Example 56 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class LocalDbOtpOperator method writeOtpUserConfiguration.
@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity theUser, final String userGUID, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
LOGGER.trace(pwmSession, String.format("Enter: writeOtpUserConfiguration(%s, %s, %s)", theUser, userGUID, otpConfig));
if (userGUID == null || userGUID.length() < 1) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_MISSING_GUID, "cannot save otp to localDB, user does not have a pwmGUID"));
}
if (localDB == null || localDB.status() != LocalDB.Status.OPEN) {
final String errorMsg = "LocalDB is not available, unable to write user otp";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_LOCALDB_UNAVAILABLE, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final Configuration config = this.getPwmApplication().getConfig();
String value = composeOtpAttribute(otpConfig);
if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
LOGGER.debug(pwmSession, "Encrypting OTP secret for storage");
value = encryptAttributeValue(value);
}
localDB.put(LocalDB.DB.OTP_SECRET, userGUID, value);
LOGGER.info(pwmSession, "saved OTP secret for user in LocalDB");
} catch (LocalDBException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected LocalDB error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
} catch (PwmOperationalException ex) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, "unexpected error saving otp to localDB: " + ex.getMessage());
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(ex);
throw pwmOE;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
Configuration(password.pwm.config.Configuration)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
LocalDBException(password.pwm.util.localdb.LocalDBException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 57 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class FormUtility method ldapSearchFilterForForm.
public static String ldapSearchFilterForForm(final PwmApplication pwmApplication, final Collection<FormConfiguration> formElements) throws PwmUnrecoverableException {
if (formElements == null || formElements.isEmpty()) {
final String errorMsg = "can not auto-generate ldap search filter for form with no required form items";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] { errorMsg });
throw new PwmUnrecoverableException(errorInformation);
}
final StringBuilder sb = new StringBuilder();
sb.append("(&");
final List<String> objectClasses = pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES);
if (objectClasses != null && !objectClasses.isEmpty()) {
if (objectClasses.size() == 1) {
sb.append("(objectclass=");
sb.append(objectClasses.iterator().next());
sb.append(")");
} else {
sb.append("(|");
for (final String objectClassValue : objectClasses) {
sb.append("(objectclass=");
sb.append(objectClassValue);
sb.append(")");
}
sb.append(")");
}
}
for (final FormConfiguration formConfiguration : formElements) {
final String formElementName = formConfiguration.getName();
sb.append("(");
sb.append(formElementName);
sb.append("=");
sb.append("%").append(formElementName).append("%");
sb.append(")");
}
sb.append(")");
return sb.toString();
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
Example 58 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class UserIdentity method toObfuscatedKey.
public String toObfuscatedKey(final PwmApplication pwmApplication) throws PwmUnrecoverableException {
// use local cache first.
if (!StringUtil.isEmpty(obfuscatedValue)) {
return obfuscatedValue;
}
// check app cache. This is used primarily so that keys are static over some meaningful lifetime, allowing browser caching based on keys.
final CacheService cacheService = pwmApplication.getCacheService();
final CacheKey cacheKey = CacheKey.makeCacheKey(this.getClass(), null, "userKey" + "|" + this.toDelimitedKey());
final String cachedValue = cacheService.get(cacheKey);
if (!StringUtil.isEmpty(cachedValue)) {
obfuscatedValue = cachedValue;
return cachedValue;
}
// generate key
try {
final String jsonValue = JsonUtil.serialize(this);
final String localValue = CRYPO_HEADER + pwmApplication.getSecureService().encryptToString(jsonValue);
this.obfuscatedValue = localValue;
cacheService.put(cacheKey, CachePolicy.makePolicyWithExpiration(TimeDuration.DAY), localValue);
return localValue;
} catch (Exception e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error making obfuscated user key: " + e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
CacheKey(password.pwm.svc.cache.CacheKey)
ChaiException(com.novell.ldapchai.exception.ChaiException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
CacheService(password.pwm.svc.cache.CacheService)
Example 59 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class UserIdentity method fromDelimitedKey.
public static UserIdentity fromDelimitedKey(final String key) throws PwmUnrecoverableException {
if (key == null || key.length() < 1) {
return null;
}
final StringTokenizer st = new StringTokenizer(key, DELIM_SEPARATOR);
if (st.countTokens() < 2) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "not enough tokens while parsing delimited identity key"));
} else if (st.countTokens() > 2) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "too many string tokens while parsing delimited identity key"));
}
final String profileID = st.nextToken();
final String userDN = st.nextToken();
return new UserIdentity(userDN, profileID);
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
StringTokenizer(java.util.StringTokenizer)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 60 with PwmUnrecoverableException
use of password.pwm.error.PwmUnrecoverableException in project pwm by pwm-project.
the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.
static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
switch(recoveryVerificationMethods) {
case TOKEN:
{
ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
}
break;
case ATTRIBUTES:
{
final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
if (formConfiguration == null || formConfiguration.isEmpty()) {
final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case OTP:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
if (userInfo.getOtpUserRecord() == null) {
final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case CHALLENGE_RESPONSES:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
throw new PwmUnrecoverableException(errorInformation);
}
final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
try {
if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
} catch (ChaiValidationException e) {
final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
default:
// continue, assume no data requirements for method.
break;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
List(java.util.List)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
UserInfo(password.pwm.ldap.UserInfo)
Aggregations
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)282
ErrorInformation (password.pwm.error.ErrorInformation)201
PwmOperationalException (password.pwm.error.PwmOperationalException)85
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)75
IOException (java.io.IOException)72
PwmException (password.pwm.error.PwmException)69
PwmApplication (password.pwm.PwmApplication)48
UserIdentity (password.pwm.bean.UserIdentity)48
Configuration (password.pwm.config.Configuration)43
ServletException (javax.servlet.ServletException)38
LinkedHashMap (java.util.LinkedHashMap)37
Instant (java.time.Instant)35
ArrayList (java.util.ArrayList)31
PwmSession (password.pwm.http.PwmSession)30
Map (java.util.Map)28
ChaiUser (com.novell.ldapchai.ChaiUser)26
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
FormConfiguration (password.pwm.config.value.data.FormConfiguration)24
HashMap (java.util.HashMap)23
ChaiException (com.novell.ldapchai.exception.ChaiException)22
