Search in sources :

Example 6 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class PkiResource method signCertificate.

@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    // TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    // if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
    // throw404NotFound();
    // }
    // 
    // UserEntity user = null;
    // try {
    // user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching user", e);
    // throwInternalError();
    // }
    // 
    // if (user == null) {
    // throw404NotFound();
    // }
    String projectKey = request.project;
    ProjectEntity project = null;
    try {
        project = userAuthenticator.findProject(projectKey);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching project", e);
        throwInternalError();
    }
    if (project == null) {
        throw404NotFound();
    }
    project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
    // Note that we do not unlock the user / project; we don't have any secret material
    // TODO: We could return stuff encrypted with the user's public key
    // projectEntity.unlockWithUser(userEntity);
    // 
    // if (!projectEntity.isSecretValid()) {
    // throw404NotFound();
    // }
    // UserProjectEntity userProject = null;
    // try {
    // userProject = userAuthenticator.findUserProject(user, project);
    // } catch (AuthenticatorException e) {
    // log.warn("Error while fetching project", e);
    // throwInternalError();
    // }
    // 
    // if (userProject == null) {
    // // Not a member of project
    // throw404NotFound();
    // }
    // 
    // boolean isOwner = false;
    // for (RoleId role : userProject.getRoles()) {
    // if (role.equals(RoleId.OWNER)) {
    // isOwner = true;
    // }
    // }
    // 
    // if (!isOwner) {
    // throwUnauthorized();
    // }
    List<X509Certificate> certificates = null;
    try {
        certificates = pki.signCsr(project, request.csr);
    } catch (OpsException e) {
        log.warn("Error while signing CSR", e);
        throwInternalError();
    }
    SignCertificateResponse response = new SignCertificateResponse();
    response.certificates = Lists.newArrayList();
    for (X509Certificate cert : certificates) {
        response.certificates.add(CertificateUtils.toPem(cert));
    }
    return response;
}
Also used : OpsException(org.platformlayer.ops.OpsException) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) X509Certificate(java.security.cert.X509Certificate) SignCertificateResponse(org.platformlayer.auth.model.SignCertificateResponse) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 7 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class TokensResource method validateToken.

@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
    try {
        requireSystemAccess();
    } catch (AuthenticatorException e) {
        log.warn("Error while checking system token", e);
        throwInternalError();
    }
    TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
    if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
        throw404NotFound();
    }
    UserEntity userEntity = null;
    try {
        userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
    } catch (AuthenticatorException e) {
        log.warn("Error while fetching user", e);
        throwInternalError();
    }
    ValidateTokenResponse response = new ValidateTokenResponse();
    response.access = new ValidateAccess();
    response.access.user = Mapping.mapToUserValidation(userEntity);
    response.access.token = new Token();
    response.access.token.expires = checkTokenInfo.expiration;
    response.access.token.id = checkToken;
    String checkProject = project;
    if (checkProject != null) {
        ProjectEntity projectEntity = null;
        try {
            projectEntity = userAuthenticator.findProject(checkProject);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (projectEntity == null) {
            throw404NotFound();
        }
        projectEntity.unlockWithUser(userEntity);
        if (!projectEntity.isSecretValid()) {
            throw404NotFound();
        }
        UserProjectEntity userProject = null;
        try {
            userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
        } catch (AuthenticatorException e) {
            log.warn("Error while fetching project", e);
            throwInternalError();
        }
        if (userProject == null) {
            // Not a member of project
            throw404NotFound();
        }
        response.access.project = Mapping.mapToProject(projectEntity);
        response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
    }
    return response;
}
Also used : ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse) ValidateAccess(org.platformlayer.auth.model.ValidateAccess) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) ProjectEntity(org.platformlayer.auth.ProjectEntity) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) Token(org.platformlayer.auth.model.Token) UserProjectEntity(org.platformlayer.auth.UserProjectEntity) TokenInfo(org.platformlayer.auth.services.TokenInfo) UserEntity(org.platformlayer.auth.UserEntity) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Example 8 with AuthenticatorException

use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.

the class KeystoneRepositoryAuthenticator method getUserFromToken.

@Override
public UserEntity getUserFromToken(String userIdString, byte[] tokenSecret) throws AuthenticatorException {
    int userId;
    try {
        userId = Integer.parseInt(userIdString);
    } catch (NumberFormatException e) {
        throw new AuthenticatorException("Invalid user id", e);
    }
    if (tokenSecret.length < 1) {
        throw new IllegalArgumentException();
    }
    CryptoKey userSecret = authenticationSecrets.decryptSecretFromToken(tokenSecret);
    if (userSecret == null) {
        throw new AuthenticatorException("Authentication timed out");
    }
    UserEntity user;
    try {
        user = repository.findUserById(userId);
    } catch (RepositoryException e) {
        throw new AuthenticatorException("Error while authenticating user", e);
    }
    user.unlock(userSecret);
    if (user.isLocked()) {
        return null;
    }
    return user;
}
Also used : CryptoKey(com.fathomdb.crypto.CryptoKey) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) RepositoryException(org.platformlayer.RepositoryException) UserEntity(org.platformlayer.auth.UserEntity)

Aggregations

AuthenticatorException (org.platformlayer.auth.AuthenticatorException)8 UserEntity (org.platformlayer.auth.UserEntity)5 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 RepositoryException (org.platformlayer.RepositoryException)3 ProjectEntity (org.platformlayer.auth.ProjectEntity)3 ServiceAccountEntity (org.platformlayer.auth.ServiceAccountEntity)2 UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2 ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2 ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2 CryptoKey (com.fathomdb.crypto.CryptoKey)1 X509Certificate (java.security.cert.X509Certificate)1 GET (javax.ws.rs.GET)1 CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1 CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1 AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)1 CertificateInfo (org.platformlayer.auth.model.CertificateInfo)1 CheckServiceAccessResponse (org.platformlayer.auth.model.CheckServiceAccessResponse)1 SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1 Token (org.platformlayer.auth.model.Token)1