| | |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Malformed service ticket", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | Boolean isreuse = ticket.startsWith(CASLoginProtocol.PROXY_GRANTING_TICKET_PREFIX); |
| | | boolean isReusable = ticket.startsWith(CASLoginProtocol.PROXY_GRANTING_TICKET_PREFIX); |
| | | |
| | | String[] parsed = DOT.split(ticket.substring(prefix.length()), 3); |
| | | if (parsed.length != 3) { |
| | |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Invalid format of the code", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | String codeUUID = parsed[0]; |
| | | String userSessionId = parsed[1]; |
| | | String clientUUID = parsed[2]; |
| | | |
| | | event.detail(Details.CODE_ID, userSessionId); |
| | | event.session(userSessionId); |
| | | |
| | | // Parse UUID |
| | | String codeUUID; |
| | | try { |
| | | codeUUID = parsed[0]; |
| | | } catch (IllegalArgumentException re) { |
| | | event.error(Errors.INVALID_CODE); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET_SPEC, "Invalid format of the UUID in the code", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | // Retrieve UserSession |
| | | UserSessionModel userSession = new UserSessionCrossDCManager(session).getUserSessionWithClient(realm, userSessionId, clientUUID); |
| | |
| | | userSession = session.sessions().getUserSession(realm, userSessionId); |
| | | if (userSession == null) { |
| | | event.error(Errors.USER_SESSION_NOT_FOUND); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "User session not found", Response.Status.BAD_REQUEST); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); |
| | | } |
| | | } |
| | | |
| | | clientSession = userSession.getAuthenticatedClientSessionByClient(clientUUID); |
| | | if (clientSession == null) { |
| | | event.error(Errors.INVALID_CODE); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | SingleUseObjectProvider codeStore = session.singleUseObjects(); |
| | | Map<String, String> codeDataSerialized = isreuse? codeStore.get(prefix + codeUUID) : codeStore.remove(prefix + codeUUID); |
| | | Map<String, String> codeDataSerialized = isReusable ? codeStore.get(prefix + codeUUID) : codeStore.remove(prefix + codeUUID); |
| | | |
| | | // Either code not available |
| | | if (codeDataSerialized == null) { |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code already used", Response.Status.BAD_REQUEST); |
| | | event.error(Errors.INVALID_CODE); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | OAuth2Code codeData = OAuth2Code.deserializeCode(codeDataSerialized); |
| | | |
| | | String persistedUserSessionId = codeData.getUserSessionId(); |
| | | if (!userSessionId.equals(persistedUserSessionId)) { |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code "+codeUUID+"' is bound to a different session", Response.Status.BAD_REQUEST); |
| | | event.error(Errors.INVALID_CODE); |
| | | throw new CASValidationException(CASErrorCode.INVALID_TICKET, "Code not valid", Response.Status.BAD_REQUEST); |
| | | } |
| | | |
| | | // Finally doublecheck if code is not expired |
| | |
| | | } else { |
| | | if (!client.getClientId().equals(clientSession.getClient().getClientId())) { |
| | | event.error(Errors.INVALID_CODE); |
| | | throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Auth error", Response.Status.BAD_REQUEST); |
| | | throw new CASValidationException(CASErrorCode.INVALID_SERVICE, "Invalid service", Response.Status.BAD_REQUEST); |
| | | } |
| | | } |
| | | |
| | |
| | | this.pgtIou = pgtIou; |
| | | } catch (Exception e) { |
| | | event.error(Errors.INVALID_REQUEST); |
| | | throw new CASValidationException(CASErrorCode.PROXY_CALLBACK_ERROR, "Proxy callback return with error", Response.Status.BAD_REQUEST); |
| | | throw new CASValidationException(CASErrorCode.PROXY_CALLBACK_ERROR, "Proxy callback returned an error", Response.Status.BAD_REQUEST); |
| | | } |
| | | } |
| | | |