Search in sources :

Example 11 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class TransactionConverter method toMap.

@Override
public void toMap(V t, ConversionMap<String, Object> map) {
    super.toMap(t, map);
    if (t.getCertReq() == null) {
        map.put(getDSTK().certReq(), null);
    } else {
        map.put(getDSTK().certReq(), CertUtil.fromCertReqToString(t.getCertReq()));
    }
    MyX509Certificates myCert = (MyX509Certificates) t.getProtectedAsset();
    if (myCert == null || myCert.getX509Certificates() == null || myCert.getX509Certificates().length == 0) {
        map.put(getDSTK().cert(), null);
    } else {
        try {
            map.put(getDSTK().cert(), myCert.getX509CertificatesPEM());
        } catch (CertificateEncodingException e) {
            throw new GeneralException("Error: could not encode certificate", e);
        }
    }
    if (t.getClient() == null) {
        map.put(getDSTK().clientKey(), null);
    } else {
        map.put(getDSTK().clientKey(), t.getClient().getIdentifier());
    }
    if (t.getUsername() == null) {
        map.put(getDSTK().username(), null);
    } else {
        map.put(getDSTK().username(), t.getUsername());
    }
    if (t.getMyproxyUsername() == null) {
        map.put(getDSTK().myproxyUsername(), null);
    } else {
        map.put(getDSTK().myproxyUsername(), t.getMyproxyUsername());
    }
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) CertificateEncodingException(java.security.cert.CertificateEncodingException) MyX509Certificates(edu.uiuc.ncsa.security.delegation.token.MyX509Certificates)

Example 12 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2MPService method preGetCert.

@Override
public void preGetCert(Asset asset, Map parameters) {
    super.preGetCert(asset, parameters);
    OA2Asset a = (OA2Asset) asset;
    parameters.put(ClientEnvironment.CERT_REQUEST_KEY, PEMFormatUtil.bytesToChunkedString(asset.getCertReq().getEncoded()));
    if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) {
        parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
    }
    if (0 <= getEnvironment().getCertLifetime()) {
        parameters.put(ClientEnvironment.CERT_LIFETIME_KEY, getEnvironment().getCertLifetime());
    }
    if (asset.getCertificates() != null) {
        // We have some, so restart the sequence to get more.
        MyPKCS10CertRequest certRequest = asset.getCertReq();
        KeyPair keyPair = null;
        if (certRequest == null) {
            // ok... generate a new keypair
            try {
                keyPair = KeyUtil.generateKeyPair();
            } catch (Throwable e) {
                String msg = "Unable to generate a new keypair.";
                getEnvironment().getMyLogger().warn(msg, e);
                if (e instanceof RuntimeException) {
                    throw (RuntimeException) e;
                }
                throw new GeneralException(msg, e);
            }
            asset.setPrivateKey(keyPair.getPrivate());
        } else {
            // need to public key.
            keyPair = new KeyPair(certRequest.getPublicKey(), asset.getPrivateKey());
        }
        if (asset.getPrivateKey() == null) {
            String msg = "Error: The private key is missing. The internal state of the asset is invalid";
            NFWException x = new NFWException((msg));
            getEnvironment().getMyLogger().warn(msg, x);
            throw x;
        }
        try {
            asset.setCertReq(CertUtil.createCertRequest(keyPair));
        } catch (Throwable t) {
            String msg = "Error: could not create cert request.";
            getEnvironment().getMyLogger().warn(msg, t);
            if (t instanceof RuntimeException) {
                throw (RuntimeException) t;
            }
            throw new GeneralException(msg, t);
        }
    }
}
Also used : NFWException(edu.uiuc.ncsa.security.core.exceptions.NFWException) KeyPair(java.security.KeyPair) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)

Example 13 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2ClientExceptionHandler method handleException.

@Override
public void handleException(Throwable t, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    if (t instanceof OA2RedirectableError) {
        getLogger().info("get a standard error with a redirect");
        OA2RedirectableError oa2RedirectableError = (OA2RedirectableError) t;
        request.setAttribute(OA2Constants.ERROR, oa2RedirectableError.getError());
        request.setAttribute(OA2Constants.ERROR_DESCRIPTION, oa2RedirectableError.getDescription());
        request.setAttribute(OA2Constants.STATE, oa2RedirectableError.getState());
    } else if (t instanceof ServiceClientHTTPException) {
        // This can be thrown by the service client when a bad response comes back from the server.
        // If there really is server problem, this tries to get a human readable error page.
        // parse the body. It should be of the form
        // error=....
        // error_description=...
        // separated by a line feed.
        ServiceClientHTTPException tt = (ServiceClientHTTPException) t;
        getLogger().info("got standard error with http status code = " + tt.getStatus());
        if (!tt.hasContent()) {
            // can't do anything
            defaultSCXresponse(tt, request);
        } else {
            try {
                parseContent(tt.getContent(), request);
            } catch (GeneralException xx) {
                defaultSCXresponse(tt, request);
            }
        }
    } else {
        // fall through. We got some exception from someplace and have to manage it.
        // This is really last ditch.
        getLogger().info("Got exception of type " + t.getClass().getSimpleName());
        // again, something is wrong, possibly with the configuration so more info is better.
        t.printStackTrace();
        request.setAttribute(OA2Constants.ERROR, t.getClass().getSimpleName());
        request.setAttribute(OA2Constants.ERROR_DESCRIPTION, t.getMessage());
    }
    // sets return action on error page to this web app.
    request.setAttribute("action", request.getContextPath());
    JSPUtil.fwd(request, response, clientServlet.getCE().getErrorPagePath());
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceClientHTTPException(edu.uiuc.ncsa.security.servlet.ServiceClientHTTPException) OA2RedirectableError(edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError)

Example 14 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2ReadyServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    if (request.getParameterMap().containsKey(OA2Constants.ERROR)) {
        throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));
    }
    // Get the cert itself. The server itself does a redirect using the callback to this servlet
    // (so it is the portal that actually is invoking this method after the authorization
    // step.) The token and verifier are peeled off and used
    // to complete the request.
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String state = request.getParameter(OA2Constants.STATE);
    if (token == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + ".");
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, getCE().getErrorPagePath());
        return;
    }
    info("2.a Token found.");
    AuthorizationGrant grant = new AuthorizationGrantImpl(URI.create(token));
    info("2.a. Getting the cert(s) from the service");
    String identifier = clearCookie(request, response);
    OA2Asset asset = null;
    if (identifier == null) {
        asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
        if (asset != null) {
            identifier = asset.getIdentifierString();
        }
    }
    AssetResponse assetResponse = null;
    OA2MPService oa2MPService = (OA2MPService) getOA4MPService();
    UserInfo ui = null;
    boolean getCerts = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
    if (identifier == null) {
        // Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
        String msg = "Error: no cookie found. Cannot save certificates";
        warn(msg);
        debug("No cookie found");
        // if(asset == null) asset = new OA2Asset(BasicIdentifier.newID())
        ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
        ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().toString());
        if (getCerts) {
            assetResponse = oa2MPService.getCert(asset, atResponse2);
        }
    } else {
        asset = (OA2Asset) getCE().getAssetStore().get(identifier);
        if (asset.getState() == null || !asset.getState().equals(state)) {
            // Just a note: This is most likely to arise when the server's authorize-init.jsp has been
            // changed or replaced and the hidden field for the state (passed to the form, then passed back
            // and therefore not stored on the server anyplace) is missing.
            warn("The expected state from the server was \"" + asset.getState() + "\", but instead \"" + state + "\" was returned. Transaction aborted.");
            throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
        }
        ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
        // ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().getToken());
        ui = oa2MPService.getUserInfo(identifier);
        if (getCerts) {
            assetResponse = oa2MPService.getCert(asset, atResponse2);
        }
    // The general case is to do the call with the identifier if you want the asset store managed.
    // assetResponse = getOA4MPService().getCert(token, null, BasicIdentifier.newID(identifier));
    }
    // The work in this call
    // Again, we take the first returned cert to peel off some information to display. This
    // just proves we got a response.
    info("2.b. Done! Displaying success page.");
    if (getCerts) {
        if (assetResponse.getX509Certificates() == null) {
            request.setAttribute("certSubject", "(no cert returned)");
        } else {
            X509Certificate cert = assetResponse.getX509Certificates()[0];
            // Rest of this is putting up something for the user to see
            request.setAttribute("certSubject", cert.getSubjectDN());
            request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
            request.setAttribute("username", assetResponse.getUsername());
            // FIX OAUTH-216. Note that this is displayed on the client's success page.
            if (asset.getPrivateKey() != null) {
                request.setAttribute("privateKey", KeyUtil.toPKCS1PEM(asset.getPrivateKey()));
            } else {
                request.setAttribute("privateKey", "(none)");
            }
        }
    } else {
        request.setAttribute("certSubject", "(no cert requested)");
    }
    if (ui != null) {
        String output = JSONUtils.valueToString(ui.toJSon(), 4, 2);
        request.setAttribute("userinfo", output);
    } else {
        request.setAttribute("userinfo", "no user info returned.");
    }
    // Fix in cases where the server request passes through Apache before going to Tomcat.
    String contextPath = request.getContextPath();
    if (!contextPath.endsWith("/")) {
        contextPath = contextPath + "/";
    }
    request.setAttribute("action", contextPath);
    info("2.a. Completely finished with delegation.");
    JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
    return;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) OA2RedirectableError(edu.uiuc.ncsa.security.oauth_2_0.OA2RedirectableError) AuthorizationGrantImpl(edu.uiuc.ncsa.security.delegation.token.impl.AuthorizationGrantImpl) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) UserInfo(edu.uiuc.ncsa.security.oauth_2_0.UserInfo) X509Certificate(java.security.cert.X509Certificate) ATResponse2(edu.uiuc.ncsa.security.oauth_2_0.client.ATResponse2) OA2MPService(edu.uiuc.ncsa.oa4mp.oauth2.client.OA2MPService) AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant) OA2Asset(edu.uiuc.ncsa.oa4mp.oauth2.client.OA2Asset)

Example 15 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class CopyTool method getEnv.

protected ServiceEnvironmentImpl getEnv(String cfgFileOption, String cfgNameOption) {
    if (getCommandLine().getOptionValue(SOURCE_CONFIG_NAME_OPTION).equals(getCommandLine().getOptionValue(TARGET_CONFIG_NAME_OPTION))) {
        throw new MyConfigurationException("Error! You have specified that source and target as the same.");
    }
    String fileName = getCommandLine().getOptionValue(cfgFileOption);
    if (fileName == null) {
        fileName = getCommandLine().getOptionValue(SOURCE_CONFIG_FILE_OPTION);
    }
    String configName = getCommandLine().getOptionValue(cfgNameOption);
    sayv("loading configuration \"" + (configName == null ? "(none)" : configName) + "\" from file " + fileName);
    ConfigurationNode node = ConfigUtil.findConfiguration(fileName, getCommandLine().getOptionValue(cfgNameOption), OA4MPConfigTags.COMPONENT);
    // override the logging in the configuration file, since that might be remote.
    ConfigurationLoader loader = null;
    setConfigurationNode(node);
    try {
        loader = getLoader();
    } catch (Exception e) {
        throw new GeneralException("Error: Could not get loader", e);
    }
    // new CILogonConfigurationLoader(node, getMyLogger());
    ServiceEnvironmentImpl env = (ServiceEnvironmentImpl) loader.load();
    return env;
}
Also used : MyConfigurationException(edu.uiuc.ncsa.security.core.exceptions.MyConfigurationException) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ConfigurationNode(org.apache.commons.configuration.tree.ConfigurationNode) ConfigurationLoader(edu.uiuc.ncsa.security.core.util.ConfigurationLoader) OA4MPConfigurationLoader(edu.uiuc.ncsa.myproxy.oa4mp.loader.OA4MPConfigurationLoader) MyConfigurationException(edu.uiuc.ncsa.security.core.exceptions.MyConfigurationException) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)

Aggregations

GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)53 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)9 SQLException (java.sql.SQLException)8 Connection (java.sql.Connection)7 PreparedStatement (java.sql.PreparedStatement)7 ResultSet (java.sql.ResultSet)7 Identifier (edu.uiuc.ncsa.security.core.Identifier)5 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)5 MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)5 X509Certificate (java.security.cert.X509Certificate)5 AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)4 TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)4 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4 AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)4 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)3 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)3 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)3 File (java.io.File)3 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3