use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class CsrfUtil method isValidCsrfToken.
public static boolean isValidCsrfToken(String csrfToken, AuthToken authToken) {
if (StringUtil.isNullOrEmpty(csrfToken)) {
return false;
}
String hmacFromToken = null;
String crumb = null;
String keyVersion = null;
boolean validToken = false;
boolean loadFromLdap = false;
try {
Pair<String, String> data = parseCsrfToken(csrfToken);
hmacFromToken = data.getFirst();
keyVersion = data.getSecond();
crumb = authToken.getCrumb();
Account account = getAccount(authToken, loadFromLdap);
if (account == null) {
return false;
}
validToken = validateCsrfToken(hmacFromToken, crumb, keyVersion, validToken, account);
if (!validToken) {
// just recheck that we are looking at the latest Account object
// cache of this server might be stale
ZimbraLog.misc.info("CSRF token was invalid, rechecking with account object from LDAP.");
loadFromLdap = true;
account = getAccount(authToken, loadFromLdap);
validToken = validateCsrfToken(hmacFromToken, crumb, keyVersion, validToken, account);
if (ZimbraLog.misc.isDebugEnabled()) {
ZimbraLog.misc.debug("The csrfToken second check: " + (validToken ? "is valid." : " is invalid."));
}
}
} catch (AuthTokenException | ServiceException e) {
ZimbraLog.misc.info("Error decoding CSRF token, " + e.getMessage());
validToken = false;
}
if (ZimbraLog.misc.isDebugEnabled()) {
ZimbraLog.misc.debug("The csrfToken: " + (validToken ? "is valid." : " is invalid."));
}
return validToken;
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class CsrfUtil method validateCsrfToken.
/**
* @param hmacFromToken
* @param crumb
* @param keyVersion
* @param validToken
* @param account
* @return
* @throws ServiceException
* @throws AuthTokenException
*/
private static boolean validateCsrfToken(String hmacFromToken, String crumb, String keyVersion, boolean validToken, Account account) throws ServiceException, AuthTokenException {
String csrfTokenData;
csrfTokenData = getTokenDataFromLdap(crumb, account);
if (csrfTokenData != null) {
CsrfTokenKey key = CsrfTokenKey.getVersion(keyVersion);
if (key == null) {
throw new AuthTokenException("unknown key version");
}
String computedHmac = TokenUtil.getHmac(csrfTokenData, key.getKey());
if (computedHmac.equals(hmacFromToken)) {
Map<?, ?> decodedData = getAttrs(csrfTokenData);
long expirationTime = Long.parseLong((String) decodedData.get(C_EXP));
long currentTime = System.currentTimeMillis();
if (currentTime < expirationTime) {
validToken = true;
}
}
}
return validToken;
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class StatsImageServlet method doGet.
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
AuthToken authToken = getAdminAuthTokenFromCookie(req, resp);
if (authToken == null)
return;
String imgName = null;
InputStream is = null;
boolean imgAvailable = true;
boolean localServer = false;
boolean systemWide = false;
String serverAddr = "";
String noDefaultImg = req.getParameter("nodef");
boolean noDefault = false;
if (noDefaultImg != null && !noDefaultImg.equals("") && noDefaultImg.equals("1")) {
noDefault = true;
}
String reqPath = req.getRequestURI();
try {
//check if this is the logger host, otherwise proxy the request to the logger host
String serviceHostname = Provisioning.getInstance().getLocalServer().getAttr(Provisioning.A_zimbraServiceHostname);
String logHost = Provisioning.getInstance().getConfig().getAttr(Provisioning.A_zimbraLogHostname);
if (!serviceHostname.equalsIgnoreCase(logHost)) {
StringBuffer url = new StringBuffer("https");
url.append("://").append(logHost).append(':').append(LC.zimbra_admin_service_port.value());
url.append(reqPath);
String queryStr = req.getQueryString();
if (queryStr != null)
url.append('?').append(queryStr);
// create an HTTP client with the same cookies
HttpState state = new HttpState();
try {
state.addCookie(new org.apache.commons.httpclient.Cookie(logHost, ZimbraCookie.COOKIE_ZM_ADMIN_AUTH_TOKEN, authToken.getEncoded(), "/", null, false));
} catch (AuthTokenException ate) {
throw ServiceException.PROXY_ERROR(ate, url.toString());
}
HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
client.setState(state);
GetMethod get = new GetMethod(url.toString());
try {
int statusCode = HttpClientUtil.executeMethod(client, get);
if (statusCode != HttpStatus.SC_OK)
throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), null);
resp.setContentType("image/gif");
ByteUtil.copy(get.getResponseBodyAsStream(), true, resp.getOutputStream(), false);
return;
} catch (HttpException e) {
throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), e);
} catch (IOException e) {
throw ServiceException.RESOURCE_UNREACHABLE(get.getStatusText(), e);
} finally {
get.releaseConnection();
}
}
} catch (Exception ex) {
resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
return;
}
try {
if (reqPath == null || reqPath.length() == 0) {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (mLog.isDebugEnabled())
mLog.debug("received request to:(" + reqPath + ")");
String[] reqParts = reqPath.split("/");
String reqFilename = reqParts[3];
imgName = LC.stats_img_folder.value() + File.separator + reqFilename;
try {
is = new FileInputStream(imgName);
} catch (FileNotFoundException ex) {
//unlikely case - only if the server's files are broken
if (is != null)
is.close();
if (!noDefault) {
imgName = LC.stats_img_folder.value() + File.separator + IMG_NOT_AVAIL;
is = new FileInputStream(imgName);
} else {
resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
return;
}
}
} catch (Exception ex) {
if (is != null)
is.close();
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "FNF image File not found");
return;
}
resp.setContentType("image/gif");
ByteUtil.copy(is, true, resp.getOutputStream(), false);
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class RefreshRegisteredAuthTokens method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
checkRight(zsc, context, null, AdminRight.PR_SYSTEM_ADMIN_ONLY);
Provisioning prov = Provisioning.getInstance();
Server localServer = prov.getLocalServer();
if (localServer.getLowestSupportedAuthVersion() < 2) {
return JaxbUtil.jaxbToElement(new RefreshRegisteredAuthTokensResponse());
}
RefreshRegisteredAuthTokensRequest req = JaxbUtil.elementToJaxb(request);
List<String> tokens = req.getTokens();
if (tokens != null && !tokens.isEmpty()) {
for (String token : tokens) {
try {
AuthToken zt = ZimbraAuthToken.getAuthToken(token);
if (zt.isRegistered()) {
Account acc = zt.getAccount();
Provisioning.getInstance().reload(acc);
ZimbraLog.soap.debug("Refreshed token %s for account %s", token, acc.getName());
}
} catch (AuthTokenException | ServiceException e) {
ZimbraLog.soap.error("Failed to refresh deregistered authtoken %s", token, e);
}
}
}
return JaxbUtil.jaxbToElement(new RefreshRegisteredAuthTokensResponse());
}
use of com.zimbra.cs.account.AuthTokenException in project zm-mailbox by Zimbra.
the class WebClientServiceUtil method sendServiceRequestToEveryUiNode.
/**
* send service request to every ui node
* @param serviceUrl the url that should be matched and handled by ServiceServlet in ZimbraWebClient
* @throws ServiceException
*/
public static void sendServiceRequestToEveryUiNode(String serviceUrl) throws ServiceException {
List<Server> servers = Provisioning.getInstance().getAllServers(Provisioning.SERVICE_WEBCLIENT);
if (servers == null || servers.isEmpty()) {
servers.add(Provisioning.getInstance().getLocalServer());
}
AuthToken authToken = AuthProvider.getAdminAuthToken();
ZimbraLog.misc.debug("got admin auth token");
//sequentially flush each node
HttpClient client = ZimbraHttpConnectionManager.getExternalHttpConnMgr().newHttpClient();
HttpProxyUtil.configureProxy(client);
for (Server server : servers) {
if (isServerAtLeast8dot5(server)) {
HttpMethod method = null;
try {
method = new GetMethod(URLUtil.getServiceURL(server, serviceUrl, false));
ZimbraLog.misc.debug("connecting to ui node %s", server.getName());
try {
method.addRequestHeader(PARAM_AUTHTOKEN, authToken.getEncoded());
} catch (AuthTokenException e) {
ZimbraLog.misc.warn(e);
}
int respCode = HttpClientUtil.executeMethod(client, method);
if (respCode != 200) {
ZimbraLog.misc.warn("service failed, return code: %d", respCode);
}
} catch (Exception e) {
ZimbraLog.misc.warn("service failed for node %s", server.getName(), e);
} finally {
if (method != null) {
method.releaseConnection();
}
}
}
}
if (authToken != null && authToken.isRegistered()) {
try {
authToken.deRegister();
ZimbraLog.misc.debug("de-registered auth token, isRegistered?%s", authToken.isRegistered());
} catch (AuthTokenException e) {
ZimbraLog.misc.warn("failed to de-register auth token", e);
}
}
}
Aggregations