Search in sources :

Example 1 with AuthenticateResponse

use of com.yubico.u2f.data.messages.AuthenticateResponse in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final U2FTokenCredential tokenCredential = (U2FTokenCredential) credential;
    final RequestContext context = RequestContextHolder.getRequestContext();
    if (context == null) {
        new IllegalArgumentException("No request context could be found to locate an authentication event");
    }
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        new IllegalArgumentException("Request context has no reference to an authentication event to locate a principal");
    }
    final Principal p = authentication.getPrincipal();
    final AuthenticateResponse authenticateResponse = AuthenticateResponse.fromJson(tokenCredential.getToken());
    final String authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(authenticateResponse.getRequestId(), p.getId());
    final AuthenticateRequestData authenticateRequest = AuthenticateRequestData.fromJson(authJson);
    DeviceRegistration registration = null;
    try {
        registration = u2f.finishAuthentication(authenticateRequest, authenticateResponse, u2FDeviceRepository.getRegisteredDevices(p.getId()));
        return createHandlerResult(tokenCredential, p, null);
    } catch (final DeviceCompromisedException e) {
        registration = e.getDeviceRegistration();
        throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
    } finally {
        u2FDeviceRepository.authenticateDevice(p.getId(), registration);
    }
}
Also used : AuthenticateResponse(com.yubico.u2f.data.messages.AuthenticateResponse) AuthenticateRequestData(com.yubico.u2f.data.messages.AuthenticateRequestData) Authentication(org.apereo.cas.authentication.Authentication) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) RequestContext(org.springframework.webflow.execution.RequestContext) DeviceCompromisedException(com.yubico.u2f.exceptions.DeviceCompromisedException) PreventedException(org.apereo.cas.authentication.PreventedException) Principal(org.apereo.cas.authentication.principal.Principal)

Aggregations

DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1 AuthenticateRequestData (com.yubico.u2f.data.messages.AuthenticateRequestData)1 AuthenticateResponse (com.yubico.u2f.data.messages.AuthenticateResponse)1 DeviceCompromisedException (com.yubico.u2f.exceptions.DeviceCompromisedException)1 Authentication (org.apereo.cas.authentication.Authentication)1 PreventedException (org.apereo.cas.authentication.PreventedException)1 Principal (org.apereo.cas.authentication.principal.Principal)1 RequestContext (org.springframework.webflow.execution.RequestContext)1