Search in sources :

Example 61 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method init.

public void init(final PwmApplication pwmApplication) throws PwmException {
    LOGGER.trace("opening");
    status = STATUS.OPENING;
    this.pwmApplication = pwmApplication;
    this.configuration = pwmApplication.getConfig();
    storageMethod = configuration.getTokenStorageMethod();
    if (storageMethod == null) {
        final String errorMsg = "no storage method specified";
        errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        status = STATUS.CLOSED;
        throw new PwmOperationalException(errorInformation);
    }
    try {
        DataStorageMethod usedStorageMethod = null;
        switch(storageMethod) {
            case STORE_LOCALDB:
                {
                    final DataStore dataStore = new LocalDBDataStore(pwmApplication.getLocalDB(), LocalDB.DB.TOKENS);
                    tokenMachine = new DataStoreTokenMachine(pwmApplication, this, dataStore);
                    usedStorageMethod = DataStorageMethod.LOCALDB;
                    break;
                }
            case STORE_DB:
                {
                    final DataStore dataStore = new DatabaseDataStore(pwmApplication.getDatabaseService(), DatabaseTable.TOKENS);
                    tokenMachine = new DataStoreTokenMachine(pwmApplication, this, dataStore);
                    usedStorageMethod = DataStorageMethod.DB;
                    break;
                }
            case STORE_CRYPTO:
                tokenMachine = new CryptoTokenMachine(this);
                usedStorageMethod = DataStorageMethod.CRYPTO;
                break;
            case STORE_LDAP:
                tokenMachine = new LdapTokenMachine(this, pwmApplication);
                usedStorageMethod = DataStorageMethod.LDAP;
                break;
            default:
                JavaHelper.unhandledSwitchStatement(storageMethod);
        }
        serviceInfo = new ServiceInfoBean(Collections.singletonList(usedStorageMethod));
    } catch (PwmException e) {
        final String errorMsg = "unable to start token manager: " + e.getErrorInformation().getDetailedErrorMsg();
        final ErrorInformation newErrorInformation = new ErrorInformation(e.getError(), errorMsg);
        errorInformation = newErrorInformation;
        LOGGER.error(newErrorInformation.toDebugStr());
        status = STATUS.CLOSED;
        return;
    }
    executorService = Executors.newSingleThreadScheduledExecutor(JavaHelper.makePwmThreadFactory(JavaHelper.makeThreadName(pwmApplication, this.getClass()) + "-", true));
    final TimerTask cleanerTask = new CleanerTask();
    {
        final int cleanerFrequencySeconds = Integer.parseInt(configuration.readAppProperty(AppProperty.TOKEN_CLEANER_INTERVAL_SECONDS));
        final TimeDuration cleanerFrequency = new TimeDuration(cleanerFrequencySeconds, TimeUnit.SECONDS);
        executorService.scheduleAtFixedRate(cleanerTask, 10, cleanerFrequencySeconds, TimeUnit.SECONDS);
        LOGGER.trace("token cleanup will occur every " + cleanerFrequency.asCompactString());
    }
    verifyPwModifyTime = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.TOKEN_VERIFY_PW_MODIFY_TIME));
    status = STATUS.OPEN;
    LOGGER.debug("open");
}
Also used : DataStorageMethod(password.pwm.config.option.DataStorageMethod) PwmOperationalException(password.pwm.error.PwmOperationalException) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) LocalDBDataStore(password.pwm.util.localdb.LocalDBDataStore) DatabaseDataStore(password.pwm.util.db.DatabaseDataStore) TimerTask(java.util.TimerTask) DataStore(password.pwm.util.DataStore) LocalDBDataStore(password.pwm.util.localdb.LocalDBDataStore) DatabaseDataStore(password.pwm.util.db.DatabaseDataStore) TimeDuration(password.pwm.util.java.TimeDuration)

Example 62 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method markTokenAsClaimed.

private void markTokenAsClaimed(final TokenKey tokenKey, final PwmSession pwmSession, final TokenPayload tokenPayload) throws PwmUnrecoverableException {
    if (tokenPayload == null || tokenPayload.getUserIdentity() == null) {
        return;
    }
    final boolean removeOnClaim = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.TOKEN_REMOVE_ON_CLAIM));
    if (removeOnClaim) {
        try {
            LOGGER.trace(pwmSession, "removing claimed token: " + tokenPayload.toDebugString());
            tokenMachine.removeToken(tokenKey);
        } catch (PwmOperationalException e) {
            LOGGER.error(pwmSession, "error clearing claimed token: " + e.getMessage());
        }
    }
    final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.TOKEN_CLAIMED, tokenPayload.getUserIdentity(), pwmSession.getLabel(), JsonUtil.serialize(tokenPayload));
    pwmApplication.getAuditManager().submit(auditRecord);
    StatisticsManager.incrementStat(pwmApplication, Statistic.TOKENS_PASSSED);
}
Also used : AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) AuditRecord(password.pwm.svc.event.AuditRecord) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 63 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method generateNewToken.

public String generateNewToken(final TokenPayload tokenPayload, final SessionLabel sessionLabel) throws PwmUnrecoverableException, PwmOperationalException {
    checkStatus();
    final String tokenKey;
    try {
        tokenKey = tokenMachine.generateToken(sessionLabel, tokenPayload);
        tokenMachine.storeToken(tokenMachine.keyFromKey(tokenKey), tokenPayload);
    } catch (PwmException e) {
        final String errorMsg = "unexpected error trying to store token in datastore: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(e.getError(), errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    LOGGER.trace(sessionLabel, "generated token with payload: " + tokenPayload.toDebugString());
    final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.TOKEN_ISSUED, tokenPayload.getUserIdentity(), sessionLabel, JsonUtil.serialize(tokenPayload));
    pwmApplication.getAuditManager().submit(auditRecord);
    return tokenKey;
}
Also used : PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) AuditRecord(password.pwm.svc.event.AuditRecord) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 64 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenService method makeUniqueTokenForMachine.

String makeUniqueTokenForMachine(final SessionLabel sessionLabel, final TokenMachine machine) throws PwmUnrecoverableException, PwmOperationalException {
    String tokenKey = null;
    int attempts = 0;
    final int maxUniqueCreateAttempts = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.TOKEN_MAX_UNIQUE_CREATE_ATTEMPTS));
    while (tokenKey == null && attempts < maxUniqueCreateAttempts) {
        tokenKey = makeRandomCode(configuration);
        LOGGER.trace(sessionLabel, "generated new token random code, checking for uniqueness");
        final TokenPayload existingPayload = machine.retrieveToken(tokenMachine.keyFromKey(tokenKey));
        if (existingPayload != null) {
            tokenKey = null;
        }
        attempts++;
    }
    if (tokenKey == null) {
        throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unable to generate a unique token key after " + attempts + " attempts"));
    }
    LOGGER.trace(sessionLabel, "created new unique random token value after " + attempts + " attempts");
    return tokenKey;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 65 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class TokenUtil method initializeAndSendToken.

public static void initializeAndSendToken(final PwmRequest pwmRequest, final TokenInitAndSendRequest tokenInitAndSendRequest) throws PwmUnrecoverableException {
    final Configuration config = pwmRequest.getConfig();
    final UserInfo userInfo = tokenInitAndSendRequest.getUserInfo();
    final Map<String, String> tokenMapData = new LinkedHashMap<>();
    final MacroMachine macroMachine;
    {
        if (tokenInitAndSendRequest.getMacroMachine() != null) {
            macroMachine = tokenInitAndSendRequest.getMacroMachine();
        } else if (tokenInitAndSendRequest.getUserInfo() != null) {
            macroMachine = MacroMachine.forUser(pwmRequest, userInfo.getUserIdentity(), makeTokenDestStringReplacer(tokenInitAndSendRequest.getTokenDestinationItem()));
        } else {
            macroMachine = null;
        }
    }
    if (userInfo != null) {
        final Instant userLastPasswordChange = userInfo.getPasswordLastModifiedTime();
        if (userLastPasswordChange != null) {
            final String userChangeString = JavaHelper.toIsoDate(userLastPasswordChange);
            tokenMapData.put(PwmConstants.TOKEN_KEY_PWD_CHG_DATE, userChangeString);
        }
    }
    if (tokenInitAndSendRequest.getInputTokenData() != null) {
        tokenMapData.putAll(tokenInitAndSendRequest.getInputTokenData());
    }
    final String tokenKey;
    final TokenPayload tokenPayload;
    {
        final TimeDuration tokenLifetime = tokenInitAndSendRequest.getTokenLifetime() == null ? new TimeDuration(config.readSettingAsLong(PwmSetting.TOKEN_LIFETIME), TimeUnit.SECONDS) : tokenInitAndSendRequest.getTokenLifetime();
        try {
            tokenPayload = pwmRequest.getPwmApplication().getTokenService().createTokenPayload(tokenInitAndSendRequest.getTokenType(), tokenLifetime, tokenMapData, userInfo == null ? null : userInfo.getUserIdentity(), tokenInitAndSendRequest.getTokenDestinationItem());
            tokenKey = pwmRequest.getPwmApplication().getTokenService().generateNewToken(tokenPayload, pwmRequest.getSessionLabel());
        } catch (PwmOperationalException e) {
            throw new PwmUnrecoverableException(e.getErrorInformation());
        }
    }
    final EmailItemBean emailItemBean = tokenInitAndSendRequest.getEmailToSend() == null ? null : config.readSettingAsEmail(tokenInitAndSendRequest.getEmailToSend(), pwmRequest.getLocale());
    final String smsMessage = tokenInitAndSendRequest.getSmsToSend() == null ? null : config.readSettingAsLocalizedString(tokenInitAndSendRequest.getSmsToSend(), pwmRequest.getLocale());
    TokenService.TokenSender.sendToken(TokenService.TokenSendInfo.builder().pwmApplication(pwmRequest.getPwmApplication()).userInfo(userInfo).macroMachine(macroMachine).configuredEmailSetting(emailItemBean).tokenDestinationItem(tokenInitAndSendRequest.getTokenDestinationItem()).smsMessage(smsMessage).tokenKey(tokenKey).sessionLabel(pwmRequest.getSessionLabel()).build());
}
Also used : Configuration(password.pwm.config.Configuration) EmailItemBean(password.pwm.bean.EmailItemBean) Instant(java.time.Instant) MacroMachine(password.pwm.util.macro.MacroMachine) UserInfo(password.pwm.ldap.UserInfo) TimeDuration(password.pwm.util.java.TimeDuration) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) LinkedHashMap(java.util.LinkedHashMap) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

PwmOperationalException (password.pwm.error.PwmOperationalException)134 ErrorInformation (password.pwm.error.ErrorInformation)104 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)57 UserIdentity (password.pwm.bean.UserIdentity)39 PwmApplication (password.pwm.PwmApplication)27 PwmSession (password.pwm.http.PwmSession)26 ChaiUser (com.novell.ldapchai.ChaiUser)20 Configuration (password.pwm.config.Configuration)19 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)17 UserSearchEngine (password.pwm.ldap.search.UserSearchEngine)17 FormConfiguration (password.pwm.config.value.data.FormConfiguration)16 PwmException (password.pwm.error.PwmException)16 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)15 SearchConfiguration (password.pwm.ldap.search.SearchConfiguration)14 Instant (java.time.Instant)13 LinkedHashMap (java.util.LinkedHashMap)13 MacroMachine (password.pwm.util.macro.MacroMachine)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 UserInfo (password.pwm.ldap.UserInfo)11