Example 1 with GoogleAuthenticatorConfigBuilder
use of com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder in project OpenUnison by TremoloSecurity.
the class OTPAuth method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
if (request.getParameter("code") == null) {
this.doGet(request, response, as);
return;
}
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
Attribute attr = authParams.get("keyName");
if (attr == null) {
throw new ServletException("keyName not present");
}
SecretKey key = this.cfgMgr.getSecretKey(attr.getValues().get(0));
if (key == null) {
throw new ServletException("Key '" + attr.getValues().get(0) + "' does not exist");
}
int windowSize = 3;
attr = authParams.get("windowSize");
if (attr == null) {
logger.warn("No windowSize set");
} else {
windowSize = Integer.parseInt(attr.getValues().get(0));
}
attr = authParams.get("attributeName");
if (attr == null) {
throw new ServletException("attributeName not present");
}
String attributeName = attr.getValues().get(0);
AuthController ac = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL));
attr = ac.getAuthInfo().getAttribs().get(attributeName);
if (attr == null) {
if (logger.isDebugEnabled()) {
logger.info("Attribute '" + attributeName + "' not present");
}
as.setSuccess(false);
} else {
try {
String keyjson = attr.getValues().get(0);
if (logger.isDebugEnabled()) {
logger.debug("token json : '" + keyjson + "'");
}
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(windowSize);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String code = request.getParameter("code");
if (code == null) {
as.setSuccess(false);
} else {
as.setSuccess(ga.authorize(totp.getSecretKey(), Integer.parseInt(code)));
}
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
} catch (Exception e) {
as.setSuccess(false);
logger.error("Could not decrypt key", e);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
}
Also used :
GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
Gson(com.google.gson.Gson)
Token(com.tremolosecurity.json.Token)
GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
SecretKey(javax.crypto.SecretKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 2 with GoogleAuthenticatorConfigBuilder
use of com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder in project OpenUnison by TremoloSecurity.
the class AuthTOTPInsert method bind.
public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
logger.debug("In bind");
SearchInterceptorChain schain = chain.createSearchChain();
ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
// searchattrs.add(new Attribute(this.attribute));
logger.debug("searching...");
Results res = new Results(chain.getInterceptors(), chain.getPos());
logger.debug("Created res");
schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
logger.debug("ran search");
res.start();
logger.debug("res started");
if (!res.hasMore()) {
logger.debug("user not found");
throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
}
logger.debug("user found");
LDAPEntry entry = res.next().getEntry();
LDAPAttribute key = entry.getAttribute(this.attribute);
if (key == null) {
logger.debug("No key");
throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
}
try {
String keyjson = key.getStringValue();
if (logger.isDebugEnabled())
logger.debug("token json : '" + keyjson + "'");
Gson gson = new Gson();
Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String totpJson = new String(cipher.doFinal(encBytes));
if (logger.isDebugEnabled())
logger.debug("totp json : '" + totpJson + "'");
TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
b.setWindowSize(this.window);
GoogleAuthenticatorConfig cfg = b.build();
GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
String spwd = new String(pwd.getValue());
if (spwd.indexOf(':') == -1) {
logger.debug("no colon");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
String scode = spwd.substring(spwd.indexOf(':') + 1);
int code = Integer.parseInt(scode);
if (!ga.authorize(totp.getSecretKey(), code)) {
logger.debug("Verify failed");
throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
}
logger.debug("verify succeeded");
pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
chain.nextBind(dn, pwd, constraints);
} catch (Exception e) {
logger.error("Could not work", e);
if (e instanceof LDAPException) {
throw ((LDAPException) e);
} else {
throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
DN(com.novell.ldap.util.DN)
Token(com.tremolosecurity.json.Token)
Int(net.sourceforge.myvd.types.Int)
LDAPEntry(com.novell.ldap.LDAPEntry)
Bool(net.sourceforge.myvd.types.Bool)
SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator)
DistinguishedName(net.sourceforge.myvd.types.DistinguishedName)
GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig)
GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)
LDAPException(com.novell.ldap.LDAPException)
LDAPException(com.novell.ldap.LDAPException)
Results(net.sourceforge.myvd.types.Results)
Filter(net.sourceforge.myvd.types.Filter)
TOTPKey(com.tremolosecurity.proxy.auth.otp.TOTPKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Aggregations
Gson (com.google.gson.Gson)2
Token (com.tremolosecurity.json.Token)2
GoogleAuthenticator (com.warrenstrange.googleauth.GoogleAuthenticator)2
GoogleAuthenticatorConfig (com.warrenstrange.googleauth.GoogleAuthenticatorConfig)2
GoogleAuthenticatorConfigBuilder (com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)2
Cipher (javax.crypto.Cipher)2
IvParameterSpec (javax.crypto.spec.IvParameterSpec)2
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPException (com.novell.ldap.LDAPException)1
LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)1
DN (com.novell.ldap.util.DN)1
UrlHolder (com.tremolosecurity.config.util.UrlHolder)1
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1
AuthController (com.tremolosecurity.proxy.auth.AuthController)1
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1
TOTPKey (com.tremolosecurity.proxy.auth.otp.TOTPKey)1
Attribute (com.tremolosecurity.saml.Attribute)1
IOException (java.io.IOException)1
