Example 6 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class PkiResource method signCertificate.
@POST
@Path("csr")
public SignCertificateResponse signCertificate(SignCertificateRequest request) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
// TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
// if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
// throw404NotFound();
// }
//
// UserEntity user = null;
// try {
// user = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching user", e);
// throwInternalError();
// }
//
// if (user == null) {
// throw404NotFound();
// }
String projectKey = request.project;
ProjectEntity project = null;
try {
project = userAuthenticator.findProject(projectKey);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (project == null) {
throw404NotFound();
}
project.setProjectSecret(FathomdbCrypto.deserializeKey(request.projectSecret));
// Note that we do not unlock the user / project; we don't have any secret material
// TODO: We could return stuff encrypted with the user's public key
// projectEntity.unlockWithUser(userEntity);
//
// if (!projectEntity.isSecretValid()) {
// throw404NotFound();
// }
// UserProjectEntity userProject = null;
// try {
// userProject = userAuthenticator.findUserProject(user, project);
// } catch (AuthenticatorException e) {
// log.warn("Error while fetching project", e);
// throwInternalError();
// }
//
// if (userProject == null) {
// // Not a member of project
// throw404NotFound();
// }
//
// boolean isOwner = false;
// for (RoleId role : userProject.getRoles()) {
// if (role.equals(RoleId.OWNER)) {
// isOwner = true;
// }
// }
//
// if (!isOwner) {
// throwUnauthorized();
// }
List<X509Certificate> certificates = null;
try {
certificates = pki.signCsr(project, request.csr);
} catch (OpsException e) {
log.warn("Error while signing CSR", e);
throwInternalError();
}
SignCertificateResponse response = new SignCertificateResponse();
response.certificates = Lists.newArrayList();
for (X509Certificate cert : certificates) {
response.certificates.add(CertificateUtils.toPem(cert));
}
return response;
}
Also used :
OpsException(org.platformlayer.ops.OpsException)
ProjectEntity(org.platformlayer.auth.ProjectEntity)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
X509Certificate(java.security.cert.X509Certificate)
SignCertificateResponse(org.platformlayer.auth.model.SignCertificateResponse)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 7 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class TokensResource method validateToken.
@GET
// @HEAD support is automatic from the @GET
@Path("{tokenId}")
public ValidateTokenResponse validateToken(@PathParam("tokenId") String checkToken, @QueryParam("project") String project) {
try {
requireSystemAccess();
} catch (AuthenticatorException e) {
log.warn("Error while checking system token", e);
throwInternalError();
}
TokenInfo checkTokenInfo = tokenService.decodeToken(checkToken);
if (checkTokenInfo == null || checkTokenInfo.hasExpired()) {
throw404NotFound();
}
UserEntity userEntity = null;
try {
userEntity = userAuthenticator.getUserFromToken(checkTokenInfo.userId, checkTokenInfo.tokenSecret);
} catch (AuthenticatorException e) {
log.warn("Error while fetching user", e);
throwInternalError();
}
ValidateTokenResponse response = new ValidateTokenResponse();
response.access = new ValidateAccess();
response.access.user = Mapping.mapToUserValidation(userEntity);
response.access.token = new Token();
response.access.token.expires = checkTokenInfo.expiration;
response.access.token.id = checkToken;
String checkProject = project;
if (checkProject != null) {
ProjectEntity projectEntity = null;
try {
projectEntity = userAuthenticator.findProject(checkProject);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (projectEntity == null) {
throw404NotFound();
}
projectEntity.unlockWithUser(userEntity);
if (!projectEntity.isSecretValid()) {
throw404NotFound();
}
UserProjectEntity userProject = null;
try {
userProject = userAuthenticator.findUserProject(userEntity, projectEntity);
} catch (AuthenticatorException e) {
log.warn("Error while fetching project", e);
throwInternalError();
}
if (userProject == null) {
// Not a member of project
throw404NotFound();
}
response.access.project = Mapping.mapToProject(projectEntity);
response.access.project.roles = Mapping.mapToRoles(userProject.getRoles());
}
return response;
}
Also used :
ValidateTokenResponse(org.platformlayer.auth.model.ValidateTokenResponse)
ValidateAccess(org.platformlayer.auth.model.ValidateAccess)
UserProjectEntity(org.platformlayer.auth.UserProjectEntity)
ProjectEntity(org.platformlayer.auth.ProjectEntity)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
Token(org.platformlayer.auth.model.Token)
UserProjectEntity(org.platformlayer.auth.UserProjectEntity)
TokenInfo(org.platformlayer.auth.services.TokenInfo)
UserEntity(org.platformlayer.auth.UserEntity)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 8 with AuthenticatorException
use of org.platformlayer.auth.AuthenticatorException in project platformlayer by platformlayer.
the class KeystoneRepositoryAuthenticator method getUserFromToken.
@Override
public UserEntity getUserFromToken(String userIdString, byte[] tokenSecret) throws AuthenticatorException {
int userId;
try {
userId = Integer.parseInt(userIdString);
} catch (NumberFormatException e) {
throw new AuthenticatorException("Invalid user id", e);
}
if (tokenSecret.length < 1) {
throw new IllegalArgumentException();
}
CryptoKey userSecret = authenticationSecrets.decryptSecretFromToken(tokenSecret);
if (userSecret == null) {
throw new AuthenticatorException("Authentication timed out");
}
UserEntity user;
try {
user = repository.findUserById(userId);
} catch (RepositoryException e) {
throw new AuthenticatorException("Error while authenticating user", e);
}
user.unlock(userSecret);
if (user.isLocked()) {
return null;
}
return user;
}
Also used :
CryptoKey(com.fathomdb.crypto.CryptoKey)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
RepositoryException(org.platformlayer.RepositoryException)
UserEntity(org.platformlayer.auth.UserEntity)
Aggregations
AuthenticatorException (org.platformlayer.auth.AuthenticatorException)8
UserEntity (org.platformlayer.auth.UserEntity)5
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
RepositoryException (org.platformlayer.RepositoryException)3
ProjectEntity (org.platformlayer.auth.ProjectEntity)3
ServiceAccountEntity (org.platformlayer.auth.ServiceAccountEntity)2
UserProjectEntity (org.platformlayer.auth.UserProjectEntity)2
ValidateAccess (org.platformlayer.auth.model.ValidateAccess)2
ValidateTokenResponse (org.platformlayer.auth.model.ValidateTokenResponse)2
CryptoKey (com.fathomdb.crypto.CryptoKey)1
X509Certificate (java.security.cert.X509Certificate)1
GET (javax.ws.rs.GET)1
CertificateAuthenticationRequest (org.platformlayer.auth.CertificateAuthenticationRequest)1
CertificateAuthenticationResponse (org.platformlayer.auth.CertificateAuthenticationResponse)1
AuthenticateResponse (org.platformlayer.auth.model.AuthenticateResponse)1
CertificateInfo (org.platformlayer.auth.model.CertificateInfo)1
CheckServiceAccessResponse (org.platformlayer.auth.model.CheckServiceAccessResponse)1
SignCertificateResponse (org.platformlayer.auth.model.SignCertificateResponse)1
Token (org.platformlayer.auth.model.Token)1
