Search in sources :

Example 21 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class AbstractCLIApprover method doIt.

@Override
public void doIt() throws Exception {
    Set keys = se.getClientApprovalStore().keySet();
    LinkedList<ClientApproval> linkedList = new LinkedList<ClientApproval>();
    info("starting approval");
    int i = 0;
    for (Object k : keys) {
        ClientApproval ca = (ClientApproval) se.getClientApprovalStore().get(k);
        linkedList.add(ca);
        say((i++) + ". " + (ca.isApproved() ? "(A) " : "(D) ") + linkedList.getLast().getIdentifierString());
    }
    if (linkedList.isEmpty()) {
        say("(No entries found. You will need to manually enter the id.)");
    }
    boolean keepAsking = true;
    String inString;
    ClientApproval ca = null;
    while (keepAsking) {
        say("Enter the number of the client to approve or disapprove, OR, enter an id, starting with a " + ID_DELIMITER);
        inString = readline();
        if (inString.startsWith(ID_DELIMITER)) {
            ca = new ClientApproval(new BasicIdentifier(inString.substring(ID_DELIMITER.length())));
            keepAsking = false;
        } else {
            try {
                int index = Integer.parseInt(inString);
                if (0 <= index && index < linkedList.size()) {
                    ca = linkedList.get(index);
                    keepAsking = false;
                } else {
                    say("Sorry, that index is out of range. Try again.");
                }
            } catch (NumberFormatException xx) {
                boolean noInput = inString == null || inString.length() == 0;
                say("Woops. Didn't understand " + (noInput ? "(empty)" : "\"" + inString + "\"") + ". Try again.");
            }
        }
    }
    if (ca == null) {
        // future proof. Should never happen.
        warn("No client approval found. Aborting session");
        throw new GeneralException("Internal error: Somehow the client approval was not found. Fix that.");
    }
    Client client = (Client) se.getClientStore().get(ca.getIdentifier());
    if (client == null) {
        info("No client found for the given identifier. Aborting.");
        say("no client found for the id. You probably want to fix that.\nexiting...");
        return;
    } else {
        say("You have chosen the following client");
        say(formatClient(client));
    }
    say("Enter your approver name [" + ANONYMOUS + "]:");
    inString = readline();
    ca.setApproved(true);
    if (inString == null || 0 == inString.length()) {
        ca.setApprover(ANONYMOUS);
    } else {
        ca.setApprover(inString);
    }
    info("Approver is identifier as " + ca.getApprover());
    say("Enter Approve or Deny (A/D) [D]");
    inString = readline();
    if (inString != null && inString.toLowerCase().equals("a")) {
        ca.setApproved(true);
    }
    info("Approver " + (ca.isApproved() ? "denies" : "allows") + " approval.");
    say("Commit changes? (y/n)");
    inString = readline();
    if (!inString.toLowerCase().equals("y")) {
        info("Approval aborted manually. No changes saved.");
        say("You didn't explicitly say to save it -- operation aborted.\nexiting...");
        return;
    }
    // update timestamp to now.
    ca.setApprovalTimestamp(new Date());
    if (pollingDir != null) {
        // use polling
        File tempFile = File.createTempFile(TEMP_FILE_PREFIX, TEMP_FILE_SUFFIX, pollingDir);
        FileOutputStream fos = new FileOutputStream(tempFile);
        ObjectOutputStream oos = new ObjectOutputStream(fos);
        oos.writeObject(ca);
        fos.flush();
        fos.close();
    } else {
        // do the approval directly
        se.getClientApprovalStore().save(ca);
    }
    info("Approval for client with id \"" + ca.getIdentifierString() + "\" finished.");
}
Also used : Set(java.util.Set) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) LinkedList(java.util.LinkedList) Date(java.util.Date) ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval) Client(edu.uiuc.ncsa.security.delegation.storage.Client)

Example 22 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class PermissionServer method addClient.

/**
 * Adds a given client to the list of clients managed by this admin
 *
 * @param request
 * @return
 */
public PermissionResponse addClient(AddClientRequest request) {
    // request needs admin and client.
    // Check if there is one already -- don't fill up table with redundant permissions.
    Permission p = null;
    PermissionList pList = getPermissionStore().get(request.getAdminClient().getIdentifier(), request.getClient().getIdentifier());
    switch(pList.size()) {
        case 0:
            p = getPermissionStore().create();
            break;
        case 1:
            p = pList.get(0);
            break;
        default:
            throw new GeneralException("Internal error. Multiple permissiions entries found");
    }
    p.setAdminID(request.getAdminClient().getIdentifier());
    p.setClientID(request.getClient().getIdentifier());
    p.setApprove(true);
    p.setCreate(true);
    p.setDelete(true);
    p.setRead(true);
    p.setWrite(true);
    getPermissionStore().save(p);
    return new AddClientResponse();
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) PermissionList(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.PermissionList) Permission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)

Example 23 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class LDAPClaimsSource method handleException.

public void handleException(Throwable throwable) {
    if (throwable instanceof CommunicationException) {
        warn("Communication exception talking to LDAP.");
        return;
    }
    if (getCfg().isFailOnError()) {
        String subjectTemplate = "Error on ${host} contacting LDAP server";
        String messageTemplate = "The following error message was received attempting to contact the " + "LDAP server at ${ldap_host}:\n\n${message}\n\n. The operation did not complete.";
        Map<String, String> replacements = new HashMap<>();
        URI address = getOa2SE().getServiceAddress();
        String x = "localhost";
        if (address != null) {
            x = address.getHost();
        }
        replacements.put("host", x);
        replacements.put("ldap_host", getCfg().getServer());
        replacements.put("message", throwable.getMessage());
        if (getCfg().isNotifyOnFail()) {
            getOa2SE().getMailUtil().sendMessage(subjectTemplate, messageTemplate, replacements);
        }
        throw new GeneralException("Error: Could not communicate with LDAP server. \"" + throwable.getMessage() + "\"");
    }
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) CommunicationException(javax.naming.CommunicationException) HashMap(java.util.HashMap) URI(java.net.URI)

Example 24 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2CertServlet method getClient.

/**
 * This looks for the information about the client and checks the secret.
 *
 * @param req
 * @return
 */
@Override
public Client getClient(HttpServletRequest req) {
    String rawID = req.getParameter(CONST(CONSUMER_KEY));
    String rawSecret = getFirstParameterValue(req, CLIENT_SECRET);
    // According to the spec. this must be in a Basic Authz header if it is not sent as parameter
    List<String> basicTokens = HeaderUtils.getAuthHeader(req, "Basic");
    if (2 < basicTokens.size()) {
        // too many tokens to unscramble
        throw new OA2GeneralError(OA2Errors.INVALID_TOKEN, "Error: Too many authorization tokens.", HttpStatus.SC_UNAUTHORIZED);
    // throw new GeneralException("Too many authorization tokens");
    }
    if (rawID == null) {
        for (String x : basicTokens) {
            try {
                // Here is some detective work. We get up to TWO basic Authz headers with the id and secret.
                // Since ids are valid URIs the idea here is anything that is uri must be an id and the other
                // one is the secret. This also handles the case that one of these is sent as a parameter
                // in the call and the other is in the header.
                URI test = URI.create(x);
                // be the secret.
                if (test.getScheme() != null) {
                    rawID = x;
                } else {
                    rawSecret = x;
                }
            } catch (Throwable t) {
                if (rawSecret == null) {
                    rawSecret = x;
                }
            }
        }
    }
    if (rawID == null) {
        throw new UnknownClientException("No client id");
    }
    Identifier id = BasicIdentifier.newID(rawID);
    OA2Client client = (OA2Client) getClient(id);
    if (client.isPublicClient()) {
        throw new GeneralException("Error: public clients not supported for this operation.");
    }
    if (rawSecret == null) {
        throw new GeneralException("Error: No secret. request refused.");
    }
    if (!client.getSecret().equals(DigestUtils.shaHex(rawSecret))) {
        throw new GeneralException("Error: Secret is incorrect. request refused.");
    }
    return client;
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) BasicIdentifier(edu.uiuc.ncsa.security.core.util.BasicIdentifier) Identifier(edu.uiuc.ncsa.security.core.Identifier) GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) UnknownClientException(edu.uiuc.ncsa.security.core.exceptions.UnknownClientException) OA2GeneralError(edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError) URI(java.net.URI)

Example 25 with GeneralException

use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.

the class OA2CertServlet method getAccessToken.

@Override
protected AccessToken getAccessToken(HttpServletRequest request) {
    try {
        return getServiceEnvironment().getTokenForge().getAccessToken(request);
    } catch (Throwable t) {
    // this just means that the access token was not sent as a parameter. It
    // might have been sent as a bearer token.
    }
    List<String> bearerTokens = HeaderUtils.getAuthHeader(request, "Bearer");
    if (bearerTokens.isEmpty()) {
        throw new GeneralException("Error: no access token");
    }
    if (1 < bearerTokens.size()) {
        throw new GeneralException("Error: too many access tokens");
    }
    AccessToken at = getServiceEnvironment().getTokenForge().getAccessToken(bearerTokens.get(0));
    return at;
}
Also used : GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException) AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)

Aggregations

GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)53 ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)9 SQLException (java.sql.SQLException)8 Connection (java.sql.Connection)7 PreparedStatement (java.sql.PreparedStatement)7 ResultSet (java.sql.ResultSet)7 Identifier (edu.uiuc.ncsa.security.core.Identifier)5 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)5 MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)5 X509Certificate (java.security.cert.X509Certificate)5 AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)4 TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)4 AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4 AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)4 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)3 OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)3 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)3 File (java.io.File)3 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3