Examples with GuardedString org.identityconnectors.common.security.GuardedString used on opensource projects

Example 16 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method addObject.

@Override
public AsynchronousOperationReturnValue<Collection<ResourceAttribute<?>>> addObject(PrismObject<? extends ShadowType> shadow, UcfExecutionContext ctx, OperationResult parentResult) throws CommunicationException, GenericFrameworkException, SchemaException, ObjectAlreadyExistsException, ConfigurationException, SecurityViolationException, PolicyViolationException {
    validateShadow(shadow, "add", false);
    ShadowType shadowType = shadow.asObjectable();
    ResourceAttributeContainer attributesContainer = ShadowUtil.getAttributesContainer(shadow);
    OperationResult result = parentResult.createSubresult(ConnectorInstance.class.getName() + ".addObject");
    result.addParam("resourceObject", shadow);
    ResourceObjectDefinition ocDef;
    ResourceAttributeContainerDefinition attrContDef = attributesContainer.getDefinition();
    if (attrContDef != null) {
        ocDef = attrContDef.getComplexTypeDefinition();
    } else {
        ocDef = rawResourceSchema.findObjectClassDefinition(shadow.asObjectable().getObjectClass());
        if (ocDef == null) {
            throw new SchemaException("Unknown object class " + shadow.asObjectable().getObjectClass());
        }
    }
    // getting icf object class from resource object class
    ObjectClass icfObjectClass = connIdNameMapper.objectClassToConnId(shadow, connectorType, BooleanUtils.isNotFalse(legacySchema));
    if (icfObjectClass == null) {
        result.recordFatalError("Couldn't get icf object class from " + shadow);
        throw new IllegalArgumentException("Couldn't get icf object class from " + shadow);
    }
    // setting ifc attributes from resource object attributes
    Set<Attribute> attributes;
    try {
        LOGGER.trace("midPoint object before conversion:\n{}", attributesContainer.debugDumpLazily());
        attributes = connIdConvertor.convertFromResourceObjectToConnIdAttributes(attributesContainer, ocDef);
        if (shadowType.getCredentials() != null && shadowType.getCredentials().getPassword() != null) {
            PasswordType password = shadowType.getCredentials().getPassword();
            ProtectedStringType protectedString = password.getValue();
            GuardedString guardedPassword = ConnIdUtil.toGuardedString(protectedString, "new password", protector);
            if (guardedPassword != null) {
                attributes.add(AttributeBuilder.build(OperationalAttributes.PASSWORD_NAME, guardedPassword));
            }
        }
        if (ActivationUtil.hasAdministrativeActivation(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_NAME, ActivationUtil.isAdministrativeEnabled(shadowType)));
        }
        if (ActivationUtil.hasValidFrom(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.ENABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidFrom())));
        }
        if (ActivationUtil.hasValidTo(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.DISABLE_DATE_NAME, XmlTypeConverter.toMillis(shadowType.getActivation().getValidTo())));
        }
        if (ActivationUtil.hasLockoutStatus(shadowType)) {
            attributes.add(AttributeBuilder.build(OperationalAttributes.LOCK_OUT_NAME, ActivationUtil.isLockedOut(shadowType)));
        }
        LOGGER.trace("ConnId attributes after conversion:\n{}", lazy(() -> ConnIdUtil.dump(attributes)));
    } catch (SchemaException | RuntimeException ex) {
        result.recordFatalError("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
        throw new SchemaException("Error while converting resource object attributes. Reason: " + ex.getMessage(), ex);
    }
    List<String> icfAuxiliaryObjectClasses = new ArrayList<>();
    for (QName auxiliaryObjectClass : shadowType.getAuxiliaryObjectClass()) {
        icfAuxiliaryObjectClasses.add(connIdNameMapper.objectClassToConnId(auxiliaryObjectClass, connectorType, false).getObjectClassValue());
    }
    if (!icfAuxiliaryObjectClasses.isEmpty()) {
        AttributeBuilder ab = new AttributeBuilder();
        ab.setName(PredefinedAttributes.AUXILIARY_OBJECT_CLASS_NAME);
        ab.addValue(icfAuxiliaryObjectClasses);
        attributes.add(ab.build());
    }
    OperationOptionsBuilder operationOptionsBuilder = new OperationOptionsBuilder();
    OperationOptions options = operationOptionsBuilder.build();
    OperationResult connIdResult = result.createSubresult(ConnectorFacade.class.getName() + ".create");
    connIdResult.addArbitraryObjectAsParam("objectClass", icfObjectClass);
    connIdResult.addArbitraryObjectCollectionAsParam("auxiliaryObjectClasses", icfAuxiliaryObjectClasses);
    connIdResult.addArbitraryObjectCollectionAsParam("attributes", attributes);
    connIdResult.addArbitraryObjectAsParam("options", options);
    connIdResult.addContext("connector", connIdConnectorFacade.getClass());
    // CALL THE ConnId FRAMEWORK
    InternalMonitor.recordConnectorOperation("create");
    InternalMonitor.recordConnectorModification("create");
    ConnIdOperation operation = recordIcfOperationStart(ctx, ProvisioningOperation.ICF_CREATE, ocDef, null);
    Uid uid;
    try {
        LOGGER.trace("Calling ConnId create for {}", operation);
        uid = connIdConnectorFacade.create(icfObjectClass, attributes, options);
        if (operation != null && uid != null) {
            operation.setUid(uid.getUidValue());
        }
        recordIcfOperationEnd(ctx, operation, null);
    } catch (Throwable ex) {
        recordIcfOperationEnd(ctx, operation, ex);
        Throwable midpointEx = processConnIdException(ex, this, connIdResult);
        result.computeStatus("Add object failed");
        // exception
        if (midpointEx instanceof ObjectAlreadyExistsException) {
            throw (ObjectAlreadyExistsException) midpointEx;
        } else if (midpointEx instanceof CommunicationException) {
            // result.muteError();
            throw (CommunicationException) midpointEx;
        } else if (midpointEx instanceof GenericFrameworkException) {
            throw (GenericFrameworkException) midpointEx;
        } else if (midpointEx instanceof SchemaException) {
            throw (SchemaException) midpointEx;
        } else if (midpointEx instanceof ConfigurationException) {
            throw (ConfigurationException) midpointEx;
        } else if (midpointEx instanceof SecurityViolationException) {
            throw (SecurityViolationException) midpointEx;
        } else if (midpointEx instanceof PolicyViolationException) {
            throw (PolicyViolationException) midpointEx;
        } else if (midpointEx instanceof RuntimeException) {
            throw (RuntimeException) midpointEx;
        } else if (midpointEx instanceof Error) {
            throw (Error) midpointEx;
        } else {
            throw new SystemException("Got unexpected exception: " + ex.getClass().getName() + ": " + ex.getMessage(), ex);
        }
    }
    if (uid == null || uid.getUidValue() == null || uid.getUidValue().isEmpty()) {
        connIdResult.recordFatalError("ConnId did not returned UID after create");
        result.computeStatus("Add object failed");
        throw new GenericFrameworkException("ConnId did not returned UID after create");
    }
    Collection<ResourceAttribute<?>> identifiers = ConnIdUtil.convertToIdentifiers(uid, attributesContainer.getDefinition().getComplexTypeDefinition(), rawResourceSchema);
    for (ResourceAttribute<?> identifier : identifiers) {
        attributesContainer.getValue().addReplaceExisting(identifier);
    }
    connIdResult.recordSuccess();
    result.computeStatus();
    return AsynchronousOperationReturnValue.wrap(attributesContainer.getAttributes(), result);
}

Example 17 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnectorInstanceConnIdImpl method createConnIdOptions.

private OperationOptions createConnIdOptions(ConnectorOperationOptions options, Collection<Operation> changes) throws SchemaException {
    OperationOptionsBuilder connIdOptionsBuilder = new OperationOptionsBuilder();
    if (options != null) {
        ResourceObjectIdentification runAsIdentification = options.getRunAsIdentification();
        if (runAsIdentification != null) {
            connIdOptionsBuilder.setRunAsUser(getNameValue(runAsIdentification));
            // This is quite a black magic. But we do not have a better way now.
            for (Operation change : changes) {
                if (change instanceof PropertyModificationOperation) {
                    PropertyDelta propertyDelta = ((PropertyModificationOperation) change).getPropertyDelta();
                    if (!propertyDelta.getPath().equivalent(SchemaConstants.PATH_PASSWORD_VALUE)) {
                        continue;
                    }
                    Collection<PrismPropertyValue<ProtectedStringType>> oldValues = propertyDelta.getEstimatedOldValues();
                    if (oldValues == null || oldValues.isEmpty()) {
                        continue;
                    }
                    ProtectedStringType oldPassword = oldValues.iterator().next().getValue();
                    if (oldPassword != null) {
                        GuardedString oldPasswordGs = ConnIdUtil.toGuardedString(oldPassword, "runAs password", protector);
                        connIdOptionsBuilder.setRunWithPassword(oldPasswordGs);
                    }
                }
            }
        }
    }
    return connIdOptionsBuilder.build();
}

Example 18 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnIdToMidPointConversion method fromGuardedString.

private ProtectedStringType fromGuardedString(GuardedString icfValue) {
    final ProtectedStringType ps = new ProtectedStringType();
    icfValue.access(passwordChars -> {
        try {
            ps.setClearValue(new String(passwordChars));
            connIdConvertor.protector.encrypt(ps);
        } catch (EncryptionException e) {
            throw new IllegalStateException("Protector failed to encrypt password");
        }
    });
    return ps;
}

Example 19 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnectorFactoryConnIdImpl method getRemoteConnectorInfoManager.

/**
 * Returns ICF connector info manager that manages local connectors. The
 * manager will be created if it does not exist yet.
 *
 * @return ICF connector info manager that manages local connectors
 */
private ConnectorInfoManager getRemoteConnectorInfoManager(ConnectorHostType hostType) {
    String hostname = hostType.getHostname();
    int port = Integer.parseInt(hostType.getPort());
    GuardedString key;
    try {
        key = new GuardedString(protector.decryptString(hostType.getSharedSecret()).toCharArray());
    } catch (EncryptionException e) {
        throw new SystemException("Shared secret decryption error: " + e.getMessage(), e);
    }
    Integer timeout = hostType.getTimeout();
    if (timeout == null) {
        timeout = 0;
    }
    boolean useSSL = false;
    if (hostType.isProtectConnection() != null) {
        useSSL = hostType.isProtectConnection();
    }
    List<TrustManager> trustManagers = protector.getTrustManagers();
    LOGGER.trace("Creating RemoteFrameworkConnectionInfo: hostname={}, port={}, key={}, useSSL={}, trustManagers={}, timeout={}", hostname, port, key, useSSL, trustManagers, timeout);
    RemoteFrameworkConnectionInfo remoteFramewrorkInfo = new RemoteFrameworkConnectionInfo(hostname, port, key, useSSL, trustManagers, timeout);
    return connectorInfoManagerFactory.getRemoteManager(remoteFramewrorkInfo);
}

Example 20 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project CzechIdMng by bcvsolutions.

the class ConnIdIcConvertUtil method convertConnIdAttributeInfo.

public static IcAttributeInfo convertConnIdAttributeInfo(AttributeInfo attribute) {
    if (attribute == null) {
        return null;
    }
    IcAttributeInfoImpl icAttribute = new IcAttributeInfoImpl();
    if (attribute.getType() != null) {
        if (GuardedString.class.isAssignableFrom(attribute.getType())) {
            // We do converse between BCV GuardedString and ConnId
            // GuardedString
            icAttribute.setClassType(eu.bcvsolutions.idm.core.security.api.domain.GuardedString.class.getName());
        } else {
            icAttribute.setClassType(attribute.getType().getName());
        }
    }
    icAttribute.setCreateable(attribute.isCreateable());
    icAttribute.setMultivalued(attribute.isMultiValued());
    icAttribute.setName(attribute.getName());
    icAttribute.setReadable(attribute.isReadable());
    icAttribute.setRequired(attribute.isRequired());
    icAttribute.setReturnedByDefault(attribute.isReturnedByDefault());
    icAttribute.setUpdateable(attribute.isUpdateable());
    return icAttribute;
}