Example 1 with AGResponse
use of edu.uiuc.ncsa.security.delegation.server.request.AGResponse in project OA4MP by ncsa.
the class AbstractInitServlet method doDelegation.
/**
* Actual work call. This parses and returns the passed in parameters.
*
* @param req
* @param resp
* @return
* @throws java.io.IOException
* @throws javax.servlet.ServletException
*/
protected void doDelegation(HttpServletRequest req, HttpServletResponse resp) throws Throwable {
Client client = getClient(req);
try {
String cid = "client=" + client.getIdentifier();
info("2.a. Starting a new cert request: " + cid);
checkClientApproval(client);
AGResponse agResponse = (AGResponse) getAGI().process(new AGRequest(req, client));
agResponse.setClient(client);
ServiceTransaction transaction = verifyAndGet(agResponse);
transaction.setClient(client);
getTransactionStore().save(transaction);
info("Saved new transaction with id=" + transaction.getIdentifierString());
Map<String, String> params = agResponse.getParameters();
preprocess(new TransactionState(req, resp, params, transaction));
debug("saved transaction for " + cid + ", trans id=" + transaction.getIdentifierString());
agResponse.write(resp);
info("2.b finished initial request for token =\"" + transaction.getIdentifierString() + "\".");
postprocess(new IssuerTransactionState(req, resp, params, transaction, agResponse));
} catch (Throwable t) {
if (t instanceof UnapprovedClientException) {
warn("Unapproved client: " + client.getIdentifierString());
}
throw t;
}
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
AGRequest(edu.uiuc.ncsa.security.delegation.server.request.AGRequest)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AGResponse(edu.uiuc.ncsa.security.delegation.server.request.AGResponse)
UnapprovedClientException(edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)
Client(edu.uiuc.ncsa.security.delegation.storage.Client)
Example 2 with AGResponse
use of edu.uiuc.ncsa.security.delegation.server.request.AGResponse in project OA4MP by ncsa.
the class InitServlet method verifyAndGet.
@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException {
AGResponse agResponse = (AGResponse) iResponse;
Map<String, String> params = agResponse.getParameters();
ServiceTransaction transaction = newTransaction();
transaction.setAuthorizationGrant(agResponse.getGrant());
debug("creating transaction for trans id=" + transaction.getIdentifierString());
transaction.setAuthGrantValid(false);
transaction.setAccessTokenValid(false);
transaction.setCallback(URI.create(params.get(OAUTH_CALLBACK)));
MyPKCS10CertRequest certReq = null;
// Fix for CIL-409
if (!params.containsKey(CERT_REQUEST)) {
throw new GeneralException("Error: missing cert request parameter.");
}
String rawCR = params.get(CERT_REQUEST);
if (isEmpty(rawCR)) {
throw new GeneralException("Error: empty cert request.");
}
try {
certReq = CertUtil.fromStringToCertReq(rawCR);
} catch (Throwable throwable) {
throwable.printStackTrace();
throw new GeneralException("Error: cert request is bad/not understandable:" + (rawCR == null ? "(null)" : rawCR), throwable);
}
transaction.setCertReq(certReq);
// Assumption here is that the cert lifetime is in milliseconds
transaction.setLifetime(Long.parseLong(params.get(CERT_LIFETIME)));
return transaction;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AGResponse(edu.uiuc.ncsa.security.delegation.server.request.AGResponse)
MyPKCS10CertRequest(edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)
Example 3 with AGResponse
use of edu.uiuc.ncsa.security.delegation.server.request.AGResponse in project OA4MP by ncsa.
the class OA2AuthorizedServlet method verifyAndGet.
@Override
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws UnsupportedEncodingException {
AGResponse agResponse = (AGResponse) iResponse;
Map<String, String> params = agResponse.getParameters();
// Since the state (if present) has to be returned with any error message, we have to see if there is one
// there first.
String state = null;
if (params.containsKey(STATE)) {
state = params.get(STATE);
}
// Spec says that the redirect must match one of the ones stored and if not, the request is rejected.
String givenRedirect = params.get(REDIRECT_URI);
OA2ClientCheck.check(agResponse.getClient(), givenRedirect);
// by this point it has been verified that the redirect uri is valid.
String rawSecret = params.get(CLIENT_SECRET);
if (rawSecret != null) {
info("Client is sending secret in initial request. Though not forbidden by the protocol this is discouraged.");
if (!agResponse.getClient().getSecret().equals(rawSecret)) {
info("And for what it is worth, the client sent along an incorrect secret too...");
}
}
String nonce = params.get(NONCE);
// FIX for OAUTH-180. Server must support clients that do not use a nonce. Just log it and rock on.
if (nonce == null || nonce.length() == 0) {
info("No nonce in initial request for " + ((AGResponse) iResponse).getClient().getIdentifierString());
} else {
// Don't check it, just store it and return it later.
NonceHerder.putNonce(nonce);
}
if (params.containsKey(DISPLAY)) {
if (!params.get(DISPLAY).equals(DISPLAY_PAGE)) {
throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "Only " + DISPLAY + "=" + DISPLAY_PAGE + " is supported", state, givenRedirect);
}
}
OA2ServiceTransaction st = createNewTransaction(agResponse.getGrant());
info("Created new unsaved transaction with id=" + st.getIdentifierString());
ArrayList<String> scopes = resolveScopes(st, params, state, givenRedirect);
st.setScopes(scopes);
st.setAuthGrantValid(false);
st.setAccessTokenValid(false);
st.setCallback(URI.create(params.get(REDIRECT_URI)));
// fine if the nonce is null or empty, just set what they sent.
st.setNonce(nonce);
// in all subsequent attempts. Since all requests have an expiration date, this parameter is redundant in any case.
if (agResponse.getParameters().containsKey(OA2Constants.MAX_AGE)) {
throw new OA2RedirectableError(OA2Errors.INVALID_REQUEST, "The " + OA2Constants.MAX_AGE + " parameter is not supported at this time.", state, givenRedirect);
}
// Store the callback the user needs to use for this request, since the spec allows for many.
// and now check for a bunch of stuff that might fail.
checkPrompts(params);
if (params.containsKey(REQUEST)) {
throw new OA2RedirectableError(OA2Errors.REQUEST_NOT_SUPPORTED, "The \"request\" parameter is not supported on this server", state, givenRedirect);
}
if (params.containsKey(REQUEST_URI)) {
throw new OA2RedirectableError(OA2Errors.REQUEST_URI_NOT_SUPPORTED, "The \"request_uri\" parameter is not supported on this server", state, givenRedirect);
}
return st;
}
Also used :
AGResponse(edu.uiuc.ncsa.security.delegation.server.request.AGResponse)
OA2ServiceTransaction(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)
Aggregations
AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)3
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)2
OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1
UnapprovedClientException (edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)1
AGRequest (edu.uiuc.ncsa.security.delegation.server.request.AGRequest)1
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)1
Client (edu.uiuc.ncsa.security.delegation.storage.Client)1
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)1
