Test for explicit password fetch. Fix.

icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/DummyConnector.java

@@ -891,11 +891,12 @@ public FilterTranslator<Filter> createFilterTranslator(ObjectClass objectClass,
      * {@inheritDoc}
      */
     public void executeQuery(ObjectClass objectClass, Filter query, ResultsHandler handler, OperationOptions options) {
-        log.info("executeQuery::begin");
+        log.info("executeQuery({0},{1},{2},{3})", objectClass, query, handler, options);
         validate(objectClass);
         notNull(handler, "Results handled object can't be null.");
 
         Collection<String> attributesToGet = getAttrsToGet(options);
+        log.ok("attributesToGet={0}", attributesToGet);
 
         try {
 	        if (ObjectClass.ACCOUNT.is(objectClass.getObjectClassValue())) {
@@ -1139,7 +1140,7 @@ private ConnectorObject convertToConnectorObject(DummyAccount account, Collectio
 
 		// Password is not returned by default (hardcoded ICF specification)
 		if (account.getPassword() != null && configuration.getReadablePassword() && 
-				attributesToGet.contains(OperationalAttributes.PASSWORD_NAME)) {
+				attributesToGet != null && attributesToGet.contains(OperationalAttributes.PASSWORD_NAME)) {
 			GuardedString gs = new GuardedString(account.getPassword().toCharArray());
 			builder.addAttribute(OperationalAttributes.PASSWORD_NAME,gs);
 		}

provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/util/ProvisioningUtil.java

@@ -295,7 +295,7 @@ public static AttributesToReturn createAttributesToReturn(
 		// Password
 		CredentialsCapabilityType credentialsCapabilityType = ResourceTypeUtil.getEffectiveCapability(
 				resource, CredentialsCapabilityType.class);
-		if (CapabilityUtil.isPasswordReturnedByDefault(credentialsCapabilityType)) {
+		if (!CapabilityUtil.isPasswordReturnedByDefault(credentialsCapabilityType)) {
 			// There resource is capable of returning password but it does not
 			// do it by default
 			AttributeFetchStrategyType passwordFetchStrategy = objectClassDefinition

provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestDummy.java

@@ -69,6 +69,7 @@
 import com.evolveum.midpoint.prism.PrismProperty;
 import com.evolveum.midpoint.prism.PrismPropertyDefinition;
 import com.evolveum.midpoint.prism.PrismPropertyValue;
+import com.evolveum.midpoint.prism.crypto.EncryptionException;
 import com.evolveum.midpoint.prism.delta.ChangeType;
 import com.evolveum.midpoint.prism.delta.DiffUtil;
 import com.evolveum.midpoint.prism.delta.ItemDelta;
@@ -199,7 +200,7 @@ protected String getDrakeRepoIcfName() {
 	@Override
 	public void initSystem(Task initTask, OperationResult initResult) throws Exception {
 		super.initSystem(initTask, initResult);
-		InternalMonitor.setTraceConnectorOperation(true);
+//		InternalMonitor.setTraceConnectorOperation(true);
 	}
 
 	@Test
@@ -1011,7 +1012,7 @@ public void test100AddAccount() throws Exception {
 		assertSteadyResource();
 	}
 
-	private void checkAccountShadowWill(PrismObject<ShadowType> accountRepo) {
+	protected void checkAccountShadowWill(PrismObject<ShadowType> accountRepo) {
 		display("Will account repo", accountRepo);
 		ShadowType accountTypeRepo = accountRepo.asObjectable();
 		assertShadowName(accountRepo, ACCOUNT_WILL_USERNAME);
@@ -1113,7 +1114,7 @@ public void test102GetAccount() throws Exception {
 		assertSteadyResource();
 	}
 
-	private void checkAccountWill(ShadowType shadow, OperationResult result) {
+	protected void checkAccountWill(ShadowType shadow, OperationResult result) throws SchemaException, EncryptionException {
 		checkAccountShadow(shadow, result);
 		Collection<ResourceAttribute<?>> attributes = ShadowUtil.getAttributes(shadow);
 		assertAttribute(shadow, DummyResourceContoller.DUMMY_ACCOUNT_ATTRIBUTE_SHIP_NAME, "Flying Dutchman");

provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/test/impl/TestDummyExtra.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2015 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.evolveum.midpoint.provisioning.test.impl;
+
+import static org.testng.AssertJUnit.assertEquals;
+import static org.testng.AssertJUnit.assertNotNull;
+
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.testng.annotations.Test;
+
+import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.crypto.EncryptionException;
+import com.evolveum.midpoint.provisioning.ucf.impl.ConnectorFactoryIcfImpl;
+import com.evolveum.midpoint.schema.GetOperationOptions;
+import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.test.util.TestUtil;
+import com.evolveum.midpoint.util.exception.SchemaException;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
+import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
+
+/**
+ * Almost the same as TestDummy but with some extra things, such as:
+ * readable password
+ * 
+ * @author Radovan Semancik
+ *
+ */
+@ContextConfiguration(locations = "classpath:ctx-provisioning-test-main.xml")
+@DirtiesContext
+public class TestDummyExtra extends TestDummy {
+
+	public static final String TEST_DIR = "src/test/resources/impl/dummy-extra/";
+	public static final String RESOURCE_DUMMY_FILENAME = TEST_DIR + "resource-dummy.xml";
+
+	@Override
+	protected String getResourceDummyFilename() {
+		return RESOURCE_DUMMY_FILENAME;
+	}
+
+	@Override
+	protected void checkAccountWill(ShadowType shadow, OperationResult result) throws SchemaException, EncryptionException {
+		super.checkAccountWill(shadow, result);
+		assertPassword(shadow, "3lizab3th");
+	}
+
+	@Test
+	public void testFakeToEnableDebug() {
+
+	}
+
+}

provisioning/provisioning-impl/src/test/resources/impl/dummy-extra/resource-dummy.xml

@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2010-2015 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<resource oid="ef2bc95b-76e0-59e2-86d6-9999dddddddd"
+		xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+        xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
+        xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
+        xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance/ef2bc95b-76e0-59e2-86d6-9999dddddddd"
+		  xsi:schemaLocation="http://midpoint.evolveum.com/xml/ns/public/common/common-3 ../../../../../../infra/schema/src/main/resources/xml/ns/public/common/common-3.xsd
+							  http://www.w3.org/2001/XMLSchema ../../../../../../infra/schema/src/test/resources/standard/XMLSchema.xsd">
+
+	<name>Dummy Resource</name>
+	<connectorRef oid="will-be-supplied-by-the-test-code"/>
+	<connectorConfiguration xmlns:icfi="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.icf.dummy/com.evolveum.icf.dummy.connector.DummyConnector"
+	               xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
+
+		<icfc:configurationProperties>
+			<icfi:instanceId></icfi:instanceId> <!-- Default instance -->
+			<icfi:uselessString>Shiver me timbers!</icfi:uselessString>
+			<icfi:uselessGuardedString>       <!-- Add some whitespace -->  
+				<clearValue>Dead men tell no tales</clearValue>
+			</icfi:uselessGuardedString>
+			<icfi:supportValidity>true</icfi:supportValidity>
+			<icfi:readablePassword>true</icfi:readablePassword>
+		</icfc:configurationProperties>
+
+	</connectorConfiguration>
+	<namespace>http://midpoint.evolveum.com/xml/ns/public/resource/instance/ef2bc95b-76e0-59e2-86d6-9999dddddddd</namespace>
+	<!-- No schema. It should be generated by provisioning on the first use of this resource. -->
+	<schemaHandling>
+		<objectType>
+			<kind>account</kind>
+			<intent>default</intent>
+			<displayName>Default Account</displayName>
+			<default>true</default>
+			<objectClass>ri:AccountObjectClass</objectClass>
+			<attribute>
+				<ref>icfs:name</ref>
+				<displayName>Username</displayName>
+			</attribute>
+			<attribute>
+				<ref>ri:weapon</ref>
+				<matchingRule>mr:stringIgnoreCase</matchingRule>
+			</attribute>
+			<attribute>
+				<ref>ri:loot</ref>
+				<fetchStrategy>explicit</fetchStrategy>
+			</attribute>
+			<attribute>
+				<ref>ri:ship</ref>
+				<limitations>
+					<access>
+						<read>true</read>
+						<add>true</add>
+						<modify>true</modify>
+					</access>
+				</limitations>
+			</attribute>
+			<attribute>
+				<ref>ri:drink</ref>
+				<limitations>
+					<access>
+						<read>true</read>
+						<add>false</add>
+						<modify>true</modify>
+					</access>
+				</limitations>
+			</attribute>
+			<attribute>
+				<ref>ri:quote</ref>
+				<limitations>
+					<access>
+						<read>true</read>
+						<add>true</add>
+						<modify>false</modify>
+					</access>
+				</limitations>
+			</attribute>
+			<attribute>
+				<ref>ri:gossip</ref>
+				<limitations>
+					<access>
+						<read>false</read>
+						<add>true</add>
+						<modify>true</modify>
+					</access>
+				</limitations>
+			</attribute>
+			<attribute>
+				<ref>ri:water</ref>
+				<limitations>
+					<access>
+						<read>false</read>
+						<add>false</add>
+						<modify>false</modify>
+					</access>
+				</limitations>
+			</attribute>
+			<credentials>
+	            <password>
+	               <fetchStrategy>explicit</fetchStrategy>
+	            </password>
+	         </credentials>
+			<association>
+            	<ref>ri:group</ref>
+            	<kind>entitlement</kind>
+            	<intent>group</intent>
+            	<direction>objectToSubject</direction>
+            	<associationAttribute>ri:members</associationAttribute>
+            	<valueAttribute>icfs:name</valueAttribute>
+            </association>
+            <association>
+            	<ref>ri:priv</ref>
+            	<kind>entitlement</kind>
+            	<intent>privilege</intent>
+            	<direction>subjectToObject</direction>
+            	<associationAttribute>ri:privileges</associationAttribute>
+            	<valueAttribute>icfs:name</valueAttribute>
+            </association>
+			<protected>
+				<icfs:name>root</icfs:name>
+			</protected>
+			<protected>
+				<icfs:name>daemon</icfs:name>
+			</protected>
+			<protected>
+				<filter>
+					<q:equal>
+						<q:path>
+							declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
+							attributes/icfs:name
+						</q:path>
+						<q:value>daviejones</q:value>
+					</q:equal>
+				</filter>
+			</protected>
+			<protected>
+				<filter>
+					<q:substring>
+						<q:path>
+							declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
+							attributes/icfs:name
+						</q:path>
+						<q:value>X</q:value>
+						<q:anchorStart>true</q:anchorStart>
+					</q:substring>
+				</filter>
+			</protected>
+			<protected>
+				<filter>
+					<q:substring>
+						<q:path>
+							declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";
+							attributes/icfs:name
+						</q:path>
+						<q:value>-adm</q:value>
+						<q:anchorEnd>true</q:anchorEnd>
+					</q:substring>
+				</filter>
+			</protected>
+		</objectType>
+		<objectType>
+			<kind>entitlement</kind>
+        	<intent>group</intent>
+        	<default>true</default>
+        	<objectClass>ri:GroupObjectClass</objectClass>
+        </objectType>
+        <objectType>
+        	<kind>entitlement</kind>
+        	<intent>privilege</intent>
+        	<default>false</default>
+        	<objectClass>ri:CustomprivilegeObjectClass</objectClass>
+        </objectType>
+	</schemaHandling>
+	<consistency>
+		<avoidDuplicateValues>true</avoidDuplicateValues>
+	</consistency>
+</resource>

provisioning/provisioning-impl/testng.xml

@@ -52,6 +52,7 @@
 			<class name="com.evolveum.midpoint.provisioning.test.impl.TestDummyUuidNonUniqueName" />
 			<class name="com.evolveum.midpoint.provisioning.test.impl.TestDummyPrioritiesAndReadReplace" />
 			<class name="com.evolveum.midpoint.provisioning.test.impl.TestDummyReadReplaceForAll" />
+			<class name="com.evolveum.midpoint.provisioning.test.impl.TestDummyExtra" />
 		</classes>
 	</test>
 	<test name="provisioning-service-csv" parallel="false" verbose="10">

repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java

@@ -78,6 +78,7 @@
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
+import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -876,5 +877,16 @@ protected RefinedAttributeDefinition getAttributeDefinition(ResourceType resourc
 				refinedResourceSchema.findRefinedDefinitionByObjectClassQName(kind, objectClassName);
 		return refinedObjectClassDefinition.findAttributeDefinition(attributeLocalName);
 	}
+
+	protected void assertPassword(ShadowType shadow, String expectedPassword) throws SchemaException, EncryptionException {
+		CredentialsType credentials = shadow.getCredentials();
+		assertNotNull("No credentials in "+shadow, credentials);
+		PasswordType password = credentials.getPassword();
+		assertNotNull("No password in "+shadow, password);
+		ProtectedStringType passwordValue = password.getValue();
+		assertNotNull("No password value in "+shadow, passwordValue);
+		protector.decrypt(passwordValue);
+		assertEquals("Wrong password in "+shadow, expectedPassword, passwordValue.getClearValue());
+	}
 
 }