Example 1 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method buildUsernameTokenTransformValidatorParameters.
private RestTokenTransformValidatorParameters<RestUsernameToken> buildUsernameTokenTransformValidatorParameters(JsonValue receivedToken) throws TokenMarshalException {
if (!receivedToken.get(AMSTSConstants.USERNAME_TOKEN_USERNAME).isString()) {
final String message = "Exception: json representation of UNT does not contain a username field. The representation: " + receivedToken;
throw new TokenMarshalException(ResourceException.BAD_REQUEST, message);
}
if (!receivedToken.get(AMSTSConstants.USERNAME_TOKEN_PASSWORD).isString()) {
final String message = "Exception: json representation of UNT does not contain a password field. The representation: \n" + receivedToken;
throw new TokenMarshalException(ResourceException.BAD_REQUEST, message);
}
final String username = receivedToken.get(AMSTSConstants.USERNAME_TOKEN_USERNAME).asString();
final String password = receivedToken.get(AMSTSConstants.USERNAME_TOKEN_PASSWORD).asString();
try {
final RestUsernameToken restUsernameToken = new RestUsernameToken(username.getBytes(AMSTSConstants.UTF_8_CHARSET_ID), password.getBytes(AMSTSConstants.UTF_8_CHARSET_ID));
return new RestTokenTransformValidatorParameters<RestUsernameToken>() {
@Override
public RestUsernameToken getInputToken() {
return restUsernameToken;
}
};
} catch (UnsupportedEncodingException e) {
throw new TokenMarshalException(ResourceException.INTERNAL_ERROR, "Unable to marshal username token state to strings: " + e.getMessage(), e);
}
}
Also used :
RestTokenTransformValidatorParameters(org.forgerock.openam.sts.rest.token.validator.RestTokenTransformValidatorParameters)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
RestUsernameToken(org.forgerock.openam.sts.token.model.RestUsernameToken)
Example 2 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method buildSAML2IssuedTokenCancellerParameters.
private RestIssuedTokenCancellerParameters<SAML2TokenState> buildSAML2IssuedTokenCancellerParameters(JsonValue receivedToken) throws TokenMarshalException {
if (!receivedToken.get(AMSTSConstants.SAML2_TOKEN_KEY).isString()) {
String message = "Exception: json representation of a to-be-cancelled SAML2 token does not contain a " + AMSTSConstants.SAML2_TOKEN_KEY + " field containing the " + "to-be-cancelled token. The representation: " + receivedToken;
throw new TokenMarshalException(ResourceException.BAD_REQUEST, message);
} else {
final String tokenValue = receivedToken.get(AMSTSConstants.SAML2_TOKEN_KEY).asString();
final SAML2TokenState saml2TokenState = SAML2TokenState.builder().tokenValue(tokenValue).build();
return new RestIssuedTokenCancellerParameters<SAML2TokenState>() {
@Override
public SAML2TokenState getInputToken() {
return saml2TokenState;
}
};
}
}
Also used :
SAML2TokenState(org.forgerock.openam.sts.user.invocation.SAML2TokenState)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
RestIssuedTokenCancellerParameters(org.forgerock.openam.sts.rest.token.canceller.RestIssuedTokenCancellerParameters)
Example 3 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method pullClientCertFromHeader.
private X509Certificate[] pullClientCertFromHeader(HttpContext httpContext) throws TokenMarshalException {
List<String> clientCertHeader = httpContext.getHeader(offloadedTlsClientCertKey);
if (clientCertHeader.isEmpty()) {
return null;
} else {
int ndx = 0;
X509Certificate[] certificates = new X509Certificate[clientCertHeader.size()];
final CertificateFactory certificateFactory;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
throw new TokenMarshalException(ResourceException.INTERNAL_ERROR, "Exception caught creating X.509 CertificateFactory: " + e, e);
}
for (String headerCertValue : clientCertHeader) {
try {
certificates[ndx++] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(headerCertValue.getBytes(AMSTSConstants.UTF_8_CHARSET_ID))));
} catch (CertificateException | UnsupportedEncodingException e) {
throw new TokenMarshalException(ResourceException.BAD_REQUEST, "Exception caught marshalling X509 cert from value set in " + offloadedTlsClientCertKey + " header: " + e, e);
}
}
return certificates;
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method buildOpenIdConnectIdTokenTransformValidatorParameters.
private RestTokenTransformValidatorParameters<OpenIdConnectIdToken> buildOpenIdConnectIdTokenTransformValidatorParameters(JsonValue receivedToken) throws TokenMarshalException {
if (!receivedToken.get(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_KEY).isString()) {
String message = "Exception: json representation of Open ID Connect ID Token does not contain a " + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_KEY + " field. The representation: " + receivedToken;
throw new TokenMarshalException(ResourceException.BAD_REQUEST, message);
} else {
final String tokenValue = receivedToken.get(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_KEY).asString();
final OpenIdConnectIdToken openIdConnectIdToken = new OpenIdConnectIdToken(tokenValue);
return new RestTokenTransformValidatorParameters<OpenIdConnectIdToken>() {
@Override
public OpenIdConnectIdToken getInputToken() {
return openIdConnectIdToken;
}
};
}
}
Also used :
RestTokenTransformValidatorParameters(org.forgerock.openam.sts.rest.token.validator.RestTokenTransformValidatorParameters)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
OpenIdConnectIdToken(org.forgerock.openam.sts.token.model.OpenIdConnectIdToken)
Example 5 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class OpenAMTokenState method fromJson.
public static OpenAMTokenState fromJson(JsonValue jsonValue) throws TokenMarshalException {
if (!jsonValue.get(AMSTSConstants.TOKEN_TYPE_KEY).isString() || !TokenType.OPENAM.name().equals(jsonValue.get(AMSTSConstants.TOKEN_TYPE_KEY).asString())) {
throw new TokenMarshalException(ResourceException.INTERNAL_ERROR, "passed-in jsonValue does not have " + AMSTSConstants.TOKEN_TYPE_KEY + " field which matches the OpenAM token type: " + jsonValue);
}
final JsonValue jsonSessionId = jsonValue.get(AMSTSConstants.AM_SESSION_TOKEN_SESSION_ID);
if (jsonSessionId.isNull()) {
throw new TokenMarshalException(ResourceException.INTERNAL_ERROR, "passed-in jsonValue does not have " + AMSTSConstants.AM_SESSION_TOKEN_SESSION_ID + " field: " + jsonValue);
}
final String sessionId = jsonSessionId.asString();
if (sessionId.isEmpty()) {
throw new TokenMarshalException(ResourceException.INTERNAL_ERROR, "passed-in jsonValue does not have a non-empty " + AMSTSConstants.AM_SESSION_TOKEN_SESSION_ID + " field: " + jsonValue);
}
return OpenAMTokenState.builder().sessionId(sessionId).build();
}
Also used :
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
JsonValue(org.forgerock.json.JsonValue)
Aggregations
TokenMarshalException (org.forgerock.openam.sts.TokenMarshalException)14
JsonValue (org.forgerock.json.JsonValue)3
RestTokenTransformValidatorParameters (org.forgerock.openam.sts.rest.token.validator.RestTokenTransformValidatorParameters)3
OpenIdConnectIdToken (org.forgerock.openam.sts.token.model.OpenIdConnectIdToken)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
X509Certificate (java.security.cert.X509Certificate)2
RestIssuedTokenCancellerParameters (org.forgerock.openam.sts.rest.token.canceller.RestIssuedTokenCancellerParameters)2
RestIssuedTokenValidatorParameters (org.forgerock.openam.sts.rest.token.validator.RestIssuedTokenValidatorParameters)2
SAML2TokenState (org.forgerock.openam.sts.user.invocation.SAML2TokenState)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
CertificateException (java.security.cert.CertificateException)1
CertificateFactory (java.security.cert.CertificateFactory)1
ReceivedKey (org.apache.cxf.sts.request.ReceivedKey)1
AMSTSRuntimeException (org.forgerock.openam.sts.AMSTSRuntimeException)1
TokenTypeId (org.forgerock.openam.sts.TokenTypeId)1
OpenIdConnectRestTokenProviderParameters (org.forgerock.openam.sts.rest.operation.translate.OpenIdConnectRestTokenProviderParameters)1
OpenIdConnectTokenCreationState (org.forgerock.openam.sts.rest.token.provider.oidc.OpenIdConnectTokenCreationState)1
SAML2SubjectConfirmation (org.forgerock.openam.sts.token.SAML2SubjectConfirmation)1
OpenAMSessionToken (org.forgerock.openam.sts.token.model.OpenAMSessionToken)1
RestUsernameToken (org.forgerock.openam.sts.token.model.RestUsernameToken)1
