Example 6 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class ACS2Impl method verifyAndGet.
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
PAResponse par = (PAResponse) iResponse;
AccessToken accessToken = par.getAccessToken();
ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
if (t == null) {
throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
}
if (!t.isAccessTokenValid()) {
throw new GeneralException("Error: invalid access token. Request refused");
}
checkClientApproval(t.getClient());
checkTimestamp(accessToken.getToken());
return t;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
Example 7 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AccessTokenServlet method verifyAndGet.
@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
ATResponse atResponse = (ATResponse) iResponse;
Verifier verifier = atResponse.getVerifier();
debug("5.a. verifier = " + atResponse.getVerifier());
checkTimestamp(verifier.getToken());
ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(verifier);
if (transaction == null) {
throw new TransactionNotFoundException("No transaction found for verifier " + verifier);
}
checkClientApproval(transaction.getClient());
String cc = "client=" + transaction.getClient().getIdentifierString();
info("5.a. " + cc);
debug("5.a. grant valid=" + transaction.isAuthGrantValid() + ", at valid=" + transaction.isAccessTokenValid());
if (!transaction.isAuthGrantValid() || transaction.isAccessTokenValid()) {
String msg = "Error: the state of the transaction is invalid for auth grant " + transaction.getAuthorizationGrant();
warn(msg);
throw new GeneralException(msg);
}
return transaction;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
TransactionNotFoundException(edu.uiuc.ncsa.security.core.exceptions.TransactionNotFoundException)
Verifier(edu.uiuc.ncsa.security.delegation.token.Verifier)
ATResponse(edu.uiuc.ncsa.security.delegation.server.request.ATResponse)
Example 8 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class CertServlet method verifyAndGet.
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
PAResponse par = (PAResponse) iResponse;
AccessToken accessToken = par.getAccessToken();
ServiceTransaction t = (ServiceTransaction) getTransactionStore().get(accessToken);
if (t == null) {
throw new GeneralException("Error: no transaction found for access token \"" + accessToken + "\"");
}
if (!t.isAccessTokenValid()) {
throw new GeneralException("Error: invalid access token. Request refused");
}
checkClientApproval(t.getClient());
checkTimestamp(accessToken.getToken());
return t;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
PAResponse(edu.uiuc.ncsa.security.delegation.server.request.PAResponse)
Example 9 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class InitServlet method verifyAndGet.
@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
AGResponse agResponse = (AGResponse) iResponse;
Map<String, String> params = agResponse.getParameters();
ServiceTransaction transaction = newTransaction();
transaction.setAuthorizationGrant(agResponse.getGrant());
debug("creating transaction for trans id=" + transaction.getIdentifierString());
transaction.setAuthGrantValid(false);
transaction.setAccessTokenValid(false);
transaction.setCallback(URI.create(params.get(OAUTH_CALLBACK)));
MyPKCS10CertRequest certReq = null;
// Fix for CIL-409
if (!params.containsKey(CERT_REQUEST)) {
throw new GeneralException("Error: missing cert request parameter.");
}
String rawCR = params.get(CERT_REQUEST);
if (isEmpty(rawCR)) {
throw new GeneralException("Error: empty cert request.");
}
try {
certReq = CertUtil.fromStringToCertReq(rawCR);
} catch (Throwable throwable) {
throwable.printStackTrace();
throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
}
transaction.setCertReq(certReq);
// Assumption here is that the cert lifetime is in milliseconds
transaction.setLifetime(Long.parseLong(params.get(CERT_LIFETIME)));
return transaction;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AGResponse(edu.uiuc.ncsa.security.delegation.server.request.AGResponse)
MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)
Example 10 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class UserInfoServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
// The access token is sent in the authorization header and should look like
// Bearer oa4mp:...
AccessToken at = getAT(request);
ServiceTransaction transaction = (ServiceTransaction) getTransactionStore().get(at);
if (((OA2Client) transaction.getClient()).isPublicClient()) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "public client not authorized to access user information", HttpStatus.SC_UNAUTHORIZED);
}
if (transaction == null) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "no transaction for the access token was found.", HttpStatus.SC_BAD_REQUEST);
}
if (!transaction.isAccessTokenValid()) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "invalid access token.", HttpStatus.SC_BAD_REQUEST);
}
try {
checkTimestamp(at.getToken());
} catch (InvalidTimestampException itx) {
throw new OA2GeneralError(OA2Errors.INVALID_REQUEST, "token expired.", HttpStatus.SC_BAD_REQUEST);
}
OA2SE oa2SE = (OA2SE) getServiceEnvironment();
UII2 uis = new UII2(oa2SE.getTokenForge(), getServiceEnvironment().getServiceAddress());
UIIRequest2 uireq = new UIIRequest2(request, at);
uireq.setUsername(getUsername(transaction));
// Now we figure out which scope handler to use.
UIIResponse2 uiresp = (UIIResponse2) uis.process(uireq);
LinkedList<ClaimSource> claimSources = OA2ATServlet.setupScopeHandlers((OA2ServiceTransaction) transaction, oa2SE);
DebugUtil.dbg(this, "Invoking scope handler");
if (claimSources == null || claimSources.isEmpty()) {
DebugUtil.dbg(this, " ***** NO SCOPE HANDLERS ");
}
for (ClaimSource claimSource : claimSources) {
DebugUtil.dbg(this, " scope handler=" + claimSource.getClass().getSimpleName());
claimSource.process(uiresp.getUserInfo(), transaction);
}
uiresp.write(response);
}
Also used :
OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client)
OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
OA2SE(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)
AccessToken(edu.uiuc.ncsa.security.delegation.token.AccessToken)
UIIRequest2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIRequest2)
OA2GeneralError(edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)
InvalidTimestampException(edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)
UII2(edu.uiuc.ncsa.security.oauth_2_0.server.UII2)
ClaimSource(edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)
UIIResponse2(edu.uiuc.ncsa.security.oauth_2_0.server.UIIResponse2)
Aggregations
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)14
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)9
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)5
PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)4
AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4
AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)3
AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)2
ATResponse (edu.uiuc.ncsa.security.delegation.server.request.ATResponse)2
PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)2
Verifier (edu.uiuc.ncsa.security.delegation.token.Verifier)2
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)2
HashMap (java.util.HashMap)2
NoUsableMyProxyServerFoundException (edu.uiuc.ncsa.myproxy.NoUsableMyProxyServerFoundException)1
OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1
OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1
ConnectionException (edu.uiuc.ncsa.security.core.exceptions.ConnectionException)1
InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)1
TransactionNotFoundException (edu.uiuc.ncsa.security.core.exceptions.TransactionNotFoundException)1
UnapprovedClientException (edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)1
AGRequest (edu.uiuc.ncsa.security.delegation.server.request.AGRequest)1
