@Override public String getPlaintextAccountPassword(ShadowType account) throws EncryptionException { if (account == null || account.getCredentials() == null || account.getCredentials().getPassword() == null) { return null; // todo log a warning here? } ProtectedStringType protectedStringType = account.getCredentials().getPassword().getValue(); if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
@Override public String getPlaintextUserPassword(UserType user) throws EncryptionException { if (user == null || user.getCredentials() == null || user.getCredentials().getPassword() == null) { return null; // todo log a warning here? } ProtectedStringType protectedStringType = user.getCredentials().getPassword().getValue(); if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
public static void setPassword(CredentialsType credentials, ProtectedStringType password) { PasswordType credPass = credentials.getPassword(); if (credPass == null) { credPass = new PasswordType(); credentials.setPassword(credPass); } credPass.setValue(password); }
protected void assertUserNoPassword(PrismObject<UserType> user) throws EncryptionException, SchemaException { UserType userType = user.asObjectable(); CredentialsType creds = userType.getCredentials(); if (creds != null) { PasswordType password = creds.getPassword(); if (password != null) { assertNull("Unexpected password value in "+user, password.getValue()); } } }
protected void assertEncryptedUserPassword(PrismObject<UserType> user, String expectedClearPassword) throws EncryptionException { UserType userType = user.asObjectable(); ProtectedStringType protectedActualPassword = userType.getCredentials().getPassword().getValue(); String actualClearPassword = protector.decryptString(protectedActualPassword); assertEquals("Wrong password for "+user, expectedClearPassword, actualClearPassword); }
protected void assertShadowLdapPassword(PrismObject<ShadowType> shadow, String expectedPassword) throws EncryptionException { CredentialsType credentialsType = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in "+shadow, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+shadow, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertLdapPassword(protectedStringType, expectedPassword, shadow); }
protected PasswordType assertUserPassword(PrismObject<UserType> user, String expectedClearPassword, CredentialsStorageTypeType storageType) throws EncryptionException, SchemaException { UserType userType = user.asObjectable(); CredentialsType creds = userType.getCredentials(); assertNotNull("No credentials in "+user, creds); PasswordType password = creds.getPassword(); assertNotNull("No password in "+user, password); ProtectedStringType protectedActualPassword = password.getValue(); assertProtectedString("Password for "+user, expectedClearPassword, protectedActualPassword, storageType); return password; }
protected void assertUserLdapPassword(PrismObject<UserType> user, String expectedPassword) throws EncryptionException { CredentialsType credentialsType = user.asObjectable().getCredentials(); assertNotNull("No credentials in "+user, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+user, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertLdapPassword(protectedStringType, expectedPassword, user); }
protected String getPassword(PrismObject<UserType> user) throws EncryptionException { CredentialsType credentialsType = user.asObjectable().getCredentials(); assertNotNull("No credentials in "+user, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+user, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertNotNull("No password value in "+user, protectedStringType); return protector.decryptString(protectedStringType); }
protected void assertShadowPasswordMetadata(PrismObject<ShadowType> shadow, boolean passwordCreated, XMLGregorianCalendar startCal, XMLGregorianCalendar endCal, String actorOid, String channel) { CredentialsType creds = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in shadow "+shadow, creds); PasswordType password = creds.getPassword(); assertNotNull("No password in shadow "+shadow, password); MetadataType metadata = password.getMetadata(); assertNotNull("No metadata in shadow "+shadow, metadata); assertMetadata("Password metadata in "+shadow, metadata, passwordCreated, false, startCal, endCal, actorOid, channel); }
protected void assertShadowPassword(ShadowType provisioningShadow) throws Exception { CredentialsType credentials = provisioningShadow.getCredentials(); if (credentials == null) { return; } PasswordType passwordType = credentials.getPassword(); if (passwordType == null) { return; } ProtectedStringType passwordValue = passwordType.getValue(); assertNull("Unexpected password value in "+provisioningShadow+": "+passwordValue, passwordValue); }
protected void assertPassword(ShadowType shadow, String expectedPassword) throws SchemaException, EncryptionException { CredentialsType credentials = shadow.getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); ProtectedStringType passwordValue = password.getValue(); assertNotNull("No password value in "+shadow, passwordValue); protector.decrypt(passwordValue); assertEquals("Wrong password in "+shadow, expectedPassword, passwordValue.getClearValue()); }
protected void assertPasswordHistoryEntries(PrismObject<UserType> user, String... changedPasswords) { CredentialsType credentials = user.asObjectable().getCredentials(); assertNotNull("Null credentials in "+user, credentials); PasswordType passwordType = credentials.getPassword(); assertNotNull("Null passwordType in "+user, passwordType); assertPasswordHistoryEntries(user.toString(), passwordType.getHistoryEntry(), getPasswordHistoryStorageType(), changedPasswords); }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); // todo why is password value not set? //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); //assertFalse("password was not changed", originalPasswordValue.getEncryptedData().equals(afterTestPasswordValue.getEncryptedData())); assertAssignedRole(jack, ROLE_R1_OID); checkDummyTransportMessages("simpleUserNotifier", 1); }
protected PrismObject<UserType> getUserOld() throws SchemaException, EncryptionException, IOException { PrismObject<UserType> user = PrismTestUtil.parseObject(USER_OLD_FILE); ProtectedStringType passwordPs = user.asObjectable().getCredentials().getPassword().getValue(); protector.encrypt(passwordPs); return user; }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); assertTrue("password was changed", originalPasswordValue.getEncryptedDataType().equals(afterTestPasswordValue.getEncryptedDataType())); checkDummyTransportMessages("simpleUserNotifier", 0); // we don't check for modifyApproverRef because in this test the value was not changed (no change was executed) }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); assertFalse("password was not changed", originalPasswordValue.getEncryptedDataType().equals(afterTestPasswordValue.getEncryptedDataType())); checkDummyTransportMessages("simpleUserNotifier", 1); }
@Override protected void checkAccountWill(PrismObject<ShadowType> shadow, OperationResult result, XMLGregorianCalendar startTs, XMLGregorianCalendar endTs) throws SchemaException, EncryptionException { super.checkAccountWill(shadow, result, startTs, endTs); CredentialsType credentials = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); PrismContainerValue<PasswordType> passwordContainerValue = password.asPrismContainerValue(); PrismProperty<ProtectedStringType> valueProperty = passwordContainerValue.findProperty(PasswordType.F_VALUE); assertTrue("Unexpected password value in "+shadow+": "+valueProperty, valueProperty.getValues().isEmpty()); assertTrue("No incompleteness in password value in "+shadow+": "+valueProperty, valueProperty.isIncomplete()); }
private void assertPasswordModifyMetadata(PrismObject<UserType> user) { CredentialsType credentials = user.asObjectable().getCredentials(); assertNotNull("No credentials", credentials); PasswordType password = credentials.getPassword(); assertNotNull("No credentials/password", password); MetadataType metadata = password.getMetadata(); assertNotNull("No credentials/password/metadata", metadata); assertNotNull("No credentials/password/metadata/modifyTimestamp", metadata.getModifyTimestamp()); assertNotNull("No credentials/password/metadata/modifierRef", metadata.getModifierRef()); assertEquals("Wrong modifyChannel", SchemaConstants.CHANNEL_GUI_USER_URI, metadata.getModifyChannel()); } }
private void assertPasswordCreateMetadata(PrismObject<UserType> user) { CredentialsType credentials = user.asObjectable().getCredentials(); assertNotNull("No credentials", credentials); PasswordType password = credentials.getPassword(); assertNotNull("No credentials/password", password); MetadataType metadata = password.getMetadata(); assertNotNull("No credentials/password/metadata", metadata); assertNotNull("No credentials/password/metadata/createTimestamp", metadata.getCreateTimestamp()); assertNotNull("No credentials/password/metadata/creatorRef", metadata.getCreatorRef()); assertEquals("Wrong createChannel", SchemaConstants.CHANNEL_GUI_USER_URI, metadata.getCreateChannel()); }