You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2014/06/11 18:15:43 UTC

svn commit: r1601940 - in /syncope/trunk: common/src/main/java/org/apache/syncope/common/types/ core/src/main/java/org/apache/syncope/core/persistence/beans/user/ core/src/main/java/org/apache/syncope/core/sync/impl/

Author: coheigea
Date: Wed Jun 11 16:15:42 2014
New Revision: 1601940

URL: http://svn.apache.org/r1601940
Log:
[SYNCOPE-313] - Adding an initial way to import hashed passwords into Syncope from an LDAP backend

Added:
    syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java
Modified:
    syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java
    syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java

Modified: syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java
URL: http://svn.apache.org/viewvc/syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java?rev=1601940&r1=1601939&r2=1601940&view=diff
==============================================================================
--- syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java (original)
+++ syncope/trunk/common/src/main/java/org/apache/syncope/common/types/CipherAlgorithm.java Wed Jun 11 16:15:42 2014
@@ -23,11 +23,13 @@ import javax.xml.bind.annotation.XmlEnum
 @XmlEnum
 public enum CipherAlgorithm {
 
+    SHA("SHA-1", false),
     SHA1("SHA-1", false),
     SHA256("SHA-256", false),
     SHA512("SHA-512", false),
     AES("AES", true),
     SMD5("S-MD5", false),
+    SSHA("S-SHA-1", false),
     SSHA1("S-SHA-1", false),
     SSHA256("S-SHA-256", false),
     SSHA512("S-SHA-512", false),

Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java?rev=1601940&r1=1601939&r2=1601940&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java Wed Jun 11 16:15:42 2014
@@ -259,6 +259,13 @@ public class SyncopeUser extends Abstrac
         clearPassword = null;
     }
 
+    public void setEncodedPassword(final String password, final CipherAlgorithm cipherAlgoritm, final int historySize) {
+        // clear password
+        this.clearPassword = null;
+        this.password = password;
+        this.cipherAlgorithm = cipherAlgoritm;
+    }
+    
     public void setPassword(final String password, final CipherAlgorithm cipherAlgoritm, final int historySize) {
         // clear password
         this.clearPassword = password;

Added: syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java?rev=1601940&view=auto
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java (added)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/sync/impl/LDAPPasswordSyncActions.java Wed Jun 11 16:15:42 2014
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.sync.impl;
+
+import org.apache.syncope.common.to.AbstractAttributableTO;
+import org.apache.syncope.common.to.UserTO;
+import org.apache.syncope.common.types.CipherAlgorithm;
+import org.apache.syncope.core.persistence.beans.user.SyncopeUser;
+import org.apache.syncope.core.persistence.dao.UserDAO;
+import org.apache.syncope.core.sync.DefaultSyncActions;
+import org.apache.syncope.core.sync.SyncResult;
+import org.identityconnectors.framework.common.objects.SyncDelta;
+import org.quartz.JobExecutionException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.crypto.codec.Hex;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * A SyncActions implementation which allows the ability to import passwords from an LDAP backend
+ * that are hashed.
+ */
+public class LDAPPasswordSyncActions extends DefaultSyncActions {
+    
+    protected static final Logger LOG = LoggerFactory.getLogger(LDAPPasswordSyncActions.class);
+
+    @Autowired
+    protected UserDAO userDAO;
+
+    private String encodedPassword;
+    private CipherAlgorithm cipher;
+
+    @Transactional(readOnly = true)
+    @Override
+    public <T extends AbstractAttributableTO> SyncDelta beforeCreate(
+            final AbstractSyncopeResultHandler<?, ?> handler,
+            final SyncDelta delta,
+            final T subject) throws JobExecutionException {
+        if (subject instanceof UserTO) {
+            String password = ((UserTO)subject).getPassword();
+            if (password != null && password.startsWith("{")) {
+                int closingBracketIndex = password.indexOf('}');
+                String digest = password.substring(1, password.indexOf('}'));
+                CipherAlgorithm cipherAlgorithm = CipherAlgorithm.fromString(digest);
+                if (cipherAlgorithm != null) {
+                    encodedPassword = password.substring(closingBracketIndex + 1);
+                    cipher = cipherAlgorithm;
+                }
+            }
+        }
+        
+        return delta;
+    }
+    
+    @Transactional(readOnly = true)
+    @Override
+    public <T extends AbstractAttributableTO> void after(
+            final AbstractSyncopeResultHandler<?, ?> handler,
+            final SyncDelta delta,
+            final T subject,
+            final SyncResult result) throws JobExecutionException {
+
+        if (subject instanceof UserTO && encodedPassword != null && cipher != null) {
+            SyncopeUser syncopeUser = userDAO.find(subject.getId());
+            if (syncopeUser != null) {
+                byte[] encodedPasswordBytes = Base64.decode(encodedPassword.getBytes());
+                char[] encodedHex = Hex.encode(encodedPasswordBytes);
+                String encodedHexStr = new String(encodedHex).toUpperCase();
+                
+                /*UserMod userMod = new UserMod();
+                userMod.setId(subject.getId());
+                userMod.setPassword(encodedHexStr);
+                uwfAdapter.update(userMod);*/
+                syncopeUser.setEncodedPassword(encodedHexStr, cipher, 0);
+            }
+            encodedPassword = null;
+            cipher = null;
+        }
+    }
+    
+}