Examples with AuthLoginException - com.sun.identity.authentication.spi.AuthLoginException

Example 61 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class Cert method getTokenFromSubjectAltExt.

private void getTokenFromSubjectAltExt(X509Certificate cert) throws AuthLoginException {
    try {
        X509CertImpl certImpl = new X509CertImpl(cert.getEncoded());
        X509CertInfo cinfo = new X509CertInfo(certImpl.getTBSCertificate());
        CertificateExtensions exts = (CertificateExtensions) cinfo.get(X509CertInfo.EXTENSIONS);
        SubjectAlternativeNameExtension altNameExt = (SubjectAlternativeNameExtension) exts.get(SubjectAlternativeNameExtension.NAME);
        if (altNameExt != null) {
            GeneralNames names = (GeneralNames) altNameExt.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
            GeneralName generalname = null;
            ObjectIdentifier upnoid = new ObjectIdentifier(UPNOID);
            Iterator itr = (Iterator) names.iterator();
            while ((userTokenId == null) && itr.hasNext()) {
                generalname = (GeneralName) itr.next();
                if (generalname != null) {
                    if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("UPN") && (generalname.getType() == GeneralNameInterface.NAME_ANY)) {
                        OtherName othername = (OtherName) generalname.getName();
                        if (upnoid.equals((Object) (othername.getOID()))) {
                            byte[] nval = othername.getNameValue();
                            DerValue derValue = new DerValue(nval);
                            userTokenId = derValue.getData().getUTF8String();
                        }
                    } else if (amAuthCert_subjectAltExtMapper.equalsIgnoreCase("RFC822Name") && (generalname.getType() == GeneralNameInterface.NAME_RFC822)) {
                        RFC822Name email = (RFC822Name) generalname.getName();
                        userTokenId = email.getName();
                    }
                }
            }
        }
    } catch (Exception e) {
        debug.error("Certificate - " + "Error in getTokenFromSubjectAltExt = ", e);
        throw new AuthLoginException(amAuthCert, "CertNoReg", null);
    }
}

Also used : X509CertInfo(sun.security.x509.X509CertInfo) SubjectAlternativeNameExtension(sun.security.x509.SubjectAlternativeNameExtension) OtherName(sun.security.x509.OtherName) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) CertificateExtensions(sun.security.x509.CertificateExtensions) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) GeneralNames(sun.security.x509.GeneralNames) RFC822Name(sun.security.x509.RFC822Name) X509CertImpl(sun.security.x509.X509CertImpl) DerValue(sun.security.util.DerValue) Iterator(java.util.Iterator) GeneralName(sun.security.x509.GeneralName) ObjectIdentifier(sun.security.util.ObjectIdentifier)

Example 62 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class Cert method doJCERevocationValidation.

private int doJCERevocationValidation(X509Certificate[] allCerts) throws AuthLoginException {
    int ret = ISAuthConstants.LOGIN_IGNORE;
    try {
        Vector crls = new Vector();
        for (X509Certificate cert : allCerts) {
            X509CRL crl = AMCRLStore.getCRL(ldapParam, cert, amAuthCert_chkAttributesCRL);
            if (crl != null) {
                crls.add(crl);
            }
        }
        if (debug.messageEnabled()) {
            debug.message("Cert.doRevocationValidation: crls size = " + crls.size());
            if (crls.size() > 0) {
                debug.message("CRL = " + crls.toString());
            }
        }
        AMCertPath certpath = new AMCertPath(crls);
        if (!certpath.verify(allCerts, crlEnabled, ocspEnabled)) {
            debug.error("CertPath:verify failed.");
            return ret;
        } else {
            if (debug.messageEnabled()) {
                debug.message("CertPath:verify success.");
            }
        }
        ret = ISAuthConstants.LOGIN_SUCCEED;
    } catch (Exception e) {
        debug.error("Cert.doRevocationValidation: verify failed.", e);
    }
    return ret;
}

Also used : X509CRL(java.security.cert.X509CRL) AMCertPath(com.sun.identity.security.cert.AMCertPath) Vector(java.util.Vector) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)

Example 63 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class SystemAppTokenProvider method getAppSSOToken.

/**
     * Returns Application single sign on token.
     *
     * @return application single sign on token.
     */
public SSOToken getAppSSOToken() {
    SSOToken ssoToken = null;
    try {
        AuthContext authContext = new AuthContext("/");
        authContext.login(AuthContext.IndexType.MODULE_INSTANCE, MODULE_APPLICATION);
        if (authContext.hasMoreRequirements()) {
            Callback[] callbacks = authContext.getRequirements();
            if (callbacks != null) {
                addLoginCallbackMessage(callbacks, appUserName, appPassword);
                authContext.submitRequirements(callbacks);
            }
        }
        if (authContext.getStatus() == AuthContext.Status.SUCCESS) {
            ssoToken = authContext.getSSOToken();
        }
    } catch (AuthLoginException ale) {
        AdminTokenAction.debug.error("SystemAppTokenProvider.getAppSSOToken()", ale);
    } catch (UnsupportedCallbackException usce) {
        AdminTokenAction.debug.error("SystemAppTokenProvider.getAppSSOToken()", usce);
    } catch (Exception e) {
        AdminTokenAction.debug.error("SystemAppTokenProvider.getAppSSOToken()", e);
    }
    return ssoToken;
}

Also used : SSOToken(com.iplanet.sso.SSOToken) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)

Example 64 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class AuthenticationServiceV1Test method shouldReturnErrorMessageWithoutTemplate.

@Test
public void shouldReturnErrorMessageWithoutTemplate() throws IOException {
    // given
    Request httpRequest = new Request();
    AuthLoginException ale = new AuthLoginException("amAuth", "119", null);
    RestAuthException exception = new RestAuthException(401, ale);
    // when
    String message = authServiceV1.getLocalizedMessage(httpRequest, exception);
    // then
    assertThat(message).isEqualTo("Invalid Auth Level.");
}

Also used : RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException) Request(org.forgerock.http.protocol.Request) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) Test(org.testng.annotations.Test)

Example 65 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class AuthenticationServiceV1Test method shouldReturnFrenchErrorMessageFromException.

@Test
public void shouldReturnFrenchErrorMessageFromException() throws IOException {
    // given
    Request httpRequest = new Request();
    AuthLoginException exception = new AuthLoginException("amAuth", "120", null);
    httpRequest.getHeaders().put("Accept-Language", "fr-fr");
    // when
    String message = authServiceV1.getLocalizedMessage(httpRequest, exception);
    // then
    assertThat(message).isEqualTo("L’authentification sur module n’est pas autorisée.");
}

Also used : Request(org.forgerock.http.protocol.Request) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) Test(org.testng.annotations.Test)

Aggregations

AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118 SSOException (com.iplanet.sso.SSOException)39 Callback (javax.security.auth.callback.Callback)29 IdRepoException (com.sun.identity.idm.IdRepoException)27 InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25 NameCallback (javax.security.auth.callback.NameCallback)24 PasswordCallback (javax.security.auth.callback.PasswordCallback)23 IOException (java.io.IOException)20 Set (java.util.Set)18 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 SSOToken (com.iplanet.sso.SSOToken)14 HashMap (java.util.HashMap)14 AuthContext (com.sun.identity.authentication.AuthContext)13 Map (java.util.Map)12 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12 Test (org.testng.annotations.Test)12 HashSet (java.util.HashSet)9 LoginException (javax.security.auth.login.LoginException)8 SSOTokenManager (com.iplanet.sso.SSOTokenManager)7 AuthException (com.sun.identity.authentication.service.AuthException)7