Search in sources :

Example 1 with IDeviceCertificate

use of com.microsoft.identity.common.adal.internal.IDeviceCertificate in project microsoft-authentication-library-common-for-android by AzureAD.

the class PKeyAuthChallengeHandler method getWPJAPIInstance.

private static IDeviceCertificate getWPJAPIInstance(Class<IDeviceCertificate> certClazz) throws ClientException {
    final IDeviceCertificate deviceCertProxy;
    final Constructor<?> constructor;
    try {
        constructor = certClazz.getDeclaredConstructor();
        deviceCertProxy = (IDeviceCertificate) constructor.newInstance((Object[]) null);
    } catch (NoSuchMethodException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
        throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
    }
    return deviceCertProxy;
}
Also used : IDeviceCertificate(com.microsoft.identity.common.adal.internal.IDeviceCertificate) ClientException(com.microsoft.identity.common.exception.ClientException) InvocationTargetException(java.lang.reflect.InvocationTargetException)

Example 2 with IDeviceCertificate

use of com.microsoft.identity.common.adal.internal.IDeviceCertificate in project microsoft-authentication-library-common-for-android by AzureAD.

the class PKeyAuthChallengeHandler method getChallengeHeader.

public static Map<String, String> getChallengeHeader(final PKeyAuthChallenge pKeyAuthChallenge) throws ClientException {
    String authorizationHeaderValue = String.format("%s Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, pKeyAuthChallenge.getContext(), pKeyAuthChallenge.getVersion());
    // If not device cert exists, alias or private key will not exist on the device
    // Suppressing unchecked warnings due to the generic type not provided in the object returned from method getDeviceCertificateProxy
    @SuppressWarnings(WarningType.unchecked_warning) Class<IDeviceCertificate> certClazz = (Class<IDeviceCertificate>) AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
    if (certClazz != null) {
        IDeviceCertificate deviceCertProxy = getWPJAPIInstance(certClazz);
        if (deviceCertProxy.isValidIssuer(pKeyAuthChallenge.getCertAuthorities()) || StringUtil.equalsIgnoreCase(deviceCertProxy.getThumbPrint(), pKeyAuthChallenge.getThumbprint())) {
            RSAPrivateKey privateKey = deviceCertProxy.getRSAPrivateKey();
            if (privateKey == null) {
                throw new ClientException(ErrorStrings.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
            }
            final String jwt = (new JWSBuilder()).generateSignedJWT(pKeyAuthChallenge.getNonce(), pKeyAuthChallenge.getSubmitUrl(), privateKey, deviceCertProxy.getRSAPublicKey(), deviceCertProxy.getCertificate());
            authorizationHeaderValue = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, jwt, pKeyAuthChallenge.getContext(), pKeyAuthChallenge.getVersion());
            Logger.info(TAG, "Receive challenge response. ");
        }
    }
    final Map<String, String> headers = new HashMap<>();
    headers.put(AuthenticationConstants.Broker.CHALLENGE_RESPONSE_HEADER, authorizationHeaderValue);
    return headers;
}
Also used : IDeviceCertificate(com.microsoft.identity.common.adal.internal.IDeviceCertificate) HashMap(java.util.HashMap) ClientException(com.microsoft.identity.common.exception.ClientException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWSBuilder(com.microsoft.identity.common.adal.internal.JWSBuilder)

Aggregations

IDeviceCertificate (com.microsoft.identity.common.adal.internal.IDeviceCertificate)2 ClientException (com.microsoft.identity.common.exception.ClientException)2 JWSBuilder (com.microsoft.identity.common.adal.internal.JWSBuilder)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 HashMap (java.util.HashMap)1