Example 1 with SecureService
use of password.pwm.util.secure.SecureService in project pwm by pwm-project.
the class TokenDestinationItem method allFromConfig.
public static List<TokenDestinationItem> allFromConfig(final PwmApplication pwmApplication, final UserInfo userInfo) throws PwmUnrecoverableException {
final Configuration configuration = pwmApplication.getConfig();
final SecureService secureService = pwmApplication.getSecureService();
final TokenDestinationDisplayMasker tokenDestinationDisplayMasker = new TokenDestinationDisplayMasker(configuration);
final Map<String, TokenDestinationItem> results = new LinkedHashMap<>();
for (final String emailValue : new String[] { userInfo.getUserEmailAddress(), userInfo.getUserEmailAddress2(), userInfo.getUserEmailAddress3() }) {
if (!StringUtil.isEmpty(emailValue)) {
final String idHash = secureService.hash(emailValue + Type.email.name());
final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskEmail(emailValue)).value(emailValue).type(Type.email).build();
results.put(idHash, item);
}
}
for (final String smsValue : new String[] { userInfo.getUserSmsNumber(), userInfo.getUserSmsNumber2(), userInfo.getUserSmsNumber3() }) {
if (!StringUtil.isEmpty(smsValue)) {
final String idHash = secureService.hash(smsValue + Type.sms.name());
final TokenDestinationItem item = TokenDestinationItem.builder().id(idHash).display(tokenDestinationDisplayMasker.maskPhone(smsValue)).value(smsValue).type(Type.sms).build();
results.put(idHash, item);
}
}
return Collections.unmodifiableList(new ArrayList<>(results.values()));
}
Also used :
SecureService(password.pwm.util.secure.SecureService)
Configuration(password.pwm.config.Configuration)
TokenDestinationDisplayMasker(password.pwm.svc.token.TokenDestinationDisplayMasker)
LinkedHashMap(java.util.LinkedHashMap)
Example 2 with SecureService
use of password.pwm.util.secure.SecureService in project pwm by pwm-project.
the class HelpdeskServlet method restVerifyVerificationTokenRequest.
@ActionHandler(action = "verifyVerificationToken")
private ProcessStatus restVerifyVerificationTokenRequest(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final Instant startTime = Instant.now();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), HelpdeskVerificationRequestBean.class);
final String token = helpdeskVerificationRequestBean.getCode();
final SecureService secureService = pwmRequest.getPwmApplication().getSecureService();
final HelpdeskVerificationRequestBean.TokenData tokenData = secureService.decryptObject(helpdeskVerificationRequestBean.getTokenData(), HelpdeskVerificationRequestBean.TokenData.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
if (tokenData == null || tokenData.getIssueDate() == null || tokenData.getToken() == null || tokenData.getToken().isEmpty()) {
final String errorMsg = "token data is corrupted";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, errorMsg));
}
final TimeDuration maxTokenAge = new TimeDuration(Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_TOKEN_MAX_AGE)) * 1000);
final Date maxTokenAgeTimestamp = new Date(System.currentTimeMillis() - maxTokenAge.getTotalMilliseconds());
if (tokenData.getIssueDate().before(maxTokenAgeTimestamp)) {
final String errorMsg = "token is older than maximum issue time (" + maxTokenAge.asCompactString() + ")";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_TOKEN_EXPIRED, errorMsg));
}
final boolean passed = tokenData.getToken().equals(token);
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_TOKEN, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.TOKEN);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_TOKEN_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
SecureService(password.pwm.util.secure.SecureService)
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Date(java.util.Date)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
TimeDuration(password.pwm.util.java.TimeDuration)
PwmSession(password.pwm.http.PwmSession)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 3 with SecureService
use of password.pwm.util.secure.SecureService in project pwm by pwm-project.
the class RestFormSigningServer method handleRestJsonPostRequest.
@RestMethodHandler(method = HttpMethod.POST, produces = HttpContentType.json)
private RestResultBean handleRestJsonPostRequest(final RestRequest restRequest) throws IOException, PwmUnrecoverableException {
final Map<String, String> inputFormData = restRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
if (!restRequest.getRestAuthentication().getUsages().contains(WebServiceUsage.SigningForm)) {
final String errorMsg = "request is not authenticated with permission for " + WebServiceUsage.SigningForm;
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
return RestResultBean.fromError(errorInformation);
}
try {
if (!JavaHelper.isEmpty(inputFormData)) {
final SecureService securityService = restRequest.getPwmApplication().getSecureService();
final SignedFormData signedFormData = new SignedFormData(Instant.now(), inputFormData);
final String signedValue = securityService.encryptObjectToString(signedFormData);
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_SIGNING_FORM);
return RestResultBean.withData(signedValue);
}
throw PwmUnrecoverableException.newException(PwmError.ERROR_MISSING_PARAMETER, "POST body should be a json object");
} catch (Exception e) {
if (e instanceof PwmUnrecoverableException) {
throw e;
}
final String errorMsg = "unexpected error building json response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
SecureService(password.pwm.util.secure.SecureService)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
IOException(java.io.IOException)
RestMethodHandler(password.pwm.ws.server.RestMethodHandler)
Example 4 with SecureService
use of password.pwm.util.secure.SecureService in project pwm by pwm-project.
the class NewUserFormUtils method fromTokenPayload.
static NewUserTokenData fromTokenPayload(final PwmRequest pwmRequest, final TokenPayload tokenPayload) throws PwmOperationalException, PwmUnrecoverableException {
final SecureService secureService = pwmRequest.getPwmApplication().getSecureService();
final Map<String, String> payloadMap = tokenPayload.getData();
if (!payloadMap.containsKey(NewUserServlet.TOKEN_PAYLOAD_ATTR)) {
throw new PwmOperationalException(new ErrorInformation(PwmError.ERROR_TOKEN_INCORRECT, "token is missing new user form data"));
}
final String encryptedTokenData = payloadMap.get(NewUserServlet.TOKEN_PAYLOAD_ATTR);
return secureService.decryptObject(encryptedTokenData, NewUserTokenData.class);
}
Also used :
SecureService(password.pwm.util.secure.SecureService)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 5 with SecureService
use of password.pwm.util.secure.SecureService in project pwm by pwm-project.
the class CryptoRequestBeanImpl method getSessionBean.
@Override
public <E extends PwmSessionBean> E getSessionBean(final PwmRequest pwmRequest, final Class<E> theClass) throws PwmUnrecoverableException {
final Map<Class<E>, E> cachedMap = getBeanMap(pwmRequest);
if (cachedMap.containsKey(theClass)) {
return cachedMap.get(theClass);
}
final String submittedPwmFormID = pwmRequest.readParameterAsString(PwmConstants.PARAM_FORM_ID);
if (submittedPwmFormID != null && submittedPwmFormID.length() > 0) {
final FormNonce formNonce = pwmRequest.getPwmApplication().getSecureService().decryptObject(submittedPwmFormID, FormNonce.class);
final SecureService secureService = pwmRequest.getPwmApplication().getSecureService();
final E bean = secureService.decryptObject(formNonce.getPayload(), theClass);
cachedMap.put(theClass, bean);
return bean;
}
final String sessionGuid = pwmRequest.getPwmSession().getLoginInfoBean().getGuid();
final E newBean = SessionStateService.newBean(sessionGuid, theClass);
cachedMap.put(theClass, newBean);
return newBean;
}
Also used :
SecureService(password.pwm.util.secure.SecureService)
FormNonce(password.pwm.bean.FormNonce)
Aggregations
SecureService (password.pwm.util.secure.SecureService)9
ErrorInformation (password.pwm.error.ErrorInformation)4
Instant (java.time.Instant)2
Date (java.util.Date)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
UserIdentity (password.pwm.bean.UserIdentity)2
Configuration (password.pwm.config.Configuration)2
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2
RestResultBean (password.pwm.ws.server.RestResultBean)2
IOException (java.io.IOException)1
Map (java.util.Map)1
EmailItemBean (password.pwm.bean.EmailItemBean)1
FormNonce (password.pwm.bean.FormNonce)1
TokenDestinationItem (password.pwm.bean.TokenDestinationItem)1
MessageSendMethod (password.pwm.config.option.MessageSendMethod)1
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)1
ActionConfiguration (password.pwm.config.value.data.ActionConfiguration)1
FormConfiguration (password.pwm.config.value.data.FormConfiguration)1
PwmException (password.pwm.error.PwmException)1
