You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2014/06/11 18:15:43 UTC
svn commit: r1601940 - in /syncope/trunk:
common/src/main/java/org/apache/syncope/common/types/
core/src/main/java/org/apache/syncope/core/persistence/beans/user/
core/src/main/java/org/apache/syncope/core/sync/impl/
Author: coheigea
Date: Wed Jun 11 16:15:42 2014
New Revision: 1601940
URL: http://svn.apache.org/r1601940
Log:
[SYNCOPE-313] - Adding an initial way to import hashed passwords into Syncope from an LDAP backend
Added:
syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java
Modified:
syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java
syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
Modified: syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java
URL: http://svn.apache.org/viewvc/syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java?rev=1601940&r1=1601939&r2=1601940&view=diff
==============================================================================
--- syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java (original)
+++ syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java Wed Jun 11 16:15:42 2014
@@ -23,11 +23,13 @@ import javax.xml.bind.annotation.XmlEnum
@XmlEnum
public enum CipherAlgorithm {
+ SHA("SHA-1", false),
SHA1("SHA-1", false),
SHA256("SHA-256", false),
SHA512("SHA-512", false),
AES("AES", true),
SMD5("S-MD5", false),
+ SSHA("S-SHA-1", false),
SSHA1("S-SHA-1", false),
SSHA256("S-SHA-256", false),
SSHA512("S-SHA-512", false),
Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java?rev=1601940&r1=1601939&r2=1601940&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java Wed Jun 11 16:15:42 2014
@@ -259,6 +259,13 @@ public class SyncopeUser extends Abstrac
clearPassword = null;
}
+ public void setEncodedPassword(final String password, final CipherAlgorithm cipherAlgoritm, final int historySize) {
+ // clear password
+ this.clearPassword = null;
+ this.password = password;
+ this.cipherAlgorithm = cipherAlgoritm;
+ }
+
public void setPassword(final String password, final CipherAlgorithm cipherAlgoritm, final int historySize) {
// clear password
this.clearPassword = password;
Added: syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java?rev=1601940&view=auto
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java (added)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java Wed Jun 11 16:15:42 2014
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.sync.impl;
+
+import org.apache.syncope.common.to.AbstractAttributableTO;
+import org.apache.syncope.common.to.UserTO;
+import org.apache.syncope.common.types.CipherAlgorithm;
+import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.UserDAO;
+import org.apache.syncope.core.sync.DefaultSyncActions;
+import org.apache.syncope.core.sync.SyncResult;
+import org.identityconnectors.framework.common.objects.SyncDelta;
+import org.quartz.JobExecutionException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.crypto.codec.Hex;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * A SyncActions implementation which allows the ability to import passwords from an LDAP backend
+ * that are hashed.
+ */
+public class LDAPPasswordSyncActions extends DefaultSyncActions {
+
+ protected static final Logger LOG = LoggerFactory.getLogger(LDAPPasswordSyncActions.class);
+
+ @Autowired
+ protected UserDAO userDAO;
+
+ private String encodedPassword;
+ private CipherAlgorithm cipher;
+
+ @Transactional(readOnly = true)
+ @Override
+ public <T extends AbstractAttributableTO> SyncDelta beforeCreate(
+ final AbstractSyncopeResultHandler<?, ?> handler,
+ final SyncDelta delta,
+ final T subject) throws JobExecutionException {
+ if (subject instanceof UserTO) {
+ String password = ((UserTO)subject).getPassword();
+ if (password != null && password.startsWith("{")) {
+ int closingBracketIndex = password.indexOf('}');
+ String digest = password.substring(1, password.indexOf('}'));
+ CipherAlgorithm cipherAlgorithm = CipherAlgorithm.fromString(digest);
+ if (cipherAlgorithm != null) {
+ encodedPassword = password.substring(closingBracketIndex + 1);
+ cipher = cipherAlgorithm;
+ }
+ }
+ }
+
+ return delta;
+ }
+
+ @Transactional(readOnly = true)
+ @Override
+ public <T extends AbstractAttributableTO> void after(
+ final AbstractSyncopeResultHandler<?, ?> handler,
+ final SyncDelta delta,
+ final T subject,
+ final SyncResult result) throws JobExecutionException {
+
+ if (subject instanceof UserTO && encodedPassword != null && cipher != null) {
+ SyncopeUser syncopeUser = userDAO.find(subject.getId());
+ if (syncopeUser != null) {
+ byte[] encodedPasswordBytes = Base64.decode(encodedPassword.getBytes());
+ char[] encodedHex = Hex.encode(encodedPasswordBytes);
+ String encodedHexStr = new String(encodedHex).toUpperCase();
+
+ /*UserMod userMod = new UserMod();
+ userMod.setId(subject.getId());
+ userMod.setPassword(encodedHexStr);
+ uwfAdapter.update(userMod);*/
+ syncopeUser.setEncodedPassword(encodedHexStr, cipher, 0);
+ }
+ encodedPassword = null;
+ cipher = null;
+ }
+ }
+
+}