This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 4_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/4_0_X by this push:
new cc9f4f61f7 [SYNCOPE-1884] Handling Encrypted plain values during
propagation
cc9f4f61f7 is described below
commit cc9f4f61f76e41812eb0aa994c123a0745b52e77
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Mon May 19 13:47:10 2025 +0200
[SYNCOPE-1884] Handling Encrypted plain values during propagation
---
.../provisioning/java/DefaultMappingManager.java | 56 ++++++++++++++++++----
.../apache/syncope/fit/core/UserIssuesITCase.java | 9 ++--
2 files changed, 49 insertions(+), 16 deletions(-)
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
index 222fff943e..813861b37f 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java
@@ -528,7 +528,17 @@ public class DefaultMappingManager implements
MappingManager {
List<Object> objValues = new ArrayList<>();
for (PlainAttrValue value : values) {
- if (FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
+ if (intAttrName.getSchema() instanceof PlainSchema schema &&
schemaType == AttrSchemaType.Encrypted) {
+ String decoded = null;
+ try {
+ decoded =
encryptorManager.getInstance(schema.getSecretKey()).
+ decode(value.getStringValue(),
schema.getCipherAlgorithm());
+ } catch (Exception e) {
+ LOG.warn("Could not decode value for {} with algorithm",
+ intAttrName.getSchema(),
schema.getCipherAlgorithm(), e);
+ }
+
objValues.add(Optional.ofNullable(decoded).orElse(value.getStringValue()));
+ } else if
(FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
objValues.add(value.getValue());
} else {
PlainSchema plainSchema = intAttrName.getSchema() instanceof
final PlainSchema schema
@@ -545,15 +555,23 @@ public class DefaultMappingManager implements
MappingManager {
Pair<String, Attribute> result;
if (item.isConnObjectKey()) {
result = Pair.of(objValues.isEmpty() ? null :
objValues.getFirst().toString(), null);
- } else if (item.isPassword() && any instanceof User) {
- result = getPasswordAttrValue(passwordAccountGetter.apply((User)
any), password).
+ } else if (item.isPassword() && any instanceof User user) {
+ result = getPasswordAttrValue(passwordAccountGetter.apply(user),
password).
map(passwordAttrValue -> Pair.of(
(String) null,
AttributeBuilder.buildPassword(passwordAttrValue.toCharArray()))).
orElse(null);
+ } else if (objValues.isEmpty()) {
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName()));
+ } else if
(OperationalAttributes.PASSWORD_NAME.equals(item.getExtAttrName())) {
+ result = Pair.of(
+ null,
+
AttributeBuilder.buildPassword(objValues.getFirst().toString().toCharArray()));
} else {
- result = Pair.of(null, objValues.isEmpty()
- ? AttributeBuilder.build(item.getExtAttrName())
- : AttributeBuilder.build(item.getExtAttrName(),
objValues));
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName(), objValues));
}
return result;
@@ -595,7 +613,17 @@ public class DefaultMappingManager implements
MappingManager {
List<Object> objValues = new ArrayList<>();
for (PlainAttrValue value : values) {
- if (FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
+ if (intAttrName.getSchema() instanceof PlainSchema schema &&
schemaType == AttrSchemaType.Encrypted) {
+ String decoded = null;
+ try {
+ decoded =
encryptorManager.getInstance(schema.getSecretKey()).
+ decode(value.getStringValue(),
schema.getCipherAlgorithm());
+ } catch (Exception e) {
+ LOG.warn("Could not decode value for {} with algorithm",
+ intAttrName.getSchema(),
schema.getCipherAlgorithm(), e);
+ }
+
objValues.add(Optional.ofNullable(decoded).orElse(value.getStringValue()));
+ } else if
(FrameworkUtil.isSupportedAttributeType(schemaType.getType())) {
objValues.add(value.getValue());
} else {
PlainSchema plainSchema = intAttrName.getSchema() instanceof
final PlainSchema schema
@@ -612,10 +640,18 @@ public class DefaultMappingManager implements
MappingManager {
Pair<String, Attribute> result;
if (item.isConnObjectKey()) {
result = Pair.of(objValues.isEmpty() ? null :
objValues.getFirst().toString(), null);
+ } else if (objValues.isEmpty()) {
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName()));
+ } else if
(OperationalAttributes.PASSWORD_NAME.equals(item.getExtAttrName())) {
+ result = Pair.of(
+ null,
+
AttributeBuilder.buildPassword(objValues.iterator().next().toString().toCharArray()));
} else {
- result = Pair.of(null, objValues.isEmpty()
- ? AttributeBuilder.build(item.getExtAttrName())
- : AttributeBuilder.build(item.getExtAttrName(),
objValues));
+ result = Pair.of(
+ null,
+ AttributeBuilder.build(item.getExtAttrName(), objValues));
}
return result;
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
index 9765a45e48..a005e94de1 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserIssuesITCase.java
@@ -38,7 +38,6 @@ import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
@@ -681,7 +680,7 @@ public class UserIssuesITCase extends AbstractITCase {
// 1. create group with LDAP resource
GroupCR groupCR = new GroupCR();
groupCR.setName("SYNCOPE357-" + getUUIDString());
- groupCR.setRealm("/");
+ groupCR.setRealm(SyncopeConstants.ROOT_REALM);
groupCR.getResources().add(RESOURCE_NAME_LDAP);
GroupTO groupTO = createGroup(groupCR).getEntity();
@@ -704,13 +703,11 @@ public class UserIssuesITCase extends AbstractITCase {
RESOURCE_NAME_LDAP, AnyTypeKind.USER.name(), userTO.getKey());
assertNotNull(connObj);
Attr registeredAddress =
connObj.getAttr("registeredAddress").orElseThrow();
- assertNotNull(registeredAddress);
assertEquals(userTO.getPlainAttr("obscure").orElseThrow().getValues(),
registeredAddress.getValues());
- Optional<Attr> jpegPhoto = connObj.getAttr("jpegPhoto");
- assertTrue(jpegPhoto.isPresent());
+ Attr jpegPhoto = connObj.getAttr("jpegPhoto").orElseThrow();
assertEquals(
userTO.getPlainAttr("photo").orElseThrow().getValues().getFirst(),
- jpegPhoto.orElseThrow().getValues().getFirst());
+ jpegPhoto.getValues().getFirst());
// 4. remove group
GROUP_SERVICE.delete(groupTO.getKey());
