Examples with TokenValidationException org.forgerock.openam.sts.TokenValidationException used on opensource projects

Example 11 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class SoapCertificateTokenValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    try {
        final String sessionId = authenticationHandler.authenticate(credential.getCertificates(), TokenType.X509);
        threadLocalAMTokenCache.cacheSessionIdForContext(validationInvocationContext, sessionId, invalidateAMSession);
        return credential;
    } catch (TokenValidationException e) {
        logger.error("Exception caught authenticating X509Certificate with OpenAM: " + e, e);
        throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, e.getMessage());
    }
}

Example 12 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class AuthenticationUrlProviderImpl method authenticationUrl.

@Override
public URL authenticationUrl(TokenTypeId tokenTypeId) throws TokenValidationException {
    String urlString;
    AuthTargetMapping.AuthTarget target = authTargetMapping.getAuthTargetMapping(tokenTypeId);
    if (target != null) {
        urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement, QUESTION_MARK, AUTH_INDEX_TYPE_PARAM, target.getAuthIndexType(), AMPERSAND, AUTH_INDEX_VALUE_PARAM, target.getAuthIndexValue());
    } else {
        urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement);
    }
    try {
        return new URL(urlString);
    } catch (MalformedURLException e) {
        throw new TokenValidationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
    }
}

Example 13 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class OpenIdConnectAuthenticationRequestDispatcher method dispatch.

@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, OpenIdConnectIdToken token) throws TokenValidationException {
    if (target == null) {
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
    }
    Object headerKey = target.getContext().get(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY);
    if (!(headerKey instanceof String)) {
        //checks both for null and String
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
    }
    try {
        Map<String, String> headerMap = new HashMap<>();
        headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
        headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
        headerMap.put((String) headerKey, token.getTokenValue());
        HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
        final int responseCode = connectionResult.getStatusCode();
        if (responseCode != HttpURLConnection.HTTP_OK) {
            throw new TokenValidationException(responseCode, "Non-200 response from posting OIDC token " + "to rest authN: " + connectionResult.getResult());
        } else {
            return connectionResult.getResult();
        }
    } catch (IOException e) {
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.INTERNAL_ERROR, "Exception caught posting OIDC token to rest authN: " + e, e);
    }
}

Example 14 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class RestUsernameTokenAuthenticationRequestDispatcher method dispatch.

@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, RestUsernameToken token) throws TokenValidationException {
    try {
        Map<String, String> headerMap = new HashMap<>();
        headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
        headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
        headerMap.put(AMSTSConstants.AM_REST_AUTHN_USERNAME_HEADER, new String(token.getUsername(), AMSTSConstants.UTF_8_CHARSET_ID));
        headerMap.put(AMSTSConstants.AM_REST_AUTHN_PASSWORD_HEADER, new String(token.getPassword(), AMSTSConstants.UTF_8_CHARSET_ID));
        HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
        final int responseCode = connectionResult.getStatusCode();
        if (responseCode != HttpURLConnection.HTTP_OK) {
            throw new TokenValidationException(responseCode, "Non-200 response from posting Username token " + "to rest authN: " + connectionResult.getResult());
        } else {
            return connectionResult.getResult();
        }
    } catch (IOException e) {
        throw new TokenValidationException(ResourceException.INTERNAL_ERROR, "Exception caught posting UsernameToken to rest authN: " + e, e);
    }
}

Example 15 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class TokenTranslateOperationImpl method translateToken.

@Override
@SuppressWarnings("unchecked")
public JsonValue translateToken(RestSTSTokenTranslationInvocationState invocationState, Context context) throws TokenMarshalException, TokenValidationException, TokenCreationException {
    TokenTypeId inputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getInputTokenState());
    TokenTypeId outputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getOutputTokenState());
    TokenTransform targetedTransform = null;
    for (TokenTransform transform : tokenTransforms) {
        if (transform.isTransformSupported(inputTokenType, outputTokenType)) {
            targetedTransform = transform;
            break;
        }
    }
    if (targetedTransform == null) {
        String message = "The desired transformation, from " + inputTokenType.getId() + " to " + outputTokenType.getId() + ", is not a supported token translation.";
        throw new TokenValidationException(ResourceException.BAD_REQUEST, message);
    }
    RestTokenTransformValidatorParameters<?> validatorParameters = tokenRequestMarshaller.buildTokenTransformValidatorParameters(invocationState.getInputTokenState(), context);
    RestTokenProviderParameters<?> providerParameters = tokenRequestMarshaller.buildTokenProviderParameters(inputTokenType, invocationState.getInputTokenState(), outputTokenType, invocationState.getOutputTokenState());
    return targetedTransform.transformToken(validatorParameters, providerParameters);
}