/** * Distributes a value in this triple similar to the placement of other value in the other triple. * E.g. if the value "otherMember" is in the zero set in "otherTriple" then "myMember" will be placed * in zero set in this triple. */ public <O extends PrismValue> void distributeAs(V myMember, PrismValueDeltaSetTriple<O> otherTriple, O otherMember) { otherTriple.getZeroSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getZeroSet(), otherMember)) { zeroSet.add(myMember); } otherTriple.getPlusSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getPlusSet(), otherMember)) { plusSet.add(myMember); } otherTriple.getMinusSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getMinusSet(), otherMember)) { minusSet.add(myMember); } }
@Override @NotNull public Collection<V> getNonNegativeValues() { return inner.getNonNegativeValues(); }
@Override public String debugDump() { return inner.debugDump(); }
private <V extends PrismValue> boolean isMeaningful(PrismValueDeltaSetTriple<V> mappingOutputTriple) { if (mappingOutputTriple == null) { // this means: mapping not applicable return false; } if (mappingOutputTriple.isEmpty()) { // this means: no value produced return true; } if (mappingOutputTriple.getMinusSet() != null && (mappingOutputTriple.getZeroSet() == null || mappingOutputTriple.getZeroSet().isEmpty()) && (mappingOutputTriple.getPlusSet() == null || mappingOutputTriple.getPlusSet().isEmpty())) { // Minus deltas are always meaningful, even with hashing (see below) // This may be used e.g. to remove existing password. return true; } if (hasNoOrHashedValuesOnly(mappingOutputTriple.getMinusSet()) && hasNoOrHashedValuesOnly(mappingOutputTriple.getZeroSet()) && hasNoOrHashedValuesOnly(mappingOutputTriple.getPlusSet())) { // Used to skip application of mapping that produces only hashed protected values. // Those values are useless, e.g. to set new password. If we would consider them as // meaningful then a normal mapping with such values may prohibit application of // a weak mapping. We want weak mapping in this case, e.g. to set a randomly-generated password. // Not entirely correct. Maybe we need to filter this out in some other way? return false; } return true; }
private void cleanupTriple(PrismValueDeltaSetTriple<V> triple) { if (triple == null) { return; } Collection<V> minusSet = triple.getMinusSet(); if (minusSet == null) { return; } Collection<V> plusSet = triple.getPlusSet(); if (plusSet == null) { return; } Iterator<V> plusIter = plusSet.iterator(); while (plusIter.hasNext()) { V plusVal = plusIter.next(); if (minusSet.contains(plusVal)) { plusIter.remove(); minusSet.remove(plusVal); triple.addToZeroSet(plusVal); } } }
@Override @NotNull public Collection<V> getZeroSet() { return inner.getZeroSet(); }
private <V extends PrismValue, D extends ItemDefinition, F extends FocusType> void sqeezeAttributesFromConstructionNonminusToMinus( Map<QName, DeltaSetTriple<ItemValueWithOrigin<V,D>>> squeezedMap, Construction<F> construction, MappingExtractor<V,D,F> extractor, AssignmentPolicyEnforcementType enforcement) { if (enforcement == AssignmentPolicyEnforcementType.NONE) { return; } for (PrismValueDeltaSetTripleProducer<V, D> mapping: extractor.getMappings(construction)) { PrismValueDeltaSetTriple<V> vcTriple = mapping.getOutputTriple(); if (vcTriple == null) { continue; } QName name = mapping.getMappingQName(); DeltaSetTriple<ItemValueWithOrigin<V,D>> squeezeTriple = getSqueezeMapTriple(squeezedMap, name); if (enforcement == AssignmentPolicyEnforcementType.POSITIVE) { convertSqueezeSet(vcTriple.getZeroSet(), squeezeTriple.getZeroSet(), mapping, construction); convertSqueezeSet(vcTriple.getPlusSet(), squeezeTriple.getZeroSet(), mapping, construction); } else { convertSqueezeSet(vcTriple.getZeroSet(), squeezeTriple.getMinusSet(), mapping, construction); convertSqueezeSet(vcTriple.getPlusSet(), squeezeTriple.getMinusSet(), mapping, construction); } } }
newValues = outputTriple.getNonNegativeValues(); } else { newValues = outputTriple.getPlusSet(); Collection<PrismPropertyValue<ProtectedStringType>> minusSet = outputTriple.getMinusSet(); if (minusSet != null && !minusSet.isEmpty()) { if (!canGetCleartext(minusSet)) { try { if (oldUserPassword.canGetCleartext() && protector.compare(oldUserPassword, oldProjectionPassword)) { outputTriple.clearMinusSet(); outputTriple.addToMinusSet(prismContext.itemFactory().createPropertyValue(oldUserPassword));
outputTriple.addAllToPlusSet(outputTriple.getZeroSet()); outputTriple.clearZeroSet(); outputTriple.clearMinusSet(); outputTriple.addAllToMinusSet(outputTriple.getZeroSet()); outputTriple.clearZeroSet(); outputTriple.clearPlusSet();
@Test public void testAsIsStringToProtectedString() throws Exception { // WHEN PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = evaluator.evaluateMapping( "mapping-asis.xml", "testAsIsStringToProtectedString", PATH_CREDENTIALS_PASSWORD_VALUE); // target // THEN outputTriple.checkConsistence(); evaluator.assertProtectedString("output zero set", outputTriple.getZeroSet(), "PIRATE"); PrismAsserts.assertTripleNoPlus(outputTriple); PrismAsserts.assertTripleNoMinus(outputTriple); }
if (LOGGER.isTraceEnabled()) { LOGGER.trace("Output triple of mapping {}\n{}", mapping.getContextDescription(), mappingOutputTriple==null?null:mappingOutputTriple.debugDump(1)); mappingOutputStruct.setOutputTriple(mappingOutputTriple); } else { outputTriple.merge(mappingOutputTriple); mappingOutputStruct.setOutputTriple(mappingOutputTriple); } else { outputTriple.merge(mappingOutputTriple); Collection<V> nonNegativeValues = outputTriple.getNonNegativeValues(); if (nonNegativeValues == null || nonNegativeValues.isEmpty()) { LOGGER.trace("{} resulted in null or empty value for {}, skipping", mappingDesc, targetContext); valuesToReplace = outputTriple.getNonNegativeValues(); } else { valuesToReplace = outputTriple.getPlusSet(); } else if (outputTriple.hasMinusSet()) { LOGGER.trace("{} resulted in null or empty value for {} and there is a minus set, resetting it (replace with empty)", mappingDesc, targetContext); targetItemDelta.setValueToReplace();
@Override @NotNull public Collection<V> getPlusSet() { return inner.getPlusSet(); }
assertSetSize("zero", accountConstructionDeltaSetTriple.getZeroSet(), 1); Construction zeroAccountConstruction = getZeroAccountConstruction(accountConstructionDeltaSetTriple); getDummyResourceController().getAttributeQName(DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_SHIP_NAME)); assertSetSize("minus", accountConstructionDeltaSetTriple.getMinusSet(), 1); Construction minusAccountConstruction = getMinusAccountConstruction(accountConstructionDeltaSetTriple);
@Override public void checkConsistence() { inner.checkConsistence(); }
@Test public void testPasswordProtectedString() throws Exception { // WHEN PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = evaluator.evaluateMappingDynamicReplace( "mapping-script-system-variables-password.xml", "testPasswordPolyString", ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), // target ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), // changed property evaluator.createProtectedString("weighAnch0r")); // changed values // THEN PrismAsserts.assertTripleNoZero(outputTriple); evaluator.assertProtectedString("plus set", outputTriple.getPlusSet(), "weighAnch0r"); evaluator.assertProtectedString("minus set", outputTriple.getMinusSet(), "d3adM3nT3llN0Tal3s"); }
@Override @NotNull public Collection<V> getMinusSet() { return inner.getMinusSet(); }
@SuppressWarnings("unused") // todo is this externally used? public boolean isSatisfyCondition() { boolean conditionOutputOld = computeConditionResult(conditionOutputTriple.getNonPositiveValues()); boolean conditionResultOld = conditionOutputOld && conditionMaskOld; boolean conditionOutputNew = computeConditionResult(conditionOutputTriple.getNonNegativeValues()); boolean conditionResultNew = conditionOutputNew && conditionMaskNew; return (conditionResultOld || conditionResultNew); }
LOGGER.trace("output triple:\n{}", outputTriple==null?null:outputTriple.debugDump(1)); Collection<IV> pvalues = outputTriple.getNonNegativeValues();
final ItemPath residualPath, final Protector protector, final PrismContext prismContext) { PrismValueDeltaSetTriple<V> clonedTriple = resultTriple.clone(); final Class<?> resultTripleValueClass = resultTriple.getRealValueClass(); if (resultTripleValueClass == null) { clonedTriple.accept((Visitor) visitable -> { if (visitable instanceof PrismPropertyValue<?>) { PrismPropertyValue<Object> pval = (PrismPropertyValue<Object>) visitable;
@SuppressWarnings("unchecked") private void addToMinusIfNecessary(V originalValue) { if (outputTriple != null && (outputTriple.presentInPlusSet(originalValue) || outputTriple.presentInZeroSet(originalValue))) { return; } // remove it! if (outputTriple == null) { outputTriple = getPrismContext().deltaFactory().createPrismValueDeltaSetTriple(); } LOGGER.trace("Original value is in the mapping range (while not in mapping result), adding it to minus set: {}", originalValue); outputTriple.addToMinusSet((V)originalValue.clone()); }