syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject syncope git commit: Ubiquitous usage of ConnId's SecurityUtil#decrypt
Date Tue, 29 Nov 2016 13:02:50 GMT
Repository: syncope
Updated Branches:
  refs/heads/1_2_X 61f1c494f -> 0539b7f49


Ubiquitous usage of ConnId's SecurityUtil#decrypt


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0539b7f4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0539b7f4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0539b7f4

Branch: refs/heads/1_2_X
Commit: 0539b7f49c8f86d9bb61c75980b82514fed5931c
Parents: 61f1c49
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Nov 29 14:02:44 2016 +0100
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Nov 29 14:02:44 2016 +0100

----------------------------------------------------------------------
 .../upgrader/util/GuardedStringConverter.java   | 13 ++-------
 .../syncope/core/connid/ConnObjectUtil.java     | 30 ++++++--------------
 .../core/util/GuardedStringSerializer.java      | 12 ++------
 3 files changed, 15 insertions(+), 40 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/0539b7f4/core-upgrader/src/main/java/org/apache/syncope/upgrader/util/GuardedStringConverter.java
----------------------------------------------------------------------
diff --git a/core-upgrader/src/main/java/org/apache/syncope/upgrader/util/GuardedStringConverter.java
b/core-upgrader/src/main/java/org/apache/syncope/upgrader/util/GuardedStringConverter.java
index 0f0ce75..dea1df8 100644
--- a/core-upgrader/src/main/java/org/apache/syncope/upgrader/util/GuardedStringConverter.java
+++ b/core-upgrader/src/main/java/org/apache/syncope/upgrader/util/GuardedStringConverter.java
@@ -31,6 +31,7 @@ import com.thoughtworks.xstream.converters.MarshallingContext;
 import com.thoughtworks.xstream.converters.UnmarshallingContext;
 import com.thoughtworks.xstream.io.HierarchicalStreamReader;
 import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
+import org.identityconnectors.common.security.SecurityUtil;
 
 /**
  * Help in XStream serialization of GuardedString by (de)serializing instances using the
default Encryptor (which works
@@ -70,16 +71,8 @@ public class GuardedStringConverter implements Converter {
         writer.endNode();
 
         writer.startNode("encryptedBytes");
-        final StringBuilder cleartext = new StringBuilder();
-        ((GuardedString) source).access(new GuardedString.Accessor() {
-
-            @Override
-            public void access(final char[] clearChars) {
-                cleartext.append(clearChars);
-            }
-        });
-        final byte[] encryptedBytes =
-                EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(cleartext.toString().getBytes());
+        final byte[] encryptedBytes = EncryptorFactory.getInstance().getDefaultEncryptor().
+                encrypt(SecurityUtil.decrypt((GuardedString) source).getBytes());
         writer.setValue(Base64.encode(encryptedBytes));
         writer.endNode();
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/0539b7f4/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java b/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
index ad3a340..faef62c 100644
--- a/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
+++ b/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
@@ -75,6 +75,7 @@ import org.apache.syncope.core.util.jexl.JexlUtil;
 import org.identityconnectors.common.Base64;
 import org.identityconnectors.common.security.GuardedByteArray;
 import org.identityconnectors.common.security.GuardedString;
+import org.identityconnectors.common.security.SecurityUtil;
 import org.identityconnectors.framework.common.objects.Attribute;
 import org.identityconnectors.framework.common.objects.ConnectorObject;
 import org.identityconnectors.framework.common.objects.ObjectClass;
@@ -256,8 +257,7 @@ public class ConnObjectUtil {
         final T subjectTO = attrUtil.newSubjectTO();
 
         // 1. fill with data from connector object
-        for (AbstractMappingItem item : 
-                attrUtil.getMappingItems(syncTask.getResource(), MappingPurpose.SYNCHRONIZATION))
{
+        for (AbstractMappingItem item : attrUtil.getMappingItems(syncTask.getResource(),
MappingPurpose.SYNCHRONIZATION)) {
             Attribute attribute = obj.getAttributeByName(item.getExtAttrName());
 
             AttributeTO attributeTO;
@@ -278,8 +278,8 @@ public class ConnObjectUtil {
                     if (subjectTO instanceof UserTO) {
                         ((UserTO) subjectTO).setUsername(attribute == null || attribute.getValue().isEmpty()
                                 || attribute.getValue().get(0) == null
-                                        ? null
-                                        : attribute.getValue().get(0).toString());
+                                ? null
+                                : attribute.getValue().get(0).toString());
                     }
                     break;
 
@@ -287,8 +287,8 @@ public class ConnObjectUtil {
                     if (subjectTO instanceof RoleTO) {
                         ((RoleTO) subjectTO).setName(attribute == null || attribute.getValue().isEmpty()
                                 || attribute.getValue().get(0) == null
-                                        ? null
-                                        : attribute.getValue().get(0).toString());
+                                ? null
+                                : attribute.getValue().get(0).toString());
                     }
                     break;
 
@@ -477,21 +477,9 @@ public class ConnObjectUtil {
         final StringBuilder result = new StringBuilder();
 
         if (pwd instanceof GuardedString) {
-            ((GuardedString) pwd).access(new GuardedString.Accessor() {
-
-                @Override
-                public void access(final char[] clearChars) {
-                    result.append(clearChars);
-                }
-            });
+            result.append(SecurityUtil.decrypt((GuardedString) pwd));
         } else if (pwd instanceof GuardedByteArray) {
-            ((GuardedByteArray) pwd).access(new GuardedByteArray.Accessor() {
-
-                @Override
-                public void access(final byte[] clearBytes) {
-                    result.append(new String(clearBytes));
-                }
-            });
+            result.append(SecurityUtil.decrypt((GuardedByteArray) pwd));
         } else if (pwd instanceof String) {
             result.append((String) pwd);
         } else {
@@ -546,7 +534,7 @@ public class ConnObjectUtil {
 
         final IntMappingType type = attrUtil.getType() == AttributableType.USER
                 ? IntMappingType.UserVirtualSchema : attrUtil.getType() == AttributableType.ROLE
-                        ? IntMappingType.RoleVirtualSchema : IntMappingType.MembershipVirtualSchema;
+                ? IntMappingType.RoleVirtualSchema : IntMappingType.MembershipVirtualSchema;
 
         final Map<String, ConnectorObject> externalResources = new HashMap<String,
ConnectorObject>();
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/0539b7f4/core/src/main/java/org/apache/syncope/core/util/GuardedStringSerializer.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/syncope/core/util/GuardedStringSerializer.java
b/core/src/main/java/org/apache/syncope/core/util/GuardedStringSerializer.java
index 203edfa..1f8591e 100644
--- a/core/src/main/java/org/apache/syncope/core/util/GuardedStringSerializer.java
+++ b/core/src/main/java/org/apache/syncope/core/util/GuardedStringSerializer.java
@@ -27,6 +27,7 @@ import java.lang.reflect.Field;
 import org.identityconnectors.common.Base64;
 import org.identityconnectors.common.security.EncryptorFactory;
 import org.identityconnectors.common.security.GuardedString;
+import org.identityconnectors.common.security.SecurityUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -60,16 +61,9 @@ class GuardedStringSerializer extends JsonSerializer<GuardedString>
{
         }
         jgen.writeBooleanField("disposed", disposed);
 
-        final StringBuilder cleartext = new StringBuilder();
-        ((GuardedString) source).access(new GuardedString.Accessor() {
-
-            @Override
-            public void access(final char[] clearChars) {
-                cleartext.append(clearChars);
-            }
-        });
         final byte[] encryptedBytes =
-                EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(cleartext.toString().getBytes());
+                EncryptorFactory.getInstance().getDefaultEncryptor().
+                        encrypt(SecurityUtil.decrypt((GuardedString) source).getBytes());
         jgen.writeStringField("encryptedBytes", Base64.encode(encryptedBytes));
 
         String base64SHA1Hash = null;


Mime
View raw message