }
}
Also used : Serializable(java.io.Serializable) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ConfidentialString(eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) ProvisioningAttributeDto(eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto) GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) ConfidentialString(eu.bcvsolutions.idm.core.security.api.domain.ConfidentialString) CoreException(eu.bcvsolutions.idm.core.api.exception.CoreException) IcAttribute(eu.bcvsolutions.idm.ic.api.IcAttribute) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) Collection(java.util.Collection) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) List(java.util.List) ArrayList(java.util.ArrayList)

Aggregations

GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)97 Test (org.junit.Test)61 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)59 AbstractIntegrationTest (eu.bcvsolutions.idm.test.api.AbstractIntegrationTest)49 LoginDto (eu.bcvsolutions.idm.core.security.api.dto.LoginDto)40 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)30 SysSystemDto (eu.bcvsolutions.idm.acc.dto.SysSystemDto)26 PasswordChangeDto (eu.bcvsolutions.idm.core.api.dto.PasswordChangeDto)20 ArrayList (java.util.ArrayList)13 IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)11 IcConnectorObject (eu.bcvsolutions.idm.ic.api.IcConnectorObject)11 AccIdentityAccountDto (eu.bcvsolutions.idm.acc.dto.AccIdentityAccountDto)10 AccIdentityAccountFilter (eu.bcvsolutions.idm.acc.dto.filter.AccIdentityAccountFilter)9 HashMap (java.util.HashMap)9 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)8 Transactional (org.springframework.transaction.annotation.Transactional)8 ProvisioningAttributeDto (eu.bcvsolutions.idm.acc.dto.ProvisioningAttributeDto)7 SysSystemAttributeMappingDto (eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto)7 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)7 List (java.util.List)7