@Override protected void validateCredentialNotNull(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, PasswordType credential) { ProtectedStringType protectedString = credential.getValue(); if (protectedString == null) { recordAuthenticationFailure(principal, connEnv, "no stored password value"); throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad"); } }
@Override protected boolean passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal, PasswordType passwordType, PasswordAuthenticationContext authCtx) { return decryptAndMatch(connEnv, principal, passwordType.getValue(), authCtx.getPassword()); }
protected void assertRepoShadowPasswordValue(PrismObject<ShadowType> shadowRepo, PasswordType passwordType, String expectedPassword) throws SchemaException, EncryptionException { ProtectedStringType passwordValue = passwordType.getValue(); assertNull("Unexpected password value in repo shadow "+shadowRepo, passwordValue); }
protected void assertUserNoPassword(PrismObject<UserType> user) throws EncryptionException, SchemaException { UserType userType = user.asObjectable(); CredentialsType creds = userType.getCredentials(); if (creds != null) { PasswordType password = creds.getPassword(); if (password != null) { assertNull("Unexpected password value in "+user, password.getValue()); } } }
@Override protected void assertRepoShadowPasswordValue(PrismObject<ShadowType> shadowRepo, PasswordType passwordType, String expectedPassword) throws SchemaException, EncryptionException { ProtectedStringType protectedStringType = passwordType.getValue(); assertNotNull("No password value in repo shadow "+shadowRepo, protectedStringType); assertProtectedString("Wrong password value in repo shadow "+shadowRepo, expectedPassword, protectedStringType, CredentialsStorageTypeType.HASHING); }
protected void assertEncryptedUserPassword(PrismObject<UserType> user, String expectedClearPassword) throws EncryptionException { UserType userType = user.asObjectable(); ProtectedStringType protectedActualPassword = userType.getCredentials().getPassword().getValue(); String actualClearPassword = protector.decryptString(protectedActualPassword); assertEquals("Wrong password for "+user, expectedClearPassword, actualClearPassword); }
@Override public String getPlaintextAccountPassword(ShadowType account) throws EncryptionException { if (account == null || account.getCredentials() == null || account.getCredentials().getPassword() == null) { return null; // todo log a warning here? } ProtectedStringType protectedStringType = account.getCredentials().getPassword().getValue(); if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
protected PasswordType assertUserPassword(PrismObject<UserType> user, String expectedClearPassword, CredentialsStorageTypeType storageType) throws EncryptionException, SchemaException { UserType userType = user.asObjectable(); CredentialsType creds = userType.getCredentials(); assertNotNull("No credentials in "+user, creds); PasswordType password = creds.getPassword(); assertNotNull("No password in "+user, password); ProtectedStringType protectedActualPassword = password.getValue(); assertProtectedString("Password for "+user, expectedClearPassword, protectedActualPassword, storageType); return password; }
@Override public String getPlaintextUserPassword(UserType user) throws EncryptionException { if (user == null || user.getCredentials() == null || user.getCredentials().getPassword() == null) { return null; // todo log a warning here? } ProtectedStringType protectedStringType = user.getCredentials().getPassword().getValue(); if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
protected void assertShadowLdapPassword(PrismObject<ShadowType> shadow, String expectedPassword) throws EncryptionException { CredentialsType credentialsType = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in "+shadow, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+shadow, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertLdapPassword(protectedStringType, expectedPassword, shadow); }
protected void assertUserLdapPassword(PrismObject<UserType> user, String expectedPassword) throws EncryptionException { CredentialsType credentialsType = user.asObjectable().getCredentials(); assertNotNull("No credentials in "+user, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+user, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertLdapPassword(protectedStringType, expectedPassword, user); }
protected String getPassword(PrismObject<UserType> user) throws EncryptionException { CredentialsType credentialsType = user.asObjectable().getCredentials(); assertNotNull("No credentials in "+user, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+user, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertNotNull("No password value in "+user, protectedStringType); return protector.decryptString(protectedStringType); }
protected void assertShadowPassword(ShadowType provisioningShadow) throws Exception { CredentialsType credentials = provisioningShadow.getCredentials(); if (credentials == null) { return; } PasswordType passwordType = credentials.getPassword(); if (passwordType == null) { return; } ProtectedStringType passwordValue = passwordType.getValue(); assertNull("Unexpected password value in "+provisioningShadow+": "+passwordValue, passwordValue); }
protected void assertPassword(ShadowType shadow, String expectedPassword) throws SchemaException, EncryptionException { CredentialsType credentials = shadow.getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); ProtectedStringType passwordValue = password.getValue(); assertNotNull("No password value in "+shadow, passwordValue); protector.decrypt(passwordValue); assertEquals("Wrong password in "+shadow, expectedPassword, passwordValue.getClearValue()); }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); // todo why is password value not set? //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); //assertFalse("password was not changed", originalPasswordValue.getEncryptedData().equals(afterTestPasswordValue.getEncryptedData())); assertAssignedRole(jack, ROLE_R1_OID); checkDummyTransportMessages("simpleUserNotifier", 1); }
protected PrismObject<UserType> getUserOld() throws SchemaException, EncryptionException, IOException { PrismObject<UserType> user = PrismTestUtil.parseObject(USER_OLD_FILE); ProtectedStringType passwordPs = user.asObjectable().getCredentials().getPassword().getValue(); protector.encrypt(passwordPs); return user; }
public UserAsserter<RA> assertPassword(String expectedClearPassword, CredentialsStorageTypeType storageType) throws SchemaException, EncryptionException { CredentialsType creds = getObject().asObjectable().getCredentials(); assertNotNull("No credentials in "+desc(), creds); PasswordType password = creds.getPassword(); assertNotNull("No password in "+desc(), password); ProtectedStringType protectedActualPassword = password.getValue(); IntegrationTestTools.assertProtectedString("Password for "+desc(), expectedClearPassword, protectedActualPassword, storageType, getProtector()); return this; }
@SuppressWarnings("unchecked") private void checkPassword(PipelineItem item, String userOid) throws CommunicationException, ObjectNotFoundException, SchemaException, SecurityViolationException, ConfigurationException, ExpressionEvaluationException, EncryptionException { PrismProperty<ProtectedStringType> returnedPassword = (PrismProperty<ProtectedStringType>) item.getValue().find(SchemaConstants.PATH_PASSWORD_VALUE); ProtectedStringType returnedRealValue = returnedPassword.getRealValue(); PrismObject<UserType> user = getUser(userOid); ProtectedStringType repoRealValue = user.asObjectable().getCredentials().getPassword().getValue(); String returnedClearValue = protector.decryptString(returnedRealValue); String repoClearValue = protector.decryptString(repoRealValue); System.out.println("Returned password = " + returnedClearValue + ", repo password = " + repoClearValue); assertEquals("Wrong password stored in repository", returnedClearValue, repoClearValue); }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); assertTrue("password was changed", originalPasswordValue.getEncryptedDataType().equals(afterTestPasswordValue.getEncryptedDataType())); checkDummyTransportMessages("simpleUserNotifier", 0); // we don't check for modifyApproverRef because in this test the value was not changed (no change was executed) }
@Override void assertsRootTaskFinishes(Task task, List<Task> subtasks, OperationResult result) throws Exception { PrismObject<UserType> jack = getUser(USER_JACK_OID); ProtectedStringType afterTestPasswordValue = jack.asObjectable().getCredentials().getPassword().getValue(); LOGGER.trace("password after test = " + afterTestPasswordValue); //assertNotNull("password was not set", afterTestPasswordValue.getEncryptedData()); assertFalse("password was not changed", originalPasswordValue.getEncryptedDataType().equals(afterTestPasswordValue.getEncryptedDataType())); checkDummyTransportMessages("simpleUserNotifier", 1); }