Example 1 with Fido2AuthenticationEntry
use of io.jans.fido2.model.entry.Fido2AuthenticationEntry in project jans by JanssenProject.
the class AuthenticationPersistenceService method save.
public void save(Fido2AuthenticationData authenticationData) {
String userName = authenticationData.getUsername();
User user = userService.getUser(userName, "inum");
if (user == null) {
if (appConfiguration.getFido2Configuration().isUserAutoEnrollment()) {
user = userService.addDefaultUser(userName);
} else {
throw new Fido2RuntimeException("Auto user enrollment was disabled. User not exists!");
}
}
String userInum = userService.getUserInum(user);
prepareBranch(userInum);
Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
final String id = UUID.randomUUID().toString();
String dn = getDnForAuthenticationEntry(userInum, id);
Fido2AuthenticationEntry authenticationEntity = new Fido2AuthenticationEntry(dn, authenticationData.getId(), now, userInum, authenticationData);
authenticationEntity.setAuthenticationStatus(authenticationData.getStatus());
authenticationData.setCreatedDate(now);
authenticationData.setCreatedBy(userName);
persistenceEntryManager.persist(authenticationEntity);
}
Also used :
User(io.jans.as.common.model.common.User)
GregorianCalendar(java.util.GregorianCalendar)
Fido2AuthenticationEntry(io.jans.fido2.model.entry.Fido2AuthenticationEntry)
Fido2RuntimeException(io.jans.fido2.exception.Fido2RuntimeException)
Date(java.util.Date)
Example 2 with Fido2AuthenticationEntry
use of io.jans.fido2.model.entry.Fido2AuthenticationEntry in project jans by JanssenProject.
the class AssertionService method verify.
public JsonNode verify(JsonNode params) {
log.debug("authenticateResponse {}", params);
// Verify if there are mandatory request parameters
commonVerifiers.verifyBasicPayload(params);
commonVerifiers.verifyAssertionType(params, "type");
commonVerifiers.verifyThatFieldString(params, "rawId");
String keyId = commonVerifiers.verifyThatFieldString(params, "id");
// Get response
JsonNode responseNode = params.get("response");
// Verify userHandle
if (responseNode.hasNonNull("userHandle")) {
// This can be null for U2F authenticators
String userHandle = commonVerifiers.verifyThatFieldString(params.get("response"), "userHandle");
}
// Verify client data
JsonNode clientDataJSONNode = commonVerifiers.verifyClientJSON(responseNode);
commonVerifiers.verifyClientJSONTypeIsGet(clientDataJSONNode);
// Get challenge
String challenge = commonVerifiers.getChallenge(clientDataJSONNode);
// Find authentication entry
Fido2AuthenticationEntry authenticationEntity = authenticationPersistenceService.findByChallenge(challenge).parallelStream().findFirst().orElseThrow(() -> new Fido2RuntimeException(String.format("Can't find associated assertion request by challenge '%s'", challenge)));
Fido2AuthenticationData authenticationData = authenticationEntity.getAuthenticationData();
// Verify domain
domainVerifier.verifyDomain(authenticationData.getDomain(), clientDataJSONNode);
// Find registered public key
Fido2RegistrationEntry registrationEntry = registrationPersistenceService.findByPublicKeyId(keyId).orElseThrow(() -> new Fido2RuntimeException(String.format("Couldn't find the key by PublicKeyId '%s'", keyId)));
Fido2RegistrationData registrationData = registrationEntry.getRegistrationData();
// Set actual counter value. Note: Fido2 not update initial value in
// Fido2RegistrationData to minimize DB updates
registrationData.setCounter(registrationEntry.getCounter());
try {
assertionVerifier.verifyAuthenticatorAssertionResponse(responseNode, registrationData, authenticationData);
} catch (Fido2CompromisedDevice ex) {
registrationData.setStatus(Fido2RegistrationStatus.compromised);
registrationPersistenceService.update(registrationEntry);
throw ex;
}
// Store original response
authenticationData.setAssertionResponse(params.toString());
authenticationData.setStatus(Fido2AuthenticationStatus.authenticated);
authenticationPersistenceService.update(authenticationEntity);
// Store actual counter value in separate attribute. Note: Fido2 not update
// initial value in Fido2RegistrationData to minimize DB updates
registrationEntry.setCounter(registrationData.getCounter());
registrationPersistenceService.update(registrationEntry);
// Create result object
ObjectNode finishResponseNode = dataMapperService.createObjectNode();
PublicKeyCredentialDescriptor credentialDescriptor = new PublicKeyCredentialDescriptor(registrationData.getType(), registrationData.getPublicKeyId());
finishResponseNode.set("authenticatedCredentials", dataMapperService.convertValue(credentialDescriptor, JsonNode.class));
finishResponseNode.put("status", "ok");
finishResponseNode.put("errorMessage", "");
return finishResponseNode;
}
Also used :
Fido2RegistrationEntry(io.jans.fido2.model.entry.Fido2RegistrationEntry)
PublicKeyCredentialDescriptor(io.jans.fido2.model.auth.PublicKeyCredentialDescriptor)
Fido2RegistrationData(io.jans.fido2.model.entry.Fido2RegistrationData)
Fido2CompromisedDevice(io.jans.fido2.exception.Fido2CompromisedDevice)
Fido2AuthenticationData(io.jans.fido2.model.entry.Fido2AuthenticationData)
ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode)
Fido2AuthenticationEntry(io.jans.fido2.model.entry.Fido2AuthenticationEntry)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
Fido2RuntimeException(io.jans.fido2.exception.Fido2RuntimeException)
Example 3 with Fido2AuthenticationEntry
use of io.jans.fido2.model.entry.Fido2AuthenticationEntry in project jans by JanssenProject.
the class AuthenticationPersistenceService method findByChallenge.
public List<Fido2AuthenticationEntry> findByChallenge(String challenge) {
String baseDn = getBaseDnForFido2AuthenticationEntries(null);
Filter codeChallengFilter = Filter.createEqualityFilter("jansCodeChallenge", challenge);
List<Fido2AuthenticationEntry> fido2AuthenticationEntries = persistenceEntryManager.findEntries(baseDn, Fido2AuthenticationEntry.class, codeChallengFilter);
return fido2AuthenticationEntries;
}
Also used :
Filter(io.jans.orm.search.filter.Filter)
Fido2AuthenticationEntry(io.jans.fido2.model.entry.Fido2AuthenticationEntry)
Example 4 with Fido2AuthenticationEntry
use of io.jans.fido2.model.entry.Fido2AuthenticationEntry in project jans by JanssenProject.
the class AuthenticationPersistenceService method update.
public void update(Fido2AuthenticationEntry authenticationEntity) {
Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
Fido2AuthenticationData authenticationData = authenticationEntity.getAuthenticationData();
authenticationData.setUpdatedDate(now);
authenticationData.setUpdatedBy(authenticationData.getUsername());
authenticationEntity.setAuthenticationStatus(authenticationData.getStatus());
persistenceEntryManager.merge(authenticationEntity);
System.err.println("Updated: " + authenticationEntity.getDn());
}
Also used :
Fido2AuthenticationData(io.jans.fido2.model.entry.Fido2AuthenticationData)
GregorianCalendar(java.util.GregorianCalendar)
Date(java.util.Date)
Example 5 with Fido2AuthenticationEntry
use of io.jans.fido2.model.entry.Fido2AuthenticationEntry in project jans by JanssenProject.
the class AuthenticationPersistenceService method cleanup.
public void cleanup(Date now, int batchSize) {
// Cleaning expired entries
BatchOperation<Fido2AuthenticationEntry> cleanerAuthenticationBatchService = new ProcessBatchOperation<Fido2AuthenticationEntry>() {
@Override
public void performAction(List<Fido2AuthenticationEntry> entries) {
for (Fido2AuthenticationEntry p : entries) {
log.debug("Removing Fido2 authentication entry: {}, Creation date: {}", p.getChallange(), p.getCreationDate());
try {
persistenceEntryManager.remove(p);
} catch (Exception e) {
log.error("Failed to remove entry", e);
}
}
}
};
String baseDn = getDnForUser(null);
persistenceEntryManager.findEntries(baseDn, Fido2AuthenticationEntry.class, getExpiredAuthenticationFilter(baseDn), SearchScope.SUB, new String[] { "jansCodeChallenge", "creationDate" }, cleanerAuthenticationBatchService, 0, 0, batchSize);
String branchDn = getDnForUser(null);
if (persistenceEntryManager.hasBranchesSupport(branchDn)) {
// Cleaning empty branches
BatchOperation<SimpleBranch> cleanerBranchBatchService = new ProcessBatchOperation<SimpleBranch>() {
@Override
public void performAction(List<SimpleBranch> entries) {
for (SimpleBranch p : entries) {
try {
persistenceEntryManager.remove(p);
} catch (Exception e) {
log.error("Failed to remove entry", e);
}
}
}
};
persistenceEntryManager.findEntries(getDnForUser(null), SimpleBranch.class, getEmptyAuthenticationBranchFilter(), SearchScope.SUB, new String[] { "ou" }, cleanerBranchBatchService, 0, 0, batchSize);
}
}
Also used :
SimpleBranch(io.jans.orm.model.base.SimpleBranch)
ProcessBatchOperation(io.jans.orm.model.ProcessBatchOperation)
Fido2AuthenticationEntry(io.jans.fido2.model.entry.Fido2AuthenticationEntry)
List(java.util.List)
Fido2RuntimeException(io.jans.fido2.exception.Fido2RuntimeException)
Aggregations
Fido2AuthenticationEntry (io.jans.fido2.model.entry.Fido2AuthenticationEntry)4
Fido2RuntimeException (io.jans.fido2.exception.Fido2RuntimeException)3
Fido2AuthenticationData (io.jans.fido2.model.entry.Fido2AuthenticationData)2
Date (java.util.Date)2
GregorianCalendar (java.util.GregorianCalendar)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1
User (io.jans.as.common.model.common.User)1
Fido2CompromisedDevice (io.jans.fido2.exception.Fido2CompromisedDevice)1
PublicKeyCredentialDescriptor (io.jans.fido2.model.auth.PublicKeyCredentialDescriptor)1
Fido2RegistrationData (io.jans.fido2.model.entry.Fido2RegistrationData)1
Fido2RegistrationEntry (io.jans.fido2.model.entry.Fido2RegistrationEntry)1
ProcessBatchOperation (io.jans.orm.model.ProcessBatchOperation)1
SimpleBranch (io.jans.orm.model.base.SimpleBranch)1
Filter (io.jans.orm.search.filter.Filter)1
List (java.util.List)1
