Search in sources :

Example 1 with RegistrationRequest

use of com.google.u2f.server.messages.RegistrationRequest in project OpenUnison by TremoloSecurity.

the class Registration method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    if (request.getMethod().equalsIgnoreCase("GET")) {
        // TODO switch this off
        AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        String accountName = userData.getAttribs().get(this.uidAttributeName).getValues().get(0);
        List<SecurityKeyData> keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
        Set<String> origins = new HashSet<String>();
        String appID = U2fUtil.getApplicationId(request.getServletRequest());
        origins.add(appID);
        U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys, (this.requireAttestation ? this.attestationCerts : new HashSet<X509Certificate>())), new BouncyCastleCrypto(), origins, this.requireAttestation);
        RegistrationRequest regRequest = u2f.getRegistrationRequest(accountName, appID);
        request.getSession().setAttribute(Registration.REGISTRATION_REQUEST_JSON, gson.toJson(regRequest));
        request.getSession().setAttribute(Registration.REGISTRATION_REQUEST, regRequest);
        request.getSession().setAttribute(Registration.SERVER, u2f);
        request.setAttribute(REGISTRATION_URI, request.getRequestURL().toString());
        request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
    } else if (request.getMethod().equalsIgnoreCase("POST")) {
        U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
        if (logger.isDebugEnabled()) {
            logger.debug("response : '" + request.getParameter("tokenResponse").getValues().get(0) + "'");
        }
        RegistrationResponseHolder rrh = gson.fromJson(request.getParameter("tokenResponse").getValues().get(0), RegistrationResponseHolder.class);
        RegistrationResponse rr = new RegistrationResponse(rrh.getRegistrationData(), rrh.getClientData(), rrh.getClientData());
        try {
            u2f.processRegistrationResponse(rr, System.currentTimeMillis());
        } catch (U2FException e) {
            logger.error("Could not register", e);
            request.setAttribute("register.result", false);
            request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
            return;
        }
        AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        String encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
        WFCall wc = new WFCall();
        wc.setName(this.workflowName);
        wc.setUidAttributeName(this.uidAttributeName);
        TremoloUser tu = new TremoloUser();
        tu.setUid(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
        tu.getAttributes().add(new Attribute(this.uidAttributeName, userData.getAttribs().get(this.uidAttributeName).getValues().get(0)));
        tu.getAttributes().add(new Attribute(this.challengeStoreAttribute, encrypted));
        wc.setUser(tu);
        Map<String, Object> req = new HashMap<String, Object>();
        req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
        wc.setRequestParams(req);
        GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.workflowName).executeWorkflow(wc);
        request.setAttribute("register.result", true);
        request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) U2FServer(com.google.u2f.server.U2FServer) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto) Attribute(com.tremolosecurity.saml.Attribute) AuthController(com.tremolosecurity.proxy.auth.AuthController) RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) U2FException(com.google.u2f.U2FException) RegistrationResponse(com.google.u2f.server.messages.RegistrationResponse) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Example 2 with RegistrationRequest

use of com.google.u2f.server.messages.RegistrationRequest in project OpenUnison by TremoloSecurity.

the class U2FServerReferenceImpl method getRegistrationRequest.

@Override
public RegistrationRequest getRegistrationRequest(String accountName, String appId) {
    Log.info(">> getRegistrationRequest " + accountName);
    byte[] challenge = challengeGenerator.generateChallenge(accountName);
    EnrollSessionData sessionData = new EnrollSessionData(accountName, appId, challenge);
    String sessionId = dataStore.storeSessionData(sessionData);
    String challengeBase64 = Base64.encodeBase64URLSafeString(challenge);
    Log.info("-- Output --");
    Log.info("  sessionId: " + sessionId);
    Log.info("  challenge: " + Hex.encodeHexString(challenge));
    Log.info("<< getRegistrationRequest " + accountName);
    return new RegistrationRequest(U2FConsts.U2F_V2, challengeBase64, appId, sessionId);
}
Also used : EnrollSessionData(com.google.u2f.server.data.EnrollSessionData) RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest)

Example 3 with RegistrationRequest

use of com.google.u2f.server.messages.RegistrationRequest in project OpenUnison by TremoloSecurity.

the class U2FServerUnison method getRegistrationRequest.

@Override
public RegistrationRequest getRegistrationRequest(String accountName, String appId) {
    log.debug(">> getRegistrationRequest " + accountName);
    byte[] challenge = challengeGenerator.generateChallenge(accountName);
    EnrollSessionData sessionData = new EnrollSessionData(accountName, appId, challenge);
    String sessionId = dataStore.storeSessionData(sessionData);
    String challengeBase64 = Base64.encodeBase64URLSafeString(challenge);
    if (log.isDebugEnabled()) {
        log.debug("-- Output --");
        log.debug("  sessionId: " + sessionId);
        log.debug("  challenge: " + Hex.encodeHexString(challenge));
        log.debug("<< getRegistrationRequest " + accountName);
    }
    return new RegistrationRequest(U2FConsts.U2F_V2, challengeBase64, appId, sessionId);
}
Also used : EnrollSessionData(com.google.u2f.server.data.EnrollSessionData) RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest)

Aggregations

RegistrationRequest (com.google.u2f.server.messages.RegistrationRequest)3 EnrollSessionData (com.google.u2f.server.data.EnrollSessionData)2 U2FException (com.google.u2f.U2FException)1 U2FServer (com.google.u2f.server.U2FServer)1 SecurityKeyData (com.google.u2f.server.data.SecurityKeyData)1 BouncyCastleCrypto (com.google.u2f.server.impl.BouncyCastleCrypto)1 RegistrationResponse (com.google.u2f.server.messages.RegistrationResponse)1 TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1 WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 Attribute (com.tremolosecurity.saml.Attribute)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1