Example 6 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project ldapchai by ldapchai.
the class NmasResponseSet method readNmasUserResponseSet.
static NmasResponseSet readNmasUserResponseSet(final ChaiUser theUser) throws ChaiUnavailableException, ChaiValidationException {
final GetLoginConfigRequest request = new GetLoginConfigRequest();
request.setObjectDN(theUser.getEntryDN());
request.setTag("ChallengeResponseQuestions");
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
try {
final ExtendedResponse response = theUser.getChaiProvider().extendedOperation(request);
final byte[] responseValue = response.getEncodedValue();
if (responseValue == null) {
return null;
}
final String xmlString = new String(responseValue, "UTF8");
LOGGER.trace("[parse v3]: read ChallengeResponseQuestions from server: " + xmlString);
ChallengeSet cs = null;
int parseAttempts = 0;
final StringBuilder parsingErrorMsg = new StringBuilder();
{
final int beginIndex = xmlString.indexOf("<");
if (beginIndex > 0) {
try {
parseAttempts++;
final String xmlSubstring = xmlString.substring(beginIndex, xmlString.length());
LOGGER.trace("attempting parse of index stripped value: " + xmlSubstring);
cs = parseNmasUserResponseXML(xmlSubstring);
LOGGER.trace("successfully parsed nmas ChallengeResponseQuestions response after index " + beginIndex);
} catch (JDOMException e) {
if (parsingErrorMsg.length() > 0) {
parsingErrorMsg.append(", ");
}
parsingErrorMsg.append("error parsing index stripped value: ").append(e.getMessage());
LOGGER.trace("unable to parse index stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
}
}
}
if (cs == null) {
if (xmlString.startsWith("<?xml")) {
try {
parseAttempts++;
cs = parseNmasUserResponseXML(xmlString);
} catch (JDOMException e) {
parsingErrorMsg.append("error parsing raw value: ").append(e.getMessage());
LOGGER.trace("unable to parse raw ChallengeResponseQuestions nmas response; will retry after stripping header; error: " + e.getMessage());
}
LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
}
}
if (cs == null) {
if (xmlString.length() > 16) {
// first 16 bytes are non-xml header.
final String strippedXml = xmlString.substring(16);
try {
parseAttempts++;
cs = parseNmasUserResponseXML(strippedXml);
LOGGER.trace("successfully parsed full nmas ChallengeResponseQuestions response");
} catch (JDOMException e) {
if (parsingErrorMsg.length() > 0) {
parsingErrorMsg.append(", ");
}
parsingErrorMsg.append("error parsing header stripped value: ").append(e.getMessage());
LOGGER.trace("unable to parse stripped ChallengeResponseQuestions nmas response; error: " + e.getMessage());
}
}
}
if (cs == null) {
final String logMsg = "unable to parse nmas ChallengeResponseQuestions: " + parsingErrorMsg;
if (parseAttempts > 0 && xmlString.length() > 16) {
LOGGER.error(logMsg);
} else {
LOGGER.trace(logMsg);
}
return null;
}
final Map<Challenge, String> crMap = new HashMap<Challenge, String>();
for (final Challenge loopChallenge : cs.getChallenges()) {
crMap.put(loopChallenge, null);
}
return new NmasResponseSet(crMap, cs.getLocale(), cs.getMinRandomRequired(), AbstractResponseSet.STATE.READ, theUser, cs.getIdentifier());
} catch (ChaiOperationException e) {
LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
} catch (IOException e) {
LOGGER.error("error reading nmas user response for " + theUser.getEntryDN() + ", error: " + e.getMessage());
}
return null;
}
Also used :
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
IOException(java.io.IOException)
JDOMException(org.jdom2.JDOMException)
GetLoginConfigRequest(com.novell.security.nmas.jndi.ldap.ext.GetLoginConfigRequest)
Challenge(com.novell.ldapchai.cr.Challenge)
ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 7 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project ldapchai by ldapchai.
the class InetOrgPersonImpl method changePassword.
public final void changePassword(final String oldPassword, final String newPassword) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
try {
replaceAttribute(ATTR_PASSWORD, oldPassword, newPassword);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
} else {
final ChangePwdRequest request = new ChangePwdRequest();
request.setNewPwd(newPassword);
request.setObjectDN(this.getEntryDN());
request.setOldPwd(oldPassword);
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
if (response != null) {
final ChangePwdResponse changeResponse = (ChangePwdResponse) response;
final int responseCode = changeResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("error changing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
}
}
Also used :
ChangePwdResponse(com.novell.security.nmas.jndi.ldap.ext.ChangePwdResponse)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChangePwdRequest(com.novell.security.nmas.jndi.ldap.ext.ChangePwdRequest)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 8 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project ldapchai by ldapchai.
the class InetOrgPersonImpl method readPassword.
public final String readPassword() throws ChaiUnavailableException, ChaiOperationException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
throw new UnsupportedOperationException("readPassword() is not supported when ChaiSetting.EDIRECTORY_ENABLE_NMAS is false");
}
final GetPwdRequest request = new GetPwdRequest("", this.getEntryDN());
final ExtendedResponse response;
response = getChaiProvider().extendedOperation(request);
if (response != null) {
final GetPwdResponse getResponse = (GetPwdResponse) response;
final int responseCode = getResponse.getNmasRetCode();
switch(responseCode) {
// Success
case 0:
return getResponse.getPwdStr();
// NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND
case (-16049):
LOGGER.debug("readPassword() reports: NMAS_E_ENTRY_ATTRIBUTE_NOT_FOUND " + responseCode);
throw new ChaiOperationException("object has no password attribute: error " + responseCode, ChaiError.NO_SUCH_ATTRIBUTE);
default:
LOGGER.debug("error testing nmas password: " + responseCode);
throw new ChaiOperationException("error reading nmas password: error " + responseCode, ChaiError.UNKNOWN);
}
}
LOGGER.debug("unknown error retreiving password (null response)");
throw new ChaiOperationException("unknown error retreiving password (null response)", ChaiError.UNKNOWN);
}
Also used :
GetPwdResponse(com.novell.security.nmas.jndi.ldap.ext.GetPwdResponse)
GetPwdRequest(com.novell.security.nmas.jndi.ldap.ext.GetPwdRequest)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 9 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project ldapchai by ldapchai.
the class InetOrgPersonImpl method testPasswordPolicy.
public boolean testPasswordPolicy(final String password) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
return true;
}
final PwdPolicyCheckRequest request = new PwdPolicyCheckRequest();
request.setData(password);
request.setObjectDN(this.getEntryDN());
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
LOGGER.debug("unexpected error while checking [nmas] password policy: " + e.getMessage());
return true;
}
if (response != null) {
final PwdPolicyCheckResponse setResponse = (PwdPolicyCheckResponse) response;
final int responseCode = setResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("nmas response code returned from server while testing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
return true;
}
Also used :
PwdPolicyCheckResponse(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckResponse)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwdPolicyCheckRequest(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckRequest)
Example 10 with ChaiOperationException
use of com.novell.ldapchai.exception.ChaiOperationException in project ldapchai by ldapchai.
the class AbstractChaiEntry method readCanonicalDN.
public String readCanonicalDN() throws ChaiOperationException, ChaiUnavailableException {
final SearchHelper searchHelper = new SearchHelper();
searchHelper.returnNoAttributes();
searchHelper.setSearchScope(SearchScope.BASE);
searchHelper.setFilter(SearchHelper.DEFAULT_FILTER);
final Map<String, Map<String, String>> results = this.getChaiProvider().search(this.getEntryDN(), searchHelper);
if (results.size() == 1) {
return results.keySet().iterator().next();
}
if (results.isEmpty()) {
throw new ChaiOperationException("search for canonical DN resulted in no results", ChaiError.UNKNOWN);
}
throw new ChaiOperationException("search for canonical DN resulted in multiple results", ChaiError.UNKNOWN);
}
Also used :
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
SearchHelper(com.novell.ldapchai.util.SearchHelper)
Map(java.util.Map)
Aggregations
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)66
ErrorInformation (password.pwm.error.ErrorInformation)31
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)28
ChaiUser (com.novell.ldapchai.ChaiUser)24
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)21
UserIdentity (password.pwm.bean.UserIdentity)16
PwmOperationalException (password.pwm.error.PwmOperationalException)15
Map (java.util.Map)12
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)11
IOException (java.io.IOException)10
HashMap (java.util.HashMap)10
LinkedHashMap (java.util.LinkedHashMap)10
PwmApplication (password.pwm.PwmApplication)10
LdapProfile (password.pwm.config.profile.LdapProfile)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)9
List (java.util.List)8
PwmSession (password.pwm.http.PwmSession)8
UnsupportedEncodingException (java.io.UnsupportedEncodingException)7
ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)6
Instant (java.time.Instant)6
