syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject [2/2] syncope git commit: Ubiquitous usage of ConnId's SecurityUtil#decrypt
Date Tue, 29 Nov 2016 13:03:35 GMT
Ubiquitous usage of ConnId's SecurityUtil#decrypt


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/13c18df3
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/13c18df3
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/13c18df3

Branch: refs/heads/master
Commit: 13c18df35a38033ac43c4e42fd41496745132db3
Parents: 5e98a43
Author: Francesco Chicchiriccò <ilgrosso@apache.org>
Authored: Tue Nov 29 14:03:05 2016 +0100
Committer: Francesco Chicchiriccò <ilgrosso@apache.org>
Committed: Tue Nov 29 14:03:21 2016 +0100

----------------------------------------------------------------------
 .../core/migration/MigrationPullActions.java       | 12 ++----------
 .../api/serialization/GuardedStringSerializer.java | 11 ++---------
 .../provisioning/java/utils/ConnObjectUtils.java   | 17 +++--------------
 3 files changed, 7 insertions(+), 33 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/13c18df3/core/migration/src/main/java/org/apache/syncope/core/migration/MigrationPullActions.java
----------------------------------------------------------------------
diff --git a/core/migration/src/main/java/org/apache/syncope/core/migration/MigrationPullActions.java
b/core/migration/src/main/java/org/apache/syncope/core/migration/MigrationPullActions.java
index 834f7e8..caf633a 100644
--- a/core/migration/src/main/java/org/apache/syncope/core/migration/MigrationPullActions.java
+++ b/core/migration/src/main/java/org/apache/syncope/core/migration/MigrationPullActions.java
@@ -36,6 +36,7 @@ import org.apache.syncope.core.provisioning.api.pushpull.ProvisioningReport;
 import org.apache.syncope.core.provisioning.java.job.SetUMembershipsJob;
 import org.apache.syncope.core.provisioning.java.pushpull.SchedulingPullActions;
 import org.identityconnectors.common.security.GuardedString;
+import org.identityconnectors.common.security.SecurityUtil;
 import org.identityconnectors.framework.common.objects.Attribute;
 import org.identityconnectors.framework.common.objects.AttributeUtil;
 import org.identityconnectors.framework.common.objects.SyncDelta;
@@ -98,18 +99,9 @@ public class MigrationPullActions extends SchedulingPullActions {
             GuardedString passwordValue = AttributeUtil.getPasswordValue(delta.getObject().getAttributes());
 
             if (cipherAlgorithm != null && passwordValue != null) {
-                final StringBuilder password = new StringBuilder();
-                passwordValue.access(new GuardedString.Accessor() {
-
-                    @Override
-                    public void access(final char[] clearChars) {
-                        password.append(clearChars);
-                    }
-                });
-
                 User user = userDAO.find(entity.getKey());
                 LOG.debug("Setting encoded password for {}", user);
-                user.setEncodedPassword(password.toString(), cipherAlgorithm);
+                user.setEncodedPassword(SecurityUtil.decrypt(passwordValue), cipherAlgorithm);
             }
         } else if (entity instanceof GroupTO) {
             // handles group membership

http://git-wip-us.apache.org/repos/asf/syncope/blob/13c18df3/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/serialization/GuardedStringSerializer.java
----------------------------------------------------------------------
diff --git a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/serialization/GuardedStringSerializer.java
b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/serialization/GuardedStringSerializer.java
index 49cc87d..e76416c 100644
--- a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/serialization/GuardedStringSerializer.java
+++ b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/serialization/GuardedStringSerializer.java
@@ -26,6 +26,7 @@ import java.lang.reflect.Field;
 import org.identityconnectors.common.Base64;
 import org.identityconnectors.common.security.EncryptorFactory;
 import org.identityconnectors.common.security.GuardedString;
+import org.identityconnectors.common.security.SecurityUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -59,16 +60,8 @@ class GuardedStringSerializer extends JsonSerializer<GuardedString>
{
         }
         jgen.writeBooleanField("disposed", disposed);
 
-        final StringBuilder cleartext = new StringBuilder();
-        source.access(new GuardedString.Accessor() {
-
-            @Override
-            public void access(final char[] clearChars) {
-                cleartext.append(clearChars);
-            }
-        });
         byte[] encryptedBytes =
-                EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(cleartext.toString().getBytes());
+                EncryptorFactory.getInstance().getDefaultEncryptor().encrypt(SecurityUtil.decrypt(source).getBytes());
         jgen.writeStringField("encryptedBytes", Base64.encode(encryptedBytes));
 
         String base64SHA1Hash = null;

http://git-wip-us.apache.org/repos/asf/syncope/blob/13c18df3/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.java
----------------------------------------------------------------------
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.java
index 94822ed..786dbf3 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/utils/ConnObjectUtils.java
@@ -48,6 +48,7 @@ import org.apache.syncope.core.provisioning.api.utils.policy.InvalidPasswordRule
 import org.identityconnectors.common.Base64;
 import org.identityconnectors.common.security.GuardedByteArray;
 import org.identityconnectors.common.security.GuardedString;
+import org.identityconnectors.common.security.SecurityUtil;
 import org.identityconnectors.framework.common.objects.Attribute;
 import org.identityconnectors.framework.common.objects.ConnectorObject;
 import org.slf4j.Logger;
@@ -91,21 +92,9 @@ public class ConnObjectUtils {
         final StringBuilder result = new StringBuilder();
 
         if (pwd instanceof GuardedString) {
-            ((GuardedString) pwd).access(new GuardedString.Accessor() {
-
-                @Override
-                public void access(final char[] clearChars) {
-                    result.append(clearChars);
-                }
-            });
+            result.append(SecurityUtil.decrypt((GuardedString) pwd));
         } else if (pwd instanceof GuardedByteArray) {
-            ((GuardedByteArray) pwd).access(new GuardedByteArray.Accessor() {
-
-                @Override
-                public void access(final byte[] clearBytes) {
-                    result.append(new String(clearBytes));
-                }
-            });
+            result.append(SecurityUtil.decrypt((GuardedByteArray) pwd));
         } else if (pwd instanceof String) {
             result.append((String) pwd);
         } else {


Mime
View raw message