use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenService method init.
public void init(final PwmApplication pwmApplication) throws PwmException {
LOGGER.trace("opening");
status = STATUS.OPENING;
this.pwmApplication = pwmApplication;
this.configuration = pwmApplication.getConfig();
storageMethod = configuration.getTokenStorageMethod();
if (storageMethod == null) {
final String errorMsg = "no storage method specified";
errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
status = STATUS.CLOSED;
throw new PwmOperationalException(errorInformation);
}
try {
DataStorageMethod usedStorageMethod = null;
switch(storageMethod) {
case STORE_LOCALDB:
{
final DataStore dataStore = new LocalDBDataStore(pwmApplication.getLocalDB(), LocalDB.DB.TOKENS);
tokenMachine = new DataStoreTokenMachine(pwmApplication, this, dataStore);
usedStorageMethod = DataStorageMethod.LOCALDB;
break;
}
case STORE_DB:
{
final DataStore dataStore = new DatabaseDataStore(pwmApplication.getDatabaseService(), DatabaseTable.TOKENS);
tokenMachine = new DataStoreTokenMachine(pwmApplication, this, dataStore);
usedStorageMethod = DataStorageMethod.DB;
break;
}
case STORE_CRYPTO:
tokenMachine = new CryptoTokenMachine(this);
usedStorageMethod = DataStorageMethod.CRYPTO;
break;
case STORE_LDAP:
tokenMachine = new LdapTokenMachine(this, pwmApplication);
usedStorageMethod = DataStorageMethod.LDAP;
break;
default:
JavaHelper.unhandledSwitchStatement(storageMethod);
}
serviceInfo = new ServiceInfoBean(Collections.singletonList(usedStorageMethod));
} catch (PwmException e) {
final String errorMsg = "unable to start token manager: " + e.getErrorInformation().getDetailedErrorMsg();
final ErrorInformation newErrorInformation = new ErrorInformation(e.getError(), errorMsg);
errorInformation = newErrorInformation;
LOGGER.error(newErrorInformation.toDebugStr());
status = STATUS.CLOSED;
return;
}
executorService = Executors.newSingleThreadScheduledExecutor(JavaHelper.makePwmThreadFactory(JavaHelper.makeThreadName(pwmApplication, this.getClass()) + "-", true));
final TimerTask cleanerTask = new CleanerTask();
{
final int cleanerFrequencySeconds = Integer.parseInt(configuration.readAppProperty(AppProperty.TOKEN_CLEANER_INTERVAL_SECONDS));
final TimeDuration cleanerFrequency = new TimeDuration(cleanerFrequencySeconds, TimeUnit.SECONDS);
executorService.scheduleAtFixedRate(cleanerTask, 10, cleanerFrequencySeconds, TimeUnit.SECONDS);
LOGGER.trace("token cleanup will occur every " + cleanerFrequency.asCompactString());
}
verifyPwModifyTime = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.TOKEN_VERIFY_PW_MODIFY_TIME));
status = STATUS.OPEN;
LOGGER.debug("open");
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenService method markTokenAsClaimed.
private void markTokenAsClaimed(final TokenKey tokenKey, final PwmSession pwmSession, final TokenPayload tokenPayload) throws PwmUnrecoverableException {
if (tokenPayload == null || tokenPayload.getUserIdentity() == null) {
return;
}
final boolean removeOnClaim = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.TOKEN_REMOVE_ON_CLAIM));
if (removeOnClaim) {
try {
LOGGER.trace(pwmSession, "removing claimed token: " + tokenPayload.toDebugString());
tokenMachine.removeToken(tokenKey);
} catch (PwmOperationalException e) {
LOGGER.error(pwmSession, "error clearing claimed token: " + e.getMessage());
}
}
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.TOKEN_CLAIMED, tokenPayload.getUserIdentity(), pwmSession.getLabel(), JsonUtil.serialize(tokenPayload));
pwmApplication.getAuditManager().submit(auditRecord);
StatisticsManager.incrementStat(pwmApplication, Statistic.TOKENS_PASSSED);
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenService method generateNewToken.
public String generateNewToken(final TokenPayload tokenPayload, final SessionLabel sessionLabel) throws PwmUnrecoverableException, PwmOperationalException {
checkStatus();
final String tokenKey;
try {
tokenKey = tokenMachine.generateToken(sessionLabel, tokenPayload);
tokenMachine.storeToken(tokenMachine.keyFromKey(tokenKey), tokenPayload);
} catch (PwmException e) {
final String errorMsg = "unexpected error trying to store token in datastore: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(e.getError(), errorMsg);
throw new PwmOperationalException(errorInformation);
}
LOGGER.trace(sessionLabel, "generated token with payload: " + tokenPayload.toDebugString());
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.TOKEN_ISSUED, tokenPayload.getUserIdentity(), sessionLabel, JsonUtil.serialize(tokenPayload));
pwmApplication.getAuditManager().submit(auditRecord);
return tokenKey;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenService method makeUniqueTokenForMachine.
String makeUniqueTokenForMachine(final SessionLabel sessionLabel, final TokenMachine machine) throws PwmUnrecoverableException, PwmOperationalException {
String tokenKey = null;
int attempts = 0;
final int maxUniqueCreateAttempts = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.TOKEN_MAX_UNIQUE_CREATE_ATTEMPTS));
while (tokenKey == null && attempts < maxUniqueCreateAttempts) {
tokenKey = makeRandomCode(configuration);
LOGGER.trace(sessionLabel, "generated new token random code, checking for uniqueness");
final TokenPayload existingPayload = machine.retrieveToken(tokenMachine.keyFromKey(tokenKey));
if (existingPayload != null) {
tokenKey = null;
}
attempts++;
}
if (tokenKey == null) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unable to generate a unique token key after " + attempts + " attempts"));
}
LOGGER.trace(sessionLabel, "created new unique random token value after " + attempts + " attempts");
return tokenKey;
}
use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.
the class TokenUtil method initializeAndSendToken.
public static void initializeAndSendToken(final PwmRequest pwmRequest, final TokenInitAndSendRequest tokenInitAndSendRequest) throws PwmUnrecoverableException {
final Configuration config = pwmRequest.getConfig();
final UserInfo userInfo = tokenInitAndSendRequest.getUserInfo();
final Map<String, String> tokenMapData = new LinkedHashMap<>();
final MacroMachine macroMachine;
{
if (tokenInitAndSendRequest.getMacroMachine() != null) {
macroMachine = tokenInitAndSendRequest.getMacroMachine();
} else if (tokenInitAndSendRequest.getUserInfo() != null) {
macroMachine = MacroMachine.forUser(pwmRequest, userInfo.getUserIdentity(), makeTokenDestStringReplacer(tokenInitAndSendRequest.getTokenDestinationItem()));
} else {
macroMachine = null;
}
}
if (userInfo != null) {
final Instant userLastPasswordChange = userInfo.getPasswordLastModifiedTime();
if (userLastPasswordChange != null) {
final String userChangeString = JavaHelper.toIsoDate(userLastPasswordChange);
tokenMapData.put(PwmConstants.TOKEN_KEY_PWD_CHG_DATE, userChangeString);
}
}
if (tokenInitAndSendRequest.getInputTokenData() != null) {
tokenMapData.putAll(tokenInitAndSendRequest.getInputTokenData());
}
final String tokenKey;
final TokenPayload tokenPayload;
{
final TimeDuration tokenLifetime = tokenInitAndSendRequest.getTokenLifetime() == null ? new TimeDuration(config.readSettingAsLong(PwmSetting.TOKEN_LIFETIME), TimeUnit.SECONDS) : tokenInitAndSendRequest.getTokenLifetime();
try {
tokenPayload = pwmRequest.getPwmApplication().getTokenService().createTokenPayload(tokenInitAndSendRequest.getTokenType(), tokenLifetime, tokenMapData, userInfo == null ? null : userInfo.getUserIdentity(), tokenInitAndSendRequest.getTokenDestinationItem());
tokenKey = pwmRequest.getPwmApplication().getTokenService().generateNewToken(tokenPayload, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
}
final EmailItemBean emailItemBean = tokenInitAndSendRequest.getEmailToSend() == null ? null : config.readSettingAsEmail(tokenInitAndSendRequest.getEmailToSend(), pwmRequest.getLocale());
final String smsMessage = tokenInitAndSendRequest.getSmsToSend() == null ? null : config.readSettingAsLocalizedString(tokenInitAndSendRequest.getSmsToSend(), pwmRequest.getLocale());
TokenService.TokenSender.sendToken(TokenService.TokenSendInfo.builder().pwmApplication(pwmRequest.getPwmApplication()).userInfo(userInfo).macroMachine(macroMachine).configuredEmailSetting(emailItemBean).tokenDestinationItem(tokenInitAndSendRequest.getTokenDestinationItem()).smsMessage(smsMessage).tokenKey(tokenKey).sessionLabel(pwmRequest.getSessionLabel()).build());
}
Aggregations