Examples with IcConnectorObject eu.bcvsolutions.idm.ic.api.IcConnectorObject used on opensource projects

Example 66 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultSysProvisioningOperationService method replaceGuardedStrings.

/**
 * Replaces GuardedStrings as ConfidentialStrings in given {@link ProvisioningContext}.
 *
 * TODO: don't update accountObject in provisioningOperation (needs attribute defensive clone)
 *
 * @param context
 * @return Returns values (key / value) to store in confidential storage.
 */
protected Map<String, Serializable> replaceGuardedStrings(ProvisioningContext context) {
    try {
        Map<String, Serializable> confidentialValues = new HashMap<>();
        if (context == null) {
            return confidentialValues;
        }
        // 
        Map<ProvisioningAttributeDto, Object> accountObject = context.getAccountObject();
        if (accountObject != null) {
            for (Entry<ProvisioningAttributeDto, Object> entry : accountObject.entrySet()) {
                if (entry.getValue() == null) {
                    continue;
                }
                Object idmValue = entry.getValue();
                // single value
                if (idmValue instanceof GuardedString) {
                    GuardedString guardedString = (GuardedString) entry.getValue();
                    // save value into confidential storage
                    String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), 0);
                    confidentialValues.put(confidentialStorageKey, guardedString.asString());
                    accountObject.put(entry.getKey(), new ConfidentialString(confidentialStorageKey));
                } else // array
                if (idmValue.getClass().isArray()) {
                    if (!idmValue.getClass().getComponentType().isPrimitive()) {
                        // objects only, we dont want pto proces byte, boolean etc.
                        Object[] idmValues = (Object[]) idmValue;
                        List<ConfidentialString> processedValues = new ArrayList<>();
                        for (int j = 0; j < idmValues.length; j++) {
                            Object singleValue = idmValues[j];
                            if (singleValue instanceof GuardedString) {
                                GuardedString guardedString = (GuardedString) singleValue;
                                // save value into confidential storage
                                String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), j);
                                confidentialValues.put(confidentialStorageKey, guardedString.asString());
                                processedValues.add(new ConfidentialString(confidentialStorageKey));
                            }
                        }
                        if (!processedValues.isEmpty()) {
                            accountObject.put(entry.getKey(), processedValues.toArray(new ConfidentialString[processedValues.size()]));
                        }
                    }
                } else // collection
                if (idmValue instanceof Collection) {
                    Collection<?> idmValues = (Collection<?>) idmValue;
                    List<ConfidentialString> processedValues = new ArrayList<>();
                    idmValues.forEach(singleValue -> {
                        if (singleValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) singleValue;
                            // save value into confidential storage
                            String confidentialStorageKey = createAccountObjectPropertyKey(entry.getKey().getKey(), processedValues.size());
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            processedValues.add(new ConfidentialString(confidentialStorageKey));
                        }
                    });
                    if (!processedValues.isEmpty()) {
                        accountObject.put(entry.getKey(), processedValues);
                    }
                }
            }
        }
        // 
        IcConnectorObject connectorObject = context.getConnectorObject();
        if (connectorObject != null) {
            for (IcAttribute attribute : connectorObject.getAttributes()) {
                if (attribute.getValues() != null) {
                    for (int j = 0; j < attribute.getValues().size(); j++) {
                        Object attributeValue = attribute.getValues().get(j);
                        if (attributeValue instanceof GuardedString) {
                            GuardedString guardedString = (GuardedString) attributeValue;
                            String confidentialStorageKey = createConnectorObjectPropertyKey(attribute, j);
                            confidentialValues.put(confidentialStorageKey, guardedString.asString());
                            attribute.getValues().set(j, new ConfidentialString(confidentialStorageKey));
                        }
                    }
                }
            }
        }
        // 
        return confidentialValues;
    } catch (Exception ex) {
        throw new CoreException("Replace guarded strings for provisioning operation failed.", ex);
    }
}

Example 67 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testDisabledSystem.

@Test
public void testDisabledSystem() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    system.setDisabled(true);
    system = systemService.save(system);
    // 
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // is necessary to get again operation from service
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    SysProvisioningOperationDto operation = provisioningOperationService.find(filter, null).getContent().get(0);
    // 
    assertEquals(OperationState.NOT_EXECUTED, operation.getResultState());
    assertEquals(AccResultCode.PROVISIONING_SYSTEM_DISABLED.name(), operation.getResult().getModel().getStatusEnum());
    // 
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(systemService.getConnectorInstance(system), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNull(existsConnectorObject);
    // password is stored in confidential storage
    assertNotNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
    // 
    system.setDisabled(false);
    system = systemService.save(system);
    // 
    provisioningExecutor.execute(operation);
    // 
    // check target account
    existsConnectorObject = connectorFacade.readObject(systemService.getConnectorInstance(system), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(getHelper().getSchemaColumnName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME)).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(getHelper().getSchemaColumnName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME)).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(systemService.getConnectorInstance(system), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // password is removed in confidential storage
    assertNull(confidentialStorage.get(operation.getId(), SysProvisioningOperation.class, provisioningOperationService.createAccountObjectPropertyKey(passwordAttribute.getKey(), 0)));
}

Example 68 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testCreateAccountWithoutUid.

@Test
public void testCreateAccountWithoutUid() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    ProvisioningContext context = new ProvisioningContext();
    SysSystemEntityDto systemEntity = getHelper().createSystemEntity(system);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    // 
    Map<ProvisioningAttributeDto, Object> accoutObject = new HashMap<>();
    accoutObject.put(lastNameAttribute, "lastOne");
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = getHelper().getDefaultMapping(system);
    attributeMappingService.getAllPasswordAttributes(system.getId(), systemMapping.getId()).forEach(attributeMappingService::delete);
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setSystem(system.getId()).setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    SysProvisioningOperationDto provisioningOperation = operationBuilder.build();
    // set default result state
    provisioningOperation.setResult(new OperationResult(OperationState.CREATED));
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // 
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    // 
    List<SysProvisioningOperationDto> operations = provisioningOperationService.find(filter, null).getContent();
    Assert.assertEquals(1, operations.size());
    // 
    Assert.assertEquals(AccResultCode.PROVISIONING_CREATE_ACCOUNT_UID_NOT_FOUND.getCode(), operations.get(0).getResult().getModel().getStatusEnum());
}

Example 69 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testCreateAccountWithEmptyAttributes.

@Test
public void testCreateAccountWithEmptyAttributes() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    ProvisioningContext context = new ProvisioningContext();
    SysSystemEntityDto systemEntity = getHelper().createSystemEntity(system);
    // 
    Map<ProvisioningAttributeDto, Object> accoutObject = new HashMap<>();
    context.setAccountObject(accoutObject);
    // 
    // prepare provisioning operation
    SysSystemMappingDto systemMapping = getHelper().getDefaultMapping(system);
    attributeMappingService.getAllPasswordAttributes(system.getId(), systemMapping.getId()).forEach(attributeMappingService::delete);
    IcObjectClass objectClass = new IcObjectClassImpl(schemaObjectClassService.get(systemMapping.getObjectClass()).getObjectClassName());
    IcConnectorObject connectorObject = new IcConnectorObjectImpl(null, objectClass, null);
    SysProvisioningOperationDto.Builder operationBuilder = new SysProvisioningOperationDto.Builder().setSystem(system.getId()).setOperationType(ProvisioningOperationType.CREATE).setSystemEntity(systemEntity).setProvisioningContext(new ProvisioningContext(accoutObject, connectorObject));
    SysProvisioningOperationDto provisioningOperation = operationBuilder.build();
    // set default result state
    provisioningOperation.setResult(new OperationResult(OperationState.CREATED));
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // 
    SysProvisioningOperationFilter filter = new SysProvisioningOperationFilter();
    filter.setSystemEntity(provisioningOperation.getSystemEntity());
    filter.setSystemId(system.getId());
    // 
    List<SysProvisioningOperationDto> operations = provisioningOperationService.find(filter, null).getContent();
    Assert.assertEquals(1, operations.size());
    // 
    Assert.assertEquals(AccResultCode.PROVISIONING_FAILED.getCode(), operations.get(0).getResult().getModel().getStatusEnum());
}

Example 70 with IcConnectorObject

use of eu.bcvsolutions.idm.ic.api.IcConnectorObject in project CzechIdMng by bcvsolutions.

the class DefaultProvisioningExecutorIntegrationTest method testGreenLineAccountProvisioning.

@Test
public void testGreenLineAccountProvisioning() {
    SysSystemDto system = getHelper().createTestResourceSystem(true);
    ProvisioningAttributeDto usernameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_NAME);
    ProvisioningAttributeDto firstNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME);
    ProvisioningAttributeDto lastNameAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_LASTNAME);
    ProvisioningAttributeDto passwordAttribute = getProvisioningAttribute(TestHelper.ATTRIBUTE_MAPPING_PASSWORD);
    // 
    // create test provisioning context
    SysProvisioningOperationDto provisioningOperation = createProvisioningOperation(system, "firstname");
    IcObjectClass objectClass = provisioningOperation.getProvisioningContext().getConnectorObject().getObjectClass();
    Map<ProvisioningAttributeDto, Object> accoutObject = provisioningOperation.getProvisioningContext().getAccountObject();
    String uid = (String) accoutObject.get(usernameAttribute);
    GuardedString password = (GuardedString) accoutObject.get(passwordAttribute);
    // 
    // publish event
    provisioningExecutor.execute(provisioningOperation);
    // 
    // check target account
    IcUidAttribute uidAttribute = new IcUidAttributeImpl(null, uid, null);
    IcConnectorObject existsConnectorObject = connectorFacade.readObject(systemService.getConnectorInstance(system), systemService.getConnectorConfiguration(system), objectClass, uidAttribute);
    // 
    assertNotNull(existsConnectorObject);
    assertEquals(uid, existsConnectorObject.getUidValue());
    assertEquals(accoutObject.get(firstNameAttribute), existsConnectorObject.getAttributeByName(getHelper().getSchemaColumnName(TestHelper.ATTRIBUTE_MAPPING_FIRSTNAME)).getValue());
    assertEquals(accoutObject.get(lastNameAttribute), existsConnectorObject.getAttributeByName(getHelper().getSchemaColumnName(TestHelper.ATTRIBUTE_MAPPING_LASTNAME)).getValue());
    // authenticate for password check
    IcUidAttribute attribute = connectorFacade.authenticateObject(systemService.getConnectorInstance(system), systemService.getConnectorConfiguration(system), objectClass, uid, password);
    assertNotNull(attribute);
    assertEquals(uid, attribute.getUidValue());
    // 
    // check system entity
    SysSystemEntityDto systemEntity = systemEntityService.getBySystemAndEntityTypeAndUid(system, SystemEntityType.IDENTITY, uid);
    assertFalse(systemEntity.isWish());
}