Search in sources :

Example 1 with ClientException

use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.

the class DevicePopManager method getRequestConfirmation.

@Override
public String getRequestConfirmation() throws ClientException {
    // The sync API is a wrapper around the async API
    // This likely shouldn't be called on the UI thread to avoid ANR
    // Device perf may vary, however -- some devices this may be OK.
    // YMMV
    final CountDownLatch latch = new CountDownLatch(1);
    final String[] result = new String[1];
    final ClientException[] errorResult = new ClientException[1];
    getRequestConfirmation(new TaskCompletedCallbackWithError<String, ClientException>() {

        @Override
        public void onTaskCompleted(@NonNull final String reqCnf) {
            result[0] = reqCnf;
            latch.countDown();
        }

        @Override
        public void onError(@NonNull final ClientException error) {
            errorResult[0] = error;
            latch.countDown();
        }
    });
    // Wait for the async op to complete...
    try {
        latch.await();
        if (null != result[0]) {
            return result[0];
        } else {
            throw errorResult[0];
        }
    } catch (final InterruptedException e) {
        Logger.error(TAG, "Interrupted while waiting on callback.", e);
        throw new ClientException(INTERRUPTED_OPERATION, e.getMessage(), e);
    }
}
Also used : ClientException(com.microsoft.identity.common.exception.ClientException) CountDownLatch(java.util.concurrent.CountDownLatch)

Example 2 with ClientException

use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.

the class DevicePopManager method getSecureHardwareState.

@Override
public SecureHardwareState getSecureHardwareState() throws ClientException {
    final String errCode;
    final Exception exception;
    try {
        final KeyPair rsaKeyPair = getKeyPairForEntry(mKeyManager.getEntry());
        return getSecureHardwareState(rsaKeyPair);
    } catch (final KeyStoreException e) {
        errCode = KEYSTORE_NOT_INITIALIZED;
        exception = e;
    } catch (final NoSuchAlgorithmException e) {
        errCode = NO_SUCH_ALGORITHM;
        exception = e;
    } catch (final UnrecoverableEntryException e) {
        errCode = INVALID_PROTECTION_PARAMS;
        exception = e;
    }
    final ClientException clientException = new ClientException(errCode, exception.getMessage(), exception);
    Logger.error(TAG + ":getSecureHardwareState", errCode, exception);
    throw clientException;
}
Also used : KeyPair(java.security.KeyPair) UnrecoverableEntryException(java.security.UnrecoverableEntryException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ClientException(com.microsoft.identity.common.exception.ClientException) JOSEException(com.nimbusds.jose.JOSEException) KeyStoreException(java.security.KeyStoreException) JSONException(org.json.JSONException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) StrongBoxUnavailableException(android.security.keystore.StrongBoxUnavailableException) SignatureException(java.security.SignatureException) ProviderException(java.security.ProviderException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) KeyPermanentlyInvalidatedException(android.security.keystore.KeyPermanentlyInvalidatedException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) ClientException(com.microsoft.identity.common.exception.ClientException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException)

Example 3 with ClientException

use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.

the class DevicePopManager method mintSignedHttpRequestInternal.

private String mintSignedHttpRequestInternal(@Nullable final String httpMethod, final long timestamp, @NonNull final URL requestUrl, @Nullable final String accessToken, @Nullable final String nonce, @Nullable final String clientClaims) throws ClientException {
    final Exception exception;
    final String errCode;
    try {
        final JWTClaimsSet.Builder claimsBuilder = new JWTClaimsSet.Builder();
        // AT/PoP requests will contain an access token, but an SPO signed-cookie will not.
        if (!TextUtils.isEmpty(accessToken)) {
            claimsBuilder.claim(SignedHttpRequestJwtClaims.ACCESS_TOKEN, accessToken);
        }
        claimsBuilder.claim(SignedHttpRequestJwtClaims.TIMESTAMP, timestamp);
        claimsBuilder.claim(SignedHttpRequestJwtClaims.HTTP_HOST, // Use Authority to include port number, if supplied
        requestUrl.getAuthority());
        claimsBuilder.claim(SignedHttpRequestJwtClaims.CNF, getDevicePopJwkMinifiedJson());
        if (!TextUtils.isEmpty(requestUrl.getPath())) {
            claimsBuilder.claim(SignedHttpRequestJwtClaims.HTTP_PATH, requestUrl.getPath());
        }
        if (!TextUtils.isEmpty(httpMethod)) {
            claimsBuilder.claim(SignedHttpRequestJwtClaims.HTTP_METHOD, httpMethod);
        }
        if (!TextUtils.isEmpty(nonce)) {
            claimsBuilder.claim(SignedHttpRequestJwtClaims.NONCE, nonce);
        }
        if (!TextUtils.isEmpty(clientClaims)) {
            claimsBuilder.claim(SignedHttpRequestJwtClaims.CLIENT_CLAIMS, clientClaims);
        }
        final JWTClaimsSet claimsSet = claimsBuilder.build();
        final KeyStore.PrivateKeyEntry entry = mKeyManager.getEntry();
        final PrivateKey privateKey = entry.getPrivateKey();
        final RSASSASigner signer = new RSASSASigner(privateKey);
        final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(getAsymmetricKeyThumbprint()).build(), claimsSet);
        signedJWT.sign(signer);
        return signedJWT.serialize();
    } catch (final NoSuchAlgorithmException e) {
        exception = e;
        errCode = NO_SUCH_ALGORITHM;
    } catch (final KeyStoreException e) {
        exception = e;
        errCode = KEYSTORE_NOT_INITIALIZED;
    } catch (final JOSEException e) {
        exception = e;
        errCode = JWT_SIGNING_FAILURE;
    } catch (final UnrecoverableEntryException e) {
        exception = e;
        errCode = INVALID_PROTECTION_PARAMS;
    }
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M && exception.getCause() instanceof KeyPermanentlyInvalidatedException) {
        Logger.warn(TAG, "Unable to access asymmetric key - clearing.");
        clearAsymmetricKey();
    }
    final ClientException clientException = new ClientException(errCode, exception.getMessage(), exception);
    Logger.error(TAG, clientException.getMessage(), clientException);
    throw clientException;
}
Also used : KeyPermanentlyInvalidatedException(android.security.keystore.KeyPermanentlyInvalidatedException) PrivateKey(java.security.PrivateKey) SignedJWT(com.nimbusds.jwt.SignedJWT) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) JOSEException(com.nimbusds.jose.JOSEException) KeyStoreException(java.security.KeyStoreException) JSONException(org.json.JSONException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) StrongBoxUnavailableException(android.security.keystore.StrongBoxUnavailableException) SignatureException(java.security.SignatureException) ProviderException(java.security.ProviderException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) KeyPermanentlyInvalidatedException(android.security.keystore.KeyPermanentlyInvalidatedException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) ClientException(com.microsoft.identity.common.exception.ClientException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) UnrecoverableEntryException(java.security.UnrecoverableEntryException) ClientException(com.microsoft.identity.common.exception.ClientException) JOSEException(com.nimbusds.jose.JOSEException) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 4 with ClientException

use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.

the class DevicePopManager method getPublicKey.

@Override
@NonNull
public String getPublicKey(@NonNull final PublicKeyFormat format) throws ClientException {
    final String methodName = ":getPublicKey";
    switch(format) {
        case X_509_SubjectPublicKeyInfo_ASN_1:
            return getX509SubjectPublicKeyInfo();
        case JWK:
            return getJwkPublicKey();
        default:
            final String errMsg = "Unrecognized or unsupported key format: " + format;
            final ClientException clientException = new ClientException(UNKNOWN_EXPORT_FORMAT, errMsg);
            Logger.error(TAG + methodName, errMsg, clientException);
            throw clientException;
    }
}
Also used : ClientException(com.microsoft.identity.common.exception.ClientException) NonNull(androidx.annotation.NonNull)

Example 5 with ClientException

use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.

the class DevicePopManager method generateAsymmetricKey.

@Override
public String generateAsymmetricKey(@NonNull final Context context) throws ClientException {
    final Exception exception;
    final String errCode;
    try {
        final KeyPair keyPair = generateNewRsaKeyPair(context, RSA_KEY_SIZE);
        final RSAKey rsaKey = getRsaKeyForKeyPair(keyPair);
        return getThumbprintForRsaKey(rsaKey);
    } catch (final UnsupportedOperationException e) {
        exception = e;
        errCode = BAD_KEY_SIZE;
    } catch (final NoSuchAlgorithmException e) {
        exception = e;
        errCode = NO_SUCH_ALGORITHM;
    } catch (final NoSuchProviderException e) {
        exception = e;
        errCode = ANDROID_KEYSTORE_UNAVAILABLE;
    } catch (final InvalidAlgorithmParameterException e) {
        exception = e;
        errCode = INVALID_ALG;
    } catch (final JOSEException e) {
        exception = e;
        errCode = THUMBPRINT_COMPUTATION_FAILURE;
    }
    final ClientException clientException = new ClientException(errCode, exception.getMessage(), exception);
    Logger.error(TAG, clientException.getMessage(), clientException);
    throw clientException;
}
Also used : KeyPair(java.security.KeyPair) RSAKey(com.nimbusds.jose.jwk.RSAKey) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ClientException(com.microsoft.identity.common.exception.ClientException) NoSuchProviderException(java.security.NoSuchProviderException) JOSEException(com.nimbusds.jose.JOSEException) JOSEException(com.nimbusds.jose.JOSEException) KeyStoreException(java.security.KeyStoreException) JSONException(org.json.JSONException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) StrongBoxUnavailableException(android.security.keystore.StrongBoxUnavailableException) SignatureException(java.security.SignatureException) ProviderException(java.security.ProviderException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) KeyPermanentlyInvalidatedException(android.security.keystore.KeyPermanentlyInvalidatedException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) ClientException(com.microsoft.identity.common.exception.ClientException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchProviderException(java.security.NoSuchProviderException)

Aggregations

ClientException (com.microsoft.identity.common.exception.ClientException)74 IOException (java.io.IOException)23 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)23 InvalidKeyException (java.security.InvalidKeyException)18 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)17 KeyStoreException (java.security.KeyStoreException)17 BadPaddingException (javax.crypto.BadPaddingException)17 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)17 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)17 UnrecoverableEntryException (java.security.UnrecoverableEntryException)15 CertificateException (java.security.cert.CertificateException)13 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)12 SignatureException (java.security.SignatureException)11 KeyPermanentlyInvalidatedException (android.security.keystore.KeyPermanentlyInvalidatedException)10 StrongBoxUnavailableException (android.security.keystore.StrongBoxUnavailableException)10 NonNull (androidx.annotation.NonNull)10 JOSEException (com.nimbusds.jose.JOSEException)10 NoSuchProviderException (java.security.NoSuchProviderException)10 ProviderException (java.security.ProviderException)10 JSONException (org.json.JSONException)10