Example 1 with BouncyCastleCrypto
use of com.google.u2f.server.impl.BouncyCastleCrypto in project OpenUnison by TremoloSecurity.
the class Registration method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
if (request.getMethod().equalsIgnoreCase("GET")) {
// TODO switch this off
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String accountName = userData.getAttribs().get(this.uidAttributeName).getValues().get(0);
List<SecurityKeyData> keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
Set<String> origins = new HashSet<String>();
String appID = U2fUtil.getApplicationId(request.getServletRequest());
origins.add(appID);
U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys, (this.requireAttestation ? this.attestationCerts : new HashSet<X509Certificate>())), new BouncyCastleCrypto(), origins, this.requireAttestation);
RegistrationRequest regRequest = u2f.getRegistrationRequest(accountName, appID);
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST_JSON, gson.toJson(regRequest));
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST, regRequest);
request.getSession().setAttribute(Registration.SERVER, u2f);
request.setAttribute(REGISTRATION_URI, request.getRequestURL().toString());
request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
} else if (request.getMethod().equalsIgnoreCase("POST")) {
U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
if (logger.isDebugEnabled()) {
logger.debug("response : '" + request.getParameter("tokenResponse").getValues().get(0) + "'");
}
RegistrationResponseHolder rrh = gson.fromJson(request.getParameter("tokenResponse").getValues().get(0), RegistrationResponseHolder.class);
RegistrationResponse rr = new RegistrationResponse(rrh.getRegistrationData(), rrh.getClientData(), rrh.getClientData());
try {
u2f.processRegistrationResponse(rr, System.currentTimeMillis());
} catch (U2FException e) {
logger.error("Could not register", e);
request.setAttribute("register.result", false);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
return;
}
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
WFCall wc = new WFCall();
wc.setName(this.workflowName);
wc.setUidAttributeName(this.uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(this.uidAttributeName, userData.getAttribs().get(this.uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(this.challengeStoreAttribute, encrypted));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.workflowName).executeWorkflow(wc);
request.setAttribute("register.result", true);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
U2FServer(com.google.u2f.server.U2FServer)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto)
Attribute(com.tremolosecurity.saml.Attribute)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest)
SecurityKeyData(com.google.u2f.server.data.SecurityKeyData)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
U2FException(com.google.u2f.U2FException)
RegistrationResponse(com.google.u2f.server.messages.RegistrationResponse)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 2 with BouncyCastleCrypto
use of com.google.u2f.server.impl.BouncyCastleCrypto in project OpenUnison by TremoloSecurity.
the class U2fAuth method startAuthentication.
private void startAuthentication(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, MalformedURLException, IOException {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
String formURI = authParams.get("formURI").getValues().get(0);
List<SecurityKeyData> keys;
try {
keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
} catch (Exception e1) {
throw new ServletException("Could not loak keys", e1);
}
Set<String> origins = new HashSet<String>();
String appID = U2fUtil.getApplicationId(request);
origins.add(appID);
U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys), new BouncyCastleCrypto(), origins);
String uid = userData.getAttribs().get(uidAttributeName).getValues().get(0);
if (keys == null || keys.size() == 0) {
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
U2fSignRequest sigReq = null;
try {
sigReq = u2f.getSignRequest(uid, appID);
} catch (U2FException e) {
logger.error("Could not start authentication", e);
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
Gson gson = new Gson();
request.getSession().setAttribute(AUTH_SIGN_REQ, sigReq);
request.getSession().setAttribute(AUTH_SIGN_REQ_JSON, gson.toJson(sigReq));
request.getSession().setAttribute(SERVER, u2f);
response.sendRedirect(formURI);
}
Also used :
U2FServer(com.google.u2f.server.U2FServer)
BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
Gson(com.google.gson.Gson)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
U2fSignRequest(com.google.u2f.server.messages.U2fSignRequest)
SecurityKeyData(com.google.u2f.server.data.SecurityKeyData)
U2FException(com.google.u2f.U2FException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
HashSet(java.util.HashSet)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
U2FException(com.google.u2f.U2FException)
MalformedURLException(java.net.MalformedURLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
Aggregations
U2FException (com.google.u2f.U2FException)2
U2FServer (com.google.u2f.server.U2FServer)2
SecurityKeyData (com.google.u2f.server.data.SecurityKeyData)2
BouncyCastleCrypto (com.google.u2f.server.impl.BouncyCastleCrypto)2
AuthController (com.tremolosecurity.proxy.auth.AuthController)2
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)2
Attribute (com.tremolosecurity.saml.Attribute)2
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
Gson (com.google.gson.Gson)1
RegistrationRequest (com.google.u2f.server.messages.RegistrationRequest)1
RegistrationResponse (com.google.u2f.server.messages.RegistrationResponse)1
U2fSignRequest (com.google.u2f.server.messages.U2fSignRequest)1
UrlHolder (com.tremolosecurity.config.util.UrlHolder)1
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1
