@Override public String getPlaintextAccountPassword(ShadowType account) throws EncryptionException { if (account == null || account.getCredentials() == null || account.getCredentials().getPassword() == null) { return null; // todo log a warning here? } ProtectedStringType protectedStringType = account.getCredentials().getPassword().getValue(); if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
public String formatAccountAttributes(ShadowType shadowType, List<ItemPath> hiddenAttributes, boolean showOperationalAttributes) { Validate.notNull(shadowType, "shadowType is null"); StringBuilder retval = new StringBuilder(); if (shadowType.getAttributes() != null) { formatContainerValue(retval, "", shadowType.getAttributes().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes); } if (shadowType.getCredentials() != null) { formatContainerValue(retval, "", shadowType.getCredentials().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes); } if (shadowType.getActivation() != null) { formatContainerValue(retval, "", shadowType.getActivation().asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes); } if (shadowType.getAssociation() != null) { boolean first = true; for (ShadowAssociationType shadowAssociationType : shadowType.getAssociation()) { if (first) { first = false; retval.append("\n"); } retval.append("Association:\n"); formatContainerValue(retval, " ", shadowAssociationType.asPrismContainerValue(), false, hiddenAttributes, showOperationalAttributes); retval.append("\n"); } } return retval.toString(); }
protected void assertShadowLdapPassword(PrismObject<ShadowType> shadow, String expectedPassword) throws EncryptionException { CredentialsType credentialsType = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in "+shadow, credentialsType); PasswordType passwordType = credentialsType.getPassword(); assertNotNull("No password in "+shadow, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertLdapPassword(protectedStringType, expectedPassword, shadow); }
public static void setPassword(ShadowType shadowType, ProtectedStringType password) { CredentialsType credentialsType = shadowType.getCredentials(); if (credentialsType == null) { credentialsType = new CredentialsType(); shadowType.setCredentials(credentialsType); } PasswordType passwordType = credentialsType.getPassword(); if (passwordType == null) { passwordType = new PasswordType(); credentialsType.setPassword(passwordType); } passwordType.setValue(password); }
protected void assertShadowPassword(ShadowType provisioningShadow) throws Exception { CredentialsType credentials = provisioningShadow.getCredentials(); if (credentials == null) { return; } PasswordType passwordType = credentials.getPassword(); if (passwordType == null) { return; } ProtectedStringType passwordValue = passwordType.getValue(); assertNull("Unexpected password value in "+provisioningShadow+": "+passwordValue, passwordValue); }
protected void assertShadowPasswordMetadata(PrismObject<ShadowType> shadow, boolean passwordCreated, XMLGregorianCalendar startCal, XMLGregorianCalendar endCal, String actorOid, String channel) { CredentialsType creds = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in shadow "+shadow, creds); PasswordType password = creds.getPassword(); assertNotNull("No password in shadow "+shadow, password); MetadataType metadata = password.getMetadata(); assertNotNull("No metadata in shadow "+shadow, metadata); assertMetadata("Password metadata in "+shadow, metadata, passwordCreated, false, startCal, endCal, actorOid, channel); }
private void transplantPasswordMetadata(ShadowType repoShadowType, ShadowType resultAccountShadow) { CredentialsType repoCreds = repoShadowType.getCredentials(); if (repoCreds == null) { return; } PasswordType repoPassword = repoCreds.getPassword(); if (repoPassword == null) { return; } MetadataType repoMetadata = repoPassword.getMetadata(); if (repoMetadata == null) { return; } CredentialsType resultCreds = resultAccountShadow.getCredentials(); if (resultCreds == null) { resultCreds = new CredentialsType(); resultAccountShadow.setCredentials(resultCreds); } PasswordType resultPassword = resultCreds.getPassword(); if (resultPassword == null) { resultPassword = new PasswordType(); resultCreds.setPassword(resultPassword); } MetadataType resultMetadata = resultPassword.getMetadata(); if (resultMetadata == null) { resultMetadata = repoMetadata.clone(); resultPassword.setMetadata(resultMetadata); } }
protected void assertPassword(ShadowType shadow, String expectedPassword) throws SchemaException, EncryptionException { CredentialsType credentials = shadow.getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); ProtectedStringType passwordValue = password.getValue(); assertNotNull("No password value in "+shadow, passwordValue); protector.decrypt(passwordValue); assertEquals("Wrong password in "+shadow, expectedPassword, passwordValue.getClearValue()); }
public static void setPasswordIncomplete(ShadowType shadowType) throws SchemaException { CredentialsType credentialsType = shadowType.getCredentials(); if (credentialsType == null) { credentialsType = new CredentialsType(); shadowType.setCredentials(credentialsType); } PasswordType passwordType = credentialsType.getPassword(); if (passwordType == null) { passwordType = new PasswordType(); credentialsType.setPassword(passwordType); } PrismContainerValue<PasswordType> passwordContainer = passwordType.asPrismContainerValue(); PrismProperty<ProtectedStringType> valueProperty = passwordContainer.findOrCreateProperty(PasswordType.F_VALUE); valueProperty.setIncomplete(true); }
protected void assertRepoShadowCredentials(PrismObject<ShadowType> shadowRepo, String expectedPassword) throws SchemaException, EncryptionException { CredentialsType credentials = shadowRepo.asObjectable().getCredentials(); if (expectedPassword == null && credentials == null) { return; } assertNotNull("Missing credentendials in repo shadow "+shadowRepo, credentials); PasswordType passwordType = credentials.getPassword(); if (expectedPassword == null && passwordType == null) { return; } assertNotNull("Missing password credential in repo shadow "+shadowRepo, passwordType); // TODO: assert password meta-data assertRepoShadowPasswordValue(shadowRepo, passwordType, expectedPassword); }
@Test(enabled=false) public void test005GetAccount() throws Exception { final String TEST_NAME = "test005GetAccount"; TestUtil.displayTestTitle(TEST_NAME); // GIVEN OperationResult result = new OperationResult(TestDBTable.class.getName() + "." + TEST_NAME); Task task = taskManager.createTaskInstance(); // WHEN PrismObject<ShadowType> account = provisioningService.getObject(ShadowType.class, ACCOUNT_WILL_OID, null, task, result); // THEN result.computeStatus(); display(result); TestUtil.assertSuccess(result); PrismAsserts.assertEqualsPolyString("Name not equal.", ACCOUNT_WILL_USERNAME, account.asObjectable().getName()); assertNotNull("No credentials", account.asObjectable().getCredentials()); assertNotNull("No password", account.asObjectable().getCredentials().getPassword()); assertNotNull("No password value", account.asObjectable().getCredentials().getPassword().getValue()); ProtectedStringType password = account.asObjectable().getCredentials().getPassword().getValue(); display("Password", password); String clearPassword = protector.decryptString(password); assertEquals("Wrong password", ACCOUNT_WILL_PASSWORD, clearPassword); }
if (shadowType.getCredentials() != null && shadowType.getCredentials().getPassword() != null) { PasswordType password = shadowType.getCredentials().getPassword(); ProtectedStringType protectedString = password.getValue(); GuardedString guardedPassword = ConnIdUtil.toGuardedString(protectedString, "new password", protector);
@Override protected void checkAccountWill(PrismObject<ShadowType> shadow, OperationResult result, XMLGregorianCalendar startTs, XMLGregorianCalendar endTs) throws SchemaException, EncryptionException { super.checkAccountWill(shadow, result, startTs, endTs); CredentialsType credentials = shadow.asObjectable().getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); PrismContainerValue<PasswordType> passwordContainerValue = password.asPrismContainerValue(); PrismProperty<ProtectedStringType> valueProperty = passwordContainerValue.findProperty(PasswordType.F_VALUE); assertTrue("Unexpected password value in "+shadow+": "+valueProperty, valueProperty.getValues().isEmpty()); assertTrue("No incompleteness in password value in "+shadow+": "+valueProperty, valueProperty.isIncomplete()); }
@Override protected void assertShadowPassword(ShadowType provisioningShadow) { CredentialsType credentials = provisioningShadow.getCredentials(); if (credentials == null) { return; } PasswordType passwordType = credentials.getPassword(); if (passwordType == null) { return; } ProtectedStringType passwordValue = passwordType.getValue(); assertNull("Unexpected password value in "+provisioningShadow+": "+passwordValue, passwordValue); PrismContainerValue<PasswordType> passwordContainer = passwordType.asPrismContainerValue(); PrismProperty<ProtectedStringType> valueProp = passwordContainer.findProperty(PasswordType.F_VALUE); assertTrue("Incomplete flag is NOT set for password value in "+provisioningShadow, valueProp.isIncomplete()); } }
protected void assertCachedResourcePassword(PrismObject<ShadowType> shadow, String expectedPassword) throws Exception { CredentialsType credentials = shadow.asObjectable().getCredentials(); if (expectedPassword == null && credentials == null) { return; } assertNotNull("Missing credentendials in repo shadow "+shadow, credentials); PasswordType passwordType = credentials.getPassword(); if (expectedPassword == null && passwordType == null) { return; } assertNotNull("Missing password credential in repo shadow "+shadow, passwordType); ProtectedStringType protectedStringType = passwordType.getValue(); assertNotNull("No password value in repo shadow "+shadow, protectedStringType); assertProtectedString("Wrong password value in repo shadow "+shadow, expectedPassword, protectedStringType, CredentialsStorageTypeType.HASHING); }
@Override protected void assertShadowPassword(ShadowType provisioningShadow) throws Exception { CredentialsType credentials = provisioningShadow.getCredentials(); if (credentials == null) { return; } PasswordType passwordType = credentials.getPassword(); if (passwordType == null) { return; } ProtectedStringType passwordValue = passwordType.getValue(); assertNotNull("Missing password value in "+provisioningShadow, passwordValue); assertFalse("Empty password value in "+provisioningShadow, passwordValue.isEmpty()); String clearPassword = protector.decryptString(passwordValue); display("Clear password of "+provisioningShadow+": "+clearPassword); PrismContainerValue<PasswordType> passwordContainer = passwordType.asPrismContainerValue(); PrismProperty<ProtectedStringType> valueProp = passwordContainer.findProperty(PasswordType.F_VALUE); assertFalse("Incomplete password value in "+provisioningShadow, valueProp.isIncomplete()); } }
resultAccountShadow.setCredentials(resourceAccountShadow.getCredentials()); transplantPasswordMetadata(repoShadowType, resultAccountShadow);
CredentialsType creds = repoShadowType.getCredentials(); if (creds != null) { PasswordType passwordType = creds.getPassword();