Search in sources :

Example 1 with YubicoValidationFailure

use of com.yubico.client.v2.exceptions.YubicoValidationFailure in project cas by apereo.

the class YubiKeyAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
    final YubiKeyCredential yubiKeyCredential = (YubiKeyCredential) credential;
    final String otp = yubiKeyCredential.getToken();
    if (!YubicoClient.isValidOTPFormat(otp)) {
        LOGGER.debug("Invalid OTP format [{}]", otp);
        throw new AccountNotFoundException("OTP format is invalid");
    }
    final Authentication authentication = WebUtils.getInProgressAuthentication();
    if (authentication == null) {
        throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
    }
    final Principal principal = authentication.getPrincipal();
    final String uid = principal.getId();
    final String publicId = registry.getAccountValidator().getTokenPublicId(otp);
    if (!this.registry.isYubiKeyRegisteredFor(uid, publicId)) {
        LOGGER.debug("YubiKey public id [{}] is not registered for user [{}]", publicId, uid);
        throw new AccountNotFoundException("YubiKey id is not recognized in registry");
    }
    try {
        final VerificationResponse response = this.client.verify(otp);
        final ResponseStatus status = response.getStatus();
        if (status.compareTo(ResponseStatus.OK) == 0) {
            LOGGER.debug("YubiKey response status [{}] at [{}]", status, response.getTimestamp());
            return createHandlerResult(yubiKeyCredential, this.principalFactory.createPrincipal(uid));
        }
        throw new FailedLoginException("Authentication failed with status: " + status);
    } catch (final YubicoVerificationException | YubicoValidationFailure e) {
        LOGGER.error(e.getMessage(), e);
        throw new FailedLoginException("YubiKey validation failed: " + e.getMessage());
    }
}
Also used : VerificationResponse(com.yubico.client.v2.VerificationResponse) FailedLoginException(javax.security.auth.login.FailedLoginException) ResponseStatus(com.yubico.client.v2.ResponseStatus) Authentication(org.apereo.cas.authentication.Authentication) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) YubicoValidationFailure(com.yubico.client.v2.exceptions.YubicoValidationFailure) Principal(org.apereo.cas.authentication.principal.Principal) YubicoVerificationException(com.yubico.client.v2.exceptions.YubicoVerificationException)

Aggregations

ResponseStatus (com.yubico.client.v2.ResponseStatus)1 VerificationResponse (com.yubico.client.v2.VerificationResponse)1 YubicoValidationFailure (com.yubico.client.v2.exceptions.YubicoValidationFailure)1 YubicoVerificationException (com.yubico.client.v2.exceptions.YubicoVerificationException)1 AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 Authentication (org.apereo.cas.authentication.Authentication)1 Principal (org.apereo.cas.authentication.principal.Principal)1