@Override @NotNull public Collection<V> getMinusSet() { return inner.getMinusSet(); }
public static <T, V extends PrismValue> void assertTripleMinus(PrismValueDeltaSetTriple<V> triple, T... expectedValues) { assert triple != null : "triple is null"; assertTripleSet("minus set", triple.getMinusSet(), expectedValues); }
private void cleanupTriple(PrismValueDeltaSetTriple<V> triple) { if (triple == null) { return; } Collection<V> minusSet = triple.getMinusSet(); if (minusSet == null) { return; } Collection<V> plusSet = triple.getPlusSet(); if (plusSet == null) { return; } Iterator<V> plusIter = plusSet.iterator(); while (plusIter.hasNext()) { V plusVal = plusIter.next(); if (minusSet.contains(plusVal)) { plusIter.remove(); minusSet.remove(plusVal); triple.addToZeroSet(plusVal); } } }
private Construction getMinusAccountConstruction( PrismValueDeltaSetTriple<PrismPropertyValue<Construction>> accountConstructionDeltaSetTriple, String description) { Collection<PrismPropertyValue<Construction>> set = accountConstructionDeltaSetTriple.getMinusSet(); return getAccountConstruction(accountConstructionDeltaSetTriple, description, set, "minus"); }
/** * Distributes a value in this triple similar to the placement of other value in the other triple. * E.g. if the value "otherMember" is in the zero set in "otherTriple" then "myMember" will be placed * in zero set in this triple. */ public <O extends PrismValue> void distributeAs(V myMember, PrismValueDeltaSetTriple<O> otherTriple, O otherMember) { otherTriple.getZeroSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getZeroSet(), otherMember)) { zeroSet.add(myMember); } otherTriple.getPlusSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getPlusSet(), otherMember)) { plusSet.add(myMember); } otherTriple.getMinusSet(); if (PrismValueCollectionsUtil.containsRealValue(otherTriple.getMinusSet(), otherMember)) { minusSet.add(myMember); } }
private <V extends PrismValue> boolean isMeaningful(PrismValueDeltaSetTriple<V> mappingOutputTriple) { if (mappingOutputTriple == null) { // this means: mapping not applicable return false; } if (mappingOutputTriple.isEmpty()) { // this means: no value produced return true; } if (mappingOutputTriple.getMinusSet() != null && (mappingOutputTriple.getZeroSet() == null || mappingOutputTriple.getZeroSet().isEmpty()) && (mappingOutputTriple.getPlusSet() == null || mappingOutputTriple.getPlusSet().isEmpty())) { // Minus deltas are always meaningful, even with hashing (see below) // This may be used e.g. to remove existing password. return true; } if (hasNoOrHashedValuesOnly(mappingOutputTriple.getMinusSet()) && hasNoOrHashedValuesOnly(mappingOutputTriple.getZeroSet()) && hasNoOrHashedValuesOnly(mappingOutputTriple.getPlusSet())) { // Used to skip application of mapping that produces only hashed protected values. // Those values are useless, e.g. to set new password. If we would consider them as // meaningful then a normal mapping with such values may prohibit application of // a weak mapping. We want weak mapping in this case, e.g. to set a randomly-generated password. // Not entirely correct. Maybe we need to filter this out in some other way? return false; } return true; }
private <V extends PrismValue, D extends ItemDefinition, F extends FocusType> void sqeezeAttributesFromConstructionTriple( Map<QName, DeltaSetTriple<ItemValueWithOrigin<V,D>>> squeezedMap, PrismValueDeltaSetTriple<PrismPropertyValue<Construction<F>>> constructionDeltaSetTriple, MappingExtractor<V,D,F> extractor, AssignmentPolicyEnforcementType enforcement) { if (enforcement == AssignmentPolicyEnforcementType.NONE) { return; } // Zero account constructions go normally, plus to plus, minus to minus sqeezeAttributesFromAccountConstructionSet(squeezedMap, constructionDeltaSetTriple.getZeroSet(), extractor, enforcement); // Plus accounts: zero and plus values go to plus sqeezeAttributesFromAccountConstructionSetNonminusToPlus(squeezedMap, constructionDeltaSetTriple.getPlusSet(), extractor, enforcement); // Minus accounts: all values go to minus sqeezeAttributesFromConstructionSetAllToMinus(squeezedMap, constructionDeltaSetTriple.getMinusSet(), extractor, enforcement); // Why all values in the last case: imagine that mapping M evaluated to "minus: A" on delta D. // The mapping itself is in minus set, so it disappears when delta D is applied. Therefore, value of A // was originally produced by the mapping M, and the mapping was originally active. So originally there was value of A // present, and we have to remove it. See MID-3325 / TestNullAttribute story. // // The same argument is valid for zero set of mapping output. // // Finally, the plus set of mapping output goes to resulting minus just for historical reasons... it was implemented // in this way for a long time. It seems to be unnecessary but also harmless. So let's keep it there, for now. }
public PrismValueDeltaSetTriple<V> toDeltaSetTriple(Item<V,D> itemOld) { PrismValueDeltaSetTriple<V> triple = new PrismValueDeltaSetTripleImpl<>(); if (isReplace()) { triple.getPlusSet().addAll(PrismValueCollectionsUtil.cloneCollection(getValuesToReplace())); if (itemOld != null) { triple.getMinusSet().addAll(PrismValueCollectionsUtil.cloneCollection(itemOld.getValues())); } return triple; } if (isAdd()) { triple.getPlusSet().addAll(PrismValueCollectionsUtil.cloneCollection(getValuesToAdd())); } if (isDelete()) { triple.getMinusSet().addAll(PrismValueCollectionsUtil.cloneCollection(getValuesToDelete())); } if (itemOld != null && itemOld.getValues() != null) { for (V itemVal: itemOld.getValues()) { if (!PrismValueCollectionsUtil.containsRealValue(valuesToDelete, itemVal) && !PrismValueCollectionsUtil .containsRealValue(valuesToAdd, itemVal)) { triple.getZeroSet().add((V) itemVal.clone()); } } } return triple; }
public static <V extends PrismValue, D extends ItemDefinition> DeltaSetTriple<ItemValueWithOrigin<V,D>> createOutputTriple( PrismValueDeltaSetTripleProducer<V, D> mapping, PrismContext prismContext) { PrismValueDeltaSetTriple<V> outputTriple = mapping.getOutputTriple(); if (outputTriple == null) { return null; } Collection<ItemValueWithOrigin<V,D>> zeroIvwoSet = convertSet(outputTriple.getZeroSet(), mapping); Collection<ItemValueWithOrigin<V,D>> plusIvwoSet = convertSet(outputTriple.getPlusSet(), mapping); Collection<ItemValueWithOrigin<V,D>> minusIvwoSet = convertSet(outputTriple.getMinusSet(), mapping); DeltaSetTriple<ItemValueWithOrigin<V,D>> ivwoTriple = prismContext.deltaFactory().createDeltaSetTriple(zeroIvwoSet, plusIvwoSet, minusIvwoSet); return ivwoTriple; }
private <V extends PrismValue, D extends ItemDefinition, F extends FocusType> void sqeezeAttributesFromConstruction( Map<QName, DeltaSetTriple<ItemValueWithOrigin<V,D>>> squeezedMap, Construction<F> construction, MappingExtractor<V,D,F> extractor, AssignmentPolicyEnforcementType enforcement) { if (enforcement == AssignmentPolicyEnforcementType.NONE) { return; } for (PrismValueDeltaSetTripleProducer<V, D> mapping: extractor.getMappings(construction)) { PrismValueDeltaSetTriple<V> vcTriple = mapping.getOutputTriple(); if (vcTriple == null) { continue; } QName name = mapping.getMappingQName(); DeltaSetTriple<ItemValueWithOrigin<V,D>> squeezeTriple = getSqueezeMapTriple(squeezedMap, name); convertSqueezeSet(vcTriple.getZeroSet(), squeezeTriple.getZeroSet(), mapping, construction); convertSqueezeSet(vcTriple.getPlusSet(), squeezeTriple.getPlusSet(), mapping, construction); if (enforcement == AssignmentPolicyEnforcementType.POSITIVE) { convertSqueezeSet(vcTriple.getMinusSet(), squeezeTriple.getZeroSet(), mapping, construction); } else { convertSqueezeSet(vcTriple.getMinusSet(), squeezeTriple.getMinusSet(), mapping, construction); } } }
private <T> void assertMinusAttributeValues(Construction accountConstruction, QName attrName, T... expectedValue) { PrismValueDeltaSetTripleProducer<? extends PrismPropertyValue<?>, ? extends PrismPropertyDefinition<?>> vc = accountConstruction.getAttributeMapping(attrName); assertNotNull("No value construction for attribute "+attrName+" in minus set", vc); PrismValueDeltaSetTriple<? extends PrismPropertyValue<?>> triple = vc.getOutputTriple(); Collection<T> actual = getMultiValueFromDeltaSetTriple(triple, triple.getMinusSet()); TestUtil.assertSetEquals("Attribute "+attrName+" value in minus set", actual, expectedValue); }
private <V extends PrismValue, D extends ItemDefinition, F extends FocusType> void sqeezeAttributesFromConstructionAllToMinus( Map<QName, DeltaSetTriple<ItemValueWithOrigin<V,D>>> squeezedMap, Construction<F> construction, MappingExtractor<V,D,F> extractor, AssignmentPolicyEnforcementType enforcement) { if (enforcement == AssignmentPolicyEnforcementType.NONE) { return; } for (PrismValueDeltaSetTripleProducer<V, D> mapping: extractor.getMappings(construction)) { PrismValueDeltaSetTriple<V> vcTriple = mapping.getOutputTriple(); if (vcTriple == null) { continue; } QName name = mapping.getMappingQName(); DeltaSetTriple<ItemValueWithOrigin<V,D>> squeezeTriple = getSqueezeMapTriple(squeezedMap, name); if (enforcement == AssignmentPolicyEnforcementType.POSITIVE) { convertSqueezeSet(vcTriple.getZeroSet(), squeezeTriple.getZeroSet(), mapping, construction); convertSqueezeSet(vcTriple.getPlusSet(), squeezeTriple.getZeroSet(), mapping, construction); convertSqueezeSet(vcTriple.getMinusSet(), squeezeTriple.getZeroSet(), mapping, construction); } else { convertSqueezeSet(vcTriple.getZeroSet(), squeezeTriple.getMinusSet(), mapping, construction); convertSqueezeSet(vcTriple.getPlusSet(), squeezeTriple.getMinusSet(), mapping, construction); convertSqueezeSet(vcTriple.getMinusSet(), squeezeTriple.getMinusSet(), mapping, construction); } } }
@Test public void testPasswordProtectedString() throws Exception { // WHEN PrismValueDeltaSetTriple<PrismPropertyValue<ProtectedStringType>> outputTriple = evaluator.evaluateMappingDynamicReplace( "mapping-script-system-variables-password.xml", "testPasswordPolyString", ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), // target ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE), // changed property evaluator.createProtectedString("weighAnch0r")); // changed values // THEN PrismAsserts.assertTripleNoZero(outputTriple); evaluator.assertProtectedString("plus set", outputTriple.getPlusSet(), "weighAnch0r"); evaluator.assertProtectedString("minus set", outputTriple.getMinusSet(), "d3adM3nT3llN0Tal3s"); }
Collection<PrismPropertyValue<ProtectedStringType>> minusSet = outputTriple.getMinusSet(); if (minusSet != null && !minusSet.isEmpty()) { if (!canGetCleartext(minusSet)) {
getDummyResourceController().getAttributeQName(DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_SHIP_NAME)); assertSetSize("minus", accountConstructionDeltaSetTriple.getMinusSet(), 1); Construction minusAccountConstruction = getMinusAccountConstruction(accountConstructionDeltaSetTriple);