Examples with PwmOperationalException password.pwm.error.PwmOperationalException used on opensource projects

Example 66 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class Validator method validatePwmRequestCounter.

public static void validatePwmRequestCounter(final PwmRequest pwmRequest) throws PwmOperationalException, PwmUnrecoverableException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final boolean enforceRequestSequencing = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.SECURITY_HTTP_FORCE_REQUEST_SEQUENCING));
    if (enforceRequestSequencing) {
        final String requestVerificationKey = String.valueOf(pwmSession.getLoginInfoBean().getReqCounter());
        final String submittedPwmFormID = pwmRequest.readParameterAsString(PwmConstants.PARAM_FORM_ID);
        if (submittedPwmFormID == null || submittedPwmFormID.isEmpty()) {
            return;
        }
        try {
            final FormNonce formNonce = pwmRequest.getPwmApplication().getSecureService().decryptObject(submittedPwmFormID, FormNonce.class);
            final String submittedRequestVerificationKey = String.valueOf(formNonce.getReqCounter());
            if (!requestVerificationKey.equals(submittedRequestVerificationKey)) {
                final String debugMsg = "expectedPageID=" + requestVerificationKey + ", submittedPageID=" + submittedRequestVerificationKey + ", url=" + pwmRequest.getURL().toString();
                throw new PwmOperationalException(PwmError.ERROR_INCORRECT_REQ_SEQUENCE, debugMsg);
            }
        } catch (StringIndexOutOfBoundsException | NumberFormatException e) {
            throw new PwmOperationalException(PwmError.ERROR_INCORRECT_REQ_SEQUENCE);
        }
    }
}

Example 67 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class PwmPasswordRuleValidator method invokeExternalRuleMethods.

public List<ErrorInformation> invokeExternalRuleMethods(final Configuration config, final PwmPasswordPolicy pwmPasswordPolicy, final PasswordData password, final UserInfo userInfo) throws PwmUnrecoverableException {
    final List<ErrorInformation> returnedErrors = new ArrayList<>();
    final String restURL = config.readSettingAsString(PwmSetting.EXTERNAL_PWCHECK_REST_URLS);
    final boolean haltOnError = Boolean.parseBoolean(config.readAppProperty(AppProperty.WS_REST_CLIENT_PWRULE_HALTONERROR));
    final Map<String, Object> sendData = new LinkedHashMap<>();
    if (restURL == null || restURL.isEmpty()) {
        return Collections.emptyList();
    }
    {
        final String passwordStr = password == null ? "" : password.getStringValue();
        sendData.put("password", passwordStr);
    }
    if (pwmPasswordPolicy != null) {
        final LinkedHashMap<String, Object> policyData = new LinkedHashMap<>();
        for (final PwmPasswordRule rule : PwmPasswordRule.values()) {
            policyData.put(rule.name(), pwmPasswordPolicy.getValue(rule));
        }
        sendData.put("policy", policyData);
    }
    if (userInfo != null) {
        final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, PwmConstants.DEFAULT_LOCALE, SessionLabel.SYSTEM_LABEL, userInfo.getUserIdentity());
        final PublicUserInfoBean publicUserInfoBean = PublicUserInfoBean.fromUserInfoBean(userInfo, pwmApplication.getConfig(), locale, macroMachine);
        sendData.put("userInfo", publicUserInfoBean);
    }
    final String jsonRequestBody = JsonUtil.serializeMap(sendData);
    try {
        final String responseBody = RestClientHelper.makeOutboundRestWSCall(pwmApplication, locale, restURL, jsonRequestBody);
        final Map<String, Object> responseMap = JsonUtil.deserialize(responseBody, new TypeToken<Map<String, Object>>() {
        });
        if (responseMap.containsKey(REST_RESPONSE_KEY_ERROR) && Boolean.parseBoolean(responseMap.get(REST_RESPONSE_KEY_ERROR).toString())) {
            if (responseMap.containsKey(REST_RESPONSE_KEY_ERROR_MSG)) {
                final String errorMessage = responseMap.get(REST_RESPONSE_KEY_ERROR_MSG).toString();
                LOGGER.trace("external web service reported error: " + errorMessage);
                returnedErrors.add(new ErrorInformation(PwmError.PASSWORD_CUSTOM_ERROR, errorMessage, errorMessage, null));
            } else {
                LOGGER.trace("external web service reported error without specifying an errorMessage");
                returnedErrors.add(new ErrorInformation(PwmError.PASSWORD_CUSTOM_ERROR));
            }
        } else {
            LOGGER.trace("external web service did not report an error");
        }
    } catch (PwmOperationalException e) {
        final String errorMsg = "error executing external rule REST call: " + e.getMessage();
        LOGGER.error(errorMsg);
        if (haltOnError) {
            throw new PwmUnrecoverableException(e.getErrorInformation(), e);
        }
        throw new IllegalStateException("http response error code: " + e.getMessage());
    }
    return returnedErrors;
}

Example 68 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class CASFilterAuthenticationProvider method authUserUsingCASClearPass.

private static boolean authUserUsingCASClearPass(final PwmRequest pwmRequest) throws UnsupportedEncodingException, PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final HttpSession session = pwmRequest.getHttpServletRequest().getSession();
    // make sure user session isn't already authenticated
    if (pwmSession.isAuthenticated()) {
        return false;
    }
    // read CAS assertion out of the header (if it exists);
    final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
    if (assertion == null) {
        LOGGER.trace(pwmSession, "no CAS assertion header present, skipping CAS authentication attempt");
        return false;
    }
    final String username = assertion.getPrincipal().getName();
    PasswordData password = null;
    final AttributePrincipal attributePrincipal = assertion.getPrincipal();
    final Map<String, Object> casAttributes = attributePrincipal.getAttributes();
    final String encodedPsw = (String) casAttributes.get("credential");
    if (encodedPsw == null) {
        LOGGER.trace("No credential");
    } else {
        final Map<FileInformation, FileContent> privatekey = pwmRequest.getConfig().readSettingAsFile(PwmSetting.CAS_CLEARPASS_KEY);
        final String alg = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEARPASS_ALGORITHM);
        password = decryptPassword(alg, privatekey, encodedPsw);
    }
    // If using the old method
    final String clearPassUrl = pwmRequest.getConfig().readSettingAsString(PwmSetting.CAS_CLEAR_PASS_URL);
    if ((clearPassUrl != null && clearPassUrl.length() > 0) && (password == null || password.getStringValue().length() < 1)) {
        LOGGER.trace(pwmSession, "Using CAS clearpass via proxy");
        // read cas proxy ticket
        final String proxyTicket = assertion.getPrincipal().getProxyTicketFor(clearPassUrl);
        if (proxyTicket == null) {
            LOGGER.trace(pwmSession, "no CAS proxy ticket available, skipping CAS authentication attempt");
            return false;
        }
        final String clearPassRequestUrl = clearPassUrl + "?" + "ticket=" + proxyTicket + "&" + "service=" + StringUtil.urlEncode(clearPassUrl);
        try {
            final String response = CommonUtils.getResponseFromServer(new URL(clearPassRequestUrl), new HttpsURLConnectionFactory(), "UTF-8");
            password = new PasswordData(XmlUtils.getTextForElement(response, "credentials"));
        } catch (MalformedURLException e) {
            LOGGER.error(pwmSession, "Invalid CAS clearPassUrl");
        }
    }
    if (password == null || password.getStringValue().length() < 1) {
        final String errorMsg = "CAS server did not return credentials for user '" + username + "'";
        LOGGER.trace(pwmSession, errorMsg);
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_WRONGPASSWORD, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
    // user isn't already authenticated and has CAS assertion and password, so try to auth them.
    LOGGER.debug(pwmSession, "attempting to authenticate user '" + username + "' using CAS assertion and password");
    final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.CAS);
    sessionAuthenticator.searchAndAuthenticateUser(username, password, null, null);
    return true;
}

Example 69 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class LdapTokenMachine method storeToken.

public void storeToken(final TokenKey tokenKey, final TokenPayload tokenPayload) throws PwmOperationalException, PwmUnrecoverableException {
    try {
        final String md5sumToken = tokenKey.getStoredHash();
        final String encodedTokenPayload = tokenService.toEncryptedString(tokenPayload);
        final UserIdentity userIdentity = tokenPayload.getUserIdentity();
        final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userIdentity);
        chaiUser.writeStringAttribute(tokenAttribute, md5sumToken + KEY_VALUE_DELIMITER + encodedTokenPayload);
    } catch (ChaiException e) {
        final String errorMsg = "unexpected ldap error saving token: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
}

Example 70 with PwmOperationalException

use of password.pwm.error.PwmOperationalException in project pwm by pwm-project.

the class DataStoreTokenMachine method purgeOutdatedTokens.

private void purgeOutdatedTokens() throws PwmUnrecoverableException, PwmOperationalException {
    final Instant startTime = Instant.now();
    LOGGER.trace("beginning purge cycle; database size = " + size());
    try (ClosableIterator<String> keyIterator = dataStore.iterator()) {
        while (tokenService.status() == PwmService.STATUS.OPEN && keyIterator.hasNext()) {
            final String storedHash = keyIterator.next();
            final TokenKey loopKey = keyFromStoredHash(storedHash);
            // retrieving token tests validity and causes purging
            retrieveToken(loopKey);
        }
    } catch (Exception e) {
        LOGGER.error("unexpected error while cleaning expired stored tokens: " + e.getMessage());
    }
    LOGGER.trace("completed record purge cycle in " + TimeDuration.fromCurrent(startTime).asCompactString() + "; database size = " + size());
}