Search in sources :

Example 6 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class ChallengeProfile method readChallengeSet.

private static ChallengeSet readChallengeSet(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration, final PwmSetting requiredChallenges, final PwmSetting randomChallenges, final int minimumRands) throws PwmOperationalException {
    final List<ChallengeItemConfiguration> requiredQuestions = valueToChallengeItemArray(storedConfiguration.readSetting(requiredChallenges, profileID), locale);
    final List<ChallengeItemConfiguration> randomQuestions = valueToChallengeItemArray(storedConfiguration.readSetting(randomChallenges, profileID), locale);
    final List<Challenge> challenges = new ArrayList<>();
    int randoms = minimumRands;
    if (requiredQuestions != null) {
        for (final ChallengeItemConfiguration item : requiredQuestions) {
            if (item != null) {
                final Challenge chaiChallenge = new ChaiChallenge(true, item.getText(), item.getMinLength(), item.getMaxLength(), item.isAdminDefined(), item.getMaxQuestionCharsInAnswer(), item.isEnforceWordlist());
                challenges.add(chaiChallenge);
            }
        }
    }
    if (randomQuestions != null) {
        for (final ChallengeItemConfiguration item : randomQuestions) {
            if (item != null) {
                final Challenge chaiChallenge = new ChaiChallenge(false, item.getText(), item.getMinLength(), item.getMaxLength(), item.isAdminDefined(), item.getMaxQuestionCharsInAnswer(), item.isEnforceWordlist());
                challenges.add(chaiChallenge);
            }
        }
        if (randoms > randomQuestions.size()) {
            randoms = randomQuestions.size();
        }
    } else {
        randoms = 0;
    }
    try {
        return new ChaiChallengeSet(challenges, randoms, locale, PwmConstants.PWM_APP_NAME + "-defined " + PwmConstants.SERVLET_VERSION);
    } catch (ChaiValidationException e) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, "invalid challenge set configuration: " + e.getMessage()));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChallengeItemConfiguration(password.pwm.config.value.data.ChallengeItemConfiguration) ArrayList(java.util.ArrayList) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 7 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}
Also used : Locale(java.util.Locale) ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 8 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class SetupResponsesServlet method generateResponseInfoBean.

private static ResponseInfoBean generateResponseInfoBean(final PwmRequest pwmRequest, final ChallengeSet challengeSet, final Map<Challenge, String> readResponses, final Map<Challenge, String> helpdeskResponses) throws ChaiUnavailableException, PwmDataValidationException, PwmUnrecoverableException {
    final ChaiProvider provider = pwmRequest.getPwmSession().getSessionManager().getChaiProvider();
    try {
        final ResponseInfoBean responseInfoBean = new ResponseInfoBean(readResponses, helpdeskResponses, challengeSet.getLocale(), challengeSet.getMinRandomRequired(), challengeSet.getIdentifier(), null, null);
        final ChaiResponseSet responseSet = ChaiCrFactory.newChaiResponseSet(readResponses, challengeSet.getLocale(), challengeSet.getMinRandomRequired(), provider.getChaiConfiguration(), challengeSet.getIdentifier());
        responseSet.meetsChallengeSetRequirements(challengeSet);
        final SetupResponsesBean setupResponsesBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, SetupResponsesBean.class);
        final int minRandomRequiredSetup = setupResponsesBean.getResponseData().getMinRandomSetup();
        if (minRandomRequiredSetup == 0) {
            // if using recover style, then all readResponseSet must be supplied at this point.
            if (responseSet.getChallengeSet().getRandomChallenges().size() < challengeSet.getRandomChallenges().size()) {
                throw new ChaiValidationException("too few random responses", ChaiError.CR_TOO_FEW_RANDOM_RESPONSES);
            }
        }
        return responseInfoBean;
    } catch (ChaiValidationException e) {
        final ErrorInformation errorInfo = convertChaiValidationException(e);
        throw new PwmDataValidationException(errorInfo);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmDataValidationException(password.pwm.error.PwmDataValidationException) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) ChaiResponseSet(com.novell.ldapchai.cr.ChaiResponseSet) SetupResponsesBean(password.pwm.http.bean.SetupResponsesBean) ResponseInfoBean(password.pwm.bean.ResponseInfoBean)

Example 9 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project ldapchai by ldapchai.

the class ChaiResponseSet method write.

boolean write(final ChaiUser user) throws ChaiUnavailableException, ChaiOperationException {
    if (this.state != STATE.NEW) {
        throw new IllegalStateException("ResponseSet not suitable for writing (not in NEW state)");
    }
    final String corAttribute = user.getChaiProvider().getChaiConfiguration().getSetting(ChaiSetting.CR_CHAI_STORAGE_ATTRIBUTE);
    final String corRecordIdentifier = user.getChaiProvider().getChaiConfiguration().getSetting(ChaiSetting.CR_CHAI_STORAGE_RECORD_ID);
    try {
        final ConfigObjectRecord theCor;
        final List<ConfigObjectRecord> corList = ConfigObjectRecord.readRecordFromLDAP(user, corAttribute, corRecordIdentifier, null, null);
        if (!corList.isEmpty()) {
            theCor = corList.get(0);
        } else {
            theCor = ConfigObjectRecord.createNew(user, corAttribute, corRecordIdentifier, null, null);
        }
        final String attributePaylod = rsToChaiXML(this);
        theCor.updatePayload(attributePaylod);
    } catch (ChaiOperationException e) {
        LOGGER.warn("ldap error writing response set: " + e.getMessage());
        throw e;
    } catch (ChaiValidationException e) {
        LOGGER.warn("validation error", e);
        throw new ChaiOperationException(e.getMessage(), ChaiError.UNKNOWN);
    }
    LOGGER.info("successfully wrote Chai challenge/response set for user " + user.getEntryDN());
    this.state = STATE.WRITTEN;
    return true;
}
Also used : ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ConfigObjectRecord(com.novell.ldapchai.util.ConfigObjectRecord) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 10 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project ldapchai by ldapchai.

the class NmasResponseSet method write.

boolean write() throws ChaiUnavailableException, ChaiOperationException {
    if (this.state != STATE.NEW) {
        throw new IllegalStateException("RepsonseSet not suitable for writing (not in NEW state)");
    }
    // write challenge set questions to Nmas Login Config
    try {
        final PutLoginConfigRequest request = new PutLoginConfigRequest();
        request.setObjectDN(user.getEntryDN());
        final byte[] data = csToNmasXML(getChallengeSet(), this.csIdentifier).getBytes("UTF8");
        request.setData(data);
        request.setDataLen(data.length);
        request.setTag("ChallengeResponseQuestions");
        request.setMethodID(NMASChallengeResponse.METHOD_ID);
        request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
        final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
        if (response != null && ((PutLoginConfigResponse) response).getNmasRetCode() != 0) {
            LOGGER.debug("nmas error writing question: " + ((PutLoginConfigResponse) response).getNmasRetCode());
            return false;
        }
    } catch (UnsupportedEncodingException e) {
        LOGGER.error("error while writing nmas questions: " + e.getMessage());
        return false;
    } catch (ChaiOperationException e) {
        LOGGER.error("error while writing nmas questions: " + e.getMessage());
        throw e;
    } catch (ChaiValidationException e) {
        LOGGER.error("error while writing nmas questions: " + e.getMessage());
        throw ChaiOperationException.forErrorMessage(e.getMessage());
    }
    boolean success = true;
    // write responses
    for (final Map.Entry<Challenge, Answer> entry : crMap.entrySet()) {
        final Challenge loopChallenge = entry.getKey();
        try {
            final byte[] data = ((NmasAnswer) entry.getValue()).getAnswerText().getBytes("UTF8");
            final PutLoginSecretRequest request = new PutLoginSecretRequest();
            request.setObjectDN(user.getEntryDN());
            request.setData(data);
            request.setDataLen(data.length);
            request.setTag(loopChallenge.getChallengeText());
            request.setMethodID(NMASChallengeResponse.METHOD_ID);
            request.setMethodIDLen(NMASChallengeResponse.METHOD_ID.length * 4);
            final ExtendedResponse response = user.getChaiProvider().extendedOperation(request);
            if (response != null && ((PutLoginSecretResponse) response).getNmasRetCode() != 0) {
                LOGGER.debug("nmas error writing answer: " + ((PutLoginSecretResponse) response).getNmasRetCode());
                success = false;
            }
        } catch (Exception e) {
            LOGGER.error("error while writing nmas answer: " + e.getMessage());
        }
    }
    if (success) {
        LOGGER.info("successfully wrote NMAS challenge/response set for user " + user.getEntryDN());
        this.state = STATE.WRITTEN;
    }
    return success;
}
Also used : PutLoginConfigRequest(com.novell.security.nmas.jndi.ldap.ext.PutLoginConfigRequest) PutLoginConfigResponse(com.novell.security.nmas.jndi.ldap.ext.PutLoginConfigResponse) PutLoginSecretResponse(com.novell.security.nmas.jndi.ldap.ext.PutLoginSecretResponse) UnsupportedEncodingException(java.io.UnsupportedEncodingException) JDOMException(org.jdom2.JDOMException) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) IOException(java.io.IOException) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) Answer(com.novell.ldapchai.cr.Answer) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) PutLoginSecretRequest(com.novell.security.nmas.jndi.ldap.ext.PutLoginSecretRequest) ExtendedResponse(javax.naming.ldap.ExtendedResponse) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Aggregations

ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)11 ErrorInformation (password.pwm.error.ErrorInformation)8 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 Challenge (com.novell.ldapchai.cr.Challenge)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)4 ChaiChallenge (com.novell.ldapchai.cr.ChaiChallenge)3 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)3 ArrayList (java.util.ArrayList)3 PwmOperationalException (password.pwm.error.PwmOperationalException)3 ChaiUser (com.novell.ldapchai.ChaiUser)2 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)2 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)2 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)2 ResponseInfoBean (password.pwm.bean.ResponseInfoBean)2 ChaiEntry (com.novell.ldapchai.ChaiEntry)1 Answer (com.novell.ldapchai.cr.Answer)1 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)1 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)1