Example 71 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class JLDAPProviderImpl method init.
public void init(final ChaiConfiguration chaiConfig, final ChaiProviderFactory providerFactory) throws ChaiUnavailableException, IllegalStateException {
super.init(chaiConfig, providerFactory);
try {
// grab the first URL from the list.
final URI ldapURL = URI.create(chaiConfig.bindURLsAsList().get(0));
if (ldapURL.getScheme().equalsIgnoreCase("ldaps")) {
final boolean usePromiscuousSSL = Boolean.parseBoolean(chaiConfig.getSetting(ChaiSetting.PROMISCUOUS_SSL));
if (usePromiscuousSSL) {
try {
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new X509TrustManager[] { new PromiscuousTrustManager() }, new java.security.SecureRandom());
ldapConnection = new LDAPConnection(new LDAPJSSESecureSocketFactory(sc.getSocketFactory()));
} catch (Exception e) {
LOGGER.error("error creating promiscuous ssl ldap socket factory: " + e.getMessage());
}
} else if (chaiConfig.getTrustManager() != null) {
try {
final SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, chaiConfig.getTrustManager(), new java.security.SecureRandom());
ldapConnection = new LDAPConnection(new LDAPJSSESecureSocketFactory(sc.getSocketFactory()));
} catch (Exception e) {
LOGGER.error("error creating configured ssl ldap socket factory: " + e.getMessage());
}
} else {
ldapConnection = new LDAPConnection(new LDAPJSSESecureSocketFactory());
}
} else {
ldapConnection = new LDAPConnection();
}
ldapConnection.connect(ldapURL.getHost(), ldapURL.getPort());
if (chaiConfig.getBooleanSetting(ChaiSetting.LDAP_FOLLOW_REFERRALS)) {
final LDAPConstraints ldapConstraints = new LDAPConstraints();
ldapConstraints.setReferralFollowing(true);
ldapConnection.setConstraints(ldapConstraints);
}
final String characterEncoding = chaiConfig.getSetting(ChaiSetting.LDAP_CHARACTER_ENCODING);
final byte[] bindPassword = chaiConfig.getSetting(ChaiSetting.BIND_PASSWORD).getBytes(Charset.forName(characterEncoding));
final String bindDN = chaiConfig.getSetting(ChaiSetting.BIND_DN);
ldapConnection.bind(LDAPConnection.LDAP_V3, bindDN, bindPassword);
} catch (LDAPException e) {
final String message = e.getMessage();
if (message.contains("Connect Error")) {
throw new ChaiUnavailableException(message, ChaiError.COMMUNICATION, false, false);
}
throw ChaiUnavailableException.forErrorMessage(message);
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
SSLContext(javax.net.ssl.SSLContext)
LDAPConnection(com.novell.ldap.LDAPConnection)
URI(java.net.URI)
LDAPException(com.novell.ldap.LDAPException)
NamingException(javax.naming.NamingException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
LDAPException(com.novell.ldap.LDAPException)
LDAPConstraints(com.novell.ldap.LDAPConstraints)
LDAPJSSESecureSocketFactory(com.novell.ldap.LDAPJSSESecureSocketFactory)
Example 72 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class JNDIProviderImpl method generateNewJndiContext.
private static LdapContext generateNewJndiContext(final Hashtable environment) throws ChaiOperationException, ChaiUnavailableException {
final String url = String.valueOf(environment.get(Context.PROVIDER_URL));
final String bindDN = String.valueOf(environment.get(Context.SECURITY_PRINCIPAL));
try {
final long startTime = System.currentTimeMillis();
final LdapContext newDirContext;
newDirContext = new InitialLdapContext(environment, null);
LOGGER.trace("bind successful as " + bindDN + " (" + (System.currentTimeMillis() - startTime) + "ms)");
return newDirContext;
} catch (NamingException e) {
final StringBuilder logMsg = new StringBuilder();
logMsg.append("unable to bind to ");
logMsg.append(url);
logMsg.append(" as ");
logMsg.append(bindDN);
logMsg.append(" reason: ");
if (e instanceof CommunicationException) {
logMsg.append("CommunicationException (").append(e.getMessage());
final Throwable rootCause = e.getRootCause();
if (rootCause != null) {
logMsg.append("; ").append(rootCause.getMessage());
}
logMsg.append(")");
throw new ChaiUnavailableException(logMsg.toString(), ChaiError.COMMUNICATION, false, true);
} else {
logMsg.append(e.getMessage());
// check for bad password or intruder detection
throw ChaiUnavailableException.forErrorMessage(logMsg.toString());
}
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
CommunicationException(javax.naming.CommunicationException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
NamingException(javax.naming.NamingException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
Example 73 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class JNDIProviderImpl method writeBinaryAttribute.
public final void writeBinaryAttribute(final String entryDN, final String attributeName, final byte[][] values, final boolean overwrite, final ChaiRequestControl[] controls) throws ChaiUnavailableException, ChaiOperationException {
activityPreCheck();
getInputValidator().writeBinaryAttribute(entryDN, attributeName, values, overwrite);
final String jndiBinarySetting = "java.naming.ldap.attributes.binary";
// Create the ModificationItem
final ModificationItem[] modificationItem = new ModificationItem[values.length];
for (int i = 0; i < values.length; i++) {
// Create a BasicAttribute for the object.
final BasicAttribute attributeToReplace = new BasicAttribute(attributeName, values[i]);
// Determine the modification type, if replace, only replace on the first attribute, the rest just get added.
final int modType = (i == 0 && overwrite) ? DirContext.REPLACE_ATTRIBUTE : DirContext.ADD_ATTRIBUTE;
// Populate the ModificationItem object with the flag & the attribute to replace.
modificationItem[i] = new ModificationItem(modType, attributeToReplace);
}
// get ldap connection
final LdapContext ldapConnection = getLdapConnection();
// Modify the Attributes.
try {
if (controls != null && controls.length > 0) {
ldapConnection.setRequestControls(convertControls(controls));
}
ldapConnection.modifyAttributes(addJndiEscape(entryDN), modificationItem);
// inform jndi the attribute is binary.
ldapConnection.addToEnvironment(jndiBinarySetting, attributeName);
} catch (NamingException e) {
convertNamingException(e);
} finally {
// clean up jndi environment
try {
ldapConnection.removeFromEnvironment(jndiBinarySetting);
} catch (Exception e) {
// doesnt matter
}
}
}
Also used :
BasicAttribute(javax.naming.directory.BasicAttribute)
ModificationItem(javax.naming.directory.ModificationItem)
NamingException(javax.naming.NamingException)
InitialLdapContext(javax.naming.ldap.InitialLdapContext)
LdapContext(javax.naming.ldap.LdapContext)
NamingException(javax.naming.NamingException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
ServiceUnavailableException(javax.naming.ServiceUnavailableException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
CommunicationException(javax.naming.CommunicationException)
SizeLimitExceededException(javax.naming.SizeLimitExceededException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 74 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class JNDIProviderImpl method init.
public void init(final ChaiConfiguration chaiConfig, final ChaiProviderFactory providerFactory) throws ChaiUnavailableException, IllegalStateException {
this.chaiConfig = chaiConfig;
final String connectionURL = chaiConfig.bindURLsAsList().get(0);
final Hashtable env = generateJndiEnvironment(connectionURL);
try {
jndiConnection = generateNewJndiContext(env);
} catch (ChaiOperationException e) {
throw new ChaiUnavailableException("bind failed (" + e.getMessage() + ")", e.getErrorCode());
}
super.init(chaiConfig, providerFactory);
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Hashtable(java.util.Hashtable)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 75 with ChaiUnavailableException
use of com.novell.ldapchai.exception.ChaiUnavailableException in project ldapchai by ldapchai.
the class NmasResponseSet method write.
boolean write() throws ChaiUnavailableException, ChaiOperationException {
if (this.state != STATE.NEW) {
throw new IllegalStateException("RepsonseSet not suitable for writing (not in NEW state)");
}
// write challenge set questions to Nmas Login Config
try {
final PutLoginConfigRequest request = new PutLoginConfigRequest();
request.setObjectDN(user.getEntryDN());
final byte[] data = csToNmasXML(getChallengeSet(), this.csIdentifier).getBytes("UTF8");
request.setData(data);
request.setDataLen(data.length);
request.setTag("ChallengeResponseQuestions");
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
if (response != null && ((PutLoginConfigResponse) response).getNmasRetCode() != 0) {
LOGGER.debug("nmas error writing question: " + ((PutLoginConfigResponse) response).getNmasRetCode());
return false;
}
} catch (UnsupportedEncodingException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
return false;
} catch (ChaiOperationException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
throw e;
} catch (ChaiValidationException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
throw ChaiOperationException.forErrorMessage(e.getMessage());
}
boolean success = true;
// write responses
for (final Map.Entry<Challenge, Answer> entry : crMap.entrySet()) {
final Challenge loopChallenge = entry.getKey();
try {
final byte[] data = ((NmasAnswer) entry.getValue()).getAnswerText().getBytes("UTF8");
final PutLoginSecretRequest request = new PutLoginSecretRequest();
request.setObjectDN(user.getEntryDN());
request.setData(data);
request.setDataLen(data.length);
request.setTag(loopChallenge.getChallengeText());
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
if (response != null && ((PutLoginSecretResponse) response).getNmasRetCode() != 0) {
LOGGER.debug("nmas error writing answer: " + ((PutLoginSecretResponse) response).getNmasRetCode());
success = false;
}
} catch (Exception e) {
LOGGER.error("error while writing nmas answer: " + e.getMessage());
}
}
if (success) {
LOGGER.info("successfully wrote NMAS challenge/response set for user " + user.getEntryDN());
this.state = STATE.WRITTEN;
}
return success;
}
Also used :
PutLoginConfigRequest(com.novell.security.nmas.jndi.ldap.ext.PutLoginConfigRequest)
PutLoginConfigResponse(com.novell.security.nmas.jndi.ldap.ext.PutLoginConfigResponse)
PutLoginSecretResponse(com.novell.security.nmas.jndi.ldap.ext.PutLoginSecretResponse)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
JDOMException(org.jdom2.JDOMException)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
IOException(java.io.IOException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Challenge(com.novell.ldapchai.cr.Challenge)
ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)
Answer(com.novell.ldapchai.cr.Answer)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
PutLoginSecretRequest(com.novell.security.nmas.jndi.ldap.ext.PutLoginSecretRequest)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Aggregations
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)76
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)51
ErrorInformation (password.pwm.error.ErrorInformation)37
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)32
PwmOperationalException (password.pwm.error.PwmOperationalException)25
IOException (java.io.IOException)22
ChaiUser (com.novell.ldapchai.ChaiUser)20
PwmException (password.pwm.error.PwmException)16
UserIdentity (password.pwm.bean.UserIdentity)15
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)13
PwmApplication (password.pwm.PwmApplication)12
LinkedHashMap (java.util.LinkedHashMap)11
ServletException (javax.servlet.ServletException)10
Configuration (password.pwm.config.Configuration)10
Instant (java.time.Instant)9
HashMap (java.util.HashMap)8
ArrayList (java.util.ArrayList)7
List (java.util.List)7
FormConfiguration (password.pwm.config.value.data.FormConfiguration)7
ChaiException (com.novell.ldapchai.exception.ChaiException)6
