Examples with GeneralException edu.uiuc.ncsa.security.core.exceptions.GeneralException used on opensource projects

Example 1 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class MPConnectionProvider method findConnection.

// Fixes CIL-120, related to CIL-132
public T findConnection(Identifier identifier, String userName, String password, String loa, long lifetime) throws GeneralSecurityException {
    T mpc = null;
    Throwable lastException = null;
    ArrayList<String> failures = new ArrayList<>();
    for (MyProxyServiceFacade facade : facades) {
        javax.inject.Provider<MyProxyConnectable> mpSingleConnectionProvider = null;
        try {
            mpSingleConnectionProvider = new MPSingleConnectionProvider<>(logger, userName, password, loa, lifetime, facade);
        } catch (IOException e) {
            warn("Got IOException connecting to MyProxy:" + e.getMessage());
            throw new GeneralException("IOException getting MyProxy provider:" + e.getMessage(), e);
        }
        mpc = (T) mpSingleConnectionProvider.get();
        mpc.setIdentifier(identifier);
        try {
            mpc.open();
            mpc.setIdentifier(identifier);
            // if this succeeds, print out a message
            logFailures("Failures connecting to MyProxy:", failures);
            info("MyProxy logon connection succeeded to " + facade.getFacadeConfiguration().getHostname());
            return mpc;
        } catch (ConnectionException cx) {
            String x;
            Throwable t = cx;
            Throwable lastCause = cx;
            while (t != null) {
                lastCause = t;
                t = t.getCause();
            }
            // better message
            x = facade.getFacadeConfiguration().getHostname() + ": " + lastCause.getMessage();
            info("Error -- MyProxy logon failed for " + x.replace("\n", " "));
            failures.add(x);
            // info("Benign failure connecting to MyProxy: " + cx.getMessage());
            lastException = cx;
        }
    }
    logFailures("No usable MyProxy service found:", failures);
    info("MyProxy logon connection failed");
    if (lastException instanceof NoUsableMyProxyServerFoundException) {
        throw (NoUsableMyProxyServerFoundException) lastException;
    }
    throw new NoUsableMyProxyServerFoundException("Error: No usable MyProxy service found.", (lastException.getCause() == null ? lastException : lastException.getCause()));
}

Example 2 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class ACS2 method doDelegation.

protected void doDelegation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable {
    info("6.a. Starting to process cert request");
    PARequest paRequest = new PARequest(httpServletRequest, getClient(httpServletRequest));
    String statusString = "client = " + paRequest.getClient().getIdentifier();
    // The next call will pull the access token off of any parameters. The result may be null if there is
    // no access token.
    paRequest.setAccessToken(getAccessToken(httpServletRequest));
    PAResponse paResponse = (PAResponse) getPAI().process(paRequest);
    debug("6.a. " + statusString);
    ServiceTransaction t = verifyAndGet(paResponse);
    Map params = httpServletRequest.getParameterMap();
    if (t.getCertReq() == null) {
        String rawCR = ((String[]) params.get(CONST(ServiceConstantKeys.CERT_REQUEST_KEY)))[0];
        // CIL-409 fix -- fail immediately if the cert request is missing
        if (!params.containsKey(CONST(ServiceConstantKeys.CERT_REQUEST_KEY))) {
            throw new GeneralException("Error: Missing cert request parameter.");
        }
        // CIL-409 fix
        if (isEmpty(rawCR)) {
            throw new GeneralException("Error: Empty cert request.");
        }
        MyPKCS10CertRequest certReq;
        try {
            certReq = CertUtil.fromStringToCertReq(rawCR);
        } catch (Throwable throwable) {
            throwable.printStackTrace();
            throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
        }
        t.setCertReq(certReq);
        // The assumption at this point is that this value is in seconds, which is valid for OIDC clients.
        if (params.containsKey(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY))) {
            t.setLifetime(1000 * Long.parseLong(((String[]) params.get(CONST(ServiceConstantKeys.CERT_LIFETIME_KEY)))[0]));
        } else {
            // set the default to 10 days if there is no certlifetime parameter passed in.
            t.setLifetime(1000 * 10 * 24 * 3600);
        }
        getTransactionStore().save(t);
    }
    info("6.a. Processing request for transaction " + t.getIdentifier());
    doRealCertRequest(t, statusString);
    t.setAccessTokenValid(false);
    preprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
    debug("6.a. protected asset:" + (t.getProtectedAsset() == null ? "(null)" : "ok") + ", " + statusString);
    HashMap<String, String> username = new HashMap<String, String>();
    username.put("username", t.getUsername());
    if (paResponse.getParameters() != null) {
        username.putAll(paResponse.getParameters());
    }
    paResponse.setAdditionalInformation(username);
    paResponse.setProtectedAsset(t.getProtectedAsset());
    debug("6.a. Added username \"" + t.getUsername() + "\" & cert for request from " + statusString);
    getTransactionStore().save(t);
    info("6.b. Done with cert request " + statusString);
    paResponse.write(httpServletResponse);
    info("6.b. Completed transaction " + t.getIdentifierString() + ", " + statusString);
    postprocess(new TransactionState(httpServletRequest, httpServletResponse, paResponse.getParameters(), t));
}

Example 3 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class AbstractAccessTokenServlet method doDelegation.

protected IssuerTransactionState doDelegation(Client client, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Throwable, ServletException {
    printAllParameters(httpServletRequest);
    info("5.a. Starting access token exchange");
    Verifier v = getServiceEnvironment().getTokenForge().getVerifier(httpServletRequest);
    AuthorizationGrant ag = getServiceEnvironment().getTokenForge().getAuthorizationGrant(httpServletRequest);
    ATRequest atRequest = new ATRequest(httpServletRequest, client);
    atRequest.setVerifier(v);
    atRequest.setAuthorizationGrant(ag);
    // FIXME!! make this configurable??
    atRequest.setExpiresIn(DateUtils.MAX_TIMEOUT);
    ATResponse atResp = (ATResponse) getATI().process(atRequest);
    ServiceTransaction transaction = verifyAndGet(atResp);
    String cc = "client=" + transaction.getClient();
    info("5.a. got access token " + cc);
    preprocess(new TransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction));
    debug("5.a. access token = " + atResp.getAccessToken() + " for verifier = " + v);
    transaction.setAuthGrantValid(false);
    transaction.setAccessToken(atResp.getAccessToken());
    transaction.setAccessTokenValid(true);
    try {
        getTransactionStore().save(transaction);
        info("5.a. updated transaction state for " + cc + ", sending response to client");
    } catch (GeneralException e) {
        throw new ServletException("Error saving transaction", e);
    }
    // atResp.write(httpServletResponse);
    info("5.b. done with access token exchange with " + cc);
    IssuerTransactionState transactionState = new IssuerTransactionState(httpServletRequest, httpServletResponse, atResp.getParameters(), transaction, atResp);
    postprocess(transactionState);
    return transactionState;
}

Example 4 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class AbstractAuthorizationServlet method createRedirect.

protected void createRedirect(HttpServletRequest request, HttpServletResponse response, ServiceTransaction trans) throws Throwable {
    String userName = null;
    String password = null;
    // Fixes OAUTH-192.
    if (getServiceEnvironment().getAuthorizationServletConfig().isUseHeader()) {
        String headerName = getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName();
        if (isEmpty(headerName) || headerName.toLowerCase().equals("remote_user")) {
            userName = request.getRemoteUser();
        } else {
            Enumeration enumeration = request.getHeaders(headerName);
            if (!enumeration.hasMoreElements()) {
                throw new GeneralException("Error: A custom header of \"" + headerName + "\" was specified for authorization, but no value was found.");
            }
            userName = enumeration.nextElement().toString();
            if (enumeration.hasMoreElements()) {
                throw new GeneralException("Error: A custom header of \"" + headerName + "\" was specified for authorization, but multiple values were found.");
            }
        }
        if (getServiceEnvironment().getAuthorizationServletConfig().isRequireHeader()) {
            if (isEmpty(userName)) {
                warn("Headers required, but none found.");
                throw new GeneralException("Headers required, but none found.");
            }
        } else {
            // So the score card is that the header is not required though use it if there for the username
            if (isEmpty(userName)) {
                userName = request.getParameter(AUTHORIZATION_USER_NAME_KEY);
            }
            trans.setUsername(userName);
        }
    } else {
        // Headers not used, just pull it off the form the user POSTs.
        userName = request.getParameter(AUTHORIZATION_USER_NAME_KEY);
        password = request.getParameter(AUTHORIZATION_PASSWORD_KEY);
        trans.setUsername(userName);
    }
    userName = trans.getUsername();
    info("3.b. transaction has user name = " + userName);
    // The right place to invoke the pre-processor.
    preprocess(new TransactionState(request, response, null, trans));
    String statusString = " transaction =" + trans.getIdentifierString() + " and client=" + trans.getClient().getIdentifierString();
    trans.setVerifier(MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getVerifier());
    MyProxyDelegationServlet.getServiceEnvironment().getTransactionStore().save(trans);
    setupMPConnection(trans, userName, password);
    // Change is to close this connection after verifying it works.
    // Oauth 1 will get the cert, OAuth 2 will do nothing here, getting the cert later.
    doRealCertRequest(trans, statusString);
    debug("4.a. verifier = " + trans.getVerifier() + ", " + statusString);
    String cb = createCallback(trans, getFirstParameters(request));
    info("4.a. starting redirect to " + cb + ", " + statusString);
    response.sendRedirect(cb);
    info("4.b. Redirect to callback " + cb + " ok, " + statusString);
}

Example 5 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class AbstractAuthorizationServlet method present.

public void present(PresentableState state) throws Throwable {
    AuthorizedState aState = (AuthorizedState) state;
    postprocess(new TransactionState(state.getRequest(), aState.getResponse(), null, aState.getTransaction()));
    switch(aState.getState()) {
        case AUTHORIZATION_ACTION_START:
            String initPage = INITIAL_PAGE;
            info("*** STARTING present");
            if (getServiceEnvironment().getAuthorizationServletConfig().isUseHeader()) {
                initPage = REMOTE_USER_INITIAL_PAGE;
                info("*** PRESENT: Use headers enabled.");
                String x = null;
                if (getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName().equals("REMOTE_USER")) {
                    // slightly more surefire way to get this.
                    x = aState.getRequest().getRemoteUser();
                    info("*** got user name from request = " + x);
                } else {
                    x = aState.getRequest().getHeader(getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName());
                    info("Got username from header \"" + getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName() + "\" + directly: " + x);
                }
                if (isEmpty(x)) {
                    if (getServiceEnvironment().getAuthorizationServletConfig().isRequireHeader()) {
                        throw new GeneralException("Error: configuration required using the header \"" + getServiceEnvironment().getAuthorizationServletConfig().getHeaderFieldName() + "\" " + "but this was not set. Cannot continue.");
                    }
                // not required, it is null
                } else {
                    // name is set. optional or required
                    aState.getTransaction().setUsername(x);
                    info("*** storing user name = " + x);
                    getTransactionStore().save(aState.getTransaction());
                    // make it display pretty as per usual conventions. This is never reused, however.
                    aState.getRequest().setAttribute(AUTHORIZATION_USER_NAME_VALUE, escapeHtml(x));
                }
            } else {
                info("*** PRESENT: Use headers DISABLED.");
            }
            JSPUtil.fwd(state.getRequest(), state.getResponse(), initPage);
            info("3.a. User information obtained for grant = " + aState.getTransaction().getAuthorizationGrant());
            break;
        case AUTHORIZATION_ACTION_OK:
            JSPUtil.fwd(state.getRequest(), state.getResponse(), OK_PAGE);
            break;
        default:
            // fall through and do nothing
            debug("Hit default case in AbstractAuthZ servlet");
    }
}