Search in sources :

Example 1 with GoogleAuthenticatorConfigBuilder

use of com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder in project OpenUnison by TremoloSecurity.

the class OTPAuth method doPost.

@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    if (request.getParameter("code") == null) {
        this.doGet(request, response, as);
        return;
    }
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    Attribute attr = authParams.get("keyName");
    if (attr == null) {
        throw new ServletException("keyName not present");
    }
    SecretKey key = this.cfgMgr.getSecretKey(attr.getValues().get(0));
    if (key == null) {
        throw new ServletException("Key '" + attr.getValues().get(0) + "' does not exist");
    }
    int windowSize = 3;
    attr = authParams.get("windowSize");
    if (attr == null) {
        logger.warn("No windowSize set");
    } else {
        windowSize = Integer.parseInt(attr.getValues().get(0));
    }
    attr = authParams.get("attributeName");
    if (attr == null) {
        throw new ServletException("attributeName not present");
    }
    String attributeName = attr.getValues().get(0);
    AuthController ac = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL));
    attr = ac.getAuthInfo().getAttribs().get(attributeName);
    if (attr == null) {
        if (logger.isDebugEnabled()) {
            logger.info("Attribute '" + attributeName + "' not present");
        }
        as.setSuccess(false);
    } else {
        try {
            String keyjson = attr.getValues().get(0);
            if (logger.isDebugEnabled()) {
                logger.debug("token json : '" + keyjson + "'");
            }
            Gson gson = new Gson();
            Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
            byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
            IvParameterSpec spec = new IvParameterSpec(iv);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, key, spec);
            byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
            String totpJson = new String(cipher.doFinal(encBytes));
            TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
            GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
            b.setWindowSize(windowSize);
            GoogleAuthenticatorConfig cfg = b.build();
            GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
            String code = request.getParameter("code");
            if (code == null) {
                as.setSuccess(false);
            } else {
                as.setSuccess(ga.authorize(totp.getSecretKey(), Integer.parseInt(code)));
            }
            String redirectToURL = request.getParameter("target");
            if (redirectToURL != null && !redirectToURL.isEmpty()) {
                reqHolder.setURL(redirectToURL);
            }
        } catch (Exception e) {
            as.setSuccess(false);
            logger.error("Could not decrypt key", e);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
    }
}
Also used : GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) Gson(com.google.gson.Gson) Token(com.tremolosecurity.json.Token) GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthController(com.tremolosecurity.proxy.auth.AuthController) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) SecretKey(javax.crypto.SecretKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 2 with GoogleAuthenticatorConfigBuilder

use of com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder in project OpenUnison by TremoloSecurity.

the class AuthTOTPInsert method bind.

public void bind(BindInterceptorChain chain, DistinguishedName dn, Password pwd, LDAPConstraints constraints) throws LDAPException {
    DistinguishedName localdn = new DistinguishedName(new DN(dn.getDN().toString()));
    logger.debug("In bind");
    SearchInterceptorChain schain = chain.createSearchChain();
    ArrayList<Attribute> searchattrs = new ArrayList<Attribute>();
    // searchattrs.add(new Attribute(this.attribute));
    logger.debug("searching...");
    Results res = new Results(chain.getInterceptors(), chain.getPos());
    logger.debug("Created res");
    schain.nextSearch(localdn, new Int(0), new Filter("(objectClass=*)"), searchattrs, new Bool(false), res, new LDAPSearchConstraints());
    logger.debug("ran search");
    res.start();
    logger.debug("res started");
    if (!res.hasMore()) {
        logger.debug("user not found");
        throw new LDAPException("Could not find " + localdn.getDN().toString(), LDAPException.NO_SUCH_OBJECT, "Could not find " + localdn.getDN().toString());
    }
    logger.debug("user found");
    LDAPEntry entry = res.next().getEntry();
    LDAPAttribute key = entry.getAttribute(this.attribute);
    if (key == null) {
        logger.debug("No key");
        throw new LDAPException("Invalid Credentials", LDAPException.NO_SUCH_OBJECT, "Invalid Credentials");
    }
    try {
        String keyjson = key.getStringValue();
        if (logger.isDebugEnabled())
            logger.debug("token json : '" + keyjson + "'");
        Gson gson = new Gson();
        Token token = gson.fromJson(new String(Base64.decode(keyjson)), Token.class);
        byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
        IvParameterSpec spec = new IvParameterSpec(iv);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(this.encyrptionKey), spec);
        byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
        String totpJson = new String(cipher.doFinal(encBytes));
        if (logger.isDebugEnabled())
            logger.debug("totp json : '" + totpJson + "'");
        TOTPKey totp = gson.fromJson(totpJson, TOTPKey.class);
        GoogleAuthenticatorConfigBuilder b = new GoogleAuthenticatorConfigBuilder();
        b.setWindowSize(this.window);
        GoogleAuthenticatorConfig cfg = b.build();
        GoogleAuthenticator ga = new GoogleAuthenticator(cfg);
        String spwd = new String(pwd.getValue());
        if (spwd.indexOf(':') == -1) {
            logger.debug("no colon");
            throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
        }
        String scode = spwd.substring(spwd.indexOf(':') + 1);
        int code = Integer.parseInt(scode);
        if (!ga.authorize(totp.getSecretKey(), code)) {
            logger.debug("Verify failed");
            throw new LDAPException("Invalid credentials", LDAPException.INVALID_CREDENTIALS, "Invalid Credentials");
        }
        logger.debug("verify succeeded");
        pwd.setValue(spwd.substring(0, spwd.indexOf(':')).getBytes("UTF-8"));
        chain.nextBind(dn, pwd, constraints);
    } catch (Exception e) {
        logger.error("Could not work", e);
        if (e instanceof LDAPException) {
            throw ((LDAPException) e);
        } else {
            throw new LDAPException("Could not decrypt key", LDAPException.OPERATIONS_ERROR, "Could not decrypt key", e);
        }
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(net.sourceforge.myvd.types.Attribute) LDAPSearchConstraints(com.novell.ldap.LDAPSearchConstraints) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) DN(com.novell.ldap.util.DN) Token(com.tremolosecurity.json.Token) Int(net.sourceforge.myvd.types.Int) LDAPEntry(com.novell.ldap.LDAPEntry) Bool(net.sourceforge.myvd.types.Bool) SearchInterceptorChain(net.sourceforge.myvd.chain.SearchInterceptorChain) LDAPAttribute(com.novell.ldap.LDAPAttribute) GoogleAuthenticator(com.warrenstrange.googleauth.GoogleAuthenticator) DistinguishedName(net.sourceforge.myvd.types.DistinguishedName) GoogleAuthenticatorConfig(com.warrenstrange.googleauth.GoogleAuthenticatorConfig) GoogleAuthenticatorConfigBuilder(com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder) LDAPException(com.novell.ldap.LDAPException) LDAPException(com.novell.ldap.LDAPException) Results(net.sourceforge.myvd.types.Results) Filter(net.sourceforge.myvd.types.Filter) TOTPKey(com.tremolosecurity.proxy.auth.otp.TOTPKey) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher)

Aggregations

Gson (com.google.gson.Gson)2 Token (com.tremolosecurity.json.Token)2 GoogleAuthenticator (com.warrenstrange.googleauth.GoogleAuthenticator)2 GoogleAuthenticatorConfig (com.warrenstrange.googleauth.GoogleAuthenticatorConfig)2 GoogleAuthenticatorConfigBuilder (com.warrenstrange.googleauth.GoogleAuthenticatorConfig.GoogleAuthenticatorConfigBuilder)2 Cipher (javax.crypto.Cipher)2 IvParameterSpec (javax.crypto.spec.IvParameterSpec)2 LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPException (com.novell.ldap.LDAPException)1 LDAPSearchConstraints (com.novell.ldap.LDAPSearchConstraints)1 DN (com.novell.ldap.util.DN)1 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1 TOTPKey (com.tremolosecurity.proxy.auth.otp.TOTPKey)1 Attribute (com.tremolosecurity.saml.Attribute)1 IOException (java.io.IOException)1