Examples with GuardedString org.identityconnectors.common.security.GuardedString used on opensource projects

Search in sources :

Example 26 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class AbstractObjectDummyConnector method getString.

protected String getString(GuardedString guardedString) {
    if (guardedString == null) {
        return null;
    }
    final String[] passwdArray = { null };
    guardedString.access(new Accessor() {

        @Override
        public void access(char[] passwdChars) {
            String password = new String(passwdChars);
            checkPasswordPolicies(password);
            passwdArray[0] = password;
        }
    });
    return passwdArray[0];
}
Also used : GuardedString(org.identityconnectors.common.security.GuardedString) Accessor(org.identityconnectors.common.security.GuardedString.Accessor)

Example 27 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class ConnectorFactoryConnIdImpl method selfTestGuardedString.

private void selfTestGuardedString(OperationResult parentTestResult) {
    OperationResult result = parentTestResult.createSubresult(ConnectorFactoryConnIdImpl.class + ".selfTestGuardedString");
    OperationResult subresult = result.createSubresult(ConnectorFactoryConnIdImpl.class + ".selfTestGuardedString.encryptorReflection");
    EncryptorFactory encryptorFactory = EncryptorFactory.getInstance();
    subresult.addReturn("encryptorFactoryImpl", encryptorFactory.getClass());
    LOGGER.debug("Encryptor factory implementation class: {}", encryptorFactory.getClass());
    Encryptor encryptor = EncryptorFactory.getInstance().newRandomEncryptor();
    subresult.addReturn("encryptorImpl", encryptor.getClass());
    LOGGER.debug("Encryptor implementation class: {}", encryptor.getClass());
    if (encryptor.getClass().getName().equals("org.identityconnectors.common.security.impl.EncryptorImpl")) {
        // let's do some reflection magic to have a look inside
        try {
            LOGGER.trace("Encryptor fields: {}", Arrays.asList(encryptor.getClass().getDeclaredFields()));
            Field keyField = encryptor.getClass().getDeclaredField("key");
            keyField.setAccessible(true);
            Key key = (Key) keyField.get(encryptor);
            subresult.addReturn("keyAlgorithm", key.getAlgorithm());
            subresult.addReturn("keyLength", key.getEncoded().length * 8);
            subresult.addReturn("keyFormat", key.getFormat());
            subresult.recordSuccess();
        } catch (IllegalArgumentException | SecurityException | NoSuchFieldException | IllegalAccessException e) {
            subresult.recordPartialError("Reflection introspection failed", e);
        }
    }
    OperationResult encryptorSubresult = result.createSubresult(ConnectorFactoryConnIdImpl.class + ".selfTestGuardedString.encryptor");
    try {
        String plainString = "Scurvy seadog";
        byte[] encryptedBytes = encryptor.encrypt(plainString.getBytes());
        byte[] decryptedBytes = encryptor.decrypt(encryptedBytes);
        String decryptedString = new String(decryptedBytes);
        if (!plainString.equals(decryptedString)) {
            encryptorSubresult.recordFatalError("Encryptor roundtrip failed; encrypted=" + plainString + ", decrypted=" + decryptedString);
        } else {
            encryptorSubresult.recordSuccess();
        }
    } catch (Throwable e) {
        LOGGER.error("Encryptor operation error: {}", e.getMessage(), e);
        encryptorSubresult.recordFatalError("Encryptor operation error: " + e.getMessage(), e);
    }
    final OperationResult guardedStringSubresult = result.createSubresult(ConnectorFactoryConnIdImpl.class + ".selfTestGuardedString.guardedString");
    // try to encrypt and decrypt GuardedString
    try {
        final String origString = "Shiver me timbers";
        // This should encrypt it
        GuardedString guardedString = new GuardedString(origString.toCharArray());
        // and this should decrypt it
        guardedString.access(new GuardedString.Accessor() {

            @Override
            public void access(char[] decryptedChars) {
                if (!(new String(decryptedChars)).equals(origString)) {
                    guardedStringSubresult.recordFatalError("GuardedString roundtrip failed; encrypted=" + origString + ", decrypted=" + (new String(decryptedChars)));
                }
            }
        });
        guardedStringSubresult.recordSuccessIfUnknown();
    } catch (Throwable e) {
        LOGGER.error("GuardedString operation error: {}", e.getMessage(), e);
        guardedStringSubresult.recordFatalError("GuardedString operation error: " + e.getMessage(), e);
    }
    result.computeStatus();
}
Also used : OperationResult(com.evolveum.midpoint.schema.result.OperationResult) Encryptor(org.identityconnectors.common.security.Encryptor) GuardedString(org.identityconnectors.common.security.GuardedString) GuardedString(org.identityconnectors.common.security.GuardedString) Field(java.lang.reflect.Field) EncryptorFactory(org.identityconnectors.common.security.EncryptorFactory) Key(java.security.Key)

Example 28 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project midpoint by Evolveum.

the class DeltaModificationConverter method collectPassword.

@Override
protected void collectPassword(PropertyDelta<ProtectedStringType> passwordDelta) throws SchemaException {
    if (isSelfPasswordChange(passwordDelta)) {
        AttributeDeltaBuilder deltaBuilder = new AttributeDeltaBuilder();
        deltaBuilder.setName(OperationalAttributes.PASSWORD_NAME);
        PrismProperty<ProtectedStringType> newPasswordProperty = passwordDelta.getPropertyNewMatchingPath();
        GuardedString newPasswordGs = passwordToGuardedString(newPasswordProperty.getRealValue(), "new password");
        deltaBuilder.addValueToAdd(newPasswordGs);
        ProtectedStringType oldPasswordPs = passwordDelta.getEstimatedOldValues().iterator().next().getRealValue();
        GuardedString oldPasswordGs = passwordToGuardedString(oldPasswordPs, "old password");
        deltaBuilder.addValueToRemove(oldPasswordGs);
        attributesDelta.add(deltaBuilder.build());
    } else {
        super.collectPassword(passwordDelta);
    }
}
Also used : AttributeDeltaBuilder(org.identityconnectors.framework.common.objects.AttributeDeltaBuilder) GuardedString(org.identityconnectors.common.security.GuardedString) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)

Example 29 with GuardedString

use of org.identityconnectors.common.security.GuardedString in project CzechIdMng by bcvsolutions.

the class CrossDomainAdUserConnectorTypeTest method testConnectorConfigurationLoginInformations.

@Test
public void testConnectorConfigurationLoginInformations() {
    ConnectorType connectorType = connectorManager.getConnectorType(MockCrossDomainAdUserConnectorType.NAME);
    SysSystemDto systemDto = initSystem(connectorType);
    SysSystemAttributeMappingFilter filter = new SysSystemAttributeMappingFilter();
    filter.setSystemId(systemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    List<SysSystemAttributeMappingDto> attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    SysSystemAttributeMappingDto ldapGroupsAttribute = attributes.stream().findFirst().get();
    // Creates cross-domain group.
    SysSystemGroupDto groupSystemDto = new SysSystemGroupDto();
    groupSystemDto.setCode(getHelper().createName());
    groupSystemDto.setType(SystemGroupType.CROSS_DOMAIN);
    groupSystemDto = systemGroupService.save(groupSystemDto);
    SysSystemGroupSystemDto systemGroupSystemOne = new SysSystemGroupSystemDto();
    systemGroupSystemOne.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemOne.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemOne.setSystem(systemDto.getId());
    systemGroupSystemService.save(systemGroupSystemOne);
    IcConnectorConfiguration connectorConfiguration = connectorType.getConnectorConfiguration(systemDto);
    Object otherSystemInGroupsObj = connectorConfiguration.getSystemOperationOptions().get(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_SYSTEM_IDS);
    // No others systems are in cross-domain groups.
    assertNotNull(otherSystemInGroupsObj);
    assertTrue(((String) otherSystemInGroupsObj).isEmpty());
    SysSystemDto otherSystemDto = initSystem(connectorType);
    filter.setSystemId(otherSystemDto.getId());
    filter.setName(MockCrossDomainAdUserConnectorType.LDAP_GROUPS_ATTRIBUTE);
    attributes = attributeMappingService.find(filter, null).getContent();
    assertEquals(1, attributes.size());
    ldapGroupsAttribute = attributes.stream().findFirst().get();
    SysSystemGroupSystemDto systemGroupSystemTwo = new SysSystemGroupSystemDto();
    systemGroupSystemTwo.setSystemGroup(groupSystemDto.getId());
    systemGroupSystemTwo.setMergeAttribute(ldapGroupsAttribute.getId());
    systemGroupSystemTwo.setSystem(otherSystemDto.getId());
    systemGroupSystemTwo = systemGroupSystemService.save(systemGroupSystemTwo);
    connectorConfiguration = connectorType.getConnectorConfiguration(systemDto);
    otherSystemInGroupsObj = connectorConfiguration.getSystemOperationOptions().get(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_SYSTEM_IDS);
    // One other system is in cross-domain groups.
    assertNotNull(otherSystemInGroupsObj);
    String[] otherSystemInGroupsSplited = ((String) otherSystemInGroupsObj).split(",");
    assertEquals(1, otherSystemInGroupsSplited.length);
    assertEquals(otherSystemDto.getId().toString(), otherSystemInGroupsSplited[0]);
    IcConnectorConfiguration connectorConfigurationOtherSystem = systemService.getConnectorConfiguration(otherSystemDto);
    // Check host property.
    IcConfigurationProperty hostProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.HOST.equals(property.getName())).findFirst().get();
    String host = (String) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_HOST_PATTERN, otherSystemDto.getId().toString()));
    assertEquals(hostProperty.getValue(), host);
    // Check user property.
    IcConfigurationProperty userProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.PRINCIPAL.equals(property.getName())).findFirst().get();
    String user = (String) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_USER_PATTERN, otherSystemDto.getId().toString()));
    assertEquals(userProperty.getValue(), user);
    // Check password property.
    IcConfigurationProperty passwordProperty = connectorConfigurationOtherSystem.getConfigurationProperties().getProperties().stream().filter(property -> MockCrossDomainAdUserConnectorType.CREDENTIALS.equals(property.getName())).findFirst().get();
    GuardedString password = (GuardedString) connectorConfiguration.getSystemOperationOptions().get(MessageFormat.format(MockCrossDomainAdUserConnectorType.CROSS_DOMAIN_PASSWORD_PATTERN, otherSystemDto.getId().toString()));
    assertEquals((SecurityUtil.decrypt((GuardedString) passwordProperty.getValue())), SecurityUtil.decrypt(password));
    // Clean
    systemGroupService.delete(groupSystemDto);
    assertNull(systemGroupSystemService.get(systemGroupSystemTwo));
    systemService.delete(systemDto);
}
Also used : IcConnectorConfiguration(eu.bcvsolutions.idm.ic.api.IcConnectorConfiguration) MockCrossDomainAdUserConnectorType(eu.bcvsolutions.idm.acc.service.impl.mock.MockCrossDomainAdUserConnectorType) ConnectorType(eu.bcvsolutions.idm.acc.service.api.ConnectorType) SysSystemAttributeMappingFilter(eu.bcvsolutions.idm.acc.dto.filter.SysSystemAttributeMappingFilter) SysSystemGroupDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupDto) SysSystemAttributeMappingDto(eu.bcvsolutions.idm.acc.dto.SysSystemAttributeMappingDto) GuardedString(org.identityconnectors.common.security.GuardedString) GuardedString(org.identityconnectors.common.security.GuardedString) SysSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemDto) SysSystemGroupSystemDto(eu.bcvsolutions.idm.acc.dto.SysSystemGroupSystemDto) IcConfigurationProperty(eu.bcvsolutions.idm.ic.api.IcConfigurationProperty) IcConnectorObject(eu.bcvsolutions.idm.ic.api.IcConnectorObject) AbstractIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractIntegrationTest) Test(org.junit.Test)

Aggregations

GuardedString (org.identityconnectors.common.security.GuardedString)29 ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)8 Attribute (org.identityconnectors.framework.common.objects.Attribute)5 QName (javax.xml.namespace.QName)4 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 FileNotFoundException (java.io.FileNotFoundException)3 Field (java.lang.reflect.Field)3 ConnectException (java.net.ConnectException)3 HashSet (java.util.HashSet)3 User (org.apache.syncope.core.persistence.api.entity.user.User)3 Transactional (org.springframework.transaction.annotation.Transactional)3 ConnIdOperation (com.evolveum.midpoint.schema.reporting.ConnIdOperation)2 AsynchronousOperationResult (com.evolveum.midpoint.schema.result.AsynchronousOperationResult)2 SchemaException (com.evolveum.midpoint.util.exception.SchemaException)2 SystemException (com.evolveum.midpoint.util.exception.SystemException)2 IOException (java.io.IOException)2 Accessor (org.identityconnectors.common.security.GuardedString.Accessor)2 ObjectClass (org.identityconnectors.framework.common.objects.ObjectClass)2 Uid (org.identityconnectors.framework.common.objects.Uid)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial