Example 46 with PwmOperationalException
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class SyslogCertImportFunction method provideFunction.
@Override
public String provideFunction(final PwmRequest pwmRequest, final StoredConfigurationImpl storedConfiguration, final PwmSetting setting, final String profile, final String extraData) throws PwmOperationalException, PwmUnrecoverableException {
boolean error = false;
Exception exeception = null;
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();
final List<String> syslogConfigStrs = (List<String>) storedConfiguration.readSetting(PwmSetting.AUDIT_SYSLOG_SERVERS).toNativeObject();
if (syslogConfigStrs != null && !syslogConfigStrs.isEmpty()) {
for (String entry : syslogConfigStrs) {
if (entry.toUpperCase().startsWith("TLS")) {
final SyslogAuditService.SyslogConfig syslogConfig = SyslogAuditService.SyslogConfig.fromConfigString(entry);
if (syslogConfig != null) {
try {
final List<X509Certificate> certs = X509Utils.readRemoteCertificates(syslogConfig.getHost(), syslogConfig.getPort());
if (certs != null) {
resultCertificates.addAll(certs);
error = false;
}
} catch (Exception e) {
error = true;
exeception = e;
}
}
}
}
}
if (!error) {
final UserIdentity userIdentity = pwmSession.isAuthenticated() ? pwmSession.getUserInfo().getUserIdentity() : null;
storedConfiguration.writeSetting(setting, new X509CertificateValue(resultCertificates), userIdentity);
return Message.getLocalizedMessage(pwmSession.getSessionStateBean().getLocale(), Message.Success_Unknown, pwmApplication.getConfig());
} else {
if (exeception instanceof PwmException) {
throw new PwmOperationalException(((PwmException) exeception).getErrorInformation());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error importing certificates: " + exeception.getMessage());
throw new PwmOperationalException(errorInformation);
}
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PwmApplication(password.pwm.PwmApplication)
SyslogAuditService(password.pwm.svc.event.SyslogAuditService)
UserIdentity(password.pwm.bean.UserIdentity)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmException(password.pwm.error.PwmException)
X509Certificate(java.security.cert.X509Certificate)
X509CertificateValue(password.pwm.config.value.X509CertificateValue)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
List(java.util.List)
PwmSession(password.pwm.http.PwmSession)
Example 47 with PwmOperationalException
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class ChallengeProfile method readChallengeProfileFromConfig.
public static ChallengeProfile readChallengeProfileFromConfig(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration) {
final int minRandomRequired = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_REQUIRED, profileID));
ChallengeSet readChallengeSet = null;
try {
readChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_RANDOM_CHALLENGES, minRandomRequired);
} catch (PwmOperationalException e) {
LOGGER.trace("configured challengeSet for profile '" + profileID + "' is not valid: " + e.getMessage());
}
ChallengeSet readHelpdeskChallengeSet = null;
try {
readHelpdeskChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_HELPDESK_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_HELPDESK_RANDOM_CHALLENGES, 1);
} catch (PwmOperationalException e) {
LOGGER.trace("discarding configured helpdesk challengeSet for profile '" + profileID + "' issue: " + e.getMessage());
}
final int minRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_SETUP, profileID));
final int minHelpdeskRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_HELPDESK_MIN_RANDOM_SETUP, profileID));
final List<UserPermission> userPermissions = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.CHALLENGE_POLICY_QUERY_MATCH, profileID).toNativeObject();
return new ChallengeProfile(profileID, locale, readChallengeSet, readHelpdeskChallengeSet, minRandomSetup, minHelpdeskRandomSetup, userPermissions);
}
Also used :
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet)
ArrayList(java.util.ArrayList)
List(java.util.List)
PwmOperationalException(password.pwm.error.PwmOperationalException)
UserPermission(password.pwm.config.value.data.UserPermission)
Example 48 with PwmOperationalException
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class CertificateChecker method checkCertificate.
public static void checkCertificate(final X509Certificate certificate, final long warnDurationMs) throws PwmOperationalException {
if (certificate == null) {
return;
}
try {
certificate.checkValidity();
} catch (CertificateException e) {
final StringBuilder errorMsg = new StringBuilder();
errorMsg.append("certificate for subject ");
errorMsg.append(certificate.getSubjectDN().getName());
errorMsg.append(" is not valid: ");
errorMsg.append(e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_CERTIFICATE_ERROR, errorMsg.toString(), new String[] { errorMsg.toString() });
throw new PwmOperationalException(errorInformation);
}
final Date expireDate = certificate.getNotAfter();
final TimeDuration durationUntilExpire = TimeDuration.fromCurrent(expireDate);
if (durationUntilExpire.isShorterThan(warnDurationMs)) {
final StringBuilder errorMsg = new StringBuilder();
errorMsg.append("certificate for subject ");
errorMsg.append(certificate.getSubjectDN().getName());
errorMsg.append(" will expire on: ");
errorMsg.append(JavaHelper.toIsoDate(expireDate));
errorMsg.append(" (").append(durationUntilExpire.asCompactString()).append(" from now)");
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_CERTIFICATE_ERROR, errorMsg.toString(), new String[] { errorMsg.toString() });
throw new PwmOperationalException(errorInformation);
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
CertificateException(java.security.cert.CertificateException)
TimeDuration(password.pwm.util.java.TimeDuration)
Date(java.util.Date)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 49 with PwmOperationalException
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class NewUserFormUtils method fromTokenPayload.
static NewUserTokenData fromTokenPayload(final PwmRequest pwmRequest, final TokenPayload tokenPayload) throws PwmOperationalException, PwmUnrecoverableException {
final SecureService secureService = pwmRequest.getPwmApplication().getSecureService();
final Map<String, String> payloadMap = tokenPayload.getData();
if (!payloadMap.containsKey(NewUserServlet.TOKEN_PAYLOAD_ATTR)) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "token is missing new user form data"));
}
final String encryptedTokenData = payloadMap.get(NewUserServlet.TOKEN_PAYLOAD_ATTR);
return secureService.decryptObject(encryptedTokenData, NewUserTokenData.class);
}
Also used :
SecureService(password.pwm.util.secure.SecureService)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 50 with PwmOperationalException
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class NewUserServlet method nextStep.
@Override
protected void nextStep(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
final NewUserBean newUserBean = getNewUserBean(pwmRequest);
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
if (newUserBean.getProfileID() == null) {
final Set<String> newUserProfileIDs = pwmApplication.getConfig().getNewUserProfiles().keySet();
if (newUserProfileIDs.isEmpty()) {
pwmRequest.respondWithError(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "no new user profiles are defined"));
return;
}
final LinkedHashMap<String, String> visibleProfiles = new LinkedHashMap<>(NewUserUtils.figureDisplayableProfiles(pwmRequest));
if (visibleProfiles.size() == 1) {
final String singleID = newUserProfileIDs.iterator().next();
LOGGER.trace(pwmRequest, "only one new user profile is defined, auto-selecting profile " + singleID);
newUserBean.setProfileID(singleID);
} else {
LOGGER.trace(pwmRequest, "new user profile not yet selected, redirecting to choice page");
pwmRequest.setAttribute(PwmRequestAttribute.NewUser_VisibleProfiles, visibleProfiles);
pwmRequest.forwardToJsp(JspUrl.NEW_USER_PROFILE_CHOICE);
return;
}
}
final NewUserProfile newUserProfile = getNewUserProfile(pwmRequest);
if (newUserBean.getCreateStartTime() != null) {
forwardToWait(pwmRequest, newUserProfile);
return;
}
// try to read the new user policy to make sure it's readable, that way an exception is thrown here instead of by the jsp
newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmSession.getSessionStateBean().getLocale());
if (!newUserBean.isFormPassed()) {
if (showFormPage(newUserProfile)) {
forwardToFormPage(pwmRequest, newUserBean);
return;
} else {
NewUserFormUtils.injectRemoteValuesIntoForm(newUserBean, newUserProfile);
try {
verifyForm(pwmRequest, newUserBean.getNewUserForm(), false);
} catch (PwmDataValidationException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
newUserBean.setFormPassed(true);
}
}
if (NewUserUtils.checkForTokenVerificationProgress(pwmRequest, newUserBean, newUserProfile) == ProcessStatus.Halt) {
return;
}
final String newUserAgreementText = newUserProfile.readSettingAsLocalizedString(PwmSetting.NEWUSER_AGREEMENT_MESSAGE, pwmSession.getSessionStateBean().getLocale());
if (!StringUtil.isEmpty(newUserAgreementText)) {
if (!newUserBean.isAgreementPassed()) {
final MacroMachine macroMachine = NewUserUtils.createMacroMachineForNewUser(pwmApplication, pwmRequest.getSessionLabel(), newUserBean.getNewUserForm(), null);
final String expandedText = macroMachine.expandMacros(newUserAgreementText);
pwmRequest.setAttribute(PwmRequestAttribute.AgreementText, expandedText);
pwmRequest.forwardToJsp(JspUrl.NEW_USER_AGREEMENT);
return;
}
}
// success so create the new user.
final String newUserDN = NewUserUtils.determineUserDN(pwmRequest, newUserBean.getNewUserForm());
try {
NewUserUtils.createUser(newUserBean.getNewUserForm(), pwmRequest, newUserDN);
newUserBean.setCreateStartTime(Instant.now());
forwardToWait(pwmRequest, newUserProfile);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest, "error during user creation: " + e.getMessage());
if (newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_DELETE_ON_FAIL)) {
NewUserUtils.deleteUserAccount(newUserDN, pwmRequest);
}
LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
pwmRequest.respondWithError(e.getErrorInformation());
}
}
Also used :
PwmApplication(password.pwm.PwmApplication)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
LinkedHashMap(java.util.LinkedHashMap)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
MacroMachine(password.pwm.util.macro.MacroMachine)
NewUserBean(password.pwm.http.bean.NewUserBean)
PwmSession(password.pwm.http.PwmSession)
Aggregations
PwmOperationalException (password.pwm.error.PwmOperationalException)134
ErrorInformation (password.pwm.error.ErrorInformation)104
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)57
UserIdentity (password.pwm.bean.UserIdentity)39
PwmApplication (password.pwm.PwmApplication)27
PwmSession (password.pwm.http.PwmSession)26
ChaiUser (com.novell.ldapchai.ChaiUser)20
Configuration (password.pwm.config.Configuration)19
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17
UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)17
FormConfiguration (password.pwm.config.value.data.FormConfiguration)16
PwmException (password.pwm.error.PwmException)16
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15
SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)14
Instant (java.time.Instant)13
LinkedHashMap (java.util.LinkedHashMap)13
MacroMachine (password.pwm.util.macro.MacroMachine)13
ArrayList (java.util.ArrayList)12
Map (java.util.Map)12
UserInfo (password.pwm.ldap.UserInfo)11
