Example 21 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class DummyConnector method changePassword.
private void changePassword(final DummyAccount account, Attribute attr) throws ConnectException, FileNotFoundException, SchemaViolationException, ConflictException {
final String[] passwdArray = { null };
if (attr.getValue() != null && !attr.getValue().isEmpty()) {
Object passwdObject = attr.getValue().get(0);
if (!(passwdObject instanceof GuardedString)) {
throw new IllegalArgumentException("Password was provided as " + passwdObject.getClass().getName() + " while expecting GuardedString");
}
((GuardedString) passwdObject).access(new Accessor() {
@Override
public void access(char[] passwdChars) {
if (configuration.getMinPasswordLength() != null && passwdChars.length < configuration.getMinPasswordLength()) {
throw new InvalidAttributeValueException("Password too short");
}
passwdArray[0] = new String(passwdChars);
}
});
} else {
// empty password => null
}
account.setPassword(passwdArray[0]);
}
Also used :
DummyObject(com.evolveum.icf.dummy.resource.DummyObject)
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
Accessor(org.identityconnectors.common.security.GuardedString.Accessor)
InvalidAttributeValueException(org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException)
Example 22 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project syncope by apache.
the class DBPasswordPropagationActions method before.
@Transactional(readOnly = true)
@Override
public void before(final PropagationTask task, final ConnectorObject beforeObj) {
if (AnyTypeKind.USER == task.getAnyTypeKind()) {
User user = userDAO.find(task.getEntityKey());
if (user != null && user.getPassword() != null) {
Attribute missing = AttributeUtil.find(PropagationTaskExecutor.MANDATORY_MISSING_ATTR_NAME, task.getAttributes());
ConnInstance connInstance = task.getResource().getConnector();
if (missing != null && missing.getValue() != null && missing.getValue().size() == 1 && missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME) && cipherAlgorithmMatches(getCipherAlgorithm(connInstance), user.getCipherAlgorithm())) {
Attribute passwordAttribute = AttributeBuilder.buildPassword(new GuardedString(user.getPassword().toCharArray()));
Set<Attribute> attributes = new HashSet<>(task.getAttributes());
attributes.add(passwordAttribute);
attributes.remove(missing);
Attribute hashedPasswordAttribute = AttributeBuilder.build(AttributeUtil.createSpecialName("HASHED_PASSWORD"), Boolean.TRUE);
attributes.add(hashedPasswordAttribute);
task.setAttributes(attributes);
}
}
}
}
Also used :
User(org.apache.syncope.core.persistence.api.entity.user.User)
Attribute(org.identityconnectors.framework.common.objects.Attribute)
GuardedString(org.identityconnectors.common.security.GuardedString)
ConnInstance(org.apache.syncope.core.persistence.api.entity.ConnInstance)
HashSet(java.util.HashSet)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 23 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project syncope by apache.
the class ConnIdBundleManagerImpl method initRemote.
private void initRemote(final URI location) {
// 1. Extract conf params for remote connection from given URI
String host = location.getHost();
int port = location.getPort();
GuardedString key = new GuardedString(location.getUserInfo().toCharArray());
boolean useSSL = location.getScheme().equals("connids");
List<TrustManager> trustManagers = new ArrayList<>();
String[] params = StringUtils.isBlank(location.getQuery()) ? null : location.getQuery().split("&");
if (params != null && params.length > 0) {
final String[] trustAllCerts = params[0].split("=");
if (trustAllCerts != null && trustAllCerts.length > 1 && "trustAllCerts".equalsIgnoreCase(trustAllCerts[0]) && "true".equalsIgnoreCase(trustAllCerts[1])) {
trustManagers.add(new X509TrustManager() {
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
// no checks, trust all
}
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
// no checks, trust all
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
});
}
}
LOG.debug("Configuring remote connector server:" + "\n\tHost: {}" + "\n\tPort: {}" + "\n\tKey: {}" + "\n\tUseSSL: {}" + "\n\tTrustAllCerts: {}", host, port, key, useSSL, !trustManagers.isEmpty());
RemoteFrameworkConnectionInfo info = new RemoteFrameworkConnectionInfo(host, port, key, useSSL, trustManagers, 60 * 1000);
LOG.debug("Remote connection info: {}", info);
// 2. Get connector info manager
ConnectorInfoManager manager = ConnectorInfoManagerFactory.getInstance().getRemoteManager(info);
if (manager == null) {
throw new NotFoundException("Remote ConnectorInfoManager");
}
connInfoManagers.put(location, manager);
}
Also used :
ArrayList(java.util.ArrayList)
NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException)
CertificateException(java.security.cert.CertificateException)
GuardedString(org.identityconnectors.common.security.GuardedString)
GuardedString(org.identityconnectors.common.security.GuardedString)
X509Certificate(java.security.cert.X509Certificate)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
ConnectorInfoManager(org.identityconnectors.framework.api.ConnectorInfoManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
RemoteFrameworkConnectionInfo(org.identityconnectors.framework.api.RemoteFrameworkConnectionInfo)
Example 24 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class DummyConnector method getFooConnectorObject.
private ConnectorObject getFooConnectorObject() {
ConnectorObjectBuilder builder = new ConnectorObjectBuilder();
builder.setUid("foo");
builder.addAttribute(Name.NAME, "foo");
builder.addAttribute(FAKE_ATTR_NAME, "fake foo");
GuardedString gs = new GuardedString("sup3rS3cr3tFak3".toCharArray());
builder.addAttribute(OperationalAttributes.PASSWORD_NAME, gs);
builder.addAttribute(OperationalAttributes.ENABLE_NAME, true);
return builder.build();
}
Also used :
GuardedString(org.identityconnectors.common.security.GuardedString)
Example 25 with GuardedString
use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.
the class AbstractObjectDummyConnector method changePassword.
protected void changePassword(final DummyAccount account, GuardedString guardedString) throws ConnectException, FileNotFoundException, SchemaViolationException, ConflictException {
String password = getString(guardedString);
checkPasswordPolicies(password);
account.setPassword(password);
}
Also used :
GuardedString(org.identityconnectors.common.security.GuardedString)
Aggregations
GuardedString (org.identityconnectors.common.security.GuardedString)29
ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)8
Attribute (org.identityconnectors.framework.common.objects.Attribute)5
QName (javax.xml.namespace.QName)4
EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3
OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3
FileNotFoundException (java.io.FileNotFoundException)3
Field (java.lang.reflect.Field)3
ConnectException (java.net.ConnectException)3
HashSet (java.util.HashSet)3
User (org.apache.syncope.core.persistence.api.entity.user.User)3
Transactional (org.springframework.transaction.annotation.Transactional)3
ConnIdOperation (com.evolveum.midpoint.schema.reporting.ConnIdOperation)2
AsynchronousOperationResult (com.evolveum.midpoint.schema.result.AsynchronousOperationResult)2
SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2
SystemException (com.evolveum.midpoint.util.exception.SystemException)2
IOException (java.io.IOException)2
Accessor (org.identityconnectors.common.security.GuardedString.Accessor)2
ObjectClass (org.identityconnectors.framework.common.objects.ObjectClass)2
Uid (org.identityconnectors.framework.common.objects.Uid)2
