Handle token validity maximum value. #140

karelmaxa · 2023-07-21T11:21:37Z

This PR introduces the maximum allowed validity for tokens stored in CTS. Agent tokens currently use the Long.MAX_VALUE value, but the Wren:DS GeneralizedTime component fails to parse it (see stacktrace bellow).

java.util.concurrent.ExecutionException: org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "2922690551202174704.192+0100" is not a valid generalized time value because "69" is not a valid month specification
	at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122)
	at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191)
	at org.forgerock.openam.shared.concurrency.ThreadMonitor$WatchDog.run(ThreadMonitor.java:294)
	at org.forgerock.openam.audit.context.AuditRequestContextPropagatingRunnable.run(AuditRequestContextPropagatingRunnable.java:42)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "2922690551202174704.192+0100" is not a valid generalized time value because "69" is not a valid month specification
	at org.forgerock.opendj.ldap.GeneralizedTime.valueOf(GeneralizedTime.java:221)
	at org.forgerock.openam.cts.api.tokens.Token.get(Token.java:349)
	at org.forgerock.openam.cts.api.tokens.Token.getAttribute(Token.java:198)
	at org.forgerock.openam.cts.utils.LdapTokenAttributeConversion.getEntry(LdapTokenAttributeConversion.java:96)
	at org.forgerock.openam.cts.impl.LdapAdapter.create(LdapAdapter.java:117)
	at org.forgerock.openam.sm.datalayer.impl.tasks.UpdateTask.performTask(UpdateTask.java:60)
	at org.forgerock.openam.sm.datalayer.api.AbstractTask.execute(AbstractTask.java:49)
	at org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutor$AuditRequestContextPropagatingTask.execute(SeriesTaskExecutor.java:217)
	at org.forgerock.openam.sm.datalayer.impl.SimpleTaskExecutor.execute(SimpleTaskExecutor.java:67)
	at org.forgerock.openam.sm.datalayer.impl.SeriesTaskExecutorThread.run(SeriesTaskExecutorThread.java:93)
	... 6 more

I will create issue in Wren:DS to introduce GeneralizedTime maximum year validation.

pavelhoral

LGTM

Handle token validity maximum value.

0ca86f8

karelmaxa requested a review from pavelhoral July 21, 2023 11:21

pavelhoral approved these changes Jul 21, 2023

View reviewed changes

pavelhoral merged commit 0ee1943 into WrenSecurity:main Jul 21, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle token validity maximum value. #140

Handle token validity maximum value. #140

karelmaxa commented Jul 21, 2023

pavelhoral left a comment

Handle token validity maximum value. #140

Handle token validity maximum value. #140

Conversation

karelmaxa commented Jul 21, 2023

pavelhoral left a comment

Choose a reason for hiding this comment