@Override public String getPlaintext(ProtectedStringType protectedStringType) throws EncryptionException { if (protectedStringType != null) { return protector.decryptString(protectedStringType); } else { return null; } }
@Override public void access(char[] passwordChars) { try { ps.setClearValue(new String(passwordChars)); protector.encrypt(ps); } catch (EncryptionException e) { throw new IllegalStateException("Protector failed to encrypt password"); } } });
protected boolean compareProtectedString(String expectedClearValue, ProtectedStringType actualValue, CredentialsStorageTypeType storageType) throws EncryptionException, SchemaException { switch (storageType) { case NONE: return actualValue == null; case ENCRYPTION: if (actualValue == null) { return false; } if (!actualValue.isEncrypted()) { return false; } String actualClearPassword = protector.decryptString(actualValue); return expectedClearValue.equals(actualClearPassword); case HASHING: if (actualValue == null) { return false; } if (!actualValue.isHashed()) { return false; } ProtectedStringType expectedPs = new ProtectedStringType(); expectedPs.setClearValue(expectedClearValue); return protector.compare(actualValue, expectedPs); default: throw new IllegalArgumentException("Unknown storage "+storageType); } }
private static void transformEncryptedValue(ProtectedDataType protectedType, PrismContext prismContext) throws SchemaException{ Protector protector = prismContext.getDefaultProtector(); if (protector == null) { return; } try { protector.decrypt(protectedType); Object clearValue = protectedType.getClearValue(); if (clearValue instanceof String){ String clear = (String) clearValue; if (clear.startsWith("<value>") && clear.endsWith("</value>")){ clear = clear.replace("<value>","").replace("</value>", ""); clearValue = (String) clear; } protectedType.setClearValue(clearValue); protector.encrypt(protectedType); } } catch (EncryptionException ex){ //System.out.println("failed to encrypt.."); throw new IllegalArgumentException("failed to encrypt. " + ex); } }
public static GuardedString toGuardedString(ProtectedStringType ps, Protector protector, String propertyName) { if (ps == null) { return null; } if (!protector.isEncrypted(ps)) { if (ps.getClearValue() == null) { return null; } // LOGGER.warn("Using cleartext value for {}", propertyName); return new GuardedString(ps.getClearValue().toCharArray()); } try { return new GuardedString(protector.decryptString(ps).toCharArray()); } catch (EncryptionException e) { // LOGGER.error("Unable to decrypt value of element {}: {}", // new Object[] { propertyName, e.getMessage(), e }); throw new SystemException("Unable to decrypt value of element " + propertyName + ": " + e.getMessage(), e); } }
protector256.encrypt(pdt); protector128.decrypt(pdt); ProtectedStringType pstEnc = protector256.encryptString(value); String clear = protector256.decryptString(pstEnc); assertNotNull(clear); boolean compare1 = protector256.compare(pdt, pstEnc); boolean compare2 = protector256.compare(pstEnc, pdt); boolean compare5 = protector256.compare(pdt, wrongPst); boolean compare6 = protector256.compare(wrongPst, pdt);
private static void reencryptProtectedStringType(ProtectedStringType ps, String propName, Holder<Integer> modCountHolder, Protector protector) { if (ps == null) { // nothing to do here } else if (ps.isHashed()) { // nothing to do here } else if (ps.getClearValue() != null) { try { protector.encrypt(ps); increment(modCountHolder); } catch (EncryptionException e) { throw new TunnelException(new EncryptionException("Failed to encrypt value for field " + propName + ": " + e.getMessage(), e)); } } else if (ps.getEncryptedDataType() != null) { try { if (!protector.isEncryptedByCurrentKey(ps.getEncryptedDataType())) { ProtectedStringType reencrypted = protector.encryptString(protector.decryptString(ps)); ps.setEncryptedData(reencrypted.getEncryptedDataType()); increment(modCountHolder); } } catch (EncryptionException e) { throw new TunnelException(new EncryptionException("Failed to check/reencrypt value for field " + propName + ": " + e.getMessage(), e)); } } else { // no clear nor encrypted value } }
intermediateVal = protector.encryptString(valueToEncrypt); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); intermediateVal = protector.decryptString((ProtectedStringType) inputVal); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e);
protector256.hash(pst); boolean compare1 = protector256.compare(pst, checkPstClear); boolean compare2 = protector256.compare(checkPstClear, pst); protector256.encrypt(checkPstEnc); boolean compare3 = protector256.compare(pst, checkPstEnc); boolean compare4 = protector256.compare(checkPstEnc, pst); boolean compare5 = protector256.compare(pst, wrongPst); boolean compare6 = protector256.compare(wrongPst, pst); protector256.encrypt(wrongPstEnc); boolean compare7 = protector256.compare(pst, wrongPstEnc); boolean compare8 = protector256.compare(wrongPstEnc, pst); boolean compare9 = protector256.compare(pst, checkPstClear); boolean compare10 = protector256.compare(checkPstClear, pst); pstEncHash.setClearValue(value); assertFalse(pstEncHash.isEmpty()); protector256.encrypt(pstEncHash);
private boolean passwordEquals(ProtectedStringType newPasswordPs, ProtectedStringType currentPassword) throws SchemaException { if (currentPassword == null) { return newPasswordPs == null; } try { return protector.compare(newPasswordPs, currentPassword); } catch (EncryptionException e) { throw new SystemException("Failed to compare " + shortDesc + ": " + e.getMessage(), e); } } }
/** * Returns ICF connector info manager that manages local connectors. The * manager will be created if it does not exist yet. * * @return ICF connector info manager that manages local connectors */ private ConnectorInfoManager getRemoteConnectorInfoManager(ConnectorHostType hostType) { String hostname = hostType.getHostname(); int port = Integer.parseInt(hostType.getPort()); GuardedString key; try { key = new GuardedString(protector.decryptString(hostType.getSharedSecret()).toCharArray()); } catch (EncryptionException e) { throw new SystemException("Shared secret decryption error: "+e.getMessage(),e); } Integer timeout = hostType.getTimeout(); if (timeout == null) { timeout = 0; } boolean useSSL = false; if (hostType.isProtectConnection() != null) { useSSL = hostType.isProtectConnection(); } List<TrustManager> trustManagers = protector.getTrustManagers(); LOGGER.trace("Creating RemoteFrameworkConnectionInfo: hostname={}, port={}, key={}, useSSL={}, trustManagers={}, timeout={}", new Object[] {hostname, port, key, useSSL, trustManagers, timeout}); RemoteFrameworkConnectionInfo remoteFramewrorkInfo = new RemoteFrameworkConnectionInfo(hostname, port, key, useSSL, trustManagers, timeout); return connectorInfoManagerFactory.getRemoteManager(remoteFramewrorkInfo); }
public Object createProtectedString(String string) throws EncryptionException { return protector.encryptString(string); }
private void prepareProtectedStringForStorage(ProtectedStringType ps, CredentialsStorageTypeType storageType) throws SchemaException { try { switch (storageType) { case ENCRYPTION: if (ps.isEncrypted()) { break; } if (ps.isHashed()) { throw new SchemaException("Cannot store hashed value in an encrypted form"); } protector.encrypt(ps); break; case HASHING: if (ps.isHashed()) { break; } protector.hash(ps); break; case NONE: throw new SchemaException("Cannot store value on NONE storage form"); default: throw new SchemaException("Unknown storage type: "+storageType); } } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
private void hashValues(Collection<PrismPropertyValue<ProtectedStringType>> values, CredentialsStorageMethodType storageMethod) throws SchemaException, EncryptionException { if (values == null) { return; } for (PrismPropertyValue<ProtectedStringType> pval: values) { ProtectedStringType ps = pval.getValue(); if (!ps.isHashed()) { protector.hash(ps); } } }
protected void assertPassword(ShadowType shadow, String expectedPassword) throws SchemaException, EncryptionException { CredentialsType credentials = shadow.getCredentials(); assertNotNull("No credentials in "+shadow, credentials); PasswordType password = credentials.getPassword(); assertNotNull("No password in "+shadow, password); ProtectedStringType passwordValue = password.getValue(); assertNotNull("No password value in "+shadow, passwordValue); protector.decrypt(passwordValue); assertEquals("Wrong password in "+shadow, expectedPassword, passwordValue.getClearValue()); }
private boolean isMatching(String newPassword, PrismProperty<Object> objectProperty) { for (Object objectRealValue: objectProperty.getRealValues()) { if (objectRealValue instanceof String) { if (newPassword.equals(objectRealValue)) { return true; } } else if (objectRealValue instanceof ProtectedStringType) { ProtectedStringType newPasswordPs = new ProtectedStringType(); newPasswordPs.setClearValue(newPassword); try { if (protector.compare(newPasswordPs, (ProtectedStringType)objectRealValue)) { return true; } } catch (SchemaException | EncryptionException e) { throw new SystemException(e); } } else { if (newPassword.equals(objectRealValue.toString())) { return true; } } } return false; }
public ProtectedStringType encrypt(String string) { try { return protector.encryptString(string); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
private void hashValues(Collection<PrismPropertyValue<ProtectedStringType>> pvals) throws SchemaException { if (pvals == null) { return; } for (PrismPropertyValue<ProtectedStringType> pval: pvals) { ProtectedStringType psVal = pval.getValue(); if (psVal == null) { return; } if (psVal.isHashed()) { return; } try { protector.hash(psVal); } catch (EncryptionException e) { throw new SchemaException("Cannot hash value", e); } } }
/** * Hashes cleartext password in an (unofficial) LDAP password format. Supported algorithms: SSHA, SHA and MD5. */ public String hashLdapPassword(ProtectedStringType protectedString, String alg) throws NoSuchAlgorithmException, EncryptionException { if (protectedString == null) { return null; } String clearString = protector.decryptString(protectedString); if (clearString == null) { return null; } return hashLdapPassword(clearString.getBytes(UTF8_CHARSET), alg); }
assertNotNull(message+": no value", actualValue); assertTrue(message+": unencrypted value: "+actualValue, actualValue.isEncrypted()); String actualClearPassword = protector.decryptString(actualValue); assertEquals(message+": wrong value", expectedClearValue, actualClearPassword); assertFalse(message+": unexpected hashed value: "+actualValue, actualValue.isHashed()); expectedPs.setClearValue(expectedClearValue); assertTrue(message+": hash does not match, expected "+expectedClearValue+", but was "+actualValue, protector.compare(actualValue, expectedPs)); assertFalse(message+": unexpected encrypted value: "+actualValue, actualValue.isEncrypted()); assertNull(message+": unexpected clear value: "+actualValue, actualValue.getClearValue());