This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new 19c9a8694e [SYNCOPE-1884] Handling Encrypted plain values during
propagation
19c9a8694e is described below
commit 19c9a8694efa9ca9657d1d83fdb08815d46c1333
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Mon May 19 13:47:10 2025 +0200
[SYNCOPE-1884] Handling Encrypted plain values during propagation
---
.../provisioning/java/DefaultMappingManager.java | 78 ++++++++++++++--------
.../apache/syncope/fit/core/UserIssuesITCase.java | 13 ++--
2 files changed, 56 insertions(+), 35 deletions(-)
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
index 3638a54dcf..87e4f5ffda 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
@@ -576,16 +576,30 @@ public class DefaultMappingManager implements
MappingManager {
List<Object> objValues = new ArrayList<>();
for (PlainAttrValue value : values) {
- if
(FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
- objValues.add(value.getValue());
+ if (intAttrName.getSchema() instanceof PlainSchema &&
schemaType == AttrSchemaType.Encrypted) {
+ PlainSchema schema = (PlainSchema) intAttrName.getSchema();
+
+ String decoded = null;
+ try {
+ decoded = Encryptor.getInstance(schema.getSecretKey()).
+ decode(value.getStringValue(),
schema.getCipherAlgorithm());
+ } catch (Exception e) {
+ LOG.warn("Could not decode value for {} with
algorithm",
+ intAttrName.getSchema(),
schema.getCipherAlgorithm(), e);
+ }
+
objValues.add(Optional.ofNullable(decoded).orElse(value.getStringValue()));
} else {
- PlainSchema plainSchema = intAttrName.getSchema()
instanceof PlainSchema
- ? (PlainSchema) intAttrName.getSchema()
- : null;
- if (plainSchema == null || plainSchema.getType() !=
schemaType) {
- objValues.add(value.getValueAsString(schemaType));
+ if
(FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
+ objValues.add(value.getValue());
} else {
- objValues.add(value.getValueAsString(plainSchema));
+ PlainSchema schema = intAttrName.getSchema()
instanceof PlainSchema
+ ? (PlainSchema) intAttrName.getSchema()
+ : null;
+ if (schema == null || schema.getType() != schemaType) {
+ objValues.add(value.getValueAsString(schemaType));
+ } else {
+ objValues.add(value.getValueAsString(schema));
+ }
}
}
}
@@ -600,9 +614,19 @@ public class DefaultMappingManager implements
MappingManager {
result = Pair.of(null,
AttributeBuilder.buildPassword(passwordAttrValue.toCharArray()));
}
} else {
- result = Pair.of(null, objValues.isEmpty()
- ? AttributeBuilder.build(item.getExtAttrName())
- : AttributeBuilder.build(item.getExtAttrName(),
objValues));
+ if (objValues.isEmpty()) {
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName()));
+ } else if
(OperationalAttributes.PASSWORD_NAME.equals(item.getExtAttrName())) {
+ result = Pair.of(
+ null,
+
AttributeBuilder.buildPassword(objValues.iterator().next().toString().toCharArray()));
+ } else {
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName(),
objValues));
+ }
}
}
@@ -764,23 +788,23 @@ public class DefaultMappingManager implements
MappingManager {
default:
try {
- Object fieldValue = FieldUtils.readField(ref,
intAttrName.getField(), true);
- if (fieldValue instanceof TemporalAccessor) {
- // needed because ConnId does not natively
supports the Date type
-
attrValue.setStringValue(FormatUtils.format((TemporalAccessor) fieldValue));
- } else if (Boolean.TYPE.isInstance(fieldValue)) {
- attrValue.setBooleanValue((Boolean) fieldValue);
- } else if (Double.TYPE.isInstance(fieldValue) ||
Float.TYPE.isInstance(fieldValue)) {
- attrValue.setDoubleValue((Double) fieldValue);
- } else if (Long.TYPE.isInstance(fieldValue) ||
Integer.TYPE.isInstance(fieldValue)) {
- attrValue.setLongValue((Long) fieldValue);
- } else {
- attrValue.setStringValue(fieldValue.toString());
+ Object fieldValue = FieldUtils.readField(ref,
intAttrName.getField(), true);
+ if (fieldValue instanceof TemporalAccessor) {
+ // needed because ConnId does not natively
supports the Date type
+
attrValue.setStringValue(FormatUtils.format((TemporalAccessor) fieldValue));
+ } else if (Boolean.TYPE.isInstance(fieldValue)) {
+ attrValue.setBooleanValue((Boolean)
fieldValue);
+ } else if (Double.TYPE.isInstance(fieldValue) ||
Float.TYPE.isInstance(fieldValue)) {
+ attrValue.setDoubleValue((Double) fieldValue);
+ } else if (Long.TYPE.isInstance(fieldValue) ||
Integer.TYPE.isInstance(fieldValue)) {
+ attrValue.setLongValue((Long) fieldValue);
+ } else {
+
attrValue.setStringValue(fieldValue.toString());
+ }
+ values.add(attrValue);
+ } catch (Exception e) {
+ LOG.error("Could not read value of '{}' from {}",
intAttrName.getField(), ref, e);
}
- values.add(attrValue);
- } catch (Exception e) {
- LOG.error("Could not read value of '{}' from {}",
intAttrName.getField(), ref, e);
- }
}
} else if (intAttrName.getSchemaType() != null) {
switch (intAttrName.getSchemaType()) {
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
index 003b2d8426..ad25679d02 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -34,7 +34,6 @@ import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
@@ -716,7 +715,7 @@ public class UserIssuesITCase extends AbstractITCase {
// 1. create group with LDAP resource
GroupCR groupCR = new GroupCR();
groupCR.setName("SYNCOPE357-" + getUUIDString());
- groupCR.setRealm("/");
+ groupCR.setRealm(SyncopeConstants.ROOT_REALM);
groupCR.getResources().add(RESOURCE_NAME_LDAP);
GroupTO groupTO = createGroup(groupCR).getEntity();
@@ -738,12 +737,10 @@ public class UserIssuesITCase extends AbstractITCase {
ConnObject connObj = RESOURCE_SERVICE.readConnObject(
RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(connObj);
- Attr registeredAddress = connObj.getAttr("registeredAddress").get();
- assertNotNull(registeredAddress);
- assertEquals(userTO.getPlainAttr("obscure").get().getValues(),
registeredAddress.getValues());
- Optional<Attr> jpegPhoto = connObj.getAttr("jpegPhoto");
- assertTrue(jpegPhoto.isPresent());
- assertEquals(userTO.getPlainAttr("photo").get().getValues().get(0),
jpegPhoto.get().getValues().get(0));
+ Attr registeredAddress =
connObj.getAttr("registeredAddress").orElseThrow();
+ assertEquals(userTO.getPlainAttr("obscure").orElseThrow().getValues(),
registeredAddress.getValues());
+ Attr jpegPhoto = connObj.getAttr("jpegPhoto").orElseThrow();
+
assertEquals(userTO.getPlainAttr("photo").orElseThrow().getValues().get(0),
jpegPhoto.getValues().get(0));
// 4. remove group
GROUP_SERVICE.delete(groupTO.getKey());
