Examples with NFWException edu.uiuc.ncsa.security.core.exceptions.NFWException used on opensource projects

Example 1 with NFWException

use of edu.uiuc.ncsa.security.core.exceptions.NFWException in project OA4MP by ncsa.

the class OA2MPService method preGetCert.

@Override
public void preGetCert(Asset asset, Map parameters) {
    super.preGetCert(asset, parameters);
    OA2Asset a = (OA2Asset) asset;
    parameters.put(ClientEnvironment.CERT_REQUEST_KEY, PEMFormatUtil.bytesToChunkedString(asset.getCertReq().getEncoded()));
    if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) {
        parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString());
    }
    if (0 <= getEnvironment().getCertLifetime()) {
        parameters.put(ClientEnvironment.CERT_LIFETIME_KEY, getEnvironment().getCertLifetime());
    }
    if (asset.getCertificates() != null) {
        // We have some, so restart the sequence to get more.
        MyPKCS10CertRequest certRequest = asset.getCertReq();
        KeyPair keyPair = null;
        if (certRequest == null) {
            // ok... generate a new keypair
            try {
                keyPair = KeyUtil.generateKeyPair();
            } catch (Throwable e) {
                String msg = "Unable to generate a new keypair.";
                getEnvironment().getMyLogger().warn(msg, e);
                if (e instanceof RuntimeException) {
                    throw (RuntimeException) e;
                }
                throw new GeneralException(msg, e);
            }
            asset.setPrivateKey(keyPair.getPrivate());
        } else {
            // need to public key.
            keyPair = new KeyPair(certRequest.getPublicKey(), asset.getPrivateKey());
        }
        if (asset.getPrivateKey() == null) {
            String msg = "Error: The private key is missing. The internal state of the asset is invalid";
            NFWException x = new NFWException((msg));
            getEnvironment().getMyLogger().warn(msg, x);
            throw x;
        }
        try {
            asset.setCertReq(CertUtil.createCertRequest(keyPair));
        } catch (Throwable t) {
            String msg = "Error: could not create cert request.";
            getEnvironment().getMyLogger().warn(msg, t);
            if (t instanceof RuntimeException) {
                throw (RuntimeException) t;
            }
            throw new GeneralException(msg, t);
        }
    }
}

Example 2 with NFWException

use of edu.uiuc.ncsa.security.core.exceptions.NFWException in project OA4MP by ncsa.

the class OA2AuthorizedServlet method CheckIdTokenHint.

/**
 * In this case, a previous request to the token endpoint returned an ID token. If this is sent to
 * this endpoint, we are to check that there is an active logon for the user (=there is a transaction
 * for that name here) and return a success but no body. Otherwise, we throw an exception.
 *
 * @param httpServletRequest
 * @param httpServletResponse
 * @param callback
 * @return
 */
protected boolean CheckIdTokenHint(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String callback) {
    if (!httpServletRequest.getParameterMap().containsKey(ID_TOKEN_HINT)) {
        return false;
    }
    UsernameFindable ufStore = null;
    String rawIDToken = String.valueOf(httpServletRequest.getParameterMap().get(ID_TOKEN_HINT));
    JSONObject idToken = null;
    try {
        idToken = JWTUtil.verifyAndReadJWT(rawIDToken, ((OA2SE) getServiceEnvironment()).getJsonWebKeys());
    } catch (Throwable e) {
        throw new GeneralException("Error: Cannot read ID token hint", e);
    }
    String state = httpServletRequest.getParameter(STATE);
    String username = null;
    if (idToken.containsKey(OA2Claims.SUBJECT)) {
        username = idToken.getString(OA2Claims.SUBJECT);
    } else {
    }
    try {
        ufStore = (UsernameFindable) getTransactionStore();
        OA2ServiceTransaction t = ufStore.getByUsername(username);
        if (t != null) {
            // Then there is a transaction, so the user authenticated successfully.
            if (idToken.containsKey(OA2Claims.AUDIENCE)) {
                if (!t.getClient().getIdentifierString().equals(idToken.getString(OA2Claims.AUDIENCE))) {
                    // The wrong client for this user is attempting the request. That is not allowed.
                    throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "Incorrect aud parameter in the ID token. This request is not supported on this server", state, callback);
                }
            } else {
                // The client that is associated with this user must be supplied.
                throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "No aud parameter in the ID token. This request is not supported on this server", state, callback);
            }
            httpServletResponse.setStatus(HttpStatus.SC_OK);
            // The spec does not state that anything is returned, just a positive response.
            return true;
        }
    } catch (IOException e) {
        // Really something is probably wrong with the class structure is this fails...
        throw new NFWException("Internal error: Could not cast the store to a username findable store.");
    }
    throw new OA2RedirectableError(OA2Errors.LOGIN_REQUIRED, "Login required.", state, callback);
}

Example 3 with NFWException

use of edu.uiuc.ncsa.security.core.exceptions.NFWException in project OA4MP by ncsa.

the class OA2ClientCheck method check.

/**
 * Note that all of the exceptions thrown here are because the callback cannot be verified, hence it is unclear
 * where the error is to be sent.
 * @param client
 * @param redirect
 */
public static void check(Client client, String redirect) {
    if (client == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no client id", HttpStatus.SC_BAD_REQUEST);
    }
    if (!(client instanceof OA2Client)) {
        throw new NFWException("Internal error: Client is not an OA2Client");
    }
    OA2Client oa2Client = (OA2Client) client;
    boolean foundCB = false;
    if (oa2Client.getCallbackURIs() == null) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "client has not registered any callback URIs", HttpStatus.SC_BAD_REQUEST);
    }
    for (String uri : oa2Client.getCallbackURIs()) {
        if (uri.equals(redirect)) {
            foundCB = true;
            break;
        }
    }
    if (!foundCB) {
        throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "The given redirect \"" + redirect + "\" is not valid for this client", HttpStatus.SC_BAD_REQUEST);
    // throw new GeneralException("Error: The given redirect is not valid for this client");
    }
}

Example 4 with NFWException

use of edu.uiuc.ncsa.security.core.exceptions.NFWException in project OA4MP by ncsa.

the class OA2UtilServlet method spitOutMessage.

/**
 * Prints a message to info (unless the message is null) and the returnedMessage is written to the response and closed.
 * Do not call the response's Writer after calling this message.
 *
 * @param resp
 * @param code
 * @param infoMessage
 * @throws Throwable
 */
protected void spitOutMessage(HttpServletResponse resp, int code, String infoMessage) throws Throwable {
    PrintWriter pw = resp.getWriter();
    JSONObject json = new JSONObject();
    if (infoMessage != null) {
        info(infoMessage);
    }
    switch(code) {
        case CODE_OK:
            json.put(STATUS_KEY, RESPONSE_OK);
            resp.setStatus(HttpStatus.SC_OK);
            break;
        case CODE_NO:
            json.put(STATUS_KEY, RESPONSE_FAIL);
            resp.setStatus(HttpStatus.SC_OK);
            break;
        case CODE_ERROR:
            json.put(STATUS_KEY, RESPONSE_ERROR);
            json.put(MESSAGE_KEY, infoMessage);
            resp.setStatus(HttpStatus.SC_NOT_FOUND);
            break;
        default:
            throw new NFWException("Internal error: unknown action requested");
    }
    pw.println(json.toString());
    pw.flush();
    pw.close();
}