Search in sources :

Example 6 with AuthTokenException

use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.

the class CsrfUtil method isValidCsrfToken.

public static boolean isValidCsrfToken(String csrfToken, AuthToken authToken) {
    if (StringUtil.isNullOrEmpty(csrfToken)) {
        return false;
    }
    String hmacFromToken = null;
    String crumb = null;
    String keyVersion = null;
    boolean validToken = false;
    boolean loadFromLdap = false;
    try {
        Pair<String, String> data = parseCsrfToken(csrfToken);
        hmacFromToken = data.getFirst();
        keyVersion = data.getSecond();
        crumb = authToken.getCrumb();
        Account account = getAccount(authToken, loadFromLdap);
        if (account == null) {
            return false;
        }
        validToken = validateCsrfToken(hmacFromToken, crumb, keyVersion, validToken, account);
        if (!validToken) {
            // just recheck that we are looking at the latest Account object
            // cache of this server might be stale
            ZimbraLog.misc.info("CSRF token was invalid, rechecking with account object from LDAP.");
            loadFromLdap = true;
            account = getAccount(authToken, loadFromLdap);
            validToken = validateCsrfToken(hmacFromToken, crumb, keyVersion, validToken, account);
            if (ZimbraLog.misc.isDebugEnabled()) {
                ZimbraLog.misc.debug("The csrfToken second check: " + (validToken ? "is valid." : " is invalid."));
            }
        }
    } catch (AuthTokenException | ServiceException e) {
        ZimbraLog.misc.info("Error decoding CSRF token, " + e.getMessage());
        validToken = false;
    }
    if (ZimbraLog.misc.isDebugEnabled()) {
        ZimbraLog.misc.debug("The csrfToken: " + (validToken ? "is valid." : " is invalid."));
    }
    return validToken;
}
Also used : Account(com.zimbra.cs.account.Account) ServiceException(com.zimbra.common.service.ServiceException) AuthTokenException(com.zimbra.cs.account.AuthTokenException)

Example 7 with AuthTokenException

use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.

the class CsrfUtil method validateCsrfToken.

/**
     * @param hmacFromToken
     * @param crumb
     * @param keyVersion
     * @param validToken
     * @param account
     * @return
     * @throws ServiceException
     * @throws AuthTokenException
     */
private static boolean validateCsrfToken(String hmacFromToken, String crumb, String keyVersion, boolean validToken, Account account) throws ServiceException, AuthTokenException {
    String csrfTokenData;
    csrfTokenData = getTokenDataFromLdap(crumb, account);
    if (csrfTokenData != null) {
        CsrfTokenKey key = CsrfTokenKey.getVersion(keyVersion);
        if (key == null) {
            throw new AuthTokenException("unknown key version");
        }
        String computedHmac = TokenUtil.getHmac(csrfTokenData, key.getKey());
        if (computedHmac.equals(hmacFromToken)) {
            Map<?, ?> decodedData = getAttrs(csrfTokenData);
            long expirationTime = Long.parseLong((String) decodedData.get(C_EXP));
            long currentTime = System.currentTimeMillis();
            if (currentTime < expirationTime) {
                validToken = true;
            }
        }
    }
    return validToken;
}
Also used : AuthTokenException(com.zimbra.cs.account.AuthTokenException) CsrfTokenKey(com.zimbra.cs.account.CsrfTokenKey)

Example 8 with AuthTokenException

use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.

the class StatsImageServlet method doGet.

public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    AuthToken authToken = getAdminAuthTokenFromCookie(req, resp);
    if (authToken == null)
        return;
    String imgName = null;
    InputStream is = null;
    boolean imgAvailable = true;
    boolean localServer = false;
    boolean systemWide = false;
    String serverAddr = "";
    String noDefaultImg = req.getParameter("nodef");
    boolean noDefault = false;
    if (noDefaultImg != null && !noDefaultImg.equals("") && noDefaultImg.equals("1")) {
        noDefault = true;
    }
    String reqPath = req.getRequestURI();
    try {
        //check if this is the logger host, otherwise proxy the request to the logger host 
        String serviceHostname = Provisioning.getInstance().getLocalServer().getAttr(Provisioning.A_zimbraServiceHostname);
        String logHost = Provisioning.getInstance().getConfig().getAttr(Provisioning.A_zimbraLogHostname);
        if (!serviceHostname.equalsIgnoreCase(logHost)) {
            StringBuffer url = new StringBuffer("https");
            url.append("://").append(logHost).append(':').append(LC.zimbra_admin_service_port.value());
            url.append(reqPath);
            String queryStr = req.getQueryString();
            if (queryStr != null)
                url.append('?').append(queryStr);
            // create an HTTP client with the same cookies
            HttpState state = new HttpState();
            try {
                state.addCookie(new org.apache.commons.httpclient.Cookie(logHost, ZimbraCookie.COOKIE_ZM_ADMIN_AUTH_TOKEN, authToken.getEncoded(), "/", null, false));
            } catch (AuthTokenException ate) {
                throw ServiceException.PROXY_ERROR(ate, url.toString());
            }
            HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
            client.setState(state);
            GetMethod get = new GetMethod(url.toString());
            try {
                int statusCode = HttpClientUtil.executeMethod(client, get);
                if (statusCode != HttpStatus.SC_OK)
                    throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), null);
                resp.setContentType("image/gif");
                ByteUtil.copy(get.getResponseBodyAsStream(), true, resp.getOutputStream(), false);
                return;
            } catch (HttpException e) {
                throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), e);
            } catch (IOException e) {
                throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), e);
            } finally {
                get.releaseConnection();
            }
        }
    } catch (Exception ex) {
        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
        return;
    }
    try {
        if (reqPath == null || reqPath.length() == 0) {
            resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        if (mLog.isDebugEnabled())
            mLog.debug("received request to:(" + reqPath + ")");
        String[] reqParts = reqPath.split("/");
        String reqFilename = reqParts[3];
        imgName = LC.stats_img_folder.value() + File.separator + reqFilename;
        try {
            is = new FileInputStream(imgName);
        } catch (FileNotFoundException ex) {
            //unlikely case - only if the server's files are broken
            if (is != null)
                is.close();
            if (!noDefault) {
                imgName = LC.stats_img_folder.value() + File.separator + IMG_NOT_AVAIL;
                is = new FileInputStream(imgName);
            } else {
                resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
                return;
            }
        }
    } catch (Exception ex) {
        if (is != null)
            is.close();
        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "FNF image File not found");
        return;
    }
    resp.setContentType("image/gif");
    ByteUtil.copy(is, true, resp.getOutputStream(), false);
}
Also used : HttpState(org.apache.commons.httpclient.HttpState) ServletException(javax.servlet.ServletException) ServiceException(com.zimbra.common.service.ServiceException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) HttpException(org.apache.commons.httpclient.HttpException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) HttpClient(org.apache.commons.httpclient.HttpClient) GetMethod(org.apache.commons.httpclient.methods.GetMethod) AuthToken(com.zimbra.cs.account.AuthToken) HttpException(org.apache.commons.httpclient.HttpException)

Example 9 with AuthTokenException

use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.

the class RefreshRegisteredAuthTokens method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    checkRight(zsc, context, null, AdminRight.PR_SYSTEM_ADMIN_ONLY);
    Provisioning prov = Provisioning.getInstance();
    Server localServer = prov.getLocalServer();
    if (localServer.getLowestSupportedAuthVersion() < 2) {
        return JaxbUtil.jaxbToElement(new RefreshRegisteredAuthTokensResponse());
    }
    RefreshRegisteredAuthTokensRequest req = JaxbUtil.elementToJaxb(request);
    List<String> tokens = req.getTokens();
    if (tokens != null && !tokens.isEmpty()) {
        for (String token : tokens) {
            try {
                AuthToken zt = ZimbraAuthToken.getAuthToken(token);
                if (zt.isRegistered()) {
                    Account acc = zt.getAccount();
                    Provisioning.getInstance().reload(acc);
                    ZimbraLog.soap.debug("Refreshed token %s for account %s", token, acc.getName());
                }
            } catch (AuthTokenException | ServiceException e) {
                ZimbraLog.soap.error("Failed to refresh deregistered authtoken %s", token, e);
            }
        }
    }
    return JaxbUtil.jaxbToElement(new RefreshRegisteredAuthTokensResponse());
}
Also used : Account(com.zimbra.cs.account.Account) Server(com.zimbra.cs.account.Server) ServiceException(com.zimbra.common.service.ServiceException) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) AuthTokenException(com.zimbra.cs.account.AuthTokenException) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) AuthToken(com.zimbra.cs.account.AuthToken) Provisioning(com.zimbra.cs.account.Provisioning) RefreshRegisteredAuthTokensResponse(com.zimbra.soap.admin.message.RefreshRegisteredAuthTokensResponse) RefreshRegisteredAuthTokensRequest(com.zimbra.soap.admin.message.RefreshRegisteredAuthTokensRequest)

Example 10 with AuthTokenException

use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.

the class WebClientServiceUtil method sendServiceRequestToEveryUiNode.

/**
     * send service request to every ui node
     * @param serviceUrl the url that should be matched and handled by ServiceServlet in ZimbraWebClient
     * @throws ServiceException
     */
public static void sendServiceRequestToEveryUiNode(String serviceUrl) throws ServiceException {
    List<Server> servers = Provisioning.getInstance().getAllServers(Provisioning.SERVICE_WEBCLIENT);
    if (servers == null || servers.isEmpty()) {
        servers.add(Provisioning.getInstance().getLocalServer());
    }
    AuthToken authToken = AuthProvider.getAdminAuthToken();
    ZimbraLog.misc.debug("got admin auth token");
    //sequentially flush each node
    HttpClient client = ZimbraHttpConnectionManager.getExternalHttpConnMgr().newHttpClient();
    HttpProxyUtil.configureProxy(client);
    for (Server server : servers) {
        if (isServerAtLeast8dot5(server)) {
            HttpMethod method = null;
            try {
                method = new GetMethod(URLUtil.getServiceURL(server, serviceUrl, false));
                ZimbraLog.misc.debug("connecting to ui node %s", server.getName());
                try {
                    method.addRequestHeader(PARAM_AUTHTOKEN, authToken.getEncoded());
                } catch (AuthTokenException e) {
                    ZimbraLog.misc.warn(e);
                }
                int respCode = HttpClientUtil.executeMethod(client, method);
                if (respCode != 200) {
                    ZimbraLog.misc.warn("service failed, return code: %d", respCode);
                }
            } catch (Exception e) {
                ZimbraLog.misc.warn("service failed for node %s", server.getName(), e);
            } finally {
                if (method != null) {
                    method.releaseConnection();
                }
            }
        }
    }
    if (authToken != null && authToken.isRegistered()) {
        try {
            authToken.deRegister();
            ZimbraLog.misc.debug("de-registered auth token, isRegistered?%s", authToken.isRegistered());
        } catch (AuthTokenException e) {
            ZimbraLog.misc.warn("failed to de-register auth token", e);
        }
    }
}
Also used : Server(com.zimbra.cs.account.Server) HttpClient(org.apache.commons.httpclient.HttpClient) AuthTokenException(com.zimbra.cs.account.AuthTokenException) GetMethod(org.apache.commons.httpclient.methods.GetMethod) AuthToken(com.zimbra.cs.account.AuthToken) HttpMethod(org.apache.commons.httpclient.HttpMethod) IOException(java.io.IOException) ServiceException(com.zimbra.common.service.ServiceException) AuthTokenException(com.zimbra.cs.account.AuthTokenException)

Aggregations

AuthTokenException (com.zimbra.cs.account.AuthTokenException)37 AuthToken (com.zimbra.cs.account.AuthToken)25 ServiceException (com.zimbra.common.service.ServiceException)24 Account (com.zimbra.cs.account.Account)20 Provisioning (com.zimbra.cs.account.Provisioning)8 ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)7 IOException (java.io.IOException)7 HttpClient (org.apache.commons.httpclient.HttpClient)7 GetMethod (org.apache.commons.httpclient.methods.GetMethod)7 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)6 ServletException (javax.servlet.ServletException)6 Element (com.zimbra.common.soap.Element)5 Server (com.zimbra.cs.account.Server)5 HttpMethod (org.apache.commons.httpclient.HttpMethod)5 Domain (com.zimbra.cs.account.Domain)4 GuestAccount (com.zimbra.cs.account.GuestAccount)4 HashMap (java.util.HashMap)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 ZMailbox (com.zimbra.client.ZMailbox)3 AccountBy (com.zimbra.common.account.Key.AccountBy)3