use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class TransactionConverter method toMap.
@Override
public void toMap(V t, ConversionMap<String, Object> map) {
super.toMap(t, map);
if (t.getCertReq() == null) {
map.put(getDSTK().certReq(), null);
} else {
map.put(getDSTK().certReq(), CertUtil.fromCertReqToString(t.getCertReq()));
}
MyX509Certificates myCert = (MyX509Certificates) t.getProtectedAsset();
if (myCert == null || myCert.getX509Certificates() == null || myCert.getX509Certificates().length == 0) {
map.put(getDSTK().cert(), null);
} else {
try {
map.put(getDSTK().cert(), myCert.getX509CertificatesPEM());
} catch (CertificateEncodingException e) {
throw new GeneralException("Error: could not encode certificate", e);
}
}
if (t.getClient() == null) {
map.put(getDSTK().clientKey(), null);
} else {
map.put(getDSTK().clientKey(), t.getClient().getIdentifier());
}
if (t.getUsername() == null) {
map.put(getDSTK().username(), null);
} else {
map.put(getDSTK().username(), t.getUsername());
}
if (t.getMyproxyUsername() == null) {
map.put(getDSTK().myproxyUsername(), null);
} else {
map.put(getDSTK().myproxyUsername(), t.getMyproxyUsername());
}
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2MPService method preGetCert.
@Override
public void preGetCert(Asset asset, Map parameters) {
super.preGetCert(asset, parameters);
OA2Asset a = (OA2Asset) asset;
parameters.put(ClientEnvironment.CERT_REQUEST_KEY, PEMFormatUtil.bytesToChunkedString(asset.getCertReq().getEncoded()));
if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) {
parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
}
if (0 <= getEnvironment().getCertLifetime()) {
parameters.put(ClientEnvironment.CERT_LIFETIME_KEY, getEnvironment().getCertLifetime());
}
if (asset.getCertificates() != null) {
// We have some, so restart the sequence to get more.
MyPKCS10CertRequest certRequest = asset.getCertReq();
KeyPair keyPair = null;
if (certRequest == null) {
// ok... generate a new keypair
try {
keyPair = KeyUtil.generateKeyPair();
} catch (Throwable e) {
String msg = "Unable to generate a new keypair.";
getEnvironment().getMyLogger().warn(msg, e);
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
throw new GeneralException(msg, e);
}
asset.setPrivateKey(keyPair.getPrivate());
} else {
// need to public key.
keyPair = new KeyPair(certRequest.getPublicKey(), asset.getPrivateKey());
}
if (asset.getPrivateKey() == null) {
String msg = "Error: The private key is missing. The internal state of the asset is invalid";
NFWException x = new NFWException((msg));
getEnvironment().getMyLogger().warn(msg, x);
throw x;
}
try {
asset.setCertReq(CertUtil.createCertRequest(keyPair));
} catch (Throwable t) {
String msg = "Error: could not create cert request.";
getEnvironment().getMyLogger().warn(msg, t);
if (t instanceof RuntimeException) {
throw (RuntimeException) t;
}
throw new GeneralException(msg, t);
}
}
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2ClientExceptionHandler method handleException.
@Override
public void handleException(Throwable t, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
if (t instanceof OA2RedirectableError) {
getLogger().info("get a standard error with a redirect");
OA2RedirectableError oa2RedirectableError = (OA2RedirectableError) t;
request.setAttribute(OA2Constants.ERROR, oa2RedirectableError.getError());
request.setAttribute(OA2Constants.ERROR_DESCRIPTION, oa2RedirectableError.getDescription());
request.setAttribute(OA2Constants.STATE, oa2RedirectableError.getState());
} else if (t instanceof ServiceClientHTTPException) {
// This can be thrown by the service client when a bad response comes back from the server.
// If there really is server problem, this tries to get a human readable error page.
// parse the body. It should be of the form
// error=....
// error_description=...
// separated by a line feed.
ServiceClientHTTPException tt = (ServiceClientHTTPException) t;
getLogger().info("got standard error with http status code = " + tt.getStatus());
if (!tt.hasContent()) {
// can't do anything
defaultSCXresponse(tt, request);
} else {
try {
parseContent(tt.getContent(), request);
} catch (GeneralException xx) {
defaultSCXresponse(tt, request);
}
}
} else {
// fall through. We got some exception from someplace and have to manage it.
// This is really last ditch.
getLogger().info("Got exception of type " + t.getClass().getSimpleName());
// again, something is wrong, possibly with the configuration so more info is better.
t.printStackTrace();
request.setAttribute(OA2Constants.ERROR, t.getClass().getSimpleName());
request.setAttribute(OA2Constants.ERROR_DESCRIPTION, t.getMessage());
}
// sets return action on error page to this web app.
request.setAttribute("action", request.getContextPath());
JSPUtil.fwd(request, response, clientServlet.getCE().getErrorPagePath());
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2ReadyServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
if (request.getParameterMap().containsKey(OA2Constants.ERROR)) {
throw new OA2RedirectableError(request.getParameter(OA2Constants.ERROR), request.getParameter(OA2Constants.ERROR_DESCRIPTION), request.getParameter(OA2Constants.STATE));
}
// Get the cert itself. The server itself does a redirect using the callback to this servlet
// (so it is the portal that actually is invoking this method after the authorization
// step.) The token and verifier are peeled off and used
// to complete the request.
info("2.a. Getting token and verifier.");
String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
String state = request.getParameter(OA2Constants.STATE);
if (token == null) {
warn("2.a. The token is " + (token == null ? "null" : token) + ".");
GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
request.setAttribute("exception", ge);
JSPUtil.fwd(request, response, getCE().getErrorPagePath());
return;
}
info("2.a Token found.");
AuthorizationGrant grant = new AuthorizationGrantImpl(URI.create(token));
info("2.a. Getting the cert(s) from the service");
String identifier = clearCookie(request, response);
OA2Asset asset = null;
if (identifier == null) {
asset = (OA2Asset) getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
if (asset != null) {
identifier = asset.getIdentifierString();
}
}
AssetResponse assetResponse = null;
OA2MPService oa2MPService = (OA2MPService) getOA4MPService();
UserInfo ui = null;
boolean getCerts = ((OA2ClientEnvironment) getCE()).getScopes().contains(OA2Scopes.SCOPE_MYPROXY);
if (identifier == null) {
// Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
String msg = "Error: no cookie found. Cannot save certificates";
warn(msg);
debug("No cookie found");
// if(asset == null) asset = new OA2Asset(BasicIdentifier.newID())
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().toString());
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
} else {
asset = (OA2Asset) getCE().getAssetStore().get(identifier);
if (asset.getState() == null || !asset.getState().equals(state)) {
// Just a note: This is most likely to arise when the server's authorize-init.jsp has been
// changed or replaced and the hidden field for the state (passed to the form, then passed back
// and therefore not stored on the server anyplace) is missing.
warn("The expected state from the server was \"" + asset.getState() + "\", but instead \"" + state + "\" was returned. Transaction aborted.");
throw new IllegalArgumentException("Error: The state returned by the server is invalid.");
}
ATResponse2 atResponse2 = oa2MPService.getAccessToken(asset, grant);
// ui = oa2MPService.getUserInfo(atResponse2.getAccessToken().getToken());
ui = oa2MPService.getUserInfo(identifier);
if (getCerts) {
assetResponse = oa2MPService.getCert(asset, atResponse2);
}
// The general case is to do the call with the identifier if you want the asset store managed.
// assetResponse = getOA4MPService().getCert(token, null, BasicIdentifier.newID(identifier));
}
// The work in this call
// Again, we take the first returned cert to peel off some information to display. This
// just proves we got a response.
info("2.b. Done! Displaying success page.");
if (getCerts) {
if (assetResponse.getX509Certificates() == null) {
request.setAttribute("certSubject", "(no cert returned)");
} else {
X509Certificate cert = assetResponse.getX509Certificates()[0];
// Rest of this is putting up something for the user to see
request.setAttribute("certSubject", cert.getSubjectDN());
request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
request.setAttribute("username", assetResponse.getUsername());
// FIX OAUTH-216. Note that this is displayed on the client's success page.
if (asset.getPrivateKey() != null) {
request.setAttribute("privateKey", KeyUtil.toPKCS1PEM(asset.getPrivateKey()));
} else {
request.setAttribute("privateKey", "(none)");
}
}
} else {
request.setAttribute("certSubject", "(no cert requested)");
}
if (ui != null) {
String output = JSONUtils.valueToString(ui.toJSon(), 4, 2);
request.setAttribute("userinfo", output);
} else {
request.setAttribute("userinfo", "no user info returned.");
}
// Fix in cases where the server request passes through Apache before going to Tomcat.
String contextPath = request.getContextPath();
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
request.setAttribute("action", contextPath);
info("2.a. Completely finished with delegation.");
JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
return;
}
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class CopyTool method getEnv.
protected ServiceEnvironmentImpl getEnv(String cfgFileOption, String cfgNameOption) {
if (getCommandLine().getOptionValue(SOURCE_CONFIG_NAME_OPTION).equals(getCommandLine().getOptionValue(TARGET_CONFIG_NAME_OPTION))) {
throw new MyConfigurationException("Error! You have specified that source and target as the same.");
}
String fileName = getCommandLine().getOptionValue(cfgFileOption);
if (fileName == null) {
fileName = getCommandLine().getOptionValue(SOURCE_CONFIG_FILE_OPTION);
}
String configName = getCommandLine().getOptionValue(cfgNameOption);
sayv("loading configuration \"" + (configName == null ? "(none)" : configName) + "\" from file " + fileName);
ConfigurationNode node = ConfigUtil.findConfiguration(fileName, getCommandLine().getOptionValue(cfgNameOption), OA4MPConfigTags.COMPONENT);
// override the logging in the configuration file, since that might be remote.
ConfigurationLoader loader = null;
setConfigurationNode(node);
try {
loader = getLoader();
} catch (Exception e) {
throw new GeneralException("Error: Could not get loader", e);
}
// new CILogonConfigurationLoader(node, getMyLogger());
ServiceEnvironmentImpl env = (ServiceEnvironmentImpl) loader.load();
return env;
}
Aggregations