use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class StoredConfigurationImpl method setPassword.
public void setPassword(final String password) throws PwmOperationalException {
if (password == null || password.isEmpty()) {
throw new PwmOperationalException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] { "can not set blank password" }));
}
final String trimmedPassword = password.trim();
if (trimmedPassword.length() < 1) {
throw new PwmOperationalException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] { "can not set blank password" }));
}
final String passwordHash = BCrypt.hashPassword(password);
this.writeConfigProperty(ConfigurationProperty.PASSWORD_HASH, passwordHash);
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class AbstractValue method encryptPwValue.
static String encryptPwValue(final String input, final PwmSecurityKey pwmSecurityKey) throws PwmOperationalException {
if (input == null) {
return "";
}
if (!input.startsWith(ENC_PW_PREFIX)) {
try {
final String salt = PwmRandom.getInstance().alphaNumericString(32);
final StoredPwData storedPwData = new StoredPwData(salt, input);
final String jsonData = JsonUtil.serialize(storedPwData);
final String encryptedValue = SecureEngine.encryptToString(jsonData, pwmSecurityKey, PwmBlockAlgorithm.CONFIG);
return ENC_PW_PREFIX + encryptedValue;
} catch (Exception e) {
final String errorMsg = "unable to encrypt password value for setting: " + e.getMessage();
final ErrorInformation errorInfo = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, errorMsg);
throw new PwmOperationalException(errorInfo);
}
}
return input;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class AbstractPwmServlet method handleRequest.
private void handleRequest(final HttpServletRequest req, final HttpServletResponse resp, final HttpMethod method) throws ServletException, IOException {
try {
final PwmRequest pwmRequest = PwmRequest.forRequest(req, resp);
if (!method.isIdempotent() && !pwmRequest.getURL().isCommandServletURL()) {
Validator.validatePwmFormID(pwmRequest);
try {
Validator.validatePwmRequestCounter(pwmRequest);
} catch (PwmOperationalException e) {
if (e.getError() == PwmError.ERROR_INCORRECT_REQ_SEQUENCE) {
final ErrorInformation errorInformation = e.getErrorInformation();
final PwmSession pwmSession = PwmSessionWrapper.readPwmSession(req);
LOGGER.error(pwmSession, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation, false);
return;
}
throw e;
}
}
// check for incorrect method type.
final ProcessAction processAction = readProcessAction(pwmRequest);
if (processAction != null) {
if (!processAction.permittedMethods().contains(method)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "incorrect request method " + method.toString() + " on request to " + pwmRequest.getURLwithQueryString());
LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation, false);
return;
}
}
this.processAction(pwmRequest);
} catch (Exception e) {
final PwmRequest pwmRequest;
try {
pwmRequest = PwmRequest.forRequest(req, resp);
} catch (Exception e2) {
try {
LOGGER.fatal("exception occurred, but exception handler unable to load request instance; error=" + e.getMessage(), e);
} catch (Exception e3) {
e3.printStackTrace();
}
throw new ServletException(e);
}
final PwmUnrecoverableException pue = convertToPwmUnrecoverableException(e, pwmRequest);
if (processUnrecoverableException(req, resp, pwmRequest.getPwmApplication(), pwmRequest.getPwmSession(), pue)) {
return;
}
outputUnrecoverableException(pwmRequest, pue);
clearModuleBeans(pwmRequest);
}
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class ApplianceStatusChecker method figureUrl.
private String figureUrl(final PwmApplication pwmApplication) throws IOException, PwmOperationalException {
final String hostnameFile = pwmApplication.getPwmEnvironment().getParameters().get(PwmEnvironment.ApplicationParameter.ApplianceHostnameFile);
if (StringUtil.isEmpty(hostnameFile)) {
final String msg = "unable to determine appliance hostname, hostname file environment param " + PwmEnvironment.ApplicationParameter.ApplianceHostnameFile.toString() + " is not set";
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_UNKNOWN, msg));
}
final String hostname = readFileContents(hostnameFile);
final String port = pwmApplication.getPwmEnvironment().getParameters().get(PwmEnvironment.ApplicationParameter.AppliancePort);
final String url = "https://" + hostname + ":" + port + "/sspr/appliance-update-status";
LOGGER.trace(SessionLabel.HEALTH_SESSION_LABEL, "calculated appliance host url as: " + url);
return url;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class LDAPAuthenticationRequest method testCredentials.
private void testCredentials(final UserIdentity userIdentity, final PasswordData password) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
log(PwmLogLevel.TRACE, "beginning testCredentials process");
if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
final String errorMsg = "attempt to authenticate with null userDN";
log(PwmLogLevel.DEBUG, errorMsg);
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg));
}
if (password == null) {
final String errorMsg = "attempt to authenticate with null password";
log(PwmLogLevel.DEBUG, errorMsg);
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg));
}
// try authenticating the user using a normal ldap BIND operation.
log(PwmLogLevel.TRACE, "attempting authentication using ldap BIND");
boolean bindSucceeded = false;
try {
// read a provider using the user's DN and password.
userProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), password);
// issue a read operation to trigger a bind.
userProvider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
bindSucceeded = true;
} catch (ChaiException e) {
if (e.getErrorCode() != null && e.getErrorCode() == ChaiError.INTRUDER_LOCKOUT) {
final String errorMsg = "intruder lockout detected for user " + userIdentity + " marking session as locked out: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP, errorMsg);
log(PwmLogLevel.WARN, errorInformation.toDebugStr());
throw new PwmUnrecoverableException(errorInformation);
}
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
final ErrorInformation errorInformation;
if (pwmError != null && PwmError.ERROR_UNKNOWN != pwmError) {
errorInformation = new ErrorInformation(pwmError, e.getMessage());
} else {
errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, "ldap error during password check: " + e.getMessage());
}
log(PwmLogLevel.DEBUG, errorInformation.toDebugStr());
throw new PwmOperationalException(errorInformation);
} finally {
if (!bindSucceeded && userProvider != null) {
try {
userProvider.close();
userProvider = null;
} catch (Throwable e) {
log(PwmLogLevel.ERROR, "unexpected error closing invalid ldap connection after failed login attempt: " + e.getMessage());
}
}
}
}
Aggregations