Examples with ConnectionException edu.uiuc.ncsa.security.core.exceptions.ConnectionException used on opensource projects

Example 1 with ConnectionException

use of edu.uiuc.ncsa.security.core.exceptions.ConnectionException in project OA4MP by ncsa.

the class MPConnectionProvider method findConnection.

// Fixes CIL-120, related to CIL-132
public T findConnection(Identifier identifier, String userName, String password, String loa, long lifetime) throws GeneralSecurityException {
    T mpc = null;
    Throwable lastException = null;
    ArrayList<String> failures = new ArrayList<>();
    for (MyProxyServiceFacade facade : facades) {
        javax.inject.Provider<MyProxyConnectable> mpSingleConnectionProvider = null;
        try {
            mpSingleConnectionProvider = new MPSingleConnectionProvider<>(logger, userName, password, loa, lifetime, facade);
        } catch (IOException e) {
            warn("Got IOException connecting to MyProxy:" + e.getMessage());
            throw new GeneralException("IOException getting MyProxy provider:" + e.getMessage(), e);
        }
        mpc = (T) mpSingleConnectionProvider.get();
        mpc.setIdentifier(identifier);
        try {
            mpc.open();
            mpc.setIdentifier(identifier);
            // if this succeeds, print out a message
            logFailures("Failures connecting to MyProxy:", failures);
            info("MyProxy logon connection succeeded to " + facade.getFacadeConfiguration().getHostname());
            return mpc;
        } catch (ConnectionException cx) {
            String x;
            Throwable t = cx;
            Throwable lastCause = cx;
            while (t != null) {
                lastCause = t;
                t = t.getCause();
            }
            // better message
            x = facade.getFacadeConfiguration().getHostname() + ": " + lastCause.getMessage();
            info("Error -- MyProxy logon failed for " + x.replace("\n", " "));
            failures.add(x);
            // info("Benign failure connecting to MyProxy: " + cx.getMessage());
            lastException = cx;
        }
    }
    logFailures("No usable MyProxy service found:", failures);
    info("MyProxy logon connection failed");
    if (lastException instanceof NoUsableMyProxyServerFoundException) {
        throw (NoUsableMyProxyServerFoundException) lastException;
    }
    throw new NoUsableMyProxyServerFoundException("Error: No usable MyProxy service found.", (lastException.getCause() == null ? lastException : lastException.getCause()));
}

Example 2 with ConnectionException

use of edu.uiuc.ncsa.security.core.exceptions.ConnectionException in project OA4MP by ncsa.

the class CRServlet method doCertRequest.

protected void doCertRequest(ServiceTransaction trans, String statusString) throws Throwable {
    if (!hasMPConnection(trans)) {
        throw new ConnectionException("Error: There is no currently active MyProxy connection.");
    }
    MyPKCS10CertRequest localCertRequest = trans.getCertReq();
    KeyPair keyPair = null;
    if (trans.getClient().isProxyLimited()) {
        info("3.b. starting proxy limited for " + trans.getClient().getIdentifier() + ". Generating keypair and cert request.");
        try {
            keyPair = getServiceEnvironment().getKeyPair();
            localCertRequest = CertUtil.createCertRequest(keyPair);
        } catch (GeneralSecurityException e) {
            error("3.b. " + e.getMessage());
        }
    }
    LinkedList<X509Certificate> certs = getX509Certificates(trans, localCertRequest, statusString);
    debug("3.b. Got cert from server, count=" + certs.size());
    LinkedList<X509Certificate> certList = new LinkedList<>();
    // If it is a limited cert, sign it
    if (trans.getClient().isProxyLimited()) {
        info("3.b. Limited proxy for client " + trans.getClient().getIdentifier() + ", creating limited cert and signing it.");
        certList.addAll(certs);
        certList.addFirst(JGlobusUtil.createProxyCertificate(certs.getLast(), keyPair.getPrivate(), trans.getCertReq().getPublicKey(), (int) (trans.getLifetime() / 1000)));
        certs = certList;
    }
    debug("3.b. Preparing to return cert chain of " + certs.size() + " to client.");
    MyX509Certificates myCerts = new MyX509Certificates(certs);
    trans.setProtectedAsset(myCerts);
    String userName = trans.getUsername();
    if (getServiceEnvironment().getAuthorizationServletConfig().isReturnDnAsUsername()) {
        if (myCerts.getX509Certificates().length > 0) {
            X500Principal x500Principal = myCerts.getX509Certificates()[0].getSubjectX500Principal();
            userName = x500Principal.getName();
            if (getServiceEnvironment().getAuthorizationServletConfig().isConvertDNToGlobusID()) {
                userName = JGlobusUtil.toGlobusID(userName);
            }
            debug(statusString + ": USERNAME = " + userName);
        } else {
            userName = "no_certificates_found";
        }
        trans.setUsername(userName);
        info("3.c. Set username returned to client to first certificate's DN: " + userName);
    }
    // Fixes OAUTH-102 username might not be set in some cases, so just reset it here.
    trans.setUsername(userName);
    // Our response is a simple ok, since otherwise exceptions are thrown. No need to set this since that is the default.
    trans.setVerifier(MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getVerifier());
    getServiceEnvironment().getTransactionStore().save(trans);
    if (hasMPConnection(trans.getIdentifier())) {
        // It can happen (especially in cases of manual testing when there is considerable time between calls)
        // that the connection goes away. This prevents a bogus failure in that case.
        getMPConnection(trans.getIdentifier()).close();
    }
}

Example 3 with ConnectionException

use of edu.uiuc.ncsa.security.core.exceptions.ConnectionException in project OA4MP by ncsa.

the class AbstractAuthorizationServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    info("*** STARTING request");
    // String ag = request.getParameter(CONST(TOKEN_KEY));
    String ag = getParam(request, CONST(TOKEN_KEY));
    ServiceTransaction trans = null;
    if (ag == null) {
        throw new GeneralException("Error: Invalid request -- no token. Request rejected.");
    }
    trans = getAndCheckTransaction(ag);
    AuthorizedState pState = new AuthorizedState(getState(request), request, response, trans);
    prepare(pState);
    preprocess(new TransactionState(request, response, null, trans));
    switch(pState.getState()) {
        case AUTHORIZATION_ACTION_OK:
            // As per the spec, if the code gets to here then authentication worked.
            trans.setAuthGrantValid(true);
            getTransactionStore().save(trans);
            // get the cert and store it. Then forward user.
            try {
                createRedirect(request, response, trans);
                // at this point.
                return;
            } catch (ConnectionException ce) {
                ce.printStackTrace();
                request.setAttribute(RETRY_MESSAGE, getServiceEnvironment().getMessages().get(RETRY_MESSAGE));
                pState.setState(AUTHORIZATION_ACTION_START);
                prepare(pState);
            } catch (GeneralSecurityException | NoUsableMyProxyServerFoundException t) {
                // CIL-173 fix: process NoUsableMPSFound.
                info("Prompting user to retry");
                request.setAttribute(RETRY_MESSAGE, getServiceEnvironment().getMessages().get(RETRY_MESSAGE));
                pState.setState(AUTHORIZATION_ACTION_START);
                prepare(pState);
            }
            break;
        case AUTHORIZATION_ACTION_START:
            // no processing needed for initial request.
            break;
        default:
    }
    present(pState);
}