Search in sources :

Example 31 with AuthMechType

use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.

the class UserOnlyAuthMech method doPost.

@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
    MyVDConnection myvd = cfgMgr.getMyVD();
    // HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = ((HttpServletRequest) req).getSession();
    UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String uidAttr = "uid";
    if (authParams.get("uidAttr") != null) {
        uidAttr = authParams.get("uidAttr").getValues().get(0);
    }
    boolean uidIsFilter = false;
    if (authParams.get("uidIsFilter") != null) {
        uidIsFilter = authParams.get("uidIsFilter").getValues().get(0).equalsIgnoreCase("true");
    }
    String noUserJSP = authParams.get("noUserJSP").getValues().get(0);
    String filter = "";
    if (uidIsFilter) {
        StringBuffer b = new StringBuffer();
        int lastIndex = 0;
        int index = uidAttr.indexOf('$');
        while (index >= 0) {
            b.append(uidAttr.substring(lastIndex, index));
            lastIndex = uidAttr.indexOf('}', index) + 1;
            String reqName = uidAttr.substring(index + 2, lastIndex - 1);
            b.append(req.getParameter(reqName));
            index = uidAttr.indexOf('$', index + 1);
        }
        b.append(uidAttr.substring(lastIndex));
        filter = b.toString();
    } else {
        StringBuffer b = new StringBuffer();
        b.append("(").append(uidAttr).append("=").append(req.getParameter("user")).append(")");
        filter = b.toString();
    }
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    try {
        LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, filter, new ArrayList<String>());
        if (res.hasMore()) {
            LDAPEntry entry = res.next();
            Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
            AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
            ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
            while (it.hasNext()) {
                LDAPAttribute attrib = it.next();
                Attribute attr = new Attribute(attrib.getName());
                String[] vals = attrib.getStringValueArray();
                for (int i = 0; i < vals.length; i++) {
                    attr.getValues().add(vals[i]);
                }
                authInfo.getAttribs().put(attr.getName(), attr);
            }
            as.setSuccess(true);
        } else {
            as.setSuccess(false);
            resp.sendRedirect(noUserJSP);
            return;
        }
    } catch (LDAPException e) {
        logger.error("Could not find user", e);
        as.setSuccess(false);
        resp.sendRedirect(noUserJSP);
        return;
    }
    String redirectToURL = req.getParameter("target");
    if (redirectToURL != null && !redirectToURL.isEmpty()) {
        reqHolder.setURL(redirectToURL);
    }
    holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) HashMap(java.util.HashMap) TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)

Example 32 with AuthMechType

use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.

the class AuthManagerImpl method execAuth.

/* (non-Javadoc)
	 * @see com.tremolosecurity.proxy.auth.sys.AuthManager#execAuth(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession, boolean, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, java.lang.String, com.tremolosecurity.proxy.util.NextSys)
	 */
@Override
public boolean execAuth(HttpServletRequest req, HttpServletResponse resp, HttpSession session, boolean jsRedirect, UrlHolder holder, AuthChainType act, String finalURL, NextSys next) throws IOException, ServletException {
    boolean shortCircut = false;
    ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    // Generate an AuthChainType based on the existing chain+includes
    if (act != cfg.getAuthFailChain()) {
        act = this.buildACT(act, cfg);
    }
    if (act.getLevel() == 0 && (act != cfg.getAuthFailChain())) {
        AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
        // there's no need to go through the process
        String anonMechName = act.getAuthMech().get(0).getName();
        MechanismType mt = holder.getConfig().getAuthMechs().get(anonMechName);
        AnonAuth anonAuth = (AnonAuth) holder.getConfig().getAuthMech(mt.getUri());
        anonAuth.createSession(session, act);
        return finishSuccessfulLogin(req, resp, holder, act, actl.getHolder(), actl, next);
    }
    RequestHolder reqHolder;
    int step = -1;
    AuthController actl = (AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL);
    ArrayList<AuthStep> auths = actl.getAuthSteps();
    if (auths.size() == 0) {
        int id = 0;
        for (AuthMechType amt : act.getAuthMech()) {
            AuthStep as = new AuthStep();
            as.setId(id);
            as.setExecuted(false);
            as.setRequired(amt.getRequired().equals("required"));
            as.setSuccess(false);
            auths.add(as);
            id++;
        }
        boolean anyRequired = false;
        for (AuthStep as : auths) {
            if (as.isRequired()) {
                anyRequired = true;
                break;
            }
        }
        if (!anyRequired) {
            act.setFinishOnRequiredSucess(true);
        }
        step = 0;
        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
        ProxyUtil.loadParams(req, params);
        try {
            reqHolder = new RequestHolder(RequestHolder.getMethod(req.getMethod()), params, finalURL, act.getName(), ((ProxyRequest) req).getQueryStringParams());
            actl.setHolder(reqHolder);
        } catch (Exception e) {
            throw new ServletException("Error creating request holder", e);
        }
    } else {
        reqHolder = actl.getHolder();
        boolean clearAllNotRequired = false;
        // determine the step
        for (AuthStep as : auths) {
            if (as.isSuccess()) {
                // TODO Check to see if the user is locked out
                if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
                    Attribute lastFailed = actl.getAuthInfo().getAttribs().get(act.getCompliance().getLastFailedAttribute());
                    Attribute numFailures = actl.getAuthInfo().getAttribs().get(act.getCompliance().getNumFailedAttribute());
                    if (logger.isDebugEnabled()) {
                        logger.debug("lastFailed Attribute : '" + lastFailed + "'");
                        logger.debug("numFailures Attribute : '" + numFailures + "'");
                    }
                    if (lastFailed != null && numFailures != null) {
                        long lastFailedTS = lastFailed.getValues().size() > 0 ? Long.parseLong(lastFailed.getValues().get(0)) : 0;
                        int numPrevFailures = Integer.parseInt(numFailures.getValues().size() > 0 ? numFailures.getValues().get(0) : "0");
                        long now = new DateTime(DateTimeZone.UTC).getMillis();
                        long lockedUntil = lastFailedTS + act.getCompliance().getMaxLockoutTime();
                        if (logger.isDebugEnabled()) {
                            logger.debug("Num Failed : " + numPrevFailures);
                            logger.debug("Last Failed : '" + lastFailedTS + "'");
                            logger.info("Now : '" + now + "'");
                            logger.info("Locked Until : '" + lockedUntil + "'");
                            logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
                            logger.info("max fails? : '" + act.getCompliance().getMaxFailedAttempts() + "'");
                            logger.info("too many fails : '" + (numPrevFailures >= act.getCompliance().getMaxFailedAttempts()) + "'");
                        }
                        if (lockedUntil >= now && numPrevFailures >= act.getCompliance().getMaxFailedAttempts()) {
                            try {
                                failAuthentication(req, resp, holder, act);
                            } catch (Exception e) {
                                throw new ServletException("Could not complete authentication failure", e);
                            }
                            return false;
                        }
                    }
                }
                if (act.isFinishOnRequiredSucess()) {
                    step = -1;
                    clearAllNotRequired = true;
                }
            } else {
                if (as.isRequired()) {
                    if (as.isExecuted()) {
                        try {
                            failAuthentication(req, resp, holder, act);
                        } catch (Exception e) {
                            throw new ServletException("Could not complete authentication failure", e);
                        }
                        return false;
                    } else {
                        step = as.getId();
                        break;
                    }
                } else {
                    if (clearAllNotRequired) {
                        as.setExecuted(true);
                        as.setSuccess(true);
                    } else {
                        if (as.isExecuted()) {
                        } else {
                            step = as.getId();
                            break;
                        }
                    }
                }
            }
        }
    }
    if (step != -1) {
        /*if (jsRedirect && step < auths.size()) {
				step++;
			}*/
        AuthStep curStep = auths.get(step);
        actl.setCurrentStep(curStep);
        AuthMechType amt = act.getAuthMech().get(step);
        loadAmtParams(session, amt);
        // req.getRequestDispatcher(authFilterURI).forward(req, resp);
        Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
        String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
        if (domain != null) {
            sessionCookieName.setDomain(domain);
        }
        sessionCookieName.setPath("/");
        sessionCookieName.setMaxAge(-1);
        sessionCookieName.setSecure(false);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
        if (domain != null) {
            appCookieName.setDomain(domain);
        }
        appCookieName.setPath("/");
        appCookieName.setMaxAge(-1);
        appCookieName.setSecure(false);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        // resp.addCookie(appCookieName);
        String redirectURI = "";
        MechanismType nextAuthConfiguration = null;
        if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
            nextAuthConfiguration = holder.getConfig().getAuthMechs().get(amt.getName());
            if (nextAuthConfiguration == null) {
                StringBuilder sb = new StringBuilder().append("Authentication mechanism '").append(amt.getName()).append("' does not exist, will always fail");
                logger.warn(sb.toString());
                nextAuthConfiguration = holder.getConfig().getAuthFailMechanism();
            }
            redirectURI = nextAuthConfiguration.getUri();
        } else {
            nextAuthConfiguration = holder.getConfig().getAuthMechs().get(amt.getName());
            if (nextAuthConfiguration == null) {
                StringBuilder sb = new StringBuilder().append("Authentication mechanism '").append(amt.getName()).append("' does not exist, will always fail");
                logger.warn(sb.toString());
                nextAuthConfiguration = holder.getConfig().getAuthFailMechanism();
            }
            redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(nextAuthConfiguration.getUri()).toString();
        }
        req.getSession().setAttribute("TREMOLO_AUTH_URI", redirectURI);
        if (jsRedirect) {
            StringBuffer b = new StringBuffer();
            b.append("<html><head></head><body onload=\"window.location='").append(ProxyTools.getInstance().getFqdnUrl(redirectURI, req)).append("';\"></body></html>");
            String respHTML = b.toString();
            ProxyData pd = new ProxyData();
            pd.setHolder(holder);
            pd.setIns(new ByteArrayInputStream(respHTML.getBytes("UTF-8")));
            pd.setPostProc(null);
            pd.setRequest(null);
            pd.setResponse(null);
            pd.setText(true);
            pd.setLogout(false);
            req.setAttribute(ProxyConstants.TREMOLO_PRXY_DATA, pd);
            // req.setAttribute(ProxySys.AUTOIDM_STREAM_WRITER,true);
            // req.setAttribute(ProxySys.TREMOLO_TXT_DATA, new
            // StringBuffer(respHTML));
            resp.sendError(401);
        } else {
            AuthMechanism mech = cfg.getAuthMech(redirectURI);
            if (mech == null) {
                throw new ServletException("Redirect URI '" + redirectURI + "' does not map to an authentication mechanism");
            }
            req.setAttribute(ProxyConstants.AUTH_REDIR_URI, redirectURI);
            if (curStep != null) {
                curStep.setExecuted(true);
            }
            if (req.getMethod().equalsIgnoreCase("get")) {
                mech.doGet(req, resp, curStep);
            } else if (req.getMethod().equalsIgnoreCase("post")) {
                mech.doPost(req, resp, curStep);
            } else if (req.getMethod().equalsIgnoreCase("put") || req.getMethod().equalsIgnoreCase("patch")) {
                mech.doPut(req, resp, curStep);
            } else if (req.getMethod().equalsIgnoreCase("delete")) {
                mech.doDelete(req, resp, curStep);
            } else if (req.getMethod().equalsIgnoreCase("head")) {
                mech.doHead(req, resp, curStep);
            } else if (req.getMethod().equalsIgnoreCase("options")) {
                mech.doOptions(req, resp, curStep);
            }
        }
        return false;
    } else {
        boolean success = true;
        boolean opSuccess = false;
        boolean hasOptional = false;
        for (AuthStep as : auths) {
            if (as.isRequired()) {
                if (!as.isSuccess()) {
                    success = false;
                    break;
                }
            } else {
                hasOptional = true;
                if (as.isSuccess()) {
                    opSuccess = true;
                }
            }
        }
        boolean allSuccess = success && ((hasOptional && opSuccess) || (!hasOptional));
        if (allSuccess) {
            return finishSuccessfulLogin(req, resp, holder, act, reqHolder, actl, next);
        } else {
            throw new ServletException("Unknown state");
        /*
				 * Cookie sessionCookieName = new
				 * Cookie("autoIdmSessionCookieName","DNE");
				 * sessionCookieName.setDomain
				 * (ProxyTools.getInstance().getCookieDomain
				 * (holder.getApp().getCookieConfig(), req));
				 * sessionCookieName.setPath("/");
				 * sessionCookieName.setMaxAge(0);
				 * sessionCookieName.setSecure(false);
				 * //resp.addCookie(sessionCookieName);
				 * 
				 * Cookie appCookieName = new Cookie("autoIdmAppName","DNE");
				 * appCookieName
				 * .setDomain(ProxyTools.getInstance().getCookieDomain
				 * (holder.getApp().getCookieConfig(), req));
				 * appCookieName.setPath("/"); appCookieName.setMaxAge(0);
				 * appCookieName.setSecure(false);
				 * //resp.addCookie(appCookieName);
				 */
        }
    }
}
Also used : AnonAuth(com.tremolosecurity.proxy.auth.AnonAuth) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep) DateTime(org.joda.time.DateTime) ServletException(javax.servlet.ServletException) AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism) ProxyData(com.tremolosecurity.proxy.ProxyData) MechanismType(com.tremolosecurity.config.xml.MechanismType) ProxyRequest(com.tremolosecurity.proxy.ProxyRequest) Cookie(javax.servlet.http.Cookie) ProxyResponse(com.tremolosecurity.proxy.ProxyResponse) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LDAPException(com.novell.ldap.LDAPException) IOException(java.io.IOException) ByteArrayInputStream(java.io.ByteArrayInputStream)

Example 33 with AuthMechType

use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.

the class SMSAuth method doPost.

@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String keyFromForm = request.getParameter("key");
    if (keyFromForm == null) {
        this.doGet(request, response, as);
        return;
    }
    String keyFromSession = (String) request.getSession().getAttribute("TREMOLO_SMS_KEY");
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    boolean authenticated = keyFromForm.equals(keyFromSession);
    if (authenticated) {
        session.removeAttribute("TREMOLO_SMS_KEY");
    }
    as.setExecuted(true);
    as.setSuccess(authenticated);
    String redirectToURL = request.getParameter("target");
    if (redirectToURL != null && !redirectToURL.isEmpty()) {
        reqHolder.setURL(redirectToURL);
    }
    holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 34 with AuthMechType

use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.

the class OAuth2Bearer method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    String basicHdr = request.getHeader("Authorization");
    boolean fromHeader = true;
    if (basicHdr == null) {
        basicHdr = request.getParameter("access_token");
        fromHeader = false;
    }
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
    AuthMechType amt = act.getAuthMech().get(as.getId());
    String realmName = authParams.get("realm").getValues().get(0);
    String scope = null;
    if (authParams.get("scope") != null) {
        scope = authParams.get("scope").getValues().get(0);
    }
    ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    String accessToken = null;
    if (basicHdr == null) {
        as.setExecuted(false);
        sendFail(response, realmName, scope, null, null);
        return;
    } else {
        if (fromHeader) {
            accessToken = basicHdr.substring(basicHdr.indexOf(' ') + 1);
        } else {
            accessToken = basicHdr;
        }
    }
    processToken(request, response, as, session, authParams, act, realmName, scope, cfg, accessToken);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 35 with AuthMechType

use of com.tremolosecurity.config.xml.AuthMechType in project OpenUnison by TremoloSecurity.

the class U2fAuth method startAuthentication.

private void startAuthentication(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, MalformedURLException, IOException {
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = ((HttpServletRequest) request).getSession();
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
    String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
    String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
    String formURI = authParams.get("formURI").getValues().get(0);
    List<SecurityKeyData> keys;
    try {
        keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
    } catch (Exception e1) {
        throw new ServletException("Could not loak keys", e1);
    }
    Set<String> origins = new HashSet<String>();
    String appID = U2fUtil.getApplicationId(request);
    origins.add(appID);
    U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys), new BouncyCastleCrypto(), origins);
    String uid = userData.getAttribs().get(uidAttributeName).getValues().get(0);
    if (keys == null || keys.size() == 0) {
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    U2fSignRequest sigReq = null;
    try {
        sigReq = u2f.getSignRequest(uid, appID);
    } catch (U2FException e) {
        logger.error("Could not start authentication", e);
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    Gson gson = new Gson();
    request.getSession().setAttribute(AUTH_SIGN_REQ, sigReq);
    request.getSession().setAttribute(AUTH_SIGN_REQ_JSON, gson.toJson(sigReq));
    request.getSession().setAttribute(SERVER, u2f);
    response.sendRedirect(formURI);
}
Also used : U2FServer(com.google.u2f.server.U2FServer) BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) Gson(com.google.gson.Gson) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) U2fSignRequest(com.google.u2f.server.messages.U2fSignRequest) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) U2FException(com.google.u2f.U2FException) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) HashSet(java.util.HashSet) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthController(com.tremolosecurity.proxy.auth.AuthController) ServletException(javax.servlet.ServletException) U2FException(com.google.u2f.U2FException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException)

Aggregations

AuthMechType (com.tremolosecurity.config.xml.AuthMechType)35 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)34 HashMap (java.util.HashMap)28 UrlHolder (com.tremolosecurity.config.util.UrlHolder)26 HttpSession (javax.servlet.http.HttpSession)24 Attribute (com.tremolosecurity.saml.Attribute)23 HttpServletRequest (javax.servlet.http.HttpServletRequest)23 ServletException (javax.servlet.ServletException)22 IOException (java.io.IOException)15 LDAPAttribute (com.novell.ldap.LDAPAttribute)14 LDAPException (com.novell.ldap.LDAPException)12 AuthController (com.tremolosecurity.proxy.auth.AuthController)11 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)10 ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)8 MechanismType (com.tremolosecurity.config.xml.MechanismType)7 MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)7 ArrayList (java.util.ArrayList)7 ConfigManager (com.tremolosecurity.config.util.ConfigManager)6 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)5 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5