Examples with FSException com.sun.identity.federation.common.FSException used on opensource projects

Example 46 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class FSRegistrationReturnServlet method doGetPost.

/**
     * Handles the request.
     * @param request <code>HttpServletRequest</code> object that contains the
     *  request the client has made of the servlet.
     * @param response <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception ServletException if an input or output error is detected when
     *                             the servlet handles the request
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSRegistrationReturnServlet doGetPost...");
    String providerAlias = "";
    providerAlias = FSServiceUtils.getMetaAlias(request);
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.error("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    ProviderDescriptorType hostedProviderDesc = null;
    BaseConfigType hostedConfig = null;
    String hostedEntityId = null;
    String hostedProviderRole = null;
    try {
        hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
            hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
        } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
        }
        if (hostedProviderDesc == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException eam) {
        FSUtils.debug.error("Unable to find Hosted Provider. not process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    this.request = request;
    setRegistrationURL(hostedConfig, providerAlias);
    // Here we will need to
    //        1. verify response signature
    //        2. verify response status
    //        3. retrieve registration request Id from Map
    //        4. if status success then do locally else not do locally and
    //        5. show status page or LRURL if found in MAP
    //           (eg intersiteTransfer)
    FSNameRegistrationResponse regisResponse = null;
    try {
        regisResponse = FSNameRegistrationResponse.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    }
    String remoteEntityId = regisResponse.getProviderId();
    ProviderDescriptorType remoteDesc = null;
    boolean isIDP = false;
    try {
        if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isIDP = true;
        } else {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("FSRegistrationReturnServlet:", e);
    }
    if (remoteDesc == null) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    }
    boolean bVerify = true;
    try {
        if (FSServiceUtils.isSigningOn()) {
            bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isIDP);
        }
    } catch (SAMLException e) {
        bVerify = false;
    } catch (FSException e) {
        bVerify = false;
    }
    if (bVerify) {
        FSNameRegistrationHandler handlerObj = new FSNameRegistrationHandler();
        handlerObj.setHostedDescriptor(hostedProviderDesc);
        handlerObj.setHostedDescriptorConfig(hostedConfig);
        handlerObj.setHostedEntityId(hostedEntityId);
        handlerObj.setHostedProviderRole(hostedProviderRole);
        handlerObj.setMetaAlias(providerAlias);
        handlerObj.setRemoteEntityId(remoteEntityId);
        handlerObj.setRemoteDescriptor(remoteDesc);
        handlerObj.setRealm(realm);
        handlerObj.processRegistrationResponse(request, response, regisResponse);
        return;
    } else {
        FSUtils.debug.error("FSRegistrationReturnServlet " + "Signature on registration request is invalid" + "Cannot proceed name registration");
        String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    }
}

Example 47 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class FSRegistrationRequestServlet method doRequestProcessing.

/**
     * Called when a registration request is received from
     * a remote provider. Initiates registration request processing.
     * @param request <code>HTTPServletRequest</code> object received via a
     *  HTTP Redirect
     * @param response <code>HTTPServletResponse</code> object to send the 
     *  response back to user agent
     * @param hostedProviderDesc the provider for whom request is received
     * @param hostedConfig hosted provider's extended meta
     * @param hostedProviderRole hosted provider's role
     * @param realm the realm under which the provider resides
     * @param hostedEntityId hosted provider's entity ID
     * @param providerAlias hosted provider's meta alias
     * @param regisRequest the federation registration request
     */
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedProviderRole, String realm, String hostedEntityId, String providerAlias, FSNameRegistrationRequest regisRequest) {
    FSUtils.debug.message("Entered FSRegistrationRequestServlet::doRequestProcessing");
    String remoteEntityId = regisRequest.getProviderId();
    String retURL = null;
    ProviderDescriptorType remoteDesc = null;
    boolean isIDP = false;
    try {
        if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isIDP = true;
        } else {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        }
        retURL = remoteDesc.getRegisterNameIdentifierServiceReturnURL();
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("FSRegistrationRequestServlet.doRequest " + "Processing: Can not retrieve remote provider data." + remoteEntityId);
        String[] data = { remoteEntityId, realm };
        LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
        FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            if (remoteDesc != null) {
                FSUtils.debug.message("Calling verifyRegistrationSignature");
                bVerify = verifyRegistrationSignature(request, remoteDesc, remoteEntityId, isIDP);
            } else {
                FSUtils.debug.error("Cannot retrieve provider descriptor.");
                String[] data = { remoteEntityId, realm };
                LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
                FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
                return;
            }
        } catch (FSException e) {
            FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequest " + "Signature on registration request is invalid" + "Cannot proceed federation registration");
            String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
            FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
            return;
        } catch (SAMLException e) {
            FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequest" + "Signature on registration request is invalid" + "Cannot proceed federation registration");
            String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
            FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
            return;
        }
    }
    if (bVerify) {
        // Check if trusted provider
        if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
            FSNameRegistrationHandler regisHandler = new FSNameRegistrationHandler();
            if (regisHandler != null) {
                regisHandler.setHostedDescriptor(hostedProviderDesc);
                regisHandler.setHostedDescriptorConfig(hostedConfig);
                regisHandler.setRemoteDescriptor(remoteDesc);
                regisHandler.setRemoteEntityId(remoteEntityId);
                regisHandler.setHostedEntityId(hostedEntityId);
                regisHandler.setHostedProviderRole(hostedProviderRole);
                regisHandler.setMetaAlias(providerAlias);
                regisHandler.setRealm(realm);
                regisHandler.processRegistrationRequest(request, response, regisRequest);
                return;
            } else {
                FSUtils.debug.error("Unable to get registration " + "handler. User account Not valid");
            }
        } else {
            FSUtils.debug.error("Remote provider not in trusted list");
        }
    } else {
        FSUtils.debug.error("FSRegistrationRequestServlet::doRequestProcesing " + "Signature on registration request is invalid" + "Cannot proceed name registration");
        String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
    }
    FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
    return;
}

Example 48 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class IDFFNameIdentifierMapper method getNameIdentifier.

/**
     * Returns mapped <code>NameIdentifier</code> for specified user.   
     * This is used by Discovery Service to generate correct 
     * <code>NameIdentifier</code> when creating credentials for remote
     * service provider. A <code>NameIdentifier</code> in encrypted format
     * will be returned if the mapped <code>NameIdentifier</code> is
     * different from the original <code>NameIdentifier</code>, this
     * is to prevent the <code>NameIdentifier</code> to be revealed
     * to a proxy service provider. 
     * @param spProviderID Provider ID of the service provider to which
     *     the <code>NameIdentifier</code> needs to be mapped. 
     * @param idpProviderID Provider ID of the identifier provider.
     * @param nameId The <code>NameIdentifier</code> needs to be mapped. 
     * @param userID The user whose mapped <code>NameIdentifier</code> will 
     *     be returned. The value is the universal identifier of the user.
     * @return the mapped <code>NameIdentifier</code> for specified user, 
     *     return null if unable to map the <code>NameIdentifier</code>,
     *     return original name identifier if no need to mapp the
     *     <code>NameIdentifier</code>.
     */
public NameIdentifier getNameIdentifier(String spProviderID, String idpProviderID, NameIdentifier nameId, String userID) {
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "spProviderID=" + spProviderID + ", idpProviderID=" + idpProviderID + ", userID=" + userID);
            if (nameId != null) {
                FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "name identifier=" + nameId.toString());
            }
        }
        if ((spProviderID == null) || (idpProviderID == null) || (userID == null)) {
            return null;
        }
        if (spProviderID.equals(idpProviderID)) {
            // same entity, this is for the case of discovery service as IDP
            return nameId;
        }
        if (nameId != null) {
            String nameQualifier = nameId.getNameQualifier();
            if ((nameQualifier != null) && nameQualifier.equals(spProviderID)) {
                // current name id is intended for the spProviderID 
                return nameId;
            }
        }
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        String metaAlias = metaManager.getIDPDescriptorConfig("/", idpProviderID).getMetaAlias();
        FSAccountManager fsaccountmgr = FSAccountManager.getInstance(metaAlias);
        FSAccountFedInfo accountinfo = fsaccountmgr.readAccountFedInfo(userID, spProviderID);
        if (accountinfo != null) {
            NameIdentifier ni = accountinfo.getLocalNameIdentifier();
            FSUtils.debug.message("IDFFNameIdentifierMapper : new Ni");
            ProviderManager pm = ProviderUtil.getProviderManager();
            if (pm != null) {
                Key encKey = pm.getEncryptionKey(spProviderID);
                if (encKey != null) {
                    // passed down through a proxy WSC
                    return EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, spProviderID, encKey, pm.getEncryptionKeyAlgorithm(spProviderID), pm.getEncryptionKeyStrength(spProviderID));
                } else {
                    return ni;
                }
            } else {
                return ni;
            }
        } else {
            return nameId;
        }
    } catch (FSAccountMgmtException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, account error", e);
    } catch (FSException e) {
        // the federation info might not be there, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, encrypt error", e);
    } catch (IDFFMetaException e) {
        // the provider might not be a IDFF provider, just ignore
        FSUtils.debug.message("IDFFNameIdentifierMapper, meta error", e);
    }
    return null;
}

Example 49 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class LibertyManagerClient method getDiscoveryServiceCredential.

/**
     * Returns the discovery service credential.
     * @param token Single Sign On Token.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>SecurityAssertion</code> Discovery Service Bootstrap
     *         Credential.
     * @exception FSException if any failure.
     */
public SecurityAssertion getDiscoveryServiceCredential(Object token, String hostProviderID) throws FSException {
    try {
        String tokenID = SessionManager.getProvider().getSessionID(token);
        String cacheKey = tokenID + DISCO_CRED;
        SecurityAssertion cred = (SecurityAssertion) bootStrapCache.get(cacheKey);
        if (cred != null) {
            return cred;
        }
        String[] objs = { tokenID, hostProviderID };
        String credential = (String) client.send("getDiscoveryServiceCredential", objs, null, null);
        if ((credential == null) || (credential.length() == 0)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ServiceCredential: Credential is null or empty");
            }
            return null;
        }
        Document doc = XMLUtils.toDOMDocument(credential, FSUtils.debug);
        cred = new SecurityAssertion(doc.getDocumentElement());
        bootStrapCache.put(cacheKey, cred);
        return cred;
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ServiceCredential: InvalidSessionToken", se);
        }
        throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
    } catch (DiscoveryException de) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ServiceCredential: InvalidAssertion", de);
        throw new FSException(FSUtils.bundle.getString("invalidCredential"));
    } catch (Exception ex) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
        throw new FSException(FSUtils.bundle.getString("soapException"));
    }
}