use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.
the class CommandDispatcherTest method testSubmitSilentWithTerminalException.
@Test
public void testSubmitSilentWithTerminalException() {
final String errorCode = "anError";
final CountDownLatch testLatch = new CountDownLatch(1);
CommandDispatcher.submitSilent(new CommandThrowingIErrorInformationException(getEmptyTestParams(), new CommandCallback<String, Exception>() {
@Override
public void onCancel() {
testLatch.countDown();
Assert.fail();
}
@Override
public void onError(Exception error) {
Assert.assertEquals(ClientException.class, error.getClass());
Assert.assertEquals(errorCode, ((ClientException) error).getErrorCode());
testLatch.countDown();
}
@Override
public void onTaskCompleted(String s) {
testLatch.countDown();
Assert.fail();
}
}, errorCode));
}
use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalCppOAuth2TokenCache method saveCredentials.
/**
* @param accountRecord : AccountRecord associated with the input credentials, can be null.
* @param credentials : list of Credential which can include AccessTokenRecord, IdTokenRecord and RefreshTokenRecord.
* @throws ClientException : If the supplied Account or Credential are null or schema invalid.
*/
public synchronized void saveCredentials(@Nullable final AccountRecord accountRecord, @NonNull final Credential... credentials) throws ClientException {
if (credentials == null || credentials.length == 0) {
throw new ClientException("Credential array passed in is null or empty");
}
RefreshTokenRecord refreshTokenRecord = null;
for (final Credential credential : credentials) {
if (credential instanceof RefreshTokenRecord) {
refreshTokenRecord = (RefreshTokenRecord) credential;
}
if (credential instanceof AccessTokenRecord && !isAccessTokenSchemaCompliant((AccessTokenRecord) credential)) {
throw new ClientException(CREDENTIAL_IS_SCHEMA_NONCOMPLIANT, "AT is missing a required property.");
}
}
if (accountRecord != null && refreshTokenRecord != null) {
// MSAL C++ writes credentials first and then the account.
// For a new account, this will not be true as the accountRecord will be null.
// For existing accounts, we would remove the old refresh token if present.
removeRefreshTokenIfNeeded(accountRecord, refreshTokenRecord);
}
saveCredentialsInternal(credentials);
}
use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.
the class BrokerValidator method verifySignatureHash.
private String verifySignatureHash(final List<X509Certificate> certs) throws NoSuchAlgorithmException, CertificateEncodingException, ClientException {
final StringBuilder hashListStringBuilder = new StringBuilder();
for (final X509Certificate x509Certificate : certs) {
final MessageDigest messageDigest = MessageDigest.getInstance("SHA");
messageDigest.update(x509Certificate.getEncoded());
// Check the hash for signer cert is the same as what we hardcoded.
final String signatureHash = Base64.encodeToString(messageDigest.digest(), Base64.NO_WRAP);
hashListStringBuilder.append(signatureHash);
hashListStringBuilder.append(',');
for (final BrokerData brokerData : getValidBrokers()) {
if (!TextUtils.isEmpty(brokerData.signatureHash) && brokerData.signatureHash.equals(signatureHash)) {
return signatureHash;
}
}
}
throw new ClientException(BROKER_APP_VERIFICATION_FAILED, "SignatureHashes: " + hashListStringBuilder.toString());
}
use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.
the class BrokerValidator method getSelfSignedCert.
// Will throw if there is more than one self-signed cert found.
private X509Certificate getSelfSignedCert(final List<X509Certificate> certs) throws ClientException {
int count = 0;
X509Certificate selfSignedCert = null;
for (final X509Certificate x509Certificate : certs) {
if (x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
selfSignedCert = x509Certificate;
count++;
}
}
if (count > 1 || selfSignedCert == null) {
throw new ClientException(BROKER_APP_VERIFICATION_FAILED, "Multiple self signed certs found or no self signed cert existed.");
}
return selfSignedCert;
}
use of com.microsoft.identity.common.exception.ClientException in project microsoft-authentication-library-common-for-android by AzureAD.
the class ADALOAuth2TokenCache method save.
/**
* Method responsible for saving tokens contained in the TokenResponse to storage.
*
* @param strategy
* @param request
* @param response
*/
@Override
public ICacheRecord save(final AzureActiveDirectoryOAuth2Strategy strategy, final AzureActiveDirectoryAuthorizationRequest request, final AzureActiveDirectoryTokenResponse response) {
final String methodName = "save";
Logger.info(TAG + ":" + methodName, "Saving Tokens...");
final String issuerCacheIdentifier = strategy.getIssuerCacheIdentifier(request);
final AzureActiveDirectoryAccount account = strategy.createAccount(response);
final String msalEnvironment = Uri.parse(issuerCacheIdentifier).getAuthority();
account.setEnvironment(msalEnvironment);
final AzureActiveDirectoryRefreshToken refreshToken = strategy.getRefreshTokenFromResponse(response);
refreshToken.setEnvironment(msalEnvironment);
Logger.info(TAG, "Constructing new ADALTokenCacheItem");
final ADALTokenCacheItem cacheItem = new ADALTokenCacheItem(strategy, request, response);
logTokenCacheItem(cacheItem);
// There is more than one valid user identifier for some accounts... AAD Accounts as of this writing have 3
Logger.info(TAG + ":" + methodName, "Setting items to cache for user...");
for (final String cacheIdentifier : account.getCacheIdentifiers()) {
// Azure AD Uses Resource and Not Scope... but we didn't override... heads up
final String scope = request.getScope();
final String clientId = request.getClientId();
Logger.infoPII(TAG + ":" + methodName, "issuerCacheIdentifier: [" + issuerCacheIdentifier + "]");
Logger.infoPII(TAG + ":" + methodName, "scope: [" + scope + "]");
Logger.infoPII(TAG + ":" + methodName, "clientId: [" + clientId + "]");
Logger.infoPII(TAG + ":" + methodName, "cacheIdentifier: [" + cacheIdentifier + "]");
setItemToCacheForUser(issuerCacheIdentifier, scope, clientId, cacheItem, cacheIdentifier);
}
// For legacy reasons creating a cache entry where the userid is null
// ADAL supported a single user mode where it was not necessary for the developer to provide the user id
// on calls to acquireTokenSilentAsync
setItemToCacheForUser(issuerCacheIdentifier, request.getScope(), request.getClientId(), cacheItem, null);
// TODO At some point, the type-safety of this call needs to get beefed-up
Logger.info(TAG + ":" + methodName, "Syncing SSO state to caches...");
for (final IShareSingleSignOnState<MicrosoftAccount, MicrosoftRefreshToken> sharedSsoCache : mSharedSSOCaches) {
try {
sharedSsoCache.setSingleSignOnState(account, refreshToken);
} catch (ClientException e) {
Logger.errorPII(TAG, "Exception setting single sign on state for account " + account.getUsername(), e);
}
}
// Returning null, since the ADAL cache's schema doesn't support this return type.
return null;
}
Aggregations