Example 36 with GeneralException
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class LDAPSQLStore method getByClientID.
@Override
public LDAPEntry getByClientID(Identifier clientID) {
Connection c = getConnection();
LDAPEntryKeys keys = new LDAPEntryKeys();
V newOne = null;
try {
PreparedStatement stmt = c.prepareStatement("select * from " + getTable().getFQTablename() + " where " + keys.clientID() + "=?");
stmt.setString(1, clientID.toString());
// just execute() since executeQuery(x) would throw an exception regardless of content per JDBC spec.
stmt.execute();
ResultSet rs = stmt.getResultSet();
while (rs.next()) {
newOne = create();
ColumnMap map = rsToMap(rs);
populate(map, newOne);
}
rs.close();
stmt.close();
} catch (SQLException e) {
destroyConnection(c);
throw new GeneralException("Error: could not get database object", e);
} finally {
releaseConnection(c);
}
return newOne;
}
Also used :
ColumnMap(edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 37 with GeneralException
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2AuthorizedServlet method CheckIdTokenHint.
/**
* In this case, a previous request to the token endpoint returned an ID token. If this is sent to
* this endpoint, we are to check that there is an active logon for the user (=there is a transaction
* for that name here) and return a success but no body. Otherwise, we throw an exception.
*
* @param httpServletRequest
* @param httpServletResponse
* @param callback
* @return
*/
protected boolean CheckIdTokenHint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String callback) {
if (!httpServletRequest.getParameterMap().containsKey(ID_TOKEN_HINT)) {
return false;
}
UsernameFindable ufStore = null;
String rawIDToken = String.valueOf(httpServletRequest.getParameterMap().get(ID_TOKEN_HINT));
JSONObject idToken = null;
try {
idToken = JWTUtil.verifyAndReadJWT(rawIDToken, ((OA2SE) getServiceEnvironment()).getJsonWebKeys());
} catch (Throwable e) {
throw new GeneralException("Error: Cannot read ID token hint", e);
}
String state = httpServletRequest.getParameter(STATE);
String username = null;
if (idToken.containsKey(OA2Claims.SUBJECT)) {
username = idToken.getString(OA2Claims.SUBJECT);
} else {
}
try {
ufStore = (UsernameFindable) getTransactionStore();
OA2ServiceTransaction t = ufStore.getByUsername(username);
if (t != null) {
// Then there is a transaction, so the user authenticated successfully.
if (idToken.containsKey(OA2Claims.AUDIENCE)) {
if (!t.getClient().getIdentifierString().equals(idToken.getString(OA2Claims.AUDIENCE))) {
// The wrong client for this user is attempting the request. That is not allowed.
throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "Incorrect aud parameter in the ID token. This request is not supported on this server", state, callback);
}
} else {
// The client that is associated with this user must be supplied.
throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "No aud parameter in the ID token. This request is not supported on this server", state, callback);
}
httpServletResponse.setStatus(HttpStatus.SC_OK);
// The spec does not state that anything is returned, just a positive response.
return true;
}
} catch (IOException e) {
// Really something is probably wrong with the class structure is this fails...
throw new NFWException("Internal error: Could not cast the store to a username findable store.");
}
throw new OA2RedirectableError(OA2Errors.LOGIN_REQUIRED, "Login required.", state, callback);
}
Also used :
NFWException(edu.uiuc.ncsa.security.core.exceptions.NFWException)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
JSONObject(net.sf.json.JSONObject)
OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)
UsernameFindable(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.storage.UsernameFindable)
OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)
IOException(java.io.IOException)
Example 38 with GeneralException
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2CertServlet method doRealCertRequest.
@Override
protected void doRealCertRequest(ServiceTransaction trans, String statusString) throws Throwable {
// CIL-243: binding the CR's DN to the user name. Uncomment if we ever decide to do this \
/*
if (trans.getCertReq().getCN()==null || (!trans.getUsername().equals(trans.getCertReq().getCN()))) { // CN can be null
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "The common name on the cert request is \"" +
trans.getCertReq().getCN() +
"\" which does not match the username \"" + trans.getUsername() + "\"", HttpStatus.SC_BAD_REQUEST);
}
*/
OA2ServiceTransaction st = (OA2ServiceTransaction) trans;
OA2SE oa2SE = (OA2SE) getServiceEnvironment();
if (!oa2SE.isTwoFactorSupportEnabled()) {
checkMPConnection(st);
} else {
// and for all.
if (!getMyproxyConnectionCache().containsKey(st.getIdentifier())) {
throw new GeneralException("No cached my proxy object with identifier " + st.getIdentifierString());
}
MPSingleConnectionProvider.MyProxyLogonConnection mpc = (MPSingleConnectionProvider.MyProxyLogonConnection) getMyproxyConnectionCache().get(st.getIdentifier()).getValue();
// not done promptly by the user.
if (mpc.getMyProxyLogon() instanceof MyMyProxyLogon) {
MyMyProxyLogon myProxyLogon = (MyMyProxyLogon) mpc.getMyProxyLogon();
getMyproxyConnectionCache().remove(mpc.getIdentifier());
createMPConnection(trans.getIdentifier(), myProxyLogon.getUsername(), myProxyLogon.getPassphrase(), trans.getLifetime());
}
}
doCertRequest(st, statusString);
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)
OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)
MPSingleConnectionProvider(edu.uiuc.ncsa.myproxy.MPSingleConnectionProvider)
MyMyProxyLogon(edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.AbstractAuthorizationServlet.MyMyProxyLogon)
Example 39 with GeneralException
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2CertServlet method verifyAndGet.
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
PAIResponse2 par = (PAIResponse2) iResponse;
AccessToken accessToken = par.getAccessToken();
OA2ServiceTransaction t = (OA2ServiceTransaction) getTransactionStore().get(accessToken);
// an HTTP status code of 200 with no other information.
if (t == null) {
throw new GeneralException("Invalid access token. Request refused");
}
if (!t.getScopes().contains(OA2Scopes.SCOPE_MYPROXY)) {
// Note that this requires a state, but none is sent in the OA4MP cert request.
throw new GeneralException("Certificate request is not in scope.");
}
if (t == null) {
throw new GeneralException("No transaction found for access token \"" + accessToken + "\"");
}
if (!t.isAccessTokenValid()) {
throw new GeneralException("Invalid access token. Request refused");
}
checkClientApproval(t.getClient());
// Access tokens must be valid in order to get a cert. If the token is invalid, the user must
// get a valid one using the refresh token.
checkTimestamp(accessToken.getToken());
return t;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)
PAIResponse2(edu.uiuc.ncsa.security.oauth_2_0.server.PAIResponse2)
Example 40 with GeneralException
use of edu.uiuc.ncsa.security.core.exceptions.GeneralException in project OA4MP by ncsa.
the class OA2ConfigurationLoader method getJSONWebKeys.
protected JSONWebKeys getJSONWebKeys() {
ConfigurationNode node = getFirstNode(cn, "JSONWebKey");
if (node == null) {
warn("Error: No signing keys in the configuration file. Signing is not available");
// throw new IllegalStateException();
return new JSONWebKeys(null);
}
// if the whole thing is included
String json = getNodeValue(node, "json", null);
JSONWebKeys keys = null;
try {
if (json != null) {
keys = JSONWebKeyUtil.fromJSON(json);
}
// points to a file that contains it all
String path = getNodeValue(node, "path", null);
if (path != null) {
keys = JSONWebKeyUtil.fromJSON(new File(path));
}
} catch (Throwable t) {
throw new GeneralException("Error reading signing keys", t);
}
if (keys == null) {
throw new IllegalStateException("Error: Could not load signing keys");
}
keys.setDefaultKeyID(getFirstAttribute(node, "defaultKeyID"));
return keys;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ConfigurationNode(org.apache.commons.configuration.tree.ConfigurationNode)
JSONWebKeys(edu.uiuc.ncsa.security.util.jwk.JSONWebKeys)
File(java.io.File)
Aggregations
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)53
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)9
SQLException (java.sql.SQLException)8
Connection (java.sql.Connection)7
PreparedStatement (java.sql.PreparedStatement)7
ResultSet (java.sql.ResultSet)7
Identifier (edu.uiuc.ncsa.security.core.Identifier)5
BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)5
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)5
X509Certificate (java.security.cert.X509Certificate)5
AssetResponse (edu.uiuc.ncsa.myproxy.oa4mp.client.AssetResponse)4
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)4
AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4
AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)4
OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)3
OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)3
ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)3
File (java.io.File)3
IOException (java.io.IOException)3
HashMap (java.util.HashMap)3
