@Deprecated public static IdentityException error(String errorDescription) { IdentityException identityException = new IdentityException(errorDescription); // ErrorInfo.ErrorInfoBuilder errorInfoBuilder = new ErrorInfo.ErrorInfoBuilder(errorDescription); // identityException.addErrorInfo(errorInfoBuilder.build()); return identityException; }
@Deprecated public static IdentityException error(String errorCode, String message, Throwable cause) { return new IdentityException(errorCode, message, cause); }
@Deprecated public static IdentityException error(String errorDescription, Throwable cause) { IdentityException identityException = new IdentityException(errorDescription, cause); // ErrorInfo.ErrorInfoBuilder errorInfoBuilder = new ErrorInfo.ErrorInfoBuilder(errorDescription); // errorInfoBuilder.cause(cause); // identityException.addErrorInfo(errorInfoBuilder.build()); return identityException; }
@Deprecated public static IdentityException error(String message, Throwable cause) { return new IdentityException(message, cause); } @Deprecated
@Deprecated public static IdentityException error(String message) { return new IdentityException(message); } @Deprecated
@Deprecated public static IdentityException error(String errorCode, String message) { return new IdentityException(errorCode, message); } @Deprecated
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore = null; try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) { clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } } }
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore; try (InputStream trustStoreInputStream =new FileInputStream(TRUST_STORE_LOCATION)){ clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } } }
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore; try (InputStream trustStoreInputStream =new FileInputStream(TRUST_STORE_LOCATION)){ clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } } }
/** * This method reloads the TrustManager by reading the carbon server's default trust store file * * @throws Exception */ private void setupTrustManager() throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore clientTrustStore = null; try (InputStream trustStoreInputStream = new FileInputStream(TRUST_STORE_LOCATION)) { clientTrustStore = KeyStore.getInstance(TRUST_STORE_TYPE); clientTrustStore.load(trustStoreInputStream, null); trustManagerFactory.init(clientTrustStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager t : trustManagers) { if (t instanceof X509TrustManager) { trustManager = (X509TrustManager) t; System.setProperty(IdentityUtil.PROP_TRUST_STORE_UPDATE_REQUIRED, Boolean.FALSE.toString()); return; } } throw new IdentityException("No X509TrustManager in TrustManagerFactory"); } } }
@Override public void removeSession(String sessionId) throws IdentityException { Connection connection = null; PreparedStatement prepStmt = null; if (isSessionExisting(sessionId)) { try { connection = ThriftAuthenticationDatabaseUtil.getDBConnection(); prepStmt = connection.prepareStatement(ThriftAuthenticationConstants.DELETE_SESSION_SQL); prepStmt.setString(1, sessionId); prepStmt.execute(); connection.commit(); } catch (AuthenticationException e) { String errorMsg = "Error when getting an Identity Persistence Store instance."; log.error(errorMsg, e); throw new IdentityException(errorMsg, e); } catch (SQLException e) { log.error("Error when executing the SQL : " + ThriftAuthenticationConstants.DELETE_SESSION_SQL); log.error(e.getMessage(), e); throw new IdentityException("Error deleting the Thrift Session."); } finally { ThriftAuthenticationDatabaseUtil.closeAllConnections(connection, null, prepStmt); } } else { String errorMessage = "Thrift session with given Session Id already exists."; log.error(errorMessage); throw new IdentityException(errorMessage); } }
@Override public Certificate getCertificate(String tenantDomain) throws IdentityException { try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); return keyStoreManager.getDefaultPrimaryCertificate(); } catch (UserStoreException e) { throw new IdentityException("Error retrieving the tenant ID for tenant: " + tenantDomain, e); } catch (Exception e) { throw new IdentityException( "Error retrieving the primary certificate of the server, the tenant is: " + tenantDomain, e); } } }
@Override public Certificate getCertificate(String tenantDomain) throws IdentityException { try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); return keyStoreManager.getDefaultPrimaryCertificate(); } catch (UserStoreException e) { throw new IdentityException("Error retrieving the tenant ID for tenant: " + tenantDomain, e); } catch (Exception e) { throw new IdentityException( "Error retrieving the primary certificate of the server, the tenant is: " + tenantDomain, e); } } }
/** * Commit or rollback the registry operation depends on the error condition. * @param isErrorOccurred Identifier for error transactions. * @throws IdentityException Error while committing or running rollback on the transaction. */ private void commitOrRollbackTransaction(boolean isErrorOccurred) throws IdentityException { try { // Rollback the transaction if there is an error, Otherwise try to commit. if (isErrorOccurred) { registry.rollbackTransaction(); } else { registry.commitTransaction(); } } catch (RegistryException ex) { throw new IdentityException("Error occurred while trying to commit or rollback the registry operation.", ex); } } }
/** * Commit or rollback the registry operation depends on the error condition. * @param isErrorOccurred Identifier for error transactions. * @throws IdentityException Error while committing or running rollback on the transaction. */ private void commitOrRollbackTransaction(boolean isErrorOccurred) throws IdentityException { try { // Rollback the transaction if there is an error, Otherwise try to commit. if (isErrorOccurred) { registry.rollbackTransaction(); } else { registry.commitTransaction(); } } catch (RegistryException ex) { throw new IdentityException("Error occurred while trying to commit or rollback the registry operation.", ex); } } }
@Override public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException { PrivateKey privateKey; try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); } else { privateKey = keyStoreManager.getDefaultPrivateKey(); } } catch (Exception e) { throw new IdentityException("Error retrieving private key for tenant: " + tenantDomain, e); } return privateKey; }
@Override public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException { PrivateKey privateKey; try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); } else { privateKey = keyStoreManager.getDefaultPrivateKey(); } } catch (Exception e) { throw new IdentityException("Error retrieving private key for tenant: " + tenantDomain, e); } return privateKey; }
/** * Set parameters needed for build Sign Key from the Sign KeyStore which is defined under Security.KeyStore in * carbon.xml * * @throws Exception */ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exception { if (log.isDebugEnabled()) { log.debug("Initializing Key Data for super tenant using system key store"); } String keyAlias = ServerConfiguration.getInstance().getFirstProperty(SECURITY_KEY_STORE_KEY_ALIAS); if (StringUtils.isBlank(keyAlias)) { throw new IdentityException("Invalid file configurations. The key alias is not found."); } KeyStoreAdmin keyAdmin = new KeyStoreAdmin(MultitenantConstants.SUPER_TENANT_ID, SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry()); KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true); Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class); publicKey = issuerCerts[0].getPublicKey(); signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = publicKey.getAlgorithm(); if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(pubKeyAlgo)) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } }
private void onSuccessLogin(ThriftSession authSession) throws IdentityException { PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); try { carbonContext.setUsername((String) (authSession.getAttribute(ServerConstants.AUTHENTICATION_SERVICE_USERNAME))); carbonContext.setTenantDomain((String) (authSession.getAttribute(MultitenantConstants.TENANT_DOMAIN))); carbonContext.setTenantId((Integer) (authSession.getAttribute(MultitenantConstants.TENANT_ID))); } catch (Exception e) { String authErrorMsg = "Error populating current carbon context from thrift auth session: " + e.getMessage(); throw new IdentityException(authErrorMsg); } }
/** * @param dto * @return * @throws IdentityException * @throws RegistryException */ public boolean addOpenIdToProfile(OpenIDDTO dto) throws IdentityException, RegistryException { String openID = dto.getOpenID(); String tenantDomain = MultitenantUtils.getDomainNameFromOpenId(openID); UserRealm realm = IdentityTenantUtil.getRealm(tenantDomain, dto.getUserName()); try { if (realm.getUserStoreManager().isExistingUser(dto.getUserName())) { if (dto.getPassword() != null) { boolean authenticated = realm.getUserStoreManager().authenticate( dto.getUserName(), dto.getPassword()); if (authenticated) { return doOpenIDSignUp(dto.getUserName(), dto.getOpenID()); } } else { return doOpenIDSignUp(dto.getUserName(), dto.getOpenID()); } } } catch (Exception e) { throw new IdentityException(e.getMessage(), e); } return false; }