Search in sources :

Example 1 with PKeyAuthChallengeFactory

use of com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftStsOAuth2Strategy method performPKeyAuthRequest.

private HttpResponse performPKeyAuthRequest(@NonNull final HttpResponse response, @NonNull final MicrosoftStsTokenRequest request) throws IOException, ClientException {
    final String methodName = "#performPkeyAuthRequest";
    final String requestBody = ObjectMapper.serializeObjectToFormUrlEncoded(request);
    final Map<String, String> headers = new TreeMap<>();
    headers.put("client-request-id", DiagnosticContext.getRequestContext().get(DiagnosticContext.CORRELATION_ID));
    headers.putAll(Device.getPlatformIdParameters());
    headers.put(AuthenticationConstants.SdkPlatformFields.PRODUCT, DiagnosticContext.getRequestContext().get(AuthenticationConstants.SdkPlatformFields.PRODUCT));
    headers.put(AuthenticationConstants.SdkPlatformFields.VERSION, Device.getProductVersion());
    headers.put(AuthenticationConstants.AAD.APP_PACKAGE_NAME, request.getClientAppName());
    headers.put(AuthenticationConstants.AAD.APP_VERSION, request.getClientAppVersion());
    final String challengeHeader = response.getHeaders().get(CHALLENGE_REQUEST_HEADER).get(0);
    Logger.info(TAG + methodName, "Device certificate challenge request. ");
    Logger.infoPII(TAG + methodName, "Challenge header: " + challengeHeader);
    try {
        final PKeyAuthChallengeFactory factory = new PKeyAuthChallengeFactory();
        final URL authority = StringExtensions.getUrl(mTokenEndpoint);
        final PKeyAuthChallenge pkeyAuthChallenge = factory.getPKeyAuthChallenge(challengeHeader, authority.toString());
        headers.putAll(PKeyAuthChallengeHandler.getChallengeHeader(pkeyAuthChallenge));
        headers.put(HttpConstants.HeaderField.CONTENT_TYPE, TOKEN_REQUEST_CONTENT_TYPE);
        return httpClient.post(authority, headers, requestBody.getBytes(ObjectMapper.ENCODING_SCHEME));
    } catch (final UnsupportedEncodingException exception) {
        throw new ClientException(ErrorStrings.UNSUPPORTED_ENCODING, "Unsupported encoding", exception);
    }
}
Also used : PKeyAuthChallenge(com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallenge) UnsupportedEncodingException(java.io.UnsupportedEncodingException) PKeyAuthChallengeFactory(com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory) ClientException(com.microsoft.identity.common.exception.ClientException) TreeMap(java.util.TreeMap) URL(java.net.URL)

Example 2 with PKeyAuthChallengeFactory

use of com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory in project microsoft-authentication-library-common-for-android by AzureAD.

the class AzureActiveDirectoryWebViewClient method handleUrl.

/**
 * Interpret and take action on a redirect url.
 * This function will return true in every case save 1.  That is, when the URL is none of:
 * <ul><li>A urn containing an authorization challenge (starts with "urn:http-auth:PKeyAuth")</li>
 * <li>A url that starts with the same prefix as the tenant's redirect url</li>
 * <li>An explicit request to open the browser (starts with "browser://")</li>
 * <li>A request to install the auth broker (starts with "msauth://")</li>
 * <li>A request from WebCP (starts with "companyportal://")</li>
 * <li>It is a request that has the intent of starting the broker and the url starts with "browser://"</li>
 * <li>It <strong>does not</strong> begin with "https://".</li></ul>
 *
 * @param view The WebView that is initiating the callback.
 * @param url  The string representation of the url.
 * @return false if we will not take action on the url.
 */
private boolean handleUrl(final WebView view, final String url) {
    final String formattedURL = url.toLowerCase(Locale.US);
    if (isPkeyAuthUrl(formattedURL)) {
        Logger.info(TAG, "WebView detected request for pkeyauth challenge.");
        try {
            final PKeyAuthChallengeFactory factory = new PKeyAuthChallengeFactory();
            final PKeyAuthChallenge pKeyAuthChallenge = factory.getPKeyAuthChallenge(url);
            final PKeyAuthChallengeHandler pKeyAuthChallengeHandler = new PKeyAuthChallengeHandler(view, getCompletionCallback());
            pKeyAuthChallengeHandler.processChallenge(pKeyAuthChallenge);
        } catch (final ClientException exception) {
            Logger.error(TAG, exception.getErrorCode(), null);
            Logger.errorPII(TAG, exception.getMessage(), exception);
            returnError(exception.getErrorCode(), exception.getMessage());
            view.stopLoading();
        }
    } else if (isRedirectUrl(formattedURL)) {
        Logger.info(TAG, "Navigation starts with the redirect uri.");
        processRedirectUrl(view, url);
    } else if (isWebsiteRequestUrl(formattedURL)) {
        Logger.info(TAG, "It is an external website request");
        processWebsiteRequest(view, url);
    } else if (isInstallRequestUrl(formattedURL)) {
        Logger.info(TAG, "It is an install request");
        processInstallRequest(view, url);
    } else if (isWebCpUrl(formattedURL)) {
        Logger.info(TAG, "It is a request from WebCP");
        processWebCpRequest(view, url);
    } else if (isPlayStoreUrl(formattedURL)) {
        Logger.info(TAG, "Request to open PlayStore.");
        return processPlayStoreURL(view, url);
    } else if (isAuthAppMFAUrl(formattedURL)) {
        Logger.info(TAG, "Request to link account with Authenticator.");
        processAuthAppMFAUrl(url);
    } else if (isInvalidRedirectUri(url)) {
        Logger.info(TAG, "Check for Redirect Uri.");
        processInvalidRedirectUri(view, url);
    } else if (isBlankPageRequest(formattedURL)) {
        Logger.info(TAG, "It is an blank page request");
    } else if (isUriSSLProtected(formattedURL)) {
        Logger.info(TAG, "Check for SSL protection");
        processSSLProtectionCheck(view, url);
    } else {
        Logger.info(TAG, "This maybe a valid URI, but no special handling for this mentioned URI, hence deferring to WebView for loading.");
        processInvalidUrl(url);
        return false;
    }
    return true;
}
Also used : PKeyAuthChallenge(com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallenge) PKeyAuthChallengeFactory(com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory) PKeyAuthChallengeHandler(com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler) ClientException(com.microsoft.identity.common.exception.ClientException)

Aggregations

ClientException (com.microsoft.identity.common.exception.ClientException)2 PKeyAuthChallenge (com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallenge)2 PKeyAuthChallengeFactory (com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory)2 PKeyAuthChallengeHandler (com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 URL (java.net.URL)1 TreeMap (java.util.TreeMap)1