Search in sources :

Example 1 with AuthenticateRequestData

use of com.yubico.u2f.data.messages.AuthenticateRequestData in project cas by apereo.

the class U2FStartAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final Principal p = WebUtils.getAuthentication(requestContext).getPrincipal();
    final AuthenticateRequestData requestData = u2f.startAuthentication(this.serverAddress, u2FDeviceRepository.getRegisteredDevices(p.getId()));
    u2FDeviceRepository.requestDeviceAuthentication(requestData.getRequestId(), p.getId(), requestData.toJson());
    if (!requestData.getAuthenticateRequests().isEmpty()) {
        final AuthenticateRequest req = requestData.getAuthenticateRequests().iterator().next();
        requestContext.getFlowScope().put("u2fAuth", new U2FAuthentication(req.getChallenge(), req.getAppId(), req.getKeyHandle()));
        return success();
    }
    return error();
}
Also used : U2FAuthentication(org.apereo.cas.adaptors.u2f.U2FAuthentication) AuthenticateRequest(com.yubico.u2f.data.messages.AuthenticateRequest) AuthenticateRequestData(com.yubico.u2f.data.messages.AuthenticateRequestData) Principal(org.apereo.cas.authentication.principal.Principal)

Example 2 with AuthenticateRequestData

use of com.yubico.u2f.data.messages.AuthenticateRequestData in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final U2FTokenCredential tokenCredential = (U2FTokenCredential) credential;
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context == null) {
        new IllegalArgumentException("No request context could be found to locate an authentication event");
    }
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
    }
    final Principal p = authentication.getPrincipal();
    final AuthenticateResponse authenticateResponse = AuthenticateResponse.fromJson(tokenCredential.getToken());
    final String authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(authenticateResponse.getRequestId(), p.getId());
    final AuthenticateRequestData authenticateRequest = AuthenticateRequestData.fromJson(authJson);
    DeviceRegistration registration = null;
    try {
        registration = u2f.finishAuthentication(authenticateRequest, authenticateResponse, u2FDeviceRepository.getRegisteredDevices(p.getId()));
        return createHandlerResult(tokenCredential, p, null);
    } catch (final DeviceCompromisedException e) {
        registration = e.getDeviceRegistration();
        throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
    } finally {
        u2FDeviceRepository.authenticateDevice(p.getId(), registration);
    }
}
Also used : AuthenticateResponse(com.yubico.u2f.data.messages.AuthenticateResponse) AuthenticateRequestData(com.yubico.u2f.data.messages.AuthenticateRequestData) Authentication(org.apereo.cas.authentication.Authentication) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) RequestContext(org.springframework.webflow.execution.RequestContext) DeviceCompromisedException(com.yubico.u2f.exceptions.DeviceCompromisedException) PreventedException(org.apereo.cas.authentication.PreventedException) Principal(org.apereo.cas.authentication.principal.Principal)

Aggregations

AuthenticateRequestData (com.yubico.u2f.data.messages.AuthenticateRequestData)2 Principal (org.apereo.cas.authentication.principal.Principal)2 DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1 AuthenticateRequest (com.yubico.u2f.data.messages.AuthenticateRequest)1 AuthenticateResponse (com.yubico.u2f.data.messages.AuthenticateResponse)1 DeviceCompromisedException (com.yubico.u2f.exceptions.DeviceCompromisedException)1 U2FAuthentication (org.apereo.cas.adaptors.u2f.U2FAuthentication)1 Authentication (org.apereo.cas.authentication.Authentication)1 PreventedException (org.apereo.cas.authentication.PreventedException)1 RequestContext (org.springframework.webflow.execution.RequestContext)1