use of lombok.NonNull in project cas by apereo.
the class SamlProfileSamlSoap11ResponseBuilder method buildResponse.
@Override
protected Envelope buildResponse(final Assertion assertion, final Object casAssertion, final RequestAbstractType authnRequest, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final HttpServletRequest request, final HttpServletResponse response, final String binding) throws SamlException {
LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
@NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
LOGGER.debug("Located assertion consumer service url [{}]", acs);
final Response ecpResponse = newEcpResponse(acs.getLocation());
final Header header = newSoapObject(Header.class);
header.getUnknownXMLObjects().add(ecpResponse);
final Body body = newSoapObject(Body.class);
final org.opensaml.saml.saml2.core.Response saml2Response = buildSaml2Response(casAssertion, authnRequest, service, adaptor, request, binding);
body.getUnknownXMLObjects().add(saml2Response);
final Envelope envelope = newSoapObject(Envelope.class);
envelope.setHeader(header);
envelope.setBody(body);
SamlUtils.logSamlObject(this.configBean, envelope);
return envelope;
}
use of lombok.NonNull in project cas by apereo.
the class SamlProfileSamlSubjectBuilder method buildSubject.
private Subject buildSubject(final HttpServletRequest request, final HttpServletResponse response, final RequestAbstractType authnRequest, final Object casAssertion, final SamlRegisteredService service, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final String binding) throws SamlException {
final Assertion assertion = Assertion.class.cast(casAssertion);
final ZonedDateTime validFromDate = ZonedDateTime.ofInstant(assertion.getValidFromDate().toInstant(), ZoneOffset.UTC);
LOGGER.debug("Locating the assertion consumer service url for binding [{}]", binding);
@NonNull final AssertionConsumerService acs = adaptor.getAssertionConsumerService(binding);
final String location = StringUtils.isBlank(acs.getResponseLocation()) ? acs.getLocation() : acs.getResponseLocation();
if (StringUtils.isBlank(location)) {
LOGGER.warn("Subject recipient is not defined from either authentication request or metadata for [{}]", adaptor.getEntityId());
}
final NameID nameId = getNameIdForService(request, response, authnRequest, service, adaptor, binding, assertion);
final Subject subject = newSubject(nameId, service.isSkipGeneratingSubjectConfirmationRecipient() ? null : location, service.isSkipGeneratingSubjectConfirmationNotOnOrAfter() ? null : validFromDate.plusSeconds(this.skewAllowance), service.isSkipGeneratingSubjectConfirmationInResponseTo() ? null : authnRequest.getID(), service.isSkipGeneratingSubjectConfirmationNotBefore() ? null : ZonedDateTime.now());
LOGGER.debug("Created SAML subject [{}]", subject);
return subject;
}
use of lombok.NonNull in project cas by apereo.
the class GoogleAuthenticatorAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final GoogleAuthenticatorTokenCredential tokenCredential = (GoogleAuthenticatorTokenCredential) credential;
if (!StringUtils.isNumeric(tokenCredential.getToken())) {
throw new PreventedException("Invalid non-numeric OTP format specified.", new IllegalArgumentException("Invalid token " + tokenCredential.getToken()));
}
final int otp = Integer.parseInt(tokenCredential.getToken());
LOGGER.debug("Received OTP [{}]", otp);
@NonNull final Authentication authentication = WebUtils.getInProgressAuthentication();
final String uid = authentication.getPrincipal().getId();
LOGGER.debug("Received principal id [{}]", uid);
final OneTimeTokenAccount acct = this.credentialRepository.get(uid);
if (acct == null || StringUtils.isBlank(acct.getSecretKey())) {
throw new AccountNotFoundException(uid + " cannot be found in the registry");
}
if (this.tokenRepository.exists(uid, otp)) {
throw new AccountExpiredException(uid + " cannot reuse OTP " + otp + " as it may be expired/invalid");
}
boolean isCodeValid = this.googleAuthenticatorInstance.authorize(acct.getSecretKey(), otp);
if (!isCodeValid && acct.getScratchCodes().contains(otp)) {
LOGGER.warn("Using scratch code [{}] to authenticate user [{}]. Scratch code will be removed", otp, uid);
acct.getScratchCodes().removeIf(token -> token == otp);
this.credentialRepository.update(acct);
isCodeValid = true;
}
if (isCodeValid) {
this.tokenRepository.store(new GoogleAuthenticatorToken(otp, uid));
return createHandlerResult(tokenCredential, this.principalFactory.createPrincipal(uid));
}
throw new FailedLoginException("Failed to authenticate code " + otp);
}
use of lombok.NonNull in project cas by apereo.
the class SSOSamlProfileCallbackHandlerController method determineProfileBinding.
/**
* Determine profile binding.
*
* @param authenticationContext the authentication context
* @param assertion the assertion
* @return the string
*/
protected String determineProfileBinding(final Pair<AuthnRequest, MessageContext> authenticationContext, final Assertion assertion) {
final AuthnRequest authnRequest = authenticationContext.getKey();
final Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> pair = getRegisteredServiceAndFacade(authnRequest);
final SamlRegisteredServiceServiceProviderMetadataFacade facade = pair.getValue();
final String binding = StringUtils.defaultIfBlank(authnRequest.getProtocolBinding(), SAMLConstants.SAML2_POST_BINDING_URI);
LOGGER.debug("Determined authentication request binding is [{}], issued by [{}]", binding, authnRequest.getIssuer().getValue());
LOGGER.debug("Checking metadata for [{}] to see if binding [{}] is supported", facade.getEntityId(), binding);
@NonNull final AssertionConsumerService svc = facade.getAssertionConsumerService(binding);
LOGGER.debug("Binding [{}] is supported by [{}]", svc.getBinding(), facade.getEntityId());
return binding;
}
Aggregations