private String getConfigurationProperty(CredentialStore<?> store, String key, String defaultValue) { Object value = store.getConfig().getCredentialHandlerProperties().get(key); if (value != null) { return String.valueOf(value); } return defaultValue; }
@Override public void update(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { CredentialStorage storage = createCredentialStorage(context, account, password, store, effectiveDate, expiryDate); if (storage == null) { throw new IdentityManagementException("CredentialStorage returned by handler [" + this + "is null."); } store.removeCredential(context, account, storage.getClass()); store.storeCredential(context, account, storage); }
@Override protected CredentialStorage getCredentialStorage(final IdentityContext context, final Account account, final V credentials, final S store) { return store.retrieveCurrentCredential(context, account, EncodedPasswordStorage.class); }
@SuppressWarnings("unchecked") private boolean isLastCredentialExpired(Agent agent, CredentialStore store, Class<? extends CredentialStorage> storageClass) { List<CredentialStorage> credentials = (List<CredentialStorage>) store.retrieveCredentials(agent, storageClass); CredentialStorage lastCredential = null; Date actualDate = new Date(); for (CredentialStorage storedCredential : credentials) { if (storedCredential.getEffectiveDate().before(actualDate)) { if (lastCredential == null || lastCredential.getEffectiveDate().before(storedCredential.getEffectiveDate())) { lastCredential = storedCredential; } } } return isCredentialExpired(lastCredential); }
@Override public void update(Agent agent, Object credential, IdentityStore<?> identityStore, Date effectiveDate, Date expiryDate) { if (!CredentialStore.class.isInstance(identityStore)) { throw new IdentityManagementException("Provided IdentityStore [" + identityStore + "] is not an instance of CredentialStore."); } if (!X509Cert.class.isInstance(credential)) { throw new IllegalArgumentException("Credential class [" + credential.getClass().getName() + "] not supported by this handler."); } X509Cert certificate = (X509Cert) credential; X509CertificateStorage storage = new X509CertificateStorage((X509Cert) certificate); CredentialStore store = (CredentialStore) identityStore; store.storeCredential(agent, storage); }
@Override public void removeCredential(Account account, Class<? extends CredentialStorage> storageClass) { checkIfExists(account); if (storageClass == null) { throw MESSAGES.nullArgument("CredentialStorage type"); } try { IdentityContext identityContext = getIdentityContext(); for (CredentialStore credentialStore : getStoreSelector().getStoresForCredentialStorage(identityContext, storageClass)) { credentialStore.removeCredential(identityContext, account, storageClass); } } catch (Exception e) { throw MESSAGES.credentialRetrievalFailed(account, storageClass, e); } }
@Override public void validateCredentials(Credentials credentials) { if (credentials == null) { throw MESSAGES.nullArgument("Credentials"); } try { IdentityContext identityContext = getIdentityContext(); getStoreSelector().getStoreForCredentialOperation(identityContext, credentials.getClass()).validateCredentials(identityContext, credentials); } catch (Exception e) { throw MESSAGES.credentialValidationFailed(credentials, e); } }
@Override public void updateCredential(Account account, Object credential, Date effectiveDate, Date expiryDate) { checkIfExists(account); if (credential == null) { throw MESSAGES.nullArgument("Credential"); } try { IdentityContext identityContext = getIdentityContext(); getStoreSelector().getStoreForCredentialOperation(identityContext, credential.getClass()).updateCredential(identityContext, account, credential, effectiveDate, expiryDate); fireEvent(new CredentialUpdatedEvent(account, credential, effectiveDate, expiryDate, this.partitionManager)); } catch (Exception e) { throw MESSAGES.credentialUpdateFailed(account, credential, e); } }
/** * <p>Returns the current credential for the given {@link Agent}.</p> * * @param agent * @param store * @param storageClass * @return */ public static <T extends CredentialStorage> T getCurrentCredential(IdentityContext context, Account agent, CredentialStore<?> store, Class<T> storageClass) { T lastCredential = null; Date actualDate = new Date(); for (T storedCredential : store.retrieveCredentials(context, agent, storageClass)) { if (storedCredential.getEffectiveDate().compareTo(actualDate) <= 0) { if (lastCredential == null || lastCredential.getEffectiveDate().compareTo(storedCredential.getEffectiveDate()) <= 0) { lastCredential = storedCredential; } } } return lastCredential; }
@Override public void update(Agent agent, Object credential, IdentityStore<?> identityStore, Date effectiveDate, Date expiryDate) { CredentialStore store = validateCredentialStore(identityStore); if (!Password.class.isInstance(credential)) { throw new IllegalArgumentException("Credential class [" + credential.getClass().getName() + "] not supported by this handler."); } Password password = (Password) credential; SHASaltedPasswordEncoder encoder = new SHASaltedPasswordEncoder(512); SHASaltedPasswordStorage hash = new SHASaltedPasswordStorage(); hash.setSalt(generateSalt()); hash.setEncodedHash(encoder.encodePassword(hash.getSalt(), new String(password.getValue()))); hash.setEffectiveDate(effectiveDate); if(expiryDate != null){ hash.setExpiryDate(expiryDate); } store.storeCredential(agent, hash); }
@Override public void removeCredential(Account account, Class<? extends CredentialStorage> storageClass) { checkIfExists(account); if (storageClass == null) { throw MESSAGES.nullArgument("CredentialStorage type"); } try { IdentityContext identityContext = getIdentityContext(); for (CredentialStore credentialStore : getStoreSelector().getStoresForCredentialStorage(identityContext, storageClass)) { credentialStore.removeCredential(identityContext, account, storageClass); } } catch (Exception e) { throw MESSAGES.credentialRetrievalFailed(account, storageClass, e); } }
@Override public void validateCredentials(Credentials credentials) { if (credentials == null) { throw MESSAGES.nullArgument("Credentials"); } try { IdentityContext identityContext = getIdentityContext(); getStoreSelector().getStoreForCredentialOperation(identityContext, credentials.getClass()).validateCredentials(identityContext, credentials); } catch (Exception e) { throw MESSAGES.credentialValidationFailed(credentials, e); } }
@Override public void updateCredential(Account account, Object credential, Date effectiveDate, Date expiryDate) { checkIfExists(account); if (credential == null) { throw MESSAGES.nullArgument("Credential"); } try { IdentityContext identityContext = getIdentityContext(); getStoreSelector().getStoreForCredentialOperation(identityContext, credential.getClass()).updateCredential(identityContext, account, credential, effectiveDate, expiryDate); fireEvent(new CredentialUpdatedEvent(account, credential, effectiveDate, expiryDate, this.partitionManager)); } catch (Exception e) { throw MESSAGES.credentialUpdateFailed(account, credential, e); } }
private String getConfigurationProperty(CredentialStore<?> store, String key, String defaultValue) { Object value = store.getConfig().getCredentialHandlerProperties().get(key); if (value != null) { return String.valueOf(value); } return defaultValue; }
@Override protected CredentialStorage getCredentialStorage(final IdentityContext context, final Account account, final V credentials, final S store) { return store.retrieveCurrentCredential(context, account, EncodedPasswordStorage.class); }
/** * <p>Returns the current credential for the given {@link Agent}.</p> * * @param agent * @param store * @param storageClass * @return */ public static <T extends CredentialStorage> T getCurrentCredential(IdentityContext context, Account agent, CredentialStore<?> store, Class<T> storageClass) { T lastCredential = null; Date actualDate = new Date(); for (T storedCredential : store.retrieveCredentials(context, agent, storageClass)) { if (storedCredential.getEffectiveDate().compareTo(actualDate) <= 0) { if (lastCredential == null || lastCredential.getEffectiveDate().compareTo(storedCredential.getEffectiveDate()) <= 0) { lastCredential = storedCredential; } } } return lastCredential; }
@Override public void update(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { CredentialStorage storage = createCredentialStorage(context, account, password, store, effectiveDate, expiryDate); if (storage == null) { throw new IdentityManagementException("CredentialStorage returned by handler [" + this + "is null."); } store.removeCredential(context, account, storage.getClass()); store.storeCredential(context, account, storage); }
@Override public void update(IdentityContext context, Account account, TOTPCredential credential, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { // if a credential was not provided, updates only the secret. if (credential.getValue() != null && credential.getValue().length > 0) { super.update(context, account, credential, store, effectiveDate, expiryDate); } OTPCredentialStorage storage = new OTPCredentialStorage(); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); storage.setSecretKey(credential.getSecret()); storage.setDevice(getDevice(credential.getDevice())); store.storeCredential(context, account, storage); }
private void configureDefaultSupportedAccountTypes(final S store) { this.defaultAccountTypes = new ArrayList<Class<? extends Account>>(); for (Class<? extends AttributedType> supportedType : store.getConfig().getSupportedTypes().keySet()) { if (!Account.class.equals(supportedType) && Account.class.isAssignableFrom(supportedType)) { this.defaultAccountTypes.add((Class<? extends Account>) supportedType); } } if (this.defaultAccountTypes.isEmpty()) { throw MESSAGES.credentialNoAccountTypeProvided(); } }
@Override protected X509CertificateStorage getCredentialStorage(final IdentityContext context, Account account, final X509CertificateCredentials credentials, final CredentialStore<?> store) { return store.retrieveCurrentCredential(context, account, X509CertificateStorage.class); }