Example 1 with X509CertificateValue
use of password.pwm.config.value.X509CertificateValue in project pwm by pwm-project.
the class LdapCertImportFunction method provideFunction.
@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final StringArrayValue ldapUrlsValue = (StringArrayValue) storedConfiguration.readSetting(PwmSetting.LDAP_SERVER_URLS, profile);
final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();
try {
if (ldapUrlsValue != null && ldapUrlsValue.toNativeObject() != null) {
final List<String> ldapUrlStrings = ldapUrlsValue.toNativeObject();
for (final String ldapUrlString : ldapUrlStrings) {
final URI ldapURI = new URI(ldapUrlString);
final List<X509Certificate> certs = X509Utils.readRemoteCertificates(ldapURI);
if (certs != null) {
resultCertificates.addAll(certs);
}
}
}
} catch (Exception e) {
if (e instanceof PwmException) {
throw new PwmOperationalException(((PwmException) e).getErrorInformation());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error importing certificates: " + e.getMessage());
throw new PwmOperationalException(errorInformation);
}
final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
storedConfiguration.writeSetting(setting, profile, new X509CertificateValue(resultCertificates), userIdentity);
return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
URI(java.net.URI)
X509Certificate(java.security.cert.X509Certificate)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmSession(password.pwm.http.PwmSession)
StringArrayValue(password.pwm.config.value.StringArrayValue)
Example 2 with X509CertificateValue
use of password.pwm.config.value.X509CertificateValue in project pwm by pwm-project.
the class SyslogCertImportFunction method provideFunction.
@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
boolean error = false;
Exception exeception = null;
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();
final List<String> syslogConfigStrs = (List<String>) storedConfiguration.readSetting(PwmSetting.AUDIT_SYSLOG_SERVERS).toNativeObject();
if (syslogConfigStrs != null && !syslogConfigStrs.isEmpty()) {
for (String entry : syslogConfigStrs) {
if (entry.toUpperCase().startsWith("TLS")) {
final SyslogAuditService.SyslogConfig syslogConfig = SyslogAuditService.SyslogConfig.fromConfigString(entry);
if (syslogConfig != null) {
try {
final List<X509Certificate> certs = X509Utils.readRemoteCertificates(syslogConfig.getHost(), syslogConfig.getPort());
if (certs != null) {
resultCertificates.addAll(certs);
error = false;
}
} catch (Exception e) {
error = true;
exeception = e;
}
}
}
}
}
if (!error) {
final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
storedConfiguration.writeSetting(setting, new X509CertificateValue(resultCertificates), userIdentity);
return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
} else {
if (exeception instanceof PwmException) {
throw new PwmOperationalException(((PwmException) exeception).getErrorInformation());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error importing certificates: " + exeception.getMessage());
throw new PwmOperationalException(errorInformation);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PwmApplication(password.pwm.PwmApplication)
SyslogAuditService(password.pwm.svc.event.SyslogAuditService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
X509Certificate(java.security.cert.X509Certificate)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
List(java.util.List)
PwmSession(password.pwm.http.PwmSession)
Example 3 with X509CertificateValue
use of password.pwm.config.value.X509CertificateValue in project pwm by pwm-project.
the class ConfigGuideForm method generateStoredConfig.
public static StoredConfigurationImpl generateStoredConfig(final ConfigGuideBean configGuideBean) throws PwmUnrecoverableException {
final Map<ConfigGuideFormField, String> formData = configGuideBean.getFormData();
final StoredConfigurationImpl storedConfiguration = StoredConfigurationImpl.newStoredConfiguration();
// templates
updateStoredConfigTemplateValue(formData, storedConfiguration, PwmSetting.TEMPLATE_LDAP, ConfigGuideFormField.PARAM_TEMPLATE_LDAP, PwmSettingTemplate.Type.LDAP_VENDOR);
updateStoredConfigTemplateValue(formData, storedConfiguration, PwmSetting.TEMPLATE_STORAGE, ConfigGuideFormField.PARAM_TEMPLATE_STORAGE, PwmSettingTemplate.Type.STORAGE);
updateStoredConfigTemplateValue(formData, storedConfiguration, PwmSetting.DB_VENDOR_TEMPLATE, ConfigGuideFormField.PARAM_DB_VENDOR, PwmSettingTemplate.Type.DB_VENDOR);
// establish a default ldap profile
storedConfiguration.writeSetting(PwmSetting.LDAP_PROFILE_LIST, null, new StringArrayValue(Collections.singletonList(LDAP_PROFILE_NAME)), null);
{
final String newLdapURI = figureLdapUrlFromFormConfig(formData);
final StringArrayValue newValue = new StringArrayValue(Collections.singletonList(newLdapURI));
storedConfiguration.writeSetting(PwmSetting.LDAP_SERVER_URLS, LDAP_PROFILE_NAME, newValue, null);
}
if (configGuideBean.isUseConfiguredCerts()) {
final StoredValue newStoredValue = new X509CertificateValue(configGuideBean.getLdapCertificates());
storedConfiguration.writeSetting(PwmSetting.LDAP_SERVER_CERTS, LDAP_PROFILE_NAME, newStoredValue, null);
}
{
// proxy/admin account
final String ldapAdminDN = formData.get(ConfigGuideFormField.PARAM_LDAP_PROXY_DN);
final String ldapAdminPW = formData.get(ConfigGuideFormField.PARAM_LDAP_PROXY_PW);
storedConfiguration.writeSetting(PwmSetting.LDAP_PROXY_USER_DN, LDAP_PROFILE_NAME, new StringValue(ldapAdminDN), null);
final PasswordValue passwordValue = new PasswordValue(PasswordData.forStringValue(ldapAdminPW));
storedConfiguration.writeSetting(PwmSetting.LDAP_PROXY_USER_PASSWORD, LDAP_PROFILE_NAME, passwordValue, null);
}
storedConfiguration.writeSetting(PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_NAME, new StringArrayValue(Collections.singletonList(formData.get(ConfigGuideFormField.PARAM_LDAP_CONTEXT))), null);
{
final String ldapContext = formData.get(ConfigGuideFormField.PARAM_LDAP_CONTEXT);
storedConfiguration.writeSetting(PwmSetting.LDAP_CONTEXTLESS_ROOT, LDAP_PROFILE_NAME, new StringArrayValue(Collections.singletonList(ldapContext)), null);
}
{
final boolean testuserEnabled = Boolean.parseBoolean(formData.get(ConfigGuideFormField.PARAM_LDAP_TEST_USER_ENABLED));
if (testuserEnabled) {
final String ldapTestUserDN = formData.get(ConfigGuideFormField.PARAM_LDAP_TEST_USER);
storedConfiguration.writeSetting(PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_NAME, new StringValue(ldapTestUserDN), null);
} else {
storedConfiguration.resetSetting(PwmSetting.LDAP_TEST_USER_DN, LDAP_PROFILE_NAME, null);
}
}
{
// set admin query
final String groupDN = formData.get(ConfigGuideFormField.PARAM_LDAP_ADMIN_GROUP);
final List<UserPermission> userPermissions = Collections.singletonList(new UserPermission(UserPermission.Type.ldapGroup, null, null, groupDN));
storedConfiguration.writeSetting(PwmSetting.QUERY_MATCH_PWM_ADMIN, new UserPermissionValue(userPermissions), null);
}
{
// database
final String dbClass = formData.get(ConfigGuideFormField.PARAM_DB_CLASSNAME);
storedConfiguration.writeSetting(PwmSetting.DATABASE_CLASS, null, new StringValue(dbClass), null);
final String dbUrl = formData.get(ConfigGuideFormField.PARAM_DB_CONNECT_URL);
storedConfiguration.writeSetting(PwmSetting.DATABASE_URL, null, new StringValue(dbUrl), null);
final String dbUser = formData.get(ConfigGuideFormField.PARAM_DB_USERNAME);
storedConfiguration.writeSetting(PwmSetting.DATABASE_USERNAME, null, new StringValue(dbUser), null);
final String dbPassword = formData.get(ConfigGuideFormField.PARAM_DB_PASSWORD);
final PasswordValue passwordValue = new PasswordValue(PasswordData.forStringValue(dbPassword));
storedConfiguration.writeSetting(PwmSetting.DATABASE_PASSWORD, null, passwordValue, null);
final FileValue jdbcDriver = configGuideBean.getDatabaseDriver();
if (jdbcDriver != null) {
storedConfiguration.writeSetting(PwmSetting.DATABASE_JDBC_DRIVER, null, jdbcDriver, null);
}
}
{
// telemetry
final boolean telemetryEnabled = Boolean.parseBoolean(formData.get(ConfigGuideFormField.PARAM_TELEMETRY_ENABLE));
storedConfiguration.writeSetting(PwmSetting.PUBLISH_STATS_ENABLE, null, new BooleanValue(telemetryEnabled), null);
final String siteDescription = formData.get(ConfigGuideFormField.PARAM_TELEMETRY_DESCRIPTION);
storedConfiguration.writeSetting(PwmSetting.PUBLISH_STATS_SITE_DESCRIPTION, null, new StringValue(siteDescription), null);
}
// cr policy
if (formData.containsKey(ConfigGuideFormField.CHALLENGE_RESPONSE_DATA)) {
final String stringValue = formData.get(ConfigGuideFormField.CHALLENGE_RESPONSE_DATA);
final StoredValue challengeValue = ChallengeValue.factory().fromJson(stringValue);
storedConfiguration.writeSetting(PwmSetting.CHALLENGE_RANDOM_CHALLENGES, "default", challengeValue, null);
}
// set site url
storedConfiguration.writeSetting(PwmSetting.PWM_SITE_URL, new StringValue(formData.get(ConfigGuideFormField.PARAM_APP_SITEURL)), null);
// enable debug mode
storedConfiguration.writeSetting(PwmSetting.DISPLAY_SHOW_DETAILED_ERRORS, null, new BooleanValue(true), null);
return storedConfiguration;
}
Also used :
FileValue(password.pwm.config.value.FileValue)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
StoredValue(password.pwm.config.StoredValue)
UserPermissionValue(password.pwm.config.value.UserPermissionValue)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PasswordValue(password.pwm.config.value.PasswordValue)
BooleanValue(password.pwm.config.value.BooleanValue)
List(java.util.List)
StringValue(password.pwm.config.value.StringValue)
StringArrayValue(password.pwm.config.value.StringArrayValue)
UserPermission(password.pwm.config.value.data.UserPermission)
Example 4 with X509CertificateValue
use of password.pwm.config.value.X509CertificateValue in project pwm by pwm-project.
the class ConfigEditorServlet method restReadSetting.
@ActionHandler(action = "readSetting")
private ProcessStatus restReadSetting(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException {
final ConfigManagerBean configManagerBean = getBean(pwmRequest);
final StoredConfigurationImpl storedConfig = configManagerBean.getStoredConfiguration();
final String key = pwmRequest.readParameterAsString("key");
final Object returnValue;
final LinkedHashMap<String, Object> returnMap = new LinkedHashMap<>();
final PwmSetting theSetting = PwmSetting.forKey(key);
if (key.startsWith("localeBundle")) {
final StringTokenizer st = new StringTokenizer(key, "-");
st.nextToken();
final PwmLocaleBundle bundleName = PwmLocaleBundle.valueOf(st.nextToken());
final String keyName = st.nextToken();
final Map<String, String> bundleMap = storedConfig.readLocaleBundleMap(bundleName.getTheClass().getName(), keyName);
if (bundleMap == null || bundleMap.isEmpty()) {
final Map<String, String> defaultValueMap = new LinkedHashMap<>();
final String defaultLocaleValue = ResourceBundle.getBundle(bundleName.getTheClass().getName(), PwmConstants.DEFAULT_LOCALE).getString(keyName);
for (final Locale locale : pwmRequest.getConfig().getKnownLocales()) {
final ResourceBundle localeBundle = ResourceBundle.getBundle(bundleName.getTheClass().getName(), locale);
if (locale.toString().equalsIgnoreCase(PwmConstants.DEFAULT_LOCALE.toString())) {
defaultValueMap.put("", defaultLocaleValue);
} else {
final String valueStr = localeBundle.getString(keyName);
if (!defaultLocaleValue.equals(valueStr)) {
final String localeStr = locale.toString();
defaultValueMap.put(localeStr, localeBundle.getString(keyName));
}
}
}
returnValue = defaultValueMap;
returnMap.put("isDefault", true);
} else {
returnValue = bundleMap;
returnMap.put("isDefault", false);
}
returnMap.put("key", key);
} else if (theSetting == null) {
final String errorStr = "readSettingAsString request for unknown key: " + key;
LOGGER.warn(errorStr);
pwmRequest.outputJsonResult(RestResultBean.fromError(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorStr)));
return ProcessStatus.Halt;
} else {
final String profile = theSetting.getCategory().hasProfiles() ? pwmRequest.readParameterAsString("profile") : null;
switch(theSetting.getSyntax()) {
case PASSWORD:
returnValue = Collections.singletonMap("isDefault", storedConfig.isDefaultValue(theSetting, profile));
break;
case X509CERT:
returnValue = ((X509CertificateValue) storedConfig.readSetting(theSetting, profile)).toInfoMap(true);
break;
case PRIVATE_KEY:
returnValue = ((PrivateKeyValue) storedConfig.readSetting(theSetting, profile)).toInfoMap(true);
break;
case ACTION:
returnValue = ((ActionValue) storedConfig.readSetting(theSetting, profile)).toInfoMap();
break;
case REMOTE_WEB_SERVICE:
returnValue = ((RemoteWebServiceValue) storedConfig.readSetting(theSetting, profile)).toInfoMap();
break;
case FILE:
returnValue = ((FileValue) storedConfig.readSetting(theSetting, profile)).toInfoMap();
break;
default:
returnValue = storedConfig.readSetting(theSetting, profile).toNativeObject();
}
returnMap.put("isDefault", storedConfig.isDefaultValue(theSetting, profile));
if (theSetting.getSyntax() == PwmSettingSyntax.SELECT) {
returnMap.put("options", theSetting.getOptions());
}
{
final ValueMetaData settingMetaData = storedConfig.readSettingMetadata(theSetting, profile);
if (settingMetaData != null) {
if (settingMetaData.getModifyDate() != null) {
returnMap.put("modifyTime", settingMetaData.getModifyDate());
}
if (settingMetaData.getUserIdentity() != null) {
returnMap.put("modifyUser", settingMetaData.getUserIdentity());
}
}
}
returnMap.put("key", key);
returnMap.put("category", theSetting.getCategory().toString());
returnMap.put("syntax", theSetting.getSyntax().toString());
}
returnMap.put("value", returnValue);
pwmRequest.outputJsonResult(RestResultBean.withData(returnMap));
return ProcessStatus.Halt;
}
Also used :
Locale(java.util.Locale)
PrivateKeyValue(password.pwm.config.value.PrivateKeyValue)
FileValue(password.pwm.config.value.FileValue)
StoredConfigurationImpl(password.pwm.config.stored.StoredConfigurationImpl)
PwmLocaleBundle(password.pwm.i18n.PwmLocaleBundle)
LinkedHashMap(java.util.LinkedHashMap)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmSetting(password.pwm.config.PwmSetting)
ConfigManagerBean(password.pwm.http.bean.ConfigManagerBean)
ErrorInformation(password.pwm.error.ErrorInformation)
StringTokenizer(java.util.StringTokenizer)
ActionValue(password.pwm.config.value.ActionValue)
RemoteWebServiceValue(password.pwm.config.value.RemoteWebServiceValue)
ValueMetaData(password.pwm.config.stored.ValueMetaData)
ResourceBundle(java.util.ResourceBundle)
Aggregations
X509CertificateValue (password.pwm.config.value.X509CertificateValue)4
ErrorInformation (password.pwm.error.ErrorInformation)3
X509Certificate (java.security.cert.X509Certificate)2
LinkedHashSet (java.util.LinkedHashSet)2
List (java.util.List)2
PwmApplication (password.pwm.PwmApplication)2
UserIdentity (password.pwm.bean.UserIdentity)2
StoredConfigurationImpl (password.pwm.config.stored.StoredConfigurationImpl)2
FileValue (password.pwm.config.value.FileValue)2
StringArrayValue (password.pwm.config.value.StringArrayValue)2
PwmException (password.pwm.error.PwmException)2
PwmOperationalException (password.pwm.error.PwmOperationalException)2
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2
PwmSession (password.pwm.http.PwmSession)2
URI (java.net.URI)1
LinkedHashMap (java.util.LinkedHashMap)1
Locale (java.util.Locale)1
ResourceBundle (java.util.ResourceBundle)1
StringTokenizer (java.util.StringTokenizer)1
PwmSetting (password.pwm.config.PwmSetting)1
