core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/propagation/DBPasswordPropagationActions.java - syncope - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.syncope.core.provisioning.java.propagation;

 import java.util.Optional;
 import java.util.Set;
 import org.apache.syncope.common.lib.types.AnyTypeKind;
 import org.apache.syncope.common.lib.types.CipherAlgorithm;
 import org.apache.syncope.common.lib.types.ConnConfProperty;
 import org.apache.syncope.core.persistence.api.dao.UserDAO;
 import org.apache.syncope.core.persistence.api.entity.ConnInstance;
 import org.apache.syncope.core.persistence.api.entity.task.PropagationData;
 import org.apache.syncope.core.persistence.api.entity.user.User;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationActions;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationManager;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationTaskInfo;
 import org.apache.syncope.core.spring.implementation.InstanceScope;
 import org.apache.syncope.core.spring.implementation.SyncopeImplementation;
 import org.identityconnectors.common.security.GuardedString;
 import org.identityconnectors.framework.common.objects.Attribute;
 import org.identityconnectors.framework.common.objects.AttributeBuilder;
 import org.identityconnectors.framework.common.objects.AttributeUtil;
 import org.identityconnectors.framework.common.objects.OperationalAttributes;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;

 /**
  * Propagate a non-cleartext password out to a resource, if the PropagationManager has not already
  * added a password. The CipherAlgorithm associated with the password must match the password
  * cipher algorithm property of the DB Connector.
  */
 @SyncopeImplementation(scope = InstanceScope.PER_CONTEXT)
 public class DBPasswordPropagationActions implements PropagationActions {

     protected static final String CLEARTEXT = "CLEARTEXT";

     @Autowired
     protected UserDAO userDAO;

     protected String getCipherAlgorithm(final ConnInstance connInstance) {
         Optional<ConnConfProperty> cipherAlgorithm = connInstance.getConf().stream().
                 filter(property -> "cipherAlgorithm".equals(property.getSchema().getName())
                 && property.getValues() != null && !property.getValues().isEmpty()).findFirst();

         return cipherAlgorithm.isPresent()
                 ? (String) cipherAlgorithm.get().getValues().get(0)
                 : CLEARTEXT;
     }

     protected boolean cipherAlgorithmMatches(final String connectorAlgorithm, final CipherAlgorithm userAlgorithm) {
         if (userAlgorithm == null) {
             return false;
         }

         if (connectorAlgorithm.equals(userAlgorithm.name())) {
             return true;
         }

         // Special check for "SHA" (user sync'd from LDAP)
         return "SHA1".equals(connectorAlgorithm) && "SHA".equals(userAlgorithm.name());
     }

     @Transactional(readOnly = true)
     @Override
     public void before(final PropagationTaskInfo taskInfo) {
         if (AnyTypeKind.USER == taskInfo.getAnyTypeKind()) {
             User user = userDAO.find(taskInfo.getEntityKey());

             PropagationData data = taskInfo.getPropagationData();
             if (user != null && user.getPassword() != null && data.getAttributes() != null) {
                 Set<Attribute> attrs = data.getAttributes();

                 Attribute missing = AttributeUtil.find(PropagationManager.MANDATORY_MISSING_ATTR_NAME, attrs);

                 ConnInstance connInstance = taskInfo.getResource().getConnector();
                 if (missing != null && missing.getValue() != null && missing.getValue().size() == 1
                         && missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME)
                         && cipherAlgorithmMatches(getCipherAlgorithm(connInstance), user.getCipherAlgorithm())) {

                     Attribute passwordAttribute = AttributeBuilder.buildPassword(
                             new GuardedString(user.getPassword().toCharArray()));

                     attrs.add(passwordAttribute);
                     attrs.remove(missing);

                     Attribute hashedPasswordAttribute = AttributeBuilder.build(
                             AttributeUtil.createSpecialName("HASHED_PASSWORD"), Boolean.TRUE);
                     attrs.add(hashedPasswordAttribute);
                 }
             }
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.syncope.core.provisioning.java.propagation;

	import java.util.Optional;
	import java.util.Set;
	import org.apache.syncope.common.lib.types.AnyTypeKind;
	import org.apache.syncope.common.lib.types.CipherAlgorithm;
	import org.apache.syncope.common.lib.types.ConnConfProperty;
	import org.apache.syncope.core.persistence.api.dao.UserDAO;
	import org.apache.syncope.core.persistence.api.entity.ConnInstance;
	import org.apache.syncope.core.persistence.api.entity.task.PropagationData;
	import org.apache.syncope.core.persistence.api.entity.user.User;
	import org.apache.syncope.core.provisioning.api.propagation.PropagationActions;
	import org.apache.syncope.core.provisioning.api.propagation.PropagationManager;
	import org.apache.syncope.core.provisioning.api.propagation.PropagationTaskInfo;
	import org.apache.syncope.core.spring.implementation.InstanceScope;
	import org.apache.syncope.core.spring.implementation.SyncopeImplementation;
	import org.identityconnectors.common.security.GuardedString;
	import org.identityconnectors.framework.common.objects.Attribute;
	import org.identityconnectors.framework.common.objects.AttributeBuilder;
	import org.identityconnectors.framework.common.objects.AttributeUtil;
	import org.identityconnectors.framework.common.objects.OperationalAttributes;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.transaction.annotation.Transactional;

	/**
	* Propagate a non-cleartext password out to a resource, if the PropagationManager has not already
	* added a password. The CipherAlgorithm associated with the password must match the password
	* cipher algorithm property of the DB Connector.
	*/
	@SyncopeImplementation(scope = InstanceScope.PER_CONTEXT)
	public class DBPasswordPropagationActions implements PropagationActions {

	protected static final String CLEARTEXT = "CLEARTEXT";

	@Autowired
	protected UserDAO userDAO;

	protected String getCipherAlgorithm(final ConnInstance connInstance) {
	Optional<ConnConfProperty> cipherAlgorithm = connInstance.getConf().stream().
	filter(property -> "cipherAlgorithm".equals(property.getSchema().getName())
	&& property.getValues() != null && !property.getValues().isEmpty()).findFirst();

	return cipherAlgorithm.isPresent()
	? (String) cipherAlgorithm.get().getValues().get(0)
	: CLEARTEXT;
	}

	protected boolean cipherAlgorithmMatches(final String connectorAlgorithm, final CipherAlgorithm userAlgorithm) {
	if (userAlgorithm == null) {
	return false;
	}

	if (connectorAlgorithm.equals(userAlgorithm.name())) {
	return true;
	}

	// Special check for "SHA" (user sync'd from LDAP)
	return "SHA1".equals(connectorAlgorithm) && "SHA".equals(userAlgorithm.name());
	}

	@Transactional(readOnly = true)
	@Override
	public void before(final PropagationTaskInfo taskInfo) {
	if (AnyTypeKind.USER == taskInfo.getAnyTypeKind()) {
	User user = userDAO.find(taskInfo.getEntityKey());

	PropagationData data = taskInfo.getPropagationData();
	if (user != null && user.getPassword() != null && data.getAttributes() != null) {
	Set<Attribute> attrs = data.getAttributes();

	Attribute missing = AttributeUtil.find(PropagationManager.MANDATORY_MISSING_ATTR_NAME, attrs);

	ConnInstance connInstance = taskInfo.getResource().getConnector();
	if (missing != null && missing.getValue() != null && missing.getValue().size() == 1
	&& missing.getValue().get(0).equals(OperationalAttributes.PASSWORD_NAME)
	&& cipherAlgorithmMatches(getCipherAlgorithm(connInstance), user.getCipherAlgorithm())) {

	Attribute passwordAttribute = AttributeBuilder.buildPassword(
	new GuardedString(user.getPassword().toCharArray()));

	attrs.add(passwordAttribute);
	attrs.remove(missing);

	Attribute hashedPasswordAttribute = AttributeBuilder.build(
	AttributeUtil.createSpecialName("HASHED_PASSWORD"), Boolean.TRUE);
	attrs.add(hashedPasswordAttribute);
	}
	}
	}
	}
	}