Search in sources :

Example 1 with SignRequestData

use of com.yubico.u2f.data.messages.SignRequestData in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
@SneakyThrows
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) {
    final U2FTokenCredential tokenCredential = (U2FTokenCredential) credential;
    final Authentication authentication = WebUtils.getInProgressAuthentication();
    if (authentication == null) {
        throw new IllegalArgumentException("CAS has no reference to an authentication event to locate a principal");
    }
    final Principal p = authentication.getPrincipal();
    final SignResponse authenticateResponse = SignResponse.fromJson(tokenCredential.getToken());
    final String authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(authenticateResponse.getRequestId(), p.getId());
    final SignRequestData authenticateRequest = SignRequestData.fromJson(authJson);
    DeviceRegistration registration = null;
    try {
        registration = u2f.finishSignature(authenticateRequest, authenticateResponse, u2FDeviceRepository.getRegisteredDevices(p.getId()));
        return createHandlerResult(tokenCredential, p);
    } catch (final DeviceCompromisedException e) {
        registration = e.getDeviceRegistration();
        throw new PreventedException("Device possibly compromised and therefore blocked: " + e.getMessage(), e);
    } finally {
        u2FDeviceRepository.authenticateDevice(p.getId(), registration);
    }
}
Also used : SignResponse(com.yubico.u2f.data.messages.SignResponse) Authentication(org.apereo.cas.authentication.Authentication) SignRequestData(com.yubico.u2f.data.messages.SignRequestData) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) DeviceCompromisedException(com.yubico.u2f.exceptions.DeviceCompromisedException) PreventedException(org.apereo.cas.authentication.PreventedException) Principal(org.apereo.cas.authentication.principal.Principal) SneakyThrows(lombok.SneakyThrows)

Example 2 with SignRequestData

use of com.yubico.u2f.data.messages.SignRequestData in project cas by apereo.

the class U2FStartAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final Principal p = WebUtils.getAuthentication(requestContext).getPrincipal();
    final SignRequestData requestData = u2f.startSignature(this.serverAddress, u2FDeviceRepository.getRegisteredDevices(p.getId()));
    u2FDeviceRepository.requestDeviceAuthentication(requestData.getRequestId(), p.getId(), requestData.toJson());
    if (!requestData.getSignRequests().isEmpty()) {
        final SignRequest req = requestData.getSignRequests().get(0);
        requestContext.getFlowScope().put("u2fAuth", new U2FAuthentication(req.getChallenge(), req.getAppId(), req.getKeyHandle()));
        return success();
    }
    return error();
}
Also used : U2FAuthentication(org.apereo.cas.adaptors.u2f.U2FAuthentication) SignRequest(com.yubico.u2f.data.messages.SignRequest) SignRequestData(com.yubico.u2f.data.messages.SignRequestData) Principal(org.apereo.cas.authentication.principal.Principal)

Aggregations

SignRequestData (com.yubico.u2f.data.messages.SignRequestData)2 Principal (org.apereo.cas.authentication.principal.Principal)2 DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)1 SignRequest (com.yubico.u2f.data.messages.SignRequest)1 SignResponse (com.yubico.u2f.data.messages.SignResponse)1 DeviceCompromisedException (com.yubico.u2f.exceptions.DeviceCompromisedException)1 SneakyThrows (lombok.SneakyThrows)1 U2FAuthentication (org.apereo.cas.adaptors.u2f.U2FAuthentication)1 Authentication (org.apereo.cas.authentication.Authentication)1 PreventedException (org.apereo.cas.authentication.PreventedException)1