Examples with ErrorResponseException org.keycloak.services.ErrorResponseException used on opensource projects

Example 41 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class ClientAttributeCertificateResource method generateAndGetKeystore.

/**
 * Generate a new keypair and certificate, and get the private key file
 *
 * Generates a keypair and certificate and serves the private key in a specified keystore format.
 * Only generated public certificate is saved in Keycloak DB - the private key is not.
 *
 * @param config Keystore configuration as JSON
 * @return
 */
@POST
@NoCache
@Path("/generate-and-download")
@Produces(MediaType.APPLICATION_OCTET_STREAM)
@Consumes(MediaType.APPLICATION_JSON)
public byte[] generateAndGetKeystore(final KeyStoreConfig config) {
    auth.clients().requireConfigure(client);
    if (config.getFormat() != null && !config.getFormat().equals("JKS") && !config.getFormat().equals("PKCS12")) {
        throw new NotAcceptableException("Only support jks or pkcs12 format.");
    }
    if (config.getKeyPassword() == null) {
        throw new ErrorResponseException("password-missing", "Need to specify a key password for jks generation and download", Response.Status.BAD_REQUEST);
    }
    if (config.getStorePassword() == null) {
        throw new ErrorResponseException("password-missing", "Need to specify a store password for jks generation and download", Response.Status.BAD_REQUEST);
    }
    CertificateRepresentation info = KeycloakModelUtils.generateKeyPairCertificate(client.getClientId());
    byte[] rtn = getKeystore(config, info.getPrivateKey(), info.getCertificate());
    info.setPrivateKey(null);
    CertificateInfoHelper.updateClientModelCertificateInfo(client, info, attributePrefix);
    adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(info).success();
    return rtn;
}

Example 42 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class ClientAttributeCertificateResource method uploadJks.

/**
 * Upload certificate and eventually private key
 *
 * @param input
 * @return
 * @throws IOException
 */
@POST
@Path("upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
public CertificateRepresentation uploadJks(MultipartFormDataInput input) throws IOException {
    auth.clients().requireConfigure(client);
    try {
        CertificateRepresentation info = getCertFromRequest(input);
        CertificateInfoHelper.updateClientModelCertificateInfo(client, info, attributePrefix);
        adminEvent.operation(OperationType.ACTION).resourcePath(session.getContext().getUri()).representation(info).success();
        return info;
    } catch (IllegalStateException ise) {
        throw new ErrorResponseException("certificate-not-found", "Certificate or key with given alias not found in the keystore", Response.Status.BAD_REQUEST);
    }
}

Example 43 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class OIDCIdentityProvider method extractIdentityFromProfile.

@Override
protected BrokeredIdentityContext extractIdentityFromProfile(EventBuilder event, JsonNode userInfo) {
    String id = getJsonProperty(userInfo, "sub");
    if (id == null) {
        event.detail(Details.REASON, "sub claim is null from user info json");
        event.error(Errors.INVALID_TOKEN);
        throw new ErrorResponseException(OAuthErrorException.INVALID_TOKEN, "invalid token", Response.Status.BAD_REQUEST);
    }
    BrokeredIdentityContext identity = new BrokeredIdentityContext(id);
    String name = getJsonProperty(userInfo, "name");
    String preferredUsername = getUsernameFromUserInfo(userInfo);
    String givenName = getJsonProperty(userInfo, "given_name");
    String familyName = getJsonProperty(userInfo, "family_name");
    String email = getJsonProperty(userInfo, "email");
    AbstractJsonUserAttributeMapper.storeUserProfileForMapper(identity, userInfo, getConfig().getAlias());
    identity.setId(id);
    if (givenName != null) {
        identity.setFirstName(givenName);
    }
    if (familyName != null) {
        identity.setLastName(familyName);
    }
    if (givenName == null && familyName == null) {
        identity.setName(name);
    }
    identity.setEmail(email);
    identity.setBrokerUserId(getConfig().getAlias() + "." + id);
    if (preferredUsername == null) {
        preferredUsername = email;
    }
    if (preferredUsername == null) {
        preferredUsername = id;
    }
    identity.setUsername(preferredUsername);
    return identity;
}

Example 44 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class OpenShiftTokenReviewEndpoint method error.

private void error(int statusCode, String error, String description) {
    OpenShiftTokenReviewResponseRepresentation rep = new OpenShiftTokenReviewResponseRepresentation();
    rep.getStatus().setAuthenticated(false);
    Response response = Response.status(statusCode).entity(rep).type(MediaType.APPLICATION_JSON_TYPE).build();
    event.error(error);
    event.detail(Details.REASON, description);
    throw new ErrorResponseException(response);
}

Example 45 with ErrorResponseException

use of org.keycloak.services.ErrorResponseException in project keycloak by keycloak.

the class BackchannelAuthenticationCallbackEndpoint method sendClientNotificationRequest.

protected void sendClientNotificationRequest(ClientModel client, CibaConfig cibaConfig, OAuth2DeviceCodeModel deviceModel) {
    String clientNotificationEndpoint = cibaConfig.getBackchannelClientNotificationEndpoint(client);
    if (clientNotificationEndpoint == null) {
        event.error(Errors.INVALID_REQUEST);
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Client notification endpoint not set for the client with the ping mode", Response.Status.BAD_REQUEST);
    }
    logger.debugf("Sending request to client notification endpoint '%s' for the client '%s'", clientNotificationEndpoint, client.getClientId());
    ClientNotificationEndpointRequest clientNotificationRequest = new ClientNotificationEndpointRequest();
    clientNotificationRequest.setAuthReqId(deviceModel.getAuthReqId());
    SimpleHttp simpleHttp = SimpleHttp.doPost(clientNotificationEndpoint, session).header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON).json(clientNotificationRequest).auth(deviceModel.getClientNotificationToken());
    try {
        int notificationResponseStatus = simpleHttp.asStatus();
        logger.tracef("Received status '%d' from request to client notification endpoint '%s' for the client '%s'", notificationResponseStatus, clientNotificationEndpoint, client.getClientId());
        if (notificationResponseStatus != 200 && notificationResponseStatus != 204) {
            logger.warnf("Invalid status returned from client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
            event.error(Errors.INVALID_REQUEST);
            throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
        }
    } catch (IOException ioe) {
        logger.errorf(ioe, "Failed to send request to client notification endpoint '%s' of client '%s'", clientNotificationEndpoint, client.getClientId());
        event.error(Errors.INVALID_REQUEST);
        throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "Failed to send request to client notification endpoint", Response.Status.BAD_REQUEST);
    }
}