use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordServiceIntegrationTest method testTwoPoliciesSecondValidTillNull.
@Test
public void testTwoPoliciesSecondValidTillNull() {
IdmPasswordPolicyDto policy1 = getTestPolicy(false, IdmPasswordPolicyType.VALIDATE, null);
IdmPasswordPolicyDto policy2 = getTestPolicy(true, IdmPasswordPolicyType.VALIDATE, 5);
IdmIdentityDto identity = testHelper.createIdentity();
//
IdmPasswordDto password = passwordService.findOneByIdentity(identity.getId());
assertEquals(LocalDate.now(), password.getValidFrom());
assertEquals(identity.getId(), password.getIdentity());
assertEquals(LocalDate.now().plusDays(policy2.getMaxPasswordAge()), password.getValidTill());
//
policy1.setDefaultPolicy(true);
policy1 = policyService.save(policy1);
PasswordChangeDto passwordChangeDto = new PasswordChangeDto();
passwordChangeDto.setAll(true);
passwordChangeDto.setIdm(true);
passwordChangeDto.setNewPassword(new GuardedString("testPassword"));
identityService.passwordChange(identity, passwordChangeDto);
password = passwordService.findOneByIdentity(identity.getId());
assertNull(password.getValidTill());
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultIdmPasswordServiceIntegrationTest method testSuccessfulLoginTimestamp.
@Test
@Transactional
public void testSuccessfulLoginTimestamp() {
IdmIdentityDto identity = testHelper.createIdentity();
identity.setPassword(new GuardedString("SomePasswd"));
identity = identityService.save(identity);
// first login
LoginDto loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString("SomePasswd"));
loginController.login(loginDto);
DateTime timestamp = passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin();
assertNotNull(passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin());
// second login
loginDto = new LoginDto();
loginDto.setUsername(identity.getUsername());
loginDto.setPassword(new GuardedString("SomePasswd"));
loginController.login(loginDto);
DateTime timestamp2 = passwordService.findOneByIdentity(identity.getUsername()).getLastSuccessfulLogin();
assertTrue(timestamp2.isAfter(timestamp));
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultIdmConfidentialStorageIntegrationTest method testSaveAndReadGuardedString.
@Test
@Transactional
public void testSaveAndReadGuardedString() {
IdmIdentity identity = identityRepository.findOneByUsername(InitTestData.TEST_USER_2);
String password = "heslo_save";
confidentalStorage.saveGuardedString(identity.getId(), IdmIdentity.class, STORAGE_KEY_ONE, new GuardedString(password));
GuardedString savedPassword = confidentalStorage.getGuardedString(identity.getId(), IdmIdentity.class, STORAGE_KEY_ONE);
assertEquals(password, savedPassword.asString());
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class IdentitySaveProcessor method process.
@Override
public EventResult<IdmIdentityDto> process(EntityEvent<IdmIdentityDto> event) {
IdmIdentityDto identity = event.getContent();
GuardedString password = identity.getPassword();
identity = service.saveInternal(identity);
//
event.setContent(identity);
// save password
if (password != null) {
PasswordChangeDto passwordDto = new PasswordChangeDto();
passwordDto.setNewPassword(password);
passwordProcessor.savePassword(identity, passwordDto);
}
//
// create default identity contract
boolean skipCreationDefaultContract = getBooleanProperty(IdmIdentityContractService.SKIP_CREATION_OF_DEFAULT_POSITION, event.getProperties());
if (!skipCreationDefaultContract && IdentityEventType.CREATE.name() == event.getType().name() && identityConfiguration.isCreateDefaultContractEnabled()) {
// TODO: skip publish event? But contract is created properly ...
identityContractService.save(identityContractService.prepareMainContract(identity.getId()));
}
//
return new DefaultEventResult<>(event, this);
}
use of eu.bcvsolutions.idm.core.security.api.domain.GuardedString in project CzechIdMng by bcvsolutions.
the class DefaultSysProvisioningOperationService method replaceGuardedStrings.
/**
* Replaces GuardedStrings as ConfidentialStrings in given {@link ProvisioningContext}.
*
* TODO: don't update accountObject in provisioningOperation (needs attribute defensive clone)
*
* @param context
* @return Returns values (key / value) to store in confidential storage.
*/
protected Map<String, Serializable> replaceGuardedStrings(ProvisioningContext context) {
try {
Map<String, Serializable> confidentialValues = new HashMap<>();
if (context == null) {
return confidentialValues;
}
//
Map<ProvisioningAttributeDto, Object> accountObject = context.getAccountObject();
if (accountObject != null) {
for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
if (entry.getValue() == null) {
continue;
}
Object idmValue = entry.getValue();
// single value
if (idmValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) entry.getValue();
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), 0);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
accountObject.put(entry.getKey(), new ConfidentialString(confidentialStorageKey));
} else // array
if (idmValue.getClass().isArray()) {
if (!idmValue.getClass().getComponentType().isPrimitive()) {
// objects only, we dont want pto proces byte, boolean etc.
Object[] idmValues = (Object[]) idmValue;
List<ConfidentialString> processedValues = new ArrayList<>();
for (int j = 0; j < idmValues.length; j++) {
Object singleValue = idmValues[j];
if (singleValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) singleValue;
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), j);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
processedValues.add(new ConfidentialString(confidentialStorageKey));
}
}
if (!processedValues.isEmpty()) {
accountObject.put(entry.getKey(), processedValues.toArray(new ConfidentialString[processedValues.size()]));
}
}
} else // collection
if (idmValue instanceof Collection) {
Collection<?> idmValues = (Collection<?>) idmValue;
List<ConfidentialString> processedValues = new ArrayList<>();
idmValues.forEach(singleValue -> {
if (singleValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) singleValue;
// save value into confidential storage
String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), processedValues.size());
confidentialValues.put(confidentialStorageKey, guardedString.asString());
processedValues.add(new ConfidentialString(confidentialStorageKey));
}
});
if (!processedValues.isEmpty()) {
accountObject.put(entry.getKey(), processedValues);
}
}
}
}
//
IcConnectorObject connectorObject = context.getConnectorObject();
if (connectorObject != null) {
for (IcAttribute attribute : connectorObject.getAttributes()) {
if (attribute.getValues() != null) {
for (int j = 0; j < attribute.getValues().size(); j++) {
Object attributeValue = attribute.getValues().get(j);
if (attributeValue instanceof GuardedString) {
GuardedString guardedString = (GuardedString) attributeValue;
String confidentialStorageKey = createConnectorObjectPropertyKey(attribute, j);
confidentialValues.put(confidentialStorageKey, guardedString.asString());
attribute.getValues().set(j, new ConfidentialString(confidentialStorageKey));
}
}
}
}
}
//
return confidentialValues;
} catch (Exception ex) {
throw new CoreException("Replace guarded strings for provisioning operation failed.", ex);
}
}
Aggregations