1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.core.provisioning.java.pushpull;
20
21 import java.util.Base64;
22 import java.util.Optional;
23 import java.util.Set;
24 import javax.xml.bind.DatatypeConverter;
25 import org.apache.commons.lang3.tuple.Pair;
26 import org.apache.syncope.common.lib.to.EntityTO;
27 import org.apache.syncope.common.lib.to.Provision;
28 import org.apache.syncope.common.lib.to.ProvisioningReport;
29 import org.apache.syncope.common.lib.to.UserTO;
30 import org.apache.syncope.common.lib.types.AnyTypeKind;
31 import org.apache.syncope.common.lib.types.CipherAlgorithm;
32 import org.apache.syncope.core.persistence.api.dao.UserDAO;
33 import org.apache.syncope.core.persistence.api.entity.user.User;
34 import org.apache.syncope.core.provisioning.api.pushpull.ProvisioningProfile;
35 import org.apache.syncope.core.provisioning.api.pushpull.PullActions;
36 import org.identityconnectors.common.security.GuardedString;
37 import org.identityconnectors.common.security.SecurityUtil;
38 import org.identityconnectors.framework.common.objects.AttributeUtil;
39 import org.identityconnectors.framework.common.objects.OperationalAttributes;
40 import org.identityconnectors.framework.common.objects.SyncDelta;
41 import org.quartz.JobExecutionException;
42 import org.slf4j.Logger;
43 import org.slf4j.LoggerFactory;
44 import org.springframework.beans.factory.annotation.Autowired;
45 import org.springframework.transaction.annotation.Transactional;
46
47
48
49
50
51 public class LDAPPasswordPullActions implements PullActions {
52
53 protected static final Logger LOG = LoggerFactory.getLogger(LDAPPasswordPullActions.class);
54
55 @Autowired
56 protected UserDAO userDAO;
57
58 @Override
59 public Set<String> moreAttrsToGet(final ProvisioningProfile<?, ?> profile, final Provision provision) {
60 if (AnyTypeKind.USER.name().equals(provision.getAnyType())) {
61 return Set.of(OperationalAttributes.PASSWORD_NAME);
62 }
63 return PullActions.super.moreAttrsToGet(profile, provision);
64 }
65
66 private static Optional<Pair<String, CipherAlgorithm>> parseEncodedPassword(final String password) {
67 if (password != null && password.startsWith("{")) {
68 String digest = Optional.ofNullable(
69 password.substring(1, password.indexOf('}'))).map(String::toUpperCase).
70 orElse(null);
71 int closingBracketIndex = password.indexOf('}');
72 try {
73 return Optional.of(
74 Pair.of(password.substring(closingBracketIndex + 1), CipherAlgorithm.valueOf(digest)));
75 } catch (IllegalArgumentException e) {
76 LOG.error("Cipher algorithm not allowed: {}", digest, e);
77 }
78 }
79 return Optional.empty();
80 }
81
82 @Transactional
83 @Override
84 public void after(
85 final ProvisioningProfile<?, ?> profile,
86 final SyncDelta delta,
87 final EntityTO entity,
88 final ProvisioningReport result) throws JobExecutionException {
89
90 if (entity instanceof UserTO) {
91 User user = userDAO.find(entity.getKey());
92 if (user != null) {
93 GuardedString passwordAttr = AttributeUtil.getPasswordValue(delta.getObject().getAttributes());
94 if (passwordAttr != null) {
95 parseEncodedPassword(SecurityUtil.decrypt(passwordAttr)).ifPresent(encoded -> {
96 byte[] encodedPasswordBytes = Base64.getDecoder().decode(encoded.getLeft().getBytes());
97 String encodedHexStr = DatatypeConverter.printHexBinary(encodedPasswordBytes).toUpperCase();
98
99 user.setEncodedPassword(encodedHexStr, encoded.getRight());
100 });
101 }
102 }
103 }
104 }
105 }