Search in sources :

Example 11 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class SoapCertificateTokenValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    try {
        final String sessionId = authenticationHandler.authenticate(credential.getCertificates(), TokenType.X509);
        threadLocalAMTokenCache.cacheSessionIdForContext(validationInvocationContext, sessionId, invalidateAMSession);
        return credential;
    } catch (TokenValidationException e) {
        logger.error("Exception caught authenticating X509Certificate with OpenAM: " + e, e);
        throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, e.getMessage());
    }
}
Also used : WSSecurityException(org.apache.ws.security.WSSecurityException) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Example 12 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class AuthenticationUrlProviderImpl method authenticationUrl.

@Override
public URL authenticationUrl(TokenTypeId tokenTypeId) throws TokenValidationException {
    String urlString;
    AuthTargetMapping.AuthTarget target = authTargetMapping.getAuthTargetMapping(tokenTypeId);
    if (target != null) {
        urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement, QUESTION_MARK, AUTH_INDEX_TYPE_PARAM, target.getAuthIndexType(), AMPERSAND, AUTH_INDEX_VALUE_PARAM, target.getAuthIndexValue());
    } else {
        urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement);
    }
    try {
        return new URL(urlString);
    } catch (MalformedURLException e) {
        throw new TokenValidationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) URL(java.net.URL) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Example 13 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class OpenIdConnectAuthenticationRequestDispatcher method dispatch.

@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, OpenIdConnectIdToken token) throws TokenValidationException {
    if (target == null) {
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
    }
    Object headerKey = target.getContext().get(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY);
    if (!(headerKey instanceof String)) {
        //checks both for null and String
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
    }
    try {
        Map<String, String> headerMap = new HashMap<>();
        headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
        headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
        headerMap.put((String) headerKey, token.getTokenValue());
        HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
        final int responseCode = connectionResult.getStatusCode();
        if (responseCode != HttpURLConnection.HTTP_OK) {
            throw new TokenValidationException(responseCode, "Non-200 response from posting OIDC token " + "to rest authN: " + connectionResult.getResult());
        } else {
            return connectionResult.getResult();
        }
    } catch (IOException e) {
        throw new TokenValidationException(org.forgerock.json.resource.ResourceException.INTERNAL_ERROR, "Exception caught posting OIDC token to rest authN: " + e, e);
    }
}
Also used : HashMap(java.util.HashMap) HttpURLConnectionWrapper(org.forgerock.openam.sts.HttpURLConnectionWrapper) IOException(java.io.IOException) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Example 14 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class RestUsernameTokenAuthenticationRequestDispatcher method dispatch.

@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, RestUsernameToken token) throws TokenValidationException {
    try {
        Map<String, String> headerMap = new HashMap<>();
        headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
        headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
        headerMap.put(AMSTSConstants.AM_REST_AUTHN_USERNAME_HEADER, new String(token.getUsername(), AMSTSConstants.UTF_8_CHARSET_ID));
        headerMap.put(AMSTSConstants.AM_REST_AUTHN_PASSWORD_HEADER, new String(token.getPassword(), AMSTSConstants.UTF_8_CHARSET_ID));
        HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
        final int responseCode = connectionResult.getStatusCode();
        if (responseCode != HttpURLConnection.HTTP_OK) {
            throw new TokenValidationException(responseCode, "Non-200 response from posting Username token " + "to rest authN: " + connectionResult.getResult());
        } else {
            return connectionResult.getResult();
        }
    } catch (IOException e) {
        throw new TokenValidationException(ResourceException.INTERNAL_ERROR, "Exception caught posting UsernameToken to rest authN: " + e, e);
    }
}
Also used : HashMap(java.util.HashMap) HttpURLConnectionWrapper(org.forgerock.openam.sts.HttpURLConnectionWrapper) IOException(java.io.IOException) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Example 15 with TokenValidationException

use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.

the class TokenTranslateOperationImpl method translateToken.

@Override
@SuppressWarnings("unchecked")
public JsonValue translateToken(RestSTSTokenTranslationInvocationState invocationState, Context context) throws TokenMarshalException, TokenValidationException, TokenCreationException {
    TokenTypeId inputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getInputTokenState());
    TokenTypeId outputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getOutputTokenState());
    TokenTransform targetedTransform = null;
    for (TokenTransform transform : tokenTransforms) {
        if (transform.isTransformSupported(inputTokenType, outputTokenType)) {
            targetedTransform = transform;
            break;
        }
    }
    if (targetedTransform == null) {
        String message = "The desired transformation, from " + inputTokenType.getId() + " to " + outputTokenType.getId() + ", is not a supported token translation.";
        throw new TokenValidationException(ResourceException.BAD_REQUEST, message);
    }
    RestTokenTransformValidatorParameters<?> validatorParameters = tokenRequestMarshaller.buildTokenTransformValidatorParameters(invocationState.getInputTokenState(), context);
    RestTokenProviderParameters<?> providerParameters = tokenRequestMarshaller.buildTokenProviderParameters(inputTokenType, invocationState.getInputTokenState(), outputTokenType, invocationState.getOutputTokenState());
    return targetedTransform.transformToken(validatorParameters, providerParameters);
}
Also used : TokenTypeId(org.forgerock.openam.sts.TokenTypeId) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Aggregations

TokenValidationException (org.forgerock.openam.sts.TokenValidationException)17 IOException (java.io.IOException)7 HttpURLConnectionWrapper (org.forgerock.openam.sts.HttpURLConnectionWrapper)7 HashMap (java.util.HashMap)6 URL (java.net.URL)3 WSSecurityException (org.apache.ws.security.WSSecurityException)3 JsonException (org.forgerock.json.JsonException)2 JsonValue (org.forgerock.json.JsonValue)2 TokenTypeId (org.forgerock.openam.sts.TokenTypeId)2 MalformedURLException (java.net.MalformedURLException)1 Principal (java.security.Principal)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 X509Certificate (java.security.cert.X509Certificate)1 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)1 TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)1 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)1 STSException (org.apache.cxf.ws.security.sts.provider.STSException)1 WSSecurityEngineResult (org.apache.ws.security.WSSecurityEngineResult)1 BinarySecurity (org.apache.ws.security.message.token.BinarySecurity)1 InternalServerErrorException (org.forgerock.json.resource.InternalServerErrorException)1