Examples with GuardedString org.identityconnectors.common.security.GuardedString used on opensource projects

Example 6 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method convertFromPassword.

private void convertFromPassword(Set<Attribute> attributes, PropertyDelta<ProtectedStringType> passwordDelta) throws SchemaException {
    if (passwordDelta == null) {
        throw new IllegalArgumentException("No password was provided");
    }
    QName elementName = passwordDelta.getElementName();
    if (StringUtils.isBlank(elementName.getNamespaceURI())) {
        if (!QNameUtil.match(elementName, PasswordType.F_VALUE)) {
            return;
        }
    } else if (!passwordDelta.getElementName().equals(PasswordType.F_VALUE)) {
        return;
    }
    PrismProperty<ProtectedStringType> newPassword = passwordDelta.getPropertyNewMatchingPath();
    if (newPassword == null || newPassword.isEmpty()) {
        // This is the case of setting no password. E.g. removing existing password
        LOGGER.debug("Setting null password.");
        attributes.add(AttributeBuilder.build(OperationalAttributes.PASSWORD_NAME, Collections.EMPTY_LIST));
    } else if (newPassword.getRealValue().canGetCleartext()) {
        // We have password and we can get a cleartext value of the passowrd. This is normal case
        GuardedString guardedPassword = ConnIdUtil.toGuardedString(newPassword.getRealValue(), "new password", protector);
        attributes.add(AttributeBuilder.build(OperationalAttributes.PASSWORD_NAME, guardedPassword));
    } else {
        // We have password, but we cannot get a cleartext value. Just to nothing.
        LOGGER.debug("We would like to set password, but we do not have cleartext value. Skipping the opearation.");
    }
}

Example 7 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project syncope by apache.

the class LDAPPasswordPropagationActions method before.

@Transactional(readOnly = true)
@Override
public void before(final PropagationTask task, final ConnectorObject beforeObj) {
    if (AnyTypeKind.USER == task.getAnyTypeKind()) {
        User user = userDAO.find(task.getEntityKey());
        if (user != null && user.getPassword() != null) {
            Attribute missing = AttributeUtil.find(PropagationTaskExecutor.MANDATORY_MISSING_ATTR_NAME, task.getAttributes());
            ConnInstance connInstance = task.getResource().getConnector();
            String cipherAlgorithm = getCipherAlgorithm(connInstance);
            if (missing != null && missing.getValue() != null && missing.getValue().size() == 1 && missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME) && cipherAlgorithmMatches(getCipherAlgorithm(connInstance), user.getCipherAlgorithm())) {
                String password = user.getPassword().toLowerCase();
                byte[] decodedPassword = DatatypeConverter.parseHexBinary(password);
                String base64EncodedPassword = Base64.getEncoder().encodeToString(decodedPassword);
                String cipherPlusPassword = ("{" + cipherAlgorithm.toLowerCase() + "}" + base64EncodedPassword);
                Attribute passwordAttribute = AttributeBuilder.buildPassword(new GuardedString(cipherPlusPassword.toCharArray()));
                Set<Attribute> attributes = new HashSet<>(task.getAttributes());
                attributes.add(passwordAttribute);
                attributes.remove(missing);
                task.setAttributes(attributes);
            }
        }
    }
}

Example 8 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project syncope by apache.

the class GuardedStringDeserializer method deserialize.

@Override
public GuardedString deserialize(final JsonParser jp, final DeserializationContext ctx) throws IOException {
    ObjectNode tree = jp.readValueAsTree();
    boolean readOnly = false;
    if (tree.has("readOnly")) {
        readOnly = tree.get("readOnly").asBoolean();
    }
    boolean disposed = false;
    if (tree.has("disposed")) {
        disposed = tree.get("disposed").asBoolean();
    }
    byte[] encryptedBytes = null;
    if (tree.has("encryptedBytes")) {
        encryptedBytes = Base64.getDecoder().decode(tree.get("encryptedBytes").asText());
    }
    String base64SHA1Hash = null;
    if (tree.has("base64SHA1Hash")) {
        base64SHA1Hash = tree.get("base64SHA1Hash").asText();
    }
    final byte[] clearBytes = EncryptorFactory.getInstance().getDefaultEncryptor().decrypt(encryptedBytes);
    GuardedString dest = new GuardedString(new String(clearBytes).toCharArray());
    try {
        Field field = GuardedString.class.getDeclaredField("readOnly");
        field.setAccessible(true);
        field.setBoolean(dest, readOnly);
    } catch (Exception e) {
        LOG.error("Could not set field value to {}", readOnly, e);
    }
    try {
        Field field = GuardedString.class.getDeclaredField("disposed");
        field.setAccessible(true);
        field.setBoolean(dest, disposed);
    } catch (Exception e) {
        LOG.error("Could not set field value to {}", disposed, e);
    }
    if (base64SHA1Hash != null) {
        try {
            Field field = GuardedString.class.getDeclaredField("base64SHA1Hash");
            field.setAccessible(true);
            field.set(dest, base64SHA1Hash);
        } catch (Exception e) {
            LOG.error("Could not set field value to {}", base64SHA1Hash, e);
        }
    }
    return dest;
}

Example 9 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project syncope by apache.

the class GuardedStringSerializer method serialize.

@Override
public void serialize(final GuardedString source, final JsonGenerator jgen, final SerializerProvider sp) throws IOException {
    jgen.writeStartObject();
    boolean readOnly = false;
    try {
        Field field = GuardedString.class.getDeclaredField("readOnly");
        field.setAccessible(true);
        readOnly = field.getBoolean(source);
    } catch (Exception e) {
        LOG.error("Could not get field value", e);
    }
    jgen.writeBooleanField("readOnly", readOnly);
    boolean disposed = false;
    try {
        Field field = GuardedString.class.getDeclaredField("disposed");
        field.setAccessible(true);
        disposed = field.getBoolean(source);
    } catch (Exception e) {
        LOG.error("Could not get field value", e);
    }
    jgen.writeBooleanField("disposed", disposed);
    byte[] encryptedBytes = EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(SecurityUtil.decrypt(source).getBytes());
    jgen.writeStringField("encryptedBytes", Base64.getEncoder().encodeToString(encryptedBytes));
    String base64SHA1Hash = null;
    try {
        Field field = GuardedString.class.getDeclaredField("base64SHA1Hash");
        field.setAccessible(true);
        base64SHA1Hash = field.get(source).toString();
    } catch (Exception e) {
        LOG.error("Could not get field value", e);
    }
    if (base64SHA1Hash != null) {
        jgen.writeStringField("base64SHA1Hash", base64SHA1Hash);
    }
    jgen.writeEndObject();
}

Example 10 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project syncope by apache.

the class MigrationPullActions method after.

@Transactional
@Override
public void after(final ProvisioningProfile<?, ?> profile, final SyncDelta delta, final EntityTO entity, final ProvisioningReport result) throws JobExecutionException {
    if (entity instanceof UserTO) {
        // handles ciphered password import
        CipherAlgorithm cipherAlgorithm = null;
        Attribute cipherAlgorithmAttr = delta.getObject().getAttributeByName(CIPHER_ALGORITHM_ATTR);
        if (cipherAlgorithmAttr != null && cipherAlgorithmAttr.getValue() != null && !cipherAlgorithmAttr.getValue().isEmpty()) {
            cipherAlgorithm = CipherAlgorithm.valueOf(cipherAlgorithmAttr.getValue().get(0).toString());
        }
        GuardedString passwordValue = AttributeUtil.getPasswordValue(delta.getObject().getAttributes());
        if (cipherAlgorithm != null && passwordValue != null) {
            User user = userDAO.find(entity.getKey());
            LOG.debug("Setting encoded password for {}", user);
            user.setEncodedPassword(SecurityUtil.decrypt(passwordValue), cipherAlgorithm);
        }
    } else if (entity instanceof GroupTO) {
        // handles group membership
        Attribute membershipsAttr = delta.getObject().getAttributeByName(MEMBERSHIPS_ATTR);
        if (membershipsAttr != null && membershipsAttr.getValue() != null && !membershipsAttr.getValue().isEmpty()) {
            LOG.debug("Found {} for group {}", MEMBERSHIPS_ATTR, entity.getKey());
            for (Object membership : membershipsAttr.getValue()) {
                User member = userDAO.findByUsername(membership.toString());
                if (member == null) {
                    LOG.warn("Could not find member {} for group {}", membership, entity.getKey());
                } else {
                    Set<String> memb = memberships.get(member.getKey());
                    if (memb == null) {
                        memb = new HashSet<>();
                        memberships.put(member.getKey(), memb);
                    }
                    memb.add(entity.getKey());
                }
            }
        }
    } else {
        super.after(profile, delta, entity, result);
    }
}