Search in sources :

Example 26 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class NMASCrOperator method writeResponses.

public void writeResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGuid, final ResponseInfoBean responseInfoBean) throws PwmUnrecoverableException {
    try {
        if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
            final NmasResponseSet nmasResponseSet = NmasCrFactory.newNmasResponseSet(responseInfoBean.getCrMap(), responseInfoBean.getLocale(), responseInfoBean.getMinRandoms(), theUser, responseInfoBean.getCsIdentifier());
            NmasCrFactory.writeResponseSet(nmasResponseSet);
            LOGGER.info("saved responses for user using NMAS method ");
        }
    } catch (ChaiException e) {
        final String errorMsg = "error writing responses to nmas: " + e.getMessage();
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(e);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) NmasResponseSet(com.novell.ldapchai.impl.edir.NmasResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 27 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class CrService method readUserChallengeProfile.

public ChallengeProfile readUserChallengeProfile(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser, final PwmPasswordPolicy policy, final Locale locale) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final long methodStartTime = System.currentTimeMillis();
    ChallengeSet returnSet = null;
    if (config.readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_CHALLENGE_SET)) {
        try {
            if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
                if (policy != null && policy.getChaiPasswordPolicy() != null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser.getChaiProvider(), policy.getChaiPasswordPolicy(), locale);
                }
                if (returnSet == null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser, locale);
                }
                if (returnSet == null) {
                    LOGGER.debug(sessionLabel, "no nmas c/r policy found for user " + theUser.getEntryDN());
                } else {
                    LOGGER.debug(sessionLabel, "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
                    final ChallengeProfile challengeProfile = ChallengeProfile.createChallengeProfile(challengeID, locale, applyPwmPolicyToNmasChallenges(returnSet, config), null, (int) config.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MIN_RANDOM_DURING_SETUP), 0);
                    LOGGER.debug(sessionLabel, "using ldap c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + ", result=" + JsonUtil.serialize(challengeProfile));
                    return challengeProfile;
                }
            }
        } catch (ChaiException e) {
            LOGGER.error(sessionLabel, "error reading nmas c/r policy for user " + theUser.getEntryDN() + ": " + e.getMessage());
        }
        LOGGER.debug(sessionLabel, "no detected c/r policy for user " + theUser.getEntryDN() + " in nmas");
    }
    // use PWM policies if PWM is configured and either its all that is configured OR the NMAS policy read was not successful
    final String challengeProfileID = determineChallengeProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
    final ChallengeProfile challengeProfile = config.getChallengeProfile(challengeProfileID, locale);
    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + " returned profile: " + (challengeProfile == null ? "null" : challengeProfile.getIdentifier()));
    return challengeProfile;
}
Also used : ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) Configuration(password.pwm.config.Configuration) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 28 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class LdapOtpOperator method writeOtpUserConfiguration.

@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity userIdentity, final String userGuid, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
    final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
    if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
        final String errorMsg = "ldap storage attribute is not configured, unable to write OTP secret";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    String value = composeOtpAttribute(otpConfig);
    if (value == null || value.length() == 0) {
        final String errorMsg = "Invalid value for OTP secret, unable to store";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            value = encryptAttributeValue(value);
        }
        final ChaiUser theUser = pwmSession == null ? pwmApplication.getProxiedChaiUser(userIdentity) : pwmSession.getSessionManager().getActor(pwmApplication, userIdentity);
        theUser.writeStringAttribute(ldapStorageAttribute, value);
        LOGGER.info("saved OTP secret for user to chai-ldap format");
    } catch (ChaiException ex) {
        final String errorMsg;
        if (ex.getErrorCode() == ChaiError.NO_ACCESS) {
            errorMsg = "permission error writing OTP secret to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to save OTP secret: " + ex.getMessage();
        } else {
            errorMsg = "error writing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + ex.getMessage();
        }
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    } catch (PwmOperationalException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) Configuration(password.pwm.config.Configuration) ChaiUser(com.novell.ldapchai.ChaiUser) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LdapProfile(password.pwm.config.profile.LdapProfile) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 29 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class LDAPStatusChecker method checkBasicLdapConnectivity.

public List<HealthRecord> checkBasicLdapConnectivity(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile, final boolean testContextlessRoot) {
    final List<HealthRecord> returnRecords = new ArrayList<>();
    ChaiProvider chaiProvider = null;
    try {
        final DirectoryVendor directoryVendor;
        try {
            final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
            final PasswordData proxyPW = ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD);
            if (proxyDN == null || proxyDN.length() < 1) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User DN"));
            }
            if (proxyPW == null) {
                return Collections.singletonList(new HealthRecord(HealthStatus.WARN, HealthTopic.LDAP, "Missing Proxy User Password"));
            }
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, ldapProfile, config, proxyDN, proxyPW);
            final ChaiEntry adminEntry = chaiProvider.getEntryFactory().newChaiEntry(proxyDN);
            adminEntry.exists();
            directoryVendor = chaiProvider.getDirectoryVendor();
        } catch (ChaiException e) {
            final ChaiError chaiError = ChaiErrors.getErrorForMessage(e.getMessage());
            final PwmError pwmError = PwmError.forChaiError(chaiError);
            final StringBuilder errorString = new StringBuilder();
            final String profileName = ldapProfile.getIdentifier();
            errorString.append("error connecting to ldap directory (").append(profileName).append("), error: ").append(e.getMessage());
            if (chaiError != null && chaiError != ChaiError.UNKNOWN) {
                errorString.append(" (");
                errorString.append(chaiError.toString());
                if (pwmError != null && pwmError != PwmError.ERROR_UNKNOWN) {
                    errorString.append(" - ");
                    errorString.append(pwmError.getLocalizedMessage(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig()));
                }
                errorString.append(")");
            }
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString.toString()));
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorString.toString()));
            return returnRecords;
        } catch (Exception e) {
            final HealthRecord record = HealthRecord.forMessage(HealthMessage.LDAP_No_Connection, e.getMessage());
            returnRecords.add(record);
            pwmApplication.getLdapConnectionService().setLastLdapFailure(ldapProfile, new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, record.getDetail(PwmConstants.DEFAULT_LOCALE, pwmApplication.getConfig())));
            return returnRecords;
        }
        if (directoryVendor != null && directoryVendor == DirectoryVendor.ACTIVE_DIRECTORY) {
            returnRecords.addAll(checkAd(pwmApplication, config, ldapProfile));
        }
        if (testContextlessRoot) {
            for (final String loopContext : ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_CONTEXTLESS_ROOT)) {
                try {
                    final ChaiEntry contextEntry = chaiProvider.getEntryFactory().newChaiEntry(loopContext);
                    final Set<String> objectClasses = contextEntry.readObjectClass();
                    if (objectClasses == null || objectClasses.isEmpty()) {
                        final String errorString = "ldap context setting '" + loopContext + "' is not valid";
                        returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                    }
                } catch (Exception e) {
                    final String errorString = "ldap root context '" + loopContext + "' is not valid: " + e.getMessage();
                    returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
                }
            }
        }
    } finally {
        if (chaiProvider != null) {
            try {
                chaiProvider.close();
            } catch (Exception e) {
            /* ignore */
            }
        }
    }
    return returnRecords;
}
Also used : PwmError(password.pwm.error.PwmError) ArrayList(java.util.ArrayList) ChaiEntry(com.novell.ldapchai.ChaiEntry) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) ErrorInformation(password.pwm.error.ErrorInformation) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) ChaiError(com.novell.ldapchai.exception.ChaiError) DirectoryVendor(com.novell.ldapchai.provider.DirectoryVendor) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 30 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class UserIdentity method canonicalized.

public UserIdentity canonicalized(final PwmApplication pwmApplication) throws PwmUnrecoverableException {
    if (this.canonicalized) {
        return this;
    }
    final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(this);
    final String userDN;
    try {
        userDN = chaiUser.readCanonicalDN();
    } catch (ChaiException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    final UserIdentity canonicalziedIdentity = new UserIdentity(userDN, this.getLdapProfileID());
    canonicalziedIdentity.canonicalized = true;
    return canonicalziedIdentity;
}
Also used : ChaiUser(com.novell.ldapchai.ChaiUser) ChaiException(com.novell.ldapchai.exception.ChaiException)

Aggregations

ChaiException (com.novell.ldapchai.exception.ChaiException)33 ErrorInformation (password.pwm.error.ErrorInformation)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16 ChaiUser (com.novell.ldapchai.ChaiUser)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)6 UserIdentity (password.pwm.bean.UserIdentity)6 PwmOperationalException (password.pwm.error.PwmOperationalException)6 Instant (java.time.Instant)5 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)4 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)4 ArrayList (java.util.ArrayList)4 FormConfiguration (password.pwm.config.value.data.FormConfiguration)4 PasswordData (password.pwm.util.PasswordData)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)3 List (java.util.List)3 Map (java.util.Map)3 PwmApplication (password.pwm.PwmApplication)3 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)2