Search in sources :

Example 16 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class AbstractOA4MPService method requestCert.

protected OA4MPResponse requestCert(Asset asset, Map additionalParameters) {
    if (additionalParameters == null) {
        additionalParameters = new HashMap();
    }
    try {
        preRequestCert(asset, additionalParameters);
        OA4MPResponse mpdsResponse = new OA4MPResponse();
        mpdsResponse.setPrivateKey(asset.getPrivateKey());
        DelegationRequest daReq = new DelegationRequest();
        daReq.setParameters(additionalParameters);
        daReq.setClient(getEnvironment().getClient());
        daReq.setBaseUri(getEnvironment().getAuthorizationUri());
        DelegationResponse daResp = (DelegationResponse) getEnvironment().getDelegationService().process(daReq);
        if (daResp.getAuthorizationGrant() != null) {
            asset.setToken(BasicIdentifier.newID(daResp.getAuthorizationGrant().getToken()));
            if (asset.getIdentifier() == null) {
                asset.setIdentifier(makeb64Uri(daResp.getAuthorizationGrant().getToken().toString()));
            }
        }
        String skin = getEnvironment().getSkin();
        String r = daResp.getRedirectUri().toString();
        if (skin != null) {
            r = r + "&" + SKIN_PARAMETER + "=" + skin;
        }
        // FIXME!! For OAuth 2, how do we introduce the skin parameter if there is no rewriting of the url before
        // getting forwarded to an Authz module? Might have to send it across in the initial call.
        mpdsResponse.setRedirect(URI.create(r));
        getAssetStore().save(asset);
        postRequestCert(asset, mpdsResponse);
        return mpdsResponse;
    } catch (Throwable e) {
        if (e instanceof RuntimeException) {
            throw (RuntimeException) e;
        }
        throw new GeneralException("Error generating request", e);
    }
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) HashMap(java.util.HashMap) DelegationResponse(edu.uiuc.ncsa.security.delegation.client.request.DelegationResponse) Base64String(edu.uiuc.ncsa.security.util.pkcs.Base64String) DelegationRequest(edu.uiuc.ncsa.security.delegation.client.request.DelegationRequest)

Example 17 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class SimpleReadyServlet method doIt.

@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    // Get the cert itself. The server itself does a redirect using the callback to this servlet
    // (so it is the portal that actually is invoking this method after the authorization
    // step.) The token and verifier are peeled off and used
    // to complete the request.
    info("2.a. Getting token and verifier.");
    String token = request.getParameter(CONST(ClientEnvironment.TOKEN));
    String verifier = request.getParameter(CONST(ClientEnvironment.VERIFIER));
    if (token == null && verifier == null) {
        warn("2.a. The token is " + (token == null ? "null" : token) + " and the verifier is " + (verifier == null ? "null" : verifier));
        GeneralException ge = new GeneralException("Error: This servlet requires parameters for the token and possibly verifier.");
        request.setAttribute("exception", ge);
        JSPUtil.fwd(request, response, getCE().getErrorPagePath());
        return;
    }
    info("2.a Token found.");
    info("2.a. Getting the cert(s) from the service");
    String identifier = clearCookie(request, response);
    if (identifier == null) {
        Asset asset = getCE().getAssetStore().getByToken(BasicIdentifier.newID(token));
        if (asset != null) {
            identifier = asset.getIdentifierString();
        }
    }
    AssetResponse assetResponse = null;
    if (identifier == null) {
        // Since this is a demo servlet, we don't blow up if there is no identifier found, just can't save anything.
        String msg = "Error: no cookie found. Cannot save certificates";
        warn(msg);
        debug("No cookie found");
        assetResponse = getOA4MPService().getCert(token, verifier);
    } else {
        // The general case is to do the call with the identifier if you want the asset store managed.
        assetResponse = getOA4MPService().getCert(token, verifier, BasicIdentifier.newID(identifier));
    }
    // The work in this call
    // Again, we take the first returned cert to peel off some information to display. This
    // just proves we got a response.
    X509Certificate cert = assetResponse.getX509Certificates()[0];
    info("2.b. Done! Displaying success page.");
    // Rest of this is putting up something for the user to see
    request.setAttribute("certSubject", cert.getSubjectDN());
    request.setAttribute("cert", CertUtil.toPEM(assetResponse.getX509Certificates()));
    request.setAttribute("username", assetResponse.getUsername());
    // Fix in cases where the server request passes through Apache before going to Tomcat.
    String contextPath = request.getContextPath();
    if (!contextPath.endsWith("/")) {
        contextPath = contextPath + "/";
    }
    request.setAttribute("action", contextPath);
    info("2.a. Completely finished with delegation.");
    JSPUtil.fwd(request, response, getCE().getSuccessPagePath());
    return;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) Asset(edu.uiuc.ncsa.myproxy.oa4mp.client.Asset) AssetResponse(edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse) X509Certificate(java.security.cert.X509Certificate)

Example 18 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2ConfigurationLoader method createInstance.

@Override
public T createInstance() {
    try {
        initialize();
        T se = (T) new OA2SE(loggerProvider.get(), getTransactionStoreProvider(), getClientStoreProvider(), getMaxAllowedNewClientRequests(), getRTLifetime(), getClientApprovalStoreProvider(), getMyProxyFacadeProvider(), getMailUtilProvider(), getMP(), getAGIProvider(), getATIProvider(), getPAIProvider(), getTokenForgeProvider(), getConstants(), getAuthorizationServletConfig(), getUsernameTransformer(), getPingable(), getMpp(), getMacp(), getClientSecretLength(), getScopes(), getClaimSource(), getLdapConfiguration(), isRefreshTokenEnabled(), isTwoFactorSupportEnabled(), getMaxClientRefreshTokenLifetime(), getJSONWebKeys(), getIssuer(), getMLDAP(), isUtilServerEnabled());
        if (getClaimSource() instanceof BasicClaimsSourceImpl) {
            ((BasicClaimsSourceImpl) getClaimSource()).setOa2SE((OA2SE) se);
        }
        return se;
    } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
        throw new GeneralException("Error: Could not create the runtime environment", e);
    }
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) BasicClaimsSourceImpl(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicClaimsSourceImpl) OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)

Example 19 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2ConfigurationLoader method getClaimSource.

public ClaimSource getClaimSource() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
    DebugUtil.dbg(this, "Getting scope handler " + claimSource);
    if (claimSource == null) {
        // This gets the scopes if any and injects them into the scope handler.
        if (0 < cn.getChildrenCount(SCOPES)) {
            String scopeHandlerName = getFirstAttribute(Configurations.getFirstNode(cn, SCOPES), SCOPE_HANDLER);
            if (scopeHandlerName != null) {
                Class<?> k = Class.forName(scopeHandlerName);
                Object x = k.newInstance();
                if (!(x instanceof ClaimSource)) {
                    throw new GeneralException("The scope handler specified by the class name \"" + scopeHandlerName + "\" does not extend the ScopeHandler " + "interface and therefore cannot be used to handle scopes.");
                }
                claimSource = (ClaimSource) x;
            } else {
                info("Scope handler attribute found in configuration, but no value was found for it. Skipping custom loaded scope handling.");
            }
        }
        // no scopes element, so just use the basic handler.
        if (claimSource == null) {
            DebugUtil.dbg(this, "No server-wide configured Scope handler");
            if (getLdapConfiguration().isEnabled()) {
                DebugUtil.dbg(this, "   LDAP scope handler enabled, creating default");
                claimSource = new LDAPClaimsSource(getLdapConfiguration(), myLogger);
            } else {
                DebugUtil.dbg(this, "   LDAP scope handler disabled, creating basic");
                claimSource = new BasicClaimsSourceImpl();
            }
        }
        claimSource.setScopes(getScopes());
        DebugUtil.dbg(this, "   Actual scope handler = " + claimSource.getClass().getSimpleName());
    }
    return claimSource;
}
Also used : LDAPClaimsSource(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.LDAPClaimsSource) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) BasicClaimsSourceImpl(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.BasicClaimsSourceImpl) ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)

Example 20 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class ACS2Impl method verifyAndGet.

public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
    PAResponse par = (PAResponse) iResponse;
    AccessToken accessToken = par.getAccessToken();
    ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
    if (t == null) {
        throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
    }
    if (!t.isAccessTokenValid()) {
        throw new GeneralException("Error: invalid access token. Request refused");
    }
    checkClientApproval(t.getClient());
    checkTimestamp(accessToken.getToken());
    return t;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken) PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)

Aggregations

GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)53 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)9 SQLException (java.sql.SQLException)8 Connection (java.sql.Connection)7 PreparedStatement (java.sql.PreparedStatement)7 ResultSet (java.sql.ResultSet)7 Identifier (edu.uiuc.ncsa.security.core.Identifier)5 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)5 MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)5 X509Certificate (java.security.cert.X509Certificate)5 AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)4 TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)4 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4 AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)4 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)3 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)3 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)3 File (java.io.File)3 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3