Example 11 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractModernObjectDummyConnector method updateDelta.
@Override
public Set<AttributeDelta> updateDelta(final ObjectClass objectClass, final Uid uid, final Set<AttributeDelta> modifications, final OperationOptions options) {
LOG.info("updateDelta::begin {0}", instanceName);
validate(objectClass);
validate(uid);
validateModifications(objectClass, modifications);
final Set<AttributeDelta> sideEffectChanges = new HashSet<>();
try {
if (ObjectClass.ACCOUNT.is(objectClass.getObjectClassValue())) {
final DummyAccount account;
if (configuration.isUidBoundToName()) {
account = resource.getAccountByUsername(uid.getUidValue(), false);
} else if (configuration.isUidSeparateFromName()) {
account = resource.getAccountById(uid.getUidValue(), false);
} else {
throw new IllegalStateException("Unknown UID mode " + configuration.getUidMode());
}
if (account == null) {
throw new UnknownUidException("Account with UID " + uid + " does not exist on resource");
}
applyModifyMetadata(account, options);
// we do this before setting attribute values, in case when description itself would be changed
resource.changeDescriptionIfNeeded(account);
for (AttributeDelta delta : modifications) {
if (delta.is(Name.NAME)) {
assertReplace(delta);
String newName = getSingleReplaceValueMandatory(delta, String.class);
boolean doRename = handlePhantomRenames(objectClass, account, newName);
if (doRename) {
try {
resource.renameAccount(account.getId(), account.getName(), newName);
} catch (ObjectDoesNotExistException e) {
throw new org.identityconnectors.framework.common.exceptions.UnknownUidException(e.getMessage(), e);
} catch (ObjectAlreadyExistsException e) {
throw new org.identityconnectors.framework.common.exceptions.AlreadyExistsException(e.getMessage(), e);
} catch (SchemaViolationException e) {
throw new org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException("Schema exception: " + e.getMessage(), e);
}
// We need to change the returned uid here (only if the mode is set to Name)
if (configuration.isUidBoundToName()) {
addUidChange(sideEffectChanges, newName);
}
}
} else if (delta.is(OperationalAttributes.PASSWORD_NAME)) {
if (delta.getValuesToReplace() != null) {
// Password reset
assertReplace(delta);
changePassword(account, delta);
} else {
// Password change (self-service)
assertSelfService(options);
List<GuardedString> addValues = getAddValues(delta, GuardedString.class);
if (addValues == null || addValues.size() != 1) {
throw new InvalidAttributeValueException("Wrong add set in password delta: " + addValues);
}
GuardedString newPasswordGs = addValues.get(0);
List<GuardedString> removeValues = getRemoveValues(delta, GuardedString.class);
if (removeValues == null || removeValues.size() != 1) {
throw new InvalidAttributeValueException("Wrong remove set in password delta: " + removeValues);
}
GuardedString oldPasswordGs = removeValues.get(0);
assertPassword(account, oldPasswordGs);
changePassword(account, newPasswordGs);
}
} else if (delta.is(OperationalAttributes.ENABLE_NAME)) {
assertReplace(delta);
account.setEnabled(getBoolean(delta));
} else if (delta.is(OperationalAttributes.ENABLE_DATE_NAME)) {
assertReplace(delta);
account.setValidFrom(getDate(delta));
} else if (delta.is(OperationalAttributes.DISABLE_DATE_NAME)) {
assertReplace(delta);
account.setValidTo(getDate(delta));
} else if (delta.is(OperationalAttributes.LOCK_OUT_NAME)) {
assertReplace(delta);
account.setLockout(getBooleanMandatory(delta));
} else if (PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME.equalsIgnoreCase(delta.getName())) {
applyAuxiliaryObjectClassDelta(account, delta);
} else {
applyOrdinaryAttributeDelta(account, delta, null);
}
}
} else if (ObjectClass.GROUP.is(objectClass.getObjectClassValue())) {
final DummyGroup group;
if (configuration.isUidBoundToName()) {
group = resource.getGroupByName(uid.getUidValue(), false);
} else if (configuration.isUidSeparateFromName()) {
group = resource.getGroupById(uid.getUidValue(), false);
} else {
throw new IllegalStateException("Unknown UID mode " + configuration.getUidMode());
}
if (group == null) {
throw new UnknownUidException("Group with UID " + uid + " does not exist on resource");
}
applyModifyMetadata(group, options);
for (AttributeDelta delta : modifications) {
if (delta.is(Name.NAME)) {
assertReplace(delta);
String newName = getSingleReplaceValueMandatory(delta, String.class);
boolean doRename = handlePhantomRenames(objectClass, group, newName);
if (doRename) {
try {
resource.renameGroup(group.getId(), group.getName(), newName);
} catch (ObjectDoesNotExistException e) {
throw new org.identityconnectors.framework.common.exceptions.UnknownUidException(e.getMessage(), e);
} catch (ObjectAlreadyExistsException e) {
throw new org.identityconnectors.framework.common.exceptions.AlreadyExistsException(e.getMessage(), e);
}
// We need to change the returned uid here
addUidChange(sideEffectChanges, newName);
}
} else if (delta.is(OperationalAttributes.PASSWORD_NAME)) {
throw new InvalidAttributeValueException("Attempt to change password on group");
} else if (delta.is(OperationalAttributes.ENABLE_NAME)) {
assertReplace(delta);
group.setEnabled(getBoolean(delta));
} else {
String name = delta.getName();
Function<List<Object>, List<Object>> valuesTransformer = null;
if (delta.is(DummyGroup.ATTR_MEMBERS_NAME) && configuration.getUpCaseName()) {
valuesTransformer = this::upcaseValues;
}
applyOrdinaryAttributeDelta(group, delta, valuesTransformer);
}
}
} else if (objectClass.is(OBJECTCLASS_PRIVILEGE_NAME)) {
final DummyPrivilege priv;
if (configuration.isUidBoundToName()) {
priv = resource.getPrivilegeByName(uid.getUidValue(), false);
} else if (configuration.isUidSeparateFromName()) {
priv = resource.getPrivilegeById(uid.getUidValue(), false);
} else {
throw new IllegalStateException("Unknown UID mode " + configuration.getUidMode());
}
if (priv == null) {
throw new UnknownUidException("Privilege with UID " + uid + " does not exist on resource");
}
applyModifyMetadata(priv, options);
for (AttributeDelta delta : modifications) {
if (delta.is(Name.NAME)) {
assertReplace(delta);
String newName = getSingleReplaceValueMandatory(delta, String.class);
boolean doRename = handlePhantomRenames(objectClass, priv, newName);
if (doRename) {
try {
resource.renamePrivilege(priv.getId(), priv.getName(), newName);
} catch (ObjectDoesNotExistException e) {
throw new org.identityconnectors.framework.common.exceptions.UnknownUidException(e.getMessage(), e);
} catch (ObjectAlreadyExistsException e) {
throw new org.identityconnectors.framework.common.exceptions.AlreadyExistsException(e.getMessage(), e);
}
// We need to change the returned uid here
addUidChange(sideEffectChanges, newName);
}
} else if (delta.is(OperationalAttributes.PASSWORD_NAME)) {
throw new InvalidAttributeValueException("Attempt to change password on privilege");
} else if (delta.is(OperationalAttributes.ENABLE_NAME)) {
throw new InvalidAttributeValueException("Attempt to change enable on privilege");
} else {
applyOrdinaryAttributeDelta(priv, delta, null);
}
}
} else if (objectClass.is(OBJECTCLASS_ORG_NAME)) {
final DummyOrg org;
if (configuration.isUidBoundToName()) {
org = resource.getOrgByName(uid.getUidValue(), false);
} else if (configuration.isUidSeparateFromName()) {
org = resource.getOrgById(uid.getUidValue(), false);
} else {
throw new IllegalStateException("Unknown UID mode " + configuration.getUidMode());
}
if (org == null) {
throw new UnknownUidException("Org with UID " + uid + " does not exist on resource");
}
applyModifyMetadata(org, options);
for (AttributeDelta delta : modifications) {
if (delta.is(Name.NAME)) {
assertReplace(delta);
String newName = getSingleReplaceValueMandatory(delta, String.class);
try {
resource.renameOrg(org.getId(), org.getName(), newName);
} catch (ObjectDoesNotExistException e) {
throw new org.identityconnectors.framework.common.exceptions.UnknownUidException(e.getMessage(), e);
} catch (ObjectAlreadyExistsException e) {
throw new org.identityconnectors.framework.common.exceptions.AlreadyExistsException(e.getMessage(), e);
}
// We need to change the returned uid here
addUidChange(sideEffectChanges, newName);
} else if (delta.is(OperationalAttributes.PASSWORD_NAME)) {
throw new InvalidAttributeValueException("Attempt to change password on org");
} else if (delta.is(OperationalAttributes.ENABLE_NAME)) {
throw new InvalidAttributeValueException("Attempt to change enable on org");
} else {
applyOrdinaryAttributeDelta(org, delta, null);
}
}
} else {
throw new ConnectorException("Unknown object class " + objectClass);
}
} catch (ConnectException e) {
LOG.info("update::exception " + e);
throw new ConnectionFailedException(e.getMessage(), e);
} catch (IllegalArgumentException e) {
LOG.info("update::exception " + e);
throw new ConnectorException(e.getMessage(), e);
} catch (FileNotFoundException e) {
LOG.info("update::exception " + e);
throw new ConnectorIOException(e.getMessage(), e);
} catch (SchemaViolationException e) {
LOG.info("update::exception " + e);
throw new InvalidAttributeValueException(e.getMessage(), e);
} catch (ConflictException e) {
LOG.info("update::exception " + e);
throw new AlreadyExistsException(e);
} catch (InterruptedException e) {
LOG.info("update::exception " + e);
throw new OperationTimeoutException(e);
}
LOG.info("update::end {0}", instanceName);
return sideEffectChanges;
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
Function(java.util.function.Function)
ConnectException(java.net.ConnectException)
org.identityconnectors.framework.common.exceptions(org.identityconnectors.framework.common.exceptions)
Example 12 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractBaseDummyConnector method init.
/**
* Callback method to receive the {@link Configuration}.
*
* @see Connector#init(Configuration)
*/
@Override
public void init(Configuration configuration) {
notNullArgument(configuration, "configuration");
this.configuration = (DummyConfiguration) configuration;
String instanceName = this.configuration.getInstanceId();
if (instanceName == null || instanceName.isEmpty()) {
instanceName = null;
}
resource = DummyResource.getInstance(instanceName);
resource.setCaseIgnoreId(this.configuration.getCaseIgnoreId());
resource.setCaseIgnoreValues(this.configuration.getCaseIgnoreValues());
resource.setEnforceUniqueName(this.configuration.isEnforceUniqueName());
resource.setTolerateDuplicateValues(this.configuration.getTolerateDuplicateValues());
resource.setGenerateDefaultValues(this.configuration.isGenerateDefaultValues());
resource.setGenerateAccountDescriptionOnCreate(this.configuration.getGenerateAccountDescriptionOnCreate());
resource.setGenerateAccountDescriptionOnUpdate(this.configuration.getGenerateAccountDescriptionOnUpdate());
if (this.configuration.getForbiddenNames().length > 0) {
resource.setForbiddenNames(Arrays.asList(((DummyConfiguration) configuration).getForbiddenNames()));
} else {
resource.setForbiddenNames(null);
}
resource.setUselessString(this.configuration.getUselessString());
if (this.configuration.isRequireUselessString() && StringUtils.isBlank((this.configuration.getUselessString()))) {
throw new ConfigurationException("No useless string");
}
GuardedString uselessGuardedString = this.configuration.getUselessGuardedString();
if (uselessGuardedString == null) {
resource.setUselessGuardedString(null);
} else {
uselessGuardedString.access(chars -> resource.setUselessGuardedString(new String(chars)));
}
resource.setMonsterization(this.configuration.isMonsterized());
resource.setUidMode(this.configuration.getUidMode());
if (connected) {
throw new IllegalStateException("Double connect in " + this);
}
connected = true;
resource.connect();
if (staticVal == null) {
staticVal = this.toString();
}
LOG.info("Connected connector #{0} to dummy resource instance {1} ({2} connections open)", instanceNumber, resource, resource.getConnectionCount());
}
Also used :
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
Example 13 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractObjectDummyConnector method applyModifyMetadata.
protected void applyModifyMetadata(DummyObject object, OperationOptions options) throws ConnectException, FileNotFoundException, SchemaViolationException, ConflictException, InterruptedException {
String runAsUser = options.getRunAsUser();
if (runAsUser != null) {
if (!configuration.getSupportRunAs()) {
throw new UnsupportedOperationException("runAsUser option is not supported");
}
DummyAccount runAsAccount = resource.getAccountByUsername(runAsUser);
if (runAsAccount == null) {
new ConfigurationException("No runAsUser " + runAsUser);
}
GuardedString runWithPassword = options.getRunWithPassword();
if (runWithPassword != null) {
runWithPassword.access((clearChars) -> {
if (!runAsAccount.getPassword().equals(new String(clearChars))) {
throw new InvalidPasswordException("Wrong runWithPassword");
}
});
} else {
throw new InvalidPasswordException("No runWithPassword");
}
object.setLastModifier(runAsAccount.getName());
} else {
object.setLastModifier(null);
}
}
Also used :
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
Example 14 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractObjectDummyConnector method convertToConnectorObject.
private ConnectorObject convertToConnectorObject(DummyAccount account, Collection<String> attributesToGet) throws SchemaViolationException {
DummyObjectClass objectClass;
try {
objectClass = resource.getAccountObjectClass();
} catch (ConnectException e) {
LOG.error(e, e.getMessage());
throw new ConnectionFailedException(e.getMessage(), e);
} catch (IllegalArgumentException e) {
LOG.error(e, e.getMessage());
throw new ConnectorException(e.getMessage(), e);
} catch (FileNotFoundException e) {
LOG.error(e, e.getMessage());
throw new ConnectorIOException(e.getMessage(), e);
} catch (ConflictException e) {
LOG.error(e, e.getMessage());
throw new AlreadyExistsException(e);
} catch (InterruptedException e) {
LOG.error(e, e.getMessage());
throw new OperationTimeoutException(e);
}
ConnectorObjectBuilder builder = createConnectorObjectBuilderCommon(account, objectClass, attributesToGet, true);
builder.setObjectClass(ObjectClass.ACCOUNT);
// Password is not returned by default (hardcoded ICF specification)
if (account.getPassword() != null && attributesToGet != null && attributesToGet.contains(OperationalAttributes.PASSWORD_NAME)) {
switch(configuration.getPasswordReadabilityMode()) {
case DummyConfiguration.PASSWORD_READABILITY_MODE_READABLE:
GuardedString gs = new GuardedString(account.getPassword().toCharArray());
builder.addAttribute(OperationalAttributes.PASSWORD_NAME, gs);
break;
case DummyConfiguration.PASSWORD_READABILITY_MODE_INCOMPLETE:
AttributeBuilder ab = new AttributeBuilder();
ab.setName(OperationalAttributes.PASSWORD_NAME);
ab.setAttributeValueCompleteness(AttributeValueCompleteness.INCOMPLETE);
builder.addAttribute(ab.build());
break;
default:
}
}
if (account.isLockout() != null) {
builder.addAttribute(OperationalAttributes.LOCK_OUT_NAME, account.isLockout());
}
return builder.build();
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
GuardedString(org.identityconnectors.common.security.GuardedString)
ConnectException(java.net.ConnectException)
Example 15 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractModernObjectDummyConnector method changePassword.
protected void changePassword(final DummyAccount account, AttributeDelta delta) throws ConnectException, FileNotFoundException, SchemaViolationException, ConflictException {
GuardedString guardedPassword = getSingleReplaceValue(delta, GuardedString.class);
changePassword(account, guardedPassword);
}
Also used :
GuardedString(org.identityconnectors.common.security.GuardedString)
Aggregations
GuardedString (org.identityconnectors.common.security.GuardedString)29
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)8
Attribute (org.identityconnectors.framework.common.objects.Attribute)5
QName (javax.xml.namespace.QName)4
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
FileNotFoundException (java.io.FileNotFoundException)3
Field (java.lang.reflect.Field)3
ConnectException (java.net.ConnectException)3
HashSet (java.util.HashSet)3
User (org.apache.syncope.core.persistence.api.entity.user.User)3
Transactional (org.springframework.transaction.annotation.Transactional)3
ConnIdOperation (com.evolveum.midpoint.schema.reporting.ConnIdOperation)2
AsynchronousOperationResult (com.evolveum.midpoint.schema.result.AsynchronousOperationResult)2
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2
SystemException (com.evolveum.midpoint.util.exception.SystemException)2
IOException (java.io.IOException)2
Accessor (org.identityconnectors.common.security.GuardedString.Accessor)2
ObjectClass (org.identityconnectors.framework.common.objects.ObjectClass)2
Uid (org.identityconnectors.framework.common.objects.Uid)2
