use of com.yubico.client.v2.exceptions.YubicoValidationFailure in project cas by apereo.
the class YubiKeyAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
final YubiKeyCredential yubiKeyCredential = (YubiKeyCredential) credential;
final String otp = yubiKeyCredential.getToken();
if (!YubicoClient.isValidOTPFormat(otp)) {
LOGGER.debug("Invalid OTP format [{}]", otp);
throw new AccountNotFoundException("OTP format is invalid");
}
final Authentication authentication = WebUtils.getInProgressAuthentication();
if (authentication == null) {
throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
}
final Principal principal = authentication.getPrincipal();
final String uid = principal.getId();
final String publicId = registry.getAccountValidator().getTokenPublicId(otp);
if (!this.registry.isYubiKeyRegisteredFor(uid, publicId)) {
LOGGER.debug("YubiKey public id [{}] is not registered for user [{}]", publicId, uid);
throw new AccountNotFoundException("YubiKey id is not recognized in registry");
}
try {
final VerificationResponse response = this.client.verify(otp);
final ResponseStatus status = response.getStatus();
if (status.compareTo(ResponseStatus.OK) == 0) {
LOGGER.debug("YubiKey response status [{}] at [{}]", status, response.getTimestamp());
return createHandlerResult(yubiKeyCredential, this.principalFactory.createPrincipal(uid));
}
throw new FailedLoginException("Authentication failed with status: " + status);
} catch (final YubicoVerificationException | YubicoValidationFailure e) {
LOGGER.error(e.getMessage(), e);
throw new FailedLoginException("YubiKey validation failed: " + e.getMessage());
}
}
Aggregations