Example 11 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method getProofTokenState.
private ProofTokenState getProofTokenState(JsonValue token) throws TokenMarshalException {
final SAML2TokenCreationState tokenState = SAML2TokenCreationState.fromJson(token);
final ProofTokenState proofTokenState = tokenState.getProofTokenState();
if (proofTokenState == null) {
throw new TokenMarshalException(ResourceException.BAD_REQUEST, "No ProofTokenState specified in the" + " SAML2TokenCreationState. The JsonValue: " + token);
} else {
return proofTokenState;
}
}
Also used :
SAML2TokenCreationState(org.forgerock.openam.sts.user.invocation.SAML2TokenCreationState)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
ProofTokenState(org.forgerock.openam.sts.user.invocation.ProofTokenState)
Example 12 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method createOpenIdConnectTokenProviderParameters.
private RestTokenProviderParameters<OpenIdConnectTokenCreationState> createOpenIdConnectTokenProviderParameters(final TokenTypeId inputTokenType, final JsonValue inputToken, final JsonValue desiredToken) throws TokenMarshalException {
org.forgerock.openam.sts.user.invocation.OpenIdConnectTokenCreationState userSpecifiedTokenCreationState = org.forgerock.openam.sts.user.invocation.OpenIdConnectTokenCreationState.fromJson(desiredToken);
if (!userSpecifiedTokenCreationState.getAllowAccess()) {
throw new TokenMarshalException(ResourceException.BAD_REQUEST, "The OpenIdConnectTokenCreation state must " + "indicate access to the caller's identity with a field of allow_access:true.");
}
final OpenIdConnectTokenCreationState openIdConnectTokenCreationState = new OpenIdConnectTokenCreationState(userSpecifiedTokenCreationState.getNonce(), System.currentTimeMillis() / 1000);
return new OpenIdConnectRestTokenProviderParameters(openIdConnectTokenCreationState, inputTokenType, inputToken);
}
Also used :
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
OpenIdConnectRestTokenProviderParameters(org.forgerock.openam.sts.rest.operation.translate.OpenIdConnectRestTokenProviderParameters)
OpenIdConnectTokenCreationState(org.forgerock.openam.sts.rest.token.provider.oidc.OpenIdConnectTokenCreationState)
Example 13 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class TokenRequestMarshallerImpl method buildSAML2IssuedTokenValidatorParameters.
private RestIssuedTokenValidatorParameters<SAML2TokenState> buildSAML2IssuedTokenValidatorParameters(JsonValue receivedToken) throws TokenMarshalException {
if (!receivedToken.get(AMSTSConstants.SAML2_TOKEN_KEY).isString()) {
String message = "Exception: json representation of a to-be-validated SAML2 token does not contain a " + AMSTSConstants.SAML2_TOKEN_KEY + " field containing the " + "to-be-validated token. The representation: " + receivedToken;
throw new TokenMarshalException(ResourceException.BAD_REQUEST, message);
} else {
final String tokenValue = receivedToken.get(AMSTSConstants.SAML2_TOKEN_KEY).asString();
final SAML2TokenState saml2TokenState = SAML2TokenState.builder().tokenValue(tokenValue).build();
return new RestIssuedTokenValidatorParameters<SAML2TokenState>() {
@Override
public SAML2TokenState getInputToken() {
return saml2TokenState;
}
};
}
}
Also used :
SAML2TokenState(org.forgerock.openam.sts.user.invocation.SAML2TokenState)
RestIssuedTokenValidatorParameters(org.forgerock.openam.sts.rest.token.validator.RestIssuedTokenValidatorParameters)
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
Example 14 with TokenMarshalException
use of org.forgerock.openam.sts.TokenMarshalException in project OpenAM by OpenRock.
the class SoapSamlTokenProvider method getProofTokenState.
/**
*
* @param tokenProviderParameters The TokenProviderParameters corresponding to the RST invocation
* @return The ProofTokenState necessary for HoK assertions.
* @throws AMSTSRuntimeException if the ProofTokenState cannot be obtained from the request, or the X509Certificate
* state cannot be successfully constructed.
*/
private ProofTokenState getProofTokenState(TokenProviderParameters tokenProviderParameters) throws AMSTSRuntimeException {
ReceivedKey receivedKey = tokenProviderParameters.getKeyRequirements().getReceivedKey();
X509Certificate certificate = receivedKey.getX509Cert();
if (certificate == null) {
String exceptionMessage = "The ReceivedKey instance in the KeyRequirements has a null X509Cert. Thus the " + "ProofTokenState necessary to consume the TokenGenerationService cannot be created.";
logger.error(exceptionMessage + " PublicKey in the ReceivedToken: " + receivedKey.getPublicKey());
throw new AMSTSRuntimeException(ResourceException.BAD_REQUEST, exceptionMessage);
}
try {
return ProofTokenState.builder().x509Certificate(certificate).build();
} catch (TokenMarshalException e) {
String message = "In SoapSamlTokenProvider#getAssertion, could not marshal X509Cert in ReceivedKey " + "into ProofTokenState: " + e;
logger.error(message, e);
throw new AMSTSRuntimeException(ResourceException.BAD_REQUEST, message);
}
}
Also used :
TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException)
AMSTSRuntimeException(org.forgerock.openam.sts.AMSTSRuntimeException)
ReceivedKey(org.apache.cxf.sts.request.ReceivedKey)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
TokenMarshalException (org.forgerock.openam.sts.TokenMarshalException)14
JsonValue (org.forgerock.json.JsonValue)3
RestTokenTransformValidatorParameters (org.forgerock.openam.sts.rest.token.validator.RestTokenTransformValidatorParameters)3
OpenIdConnectIdToken (org.forgerock.openam.sts.token.model.OpenIdConnectIdToken)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
X509Certificate (java.security.cert.X509Certificate)2
RestIssuedTokenCancellerParameters (org.forgerock.openam.sts.rest.token.canceller.RestIssuedTokenCancellerParameters)2
RestIssuedTokenValidatorParameters (org.forgerock.openam.sts.rest.token.validator.RestIssuedTokenValidatorParameters)2
SAML2TokenState (org.forgerock.openam.sts.user.invocation.SAML2TokenState)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
CertificateException (java.security.cert.CertificateException)1
CertificateFactory (java.security.cert.CertificateFactory)1
ReceivedKey (org.apache.cxf.sts.request.ReceivedKey)1
AMSTSRuntimeException (org.forgerock.openam.sts.AMSTSRuntimeException)1
TokenTypeId (org.forgerock.openam.sts.TokenTypeId)1
OpenIdConnectRestTokenProviderParameters (org.forgerock.openam.sts.rest.operation.translate.OpenIdConnectRestTokenProviderParameters)1
OpenIdConnectTokenCreationState (org.forgerock.openam.sts.rest.token.provider.oidc.OpenIdConnectTokenCreationState)1
SAML2SubjectConfirmation (org.forgerock.openam.sts.token.SAML2SubjectConfirmation)1
OpenAMSessionToken (org.forgerock.openam.sts.token.model.OpenAMSessionToken)1
RestUsernameToken (org.forgerock.openam.sts.token.model.RestUsernameToken)1
