use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class ChallengeProfile method readChallengeSet.
private static ChallengeSet readChallengeSet(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration, final PwmSetting requiredChallenges, final PwmSetting randomChallenges, final int minimumRands) throws PwmOperationalException {
final List<ChallengeItemConfiguration> requiredQuestions = valueToChallengeItemArray(storedConfiguration.readSetting(requiredChallenges, profileID), locale);
final List<ChallengeItemConfiguration> randomQuestions = valueToChallengeItemArray(storedConfiguration.readSetting(randomChallenges, profileID), locale);
final List<Challenge> challenges = new ArrayList<>();
int randoms = minimumRands;
if (requiredQuestions != null) {
for (final ChallengeItemConfiguration item : requiredQuestions) {
if (item != null) {
final Challenge chaiChallenge = new ChaiChallenge(true, item.getText(), item.getMinLength(), item.getMaxLength(), item.isAdminDefined(), item.getMaxQuestionCharsInAnswer(), item.isEnforceWordlist());
challenges.add(chaiChallenge);
}
}
}
if (randomQuestions != null) {
for (final ChallengeItemConfiguration item : randomQuestions) {
if (item != null) {
final Challenge chaiChallenge = new ChaiChallenge(false, item.getText(), item.getMinLength(), item.getMaxLength(), item.isAdminDefined(), item.getMaxQuestionCharsInAnswer(), item.isEnforceWordlist());
challenges.add(chaiChallenge);
}
}
if (randoms > randomQuestions.size()) {
randoms = randomQuestions.size();
}
} else {
randoms = 0;
}
try {
return new ChaiChallengeSet(challenges, randoms, locale, PwmConstants.PWM_APP_NAME + "-defined " + PwmConstants.SERVLET_VERSION);
} catch (ChaiValidationException e) {
throw new PwmOperationalException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, "invalid challenge set configuration: " + e.getMessage()));
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class SetupResponsesServlet method generateResponseInfoBean.
private static ResponseInfoBean generateResponseInfoBean(final PwmRequest pwmRequest, final ChallengeSet challengeSet, final Map<Challenge, String> readResponses, final Map<Challenge, String> helpdeskResponses) throws ChaiUnavailableException, PwmDataValidationException, PwmUnrecoverableException {
final ChaiProvider provider = pwmRequest.getPwmSession().getSessionManager().getChaiProvider();
try {
final ResponseInfoBean responseInfoBean = new ResponseInfoBean(readResponses, helpdeskResponses, challengeSet.getLocale(), challengeSet.getMinRandomRequired(), challengeSet.getIdentifier(), null, null);
final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(readResponses, challengeSet.getLocale(), challengeSet.getMinRandomRequired(), provider.getChaiConfiguration(), challengeSet.getIdentifier());
responseSet.meetsChallengeSetRequirements(challengeSet);
final SetupResponsesBean setupResponsesBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, SetupResponsesBean.class);
final int minRandomRequiredSetup = setupResponsesBean.getResponseData().getMinRandomSetup();
if (minRandomRequiredSetup == 0) {
// if using recover style, then all readResponseSet must be supplied at this point.
if (responseSet.getChallengeSet().getRandomChallenges().size() < challengeSet.getRandomChallenges().size()) {
throw new ChaiValidationException("too few random responses", ChaiError.CR_TOO_FEW_RANDOM_RESPONSES);
}
}
return responseInfoBean;
} catch (ChaiValidationException e) {
final ErrorInformation errorInfo = convertChaiValidationException(e);
throw new PwmDataValidationException(errorInfo);
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project ldapchai by ldapchai.
the class ChaiResponseSet method write.
boolean write(final ChaiUser user) throws ChaiUnavailableException, ChaiOperationException {
if (this.state != STATE.NEW) {
throw new IllegalStateException("ResponseSet not suitable for writing (not in NEW state)");
}
final String corAttribute = user.getChaiProvider().getChaiConfiguration().getSetting(ChaiSetting.CR_CHAI_STORAGE_ATTRIBUTE);
final String corRecordIdentifier = user.getChaiProvider().getChaiConfiguration().getSetting(ChaiSetting.CR_CHAI_STORAGE_RECORD_ID);
try {
final ConfigObjectRecord theCor;
final List<ConfigObjectRecord> corList = ConfigObjectRecord.readRecordFromLDAP(user, corAttribute, corRecordIdentifier, null, null);
if (!corList.isEmpty()) {
theCor = corList.get(0);
} else {
theCor = ConfigObjectRecord.createNew(user, corAttribute, corRecordIdentifier, null, null);
}
final String attributePaylod = rsToChaiXML(this);
theCor.updatePayload(attributePaylod);
} catch (ChaiOperationException e) {
LOGGER.warn("ldap error writing response set: " + e.getMessage());
throw e;
} catch (ChaiValidationException e) {
LOGGER.warn("validation error", e);
throw new ChaiOperationException(e.getMessage(), ChaiError.UNKNOWN);
}
LOGGER.info("successfully wrote Chai challenge/response set for user " + user.getEntryDN());
this.state = STATE.WRITTEN;
return true;
}
use of com.novell.ldapchai.exception.ChaiValidationException in project ldapchai by ldapchai.
the class NmasResponseSet method write.
boolean write() throws ChaiUnavailableException, ChaiOperationException {
if (this.state != STATE.NEW) {
throw new IllegalStateException("RepsonseSet not suitable for writing (not in NEW state)");
}
// write challenge set questions to Nmas Login Config
try {
final PutLoginConfigRequest request = new PutLoginConfigRequest();
request.setObjectDN(user.getEntryDN());
final byte[] data = csToNmasXML(getChallengeSet(), this.csIdentifier).getBytes("UTF8");
request.setData(data);
request.setDataLen(data.length);
request.setTag("ChallengeResponseQuestions");
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
if (response != null && ((PutLoginConfigResponse) response).getNmasRetCode() != 0) {
LOGGER.debug("nmas error writing question: " + ((PutLoginConfigResponse) response).getNmasRetCode());
return false;
}
} catch (UnsupportedEncodingException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
return false;
} catch (ChaiOperationException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
throw e;
} catch (ChaiValidationException e) {
LOGGER.error("error while writing nmas questions: " + e.getMessage());
throw ChaiOperationException.forErrorMessage(e.getMessage());
}
boolean success = true;
// write responses
for (final Map.Entry<Challenge, Answer> entry : crMap.entrySet()) {
final Challenge loopChallenge = entry.getKey();
try {
final byte[] data = ((NmasAnswer) entry.getValue()).getAnswerText().getBytes("UTF8");
final PutLoginSecretRequest request = new PutLoginSecretRequest();
request.setObjectDN(user.getEntryDN());
request.setData(data);
request.setDataLen(data.length);
request.setTag(loopChallenge.getChallengeText());
request.setMethodID(NMASChallengeResponse.METHOD_ID);
request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
if (response != null && ((PutLoginSecretResponse) response).getNmasRetCode() != 0) {
LOGGER.debug("nmas error writing answer: " + ((PutLoginSecretResponse) response).getNmasRetCode());
success = false;
}
} catch (Exception e) {
LOGGER.error("error while writing nmas answer: " + e.getMessage());
}
}
if (success) {
LOGGER.info("successfully wrote NMAS challenge/response set for user " + user.getEntryDN());
this.state = STATE.WRITTEN;
}
return success;
}
Aggregations