use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.
the class U2FAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws PreventedException {
val tokenCredential = (U2FTokenCredential) credential;
val authentication = Objects.requireNonNull(WebUtils.getInProgressAuthentication(), "CAS has no reference to an authentication event to locate a principal");
val principal = this.principalFactory.createPrincipal(authentication.getPrincipal().getId());
try {
val authenticateResponse = SignResponse.fromJson(tokenCredential.getToken());
val requestId = authenticateResponse.getRequestId();
val authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(requestId, principal.getId());
if (StringUtils.isBlank(authJson)) {
throw new PreventedException("Could not get device authentication request from repository for request id " + requestId);
}
val authenticateRequest = SignRequestData.fromJson(authJson);
val registeredDevices = u2FDeviceRepository.getRegisteredDevices(principal.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
if (registeredDevices.isEmpty()) {
throw new PreventedException("No registered devices could be found for " + principal.getId());
}
val registration = u2f.finishSignature(authenticateRequest, authenticateResponse, registeredDevices);
val record = U2FDeviceRegistration.builder().record(u2FDeviceRepository.getCipherExecutor().encode(registration.toJsonWithAttestationCert())).username(principal.getId()).build();
u2FDeviceRepository.verifyRegisteredDevice(record);
return createHandlerResult(tokenCredential, principal);
} catch (final Exception e) {
throw new PreventedException(e);
}
}
use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.
the class U2FStartRegistrationAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
val p = resolvePrincipal(WebUtils.getAuthentication(requestContext).getPrincipal());
val registeredDevices = u2FDeviceRepository.getRegisteredDevices(p.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
val registerRequestData = u2f.startRegistration(this.serverAddress, registeredDevices);
u2FDeviceRepository.requestDeviceRegistration(registerRequestData.getRequestId(), p.getId(), registerRequestData.toJson());
if (!registerRequestData.getRegisterRequests().isEmpty()) {
val req = registerRequestData.getRegisterRequests().get(0);
val u2fReg = new U2FRegistration(req.getChallenge(), req.getAppId(), registerRequestData.getRequestId(), p.getId(), registerRequestData.toJson());
requestContext.getFlowScope().put("u2fReg", u2fReg);
return success();
}
return error();
}
use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.
the class U2FStartAuthenticationAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
val p = resolvePrincipal(WebUtils.getAuthentication(requestContext).getPrincipal());
val registeredDevices = u2FDeviceRepository.getRegisteredDevices(p.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
val requestData = u2f.startSignature(this.serverAddress, registeredDevices);
u2FDeviceRepository.requestDeviceAuthentication(requestData.getRequestId(), p.getId(), requestData.toJson());
if (!requestData.getSignRequests().isEmpty()) {
val req = requestData.getSignRequests().get(0);
val u2fAuth = new U2FAuthentication(req.getChallenge(), req.getAppId(), req.getKeyHandle());
requestContext.getFlowScope().put("u2fAuth", u2fAuth);
return success();
}
return error();
}
Aggregations