Class CredentialsStorageManager
java.lang.Object
com.evolveum.midpoint.repo.common.security.CredentialsStorageManager
Prepares credentials (focus, shadow) for storage in the repository, taking into account the storage method
specified in the relevant security policy.
Does not actually store the password in the repository. Just prepares the data by transforming the values, items or deltas.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescription@Nullable PropertyDelta<ProtectedStringType>
createShadowPasswordDelta
(@Nullable CredentialsPolicyType credentialsPolicy, @Nullable ProtectedStringType oldValue, @NotNull ProtectedStringType newValue) Prepares the shadow password property for storage (into an existing shadow): returns a delta that does so.<O extends ObjectType>
ObjectDelta<O>transformFocusExecutionDelta
(@Nullable CredentialsPolicyType credentialsPolicy, @NotNull ObjectDelta<O> delta) transformShadowPasswordDelta
(@Nullable CredentialsPolicyType credentialsPolicy, boolean legacyCaching, PropertyDelta<ProtectedStringType> delta) We assume that only cleartext or encrypted values come in the delta.void
transformShadowPasswordWithRealValue
(@Nullable CredentialsPolicyType credentialsPolicy, boolean legacyCaching, @NotNull PrismProperty<ProtectedStringType> passwordProperty) Prepares the shadow password property for storage (into a new shadow).@Nullable PropertyDelta<ProtectedStringType>
updateShadowPasswordIfNeeded
(@NotNull ProtectedStringType existingPasswordValue, CredentialsPolicyType credentialsPolicy, boolean legacyCaching) Returns deltas to update shadow password under (possibly) changed policies: - encrypted -> hashed / none - hashed -> none We assume the value is either encrypted or hashed, i.e., it's not in the cleartext nor in the external form.
-
Constructor Details
-
CredentialsStorageManager
public CredentialsStorageManager()
-
-
Method Details
-
transformFocusExecutionDelta
public <O extends ObjectType> ObjectDelta<O> transformFocusExecutionDelta(@Nullable @Nullable CredentialsPolicyType credentialsPolicy, @NotNull @NotNull ObjectDelta<O> delta) throws SchemaException, EncryptionException - Throws:
SchemaException
EncryptionException
-
transformShadowPasswordDelta
public PropertyDelta<ProtectedStringType> transformShadowPasswordDelta(@Nullable @Nullable CredentialsPolicyType credentialsPolicy, boolean legacyCaching, PropertyDelta<ProtectedStringType> delta) throws SchemaException, EncryptionException We assume that only cleartext or encrypted values come in the delta.- Throws:
SchemaException
EncryptionException
-
transformShadowPasswordWithRealValue
public void transformShadowPasswordWithRealValue(@Nullable @Nullable CredentialsPolicyType credentialsPolicy, boolean legacyCaching, @NotNull @NotNull PrismProperty<ProtectedStringType> passwordProperty) throws SchemaException, EncryptionException Prepares the shadow password property for storage (into a new shadow). Expects that the property contains the real value. The legacy caching supports the hashing only.- Throws:
SchemaException
EncryptionException
-
createShadowPasswordDelta
@Nullable public @Nullable PropertyDelta<ProtectedStringType> createShadowPasswordDelta(@Nullable @Nullable CredentialsPolicyType credentialsPolicy, @Nullable @Nullable ProtectedStringType oldValue, @NotNull @NotNull ProtectedStringType newValue) throws SchemaException, EncryptionException Prepares the shadow password property for storage (into an existing shadow): returns a delta that does so. Expects that the new value contains the real value that is either clear or encrypted.- Throws:
SchemaException
EncryptionException
-
updateShadowPasswordIfNeeded
@Nullable public @Nullable PropertyDelta<ProtectedStringType> updateShadowPasswordIfNeeded(@NotNull @NotNull ProtectedStringType existingPasswordValue, CredentialsPolicyType credentialsPolicy, boolean legacyCaching) throws SchemaException, EncryptionException Returns deltas to update shadow password under (possibly) changed policies: - encrypted -> hashed / none - hashed -> none We assume the value is either encrypted or hashed, i.e., it's not in the cleartext nor in the external form.- Throws:
SchemaException
EncryptionException
-