Search in sources :

Example 1 with U2FDeviceRepository

use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.

the class U2FAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws PreventedException {
    val tokenCredential = (U2FTokenCredential) credential;
    val authentication = Objects.requireNonNull(WebUtils.getInProgressAuthentication(), "CAS has no reference to an authentication event to locate a principal");
    val principal = this.principalFactory.createPrincipal(authentication.getPrincipal().getId());
    try {
        val authenticateResponse = SignResponse.fromJson(tokenCredential.getToken());
        val requestId = authenticateResponse.getRequestId();
        val authJson = u2FDeviceRepository.getDeviceAuthenticationRequest(requestId, principal.getId());
        if (StringUtils.isBlank(authJson)) {
            throw new PreventedException("Could not get device authentication request from repository for request id " + requestId);
        }
        val authenticateRequest = SignRequestData.fromJson(authJson);
        val registeredDevices = u2FDeviceRepository.getRegisteredDevices(principal.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
        if (registeredDevices.isEmpty()) {
            throw new PreventedException("No registered devices could be found for " + principal.getId());
        }
        val registration = u2f.finishSignature(authenticateRequest, authenticateResponse, registeredDevices);
        val record = U2FDeviceRegistration.builder().record(u2FDeviceRepository.getCipherExecutor().encode(registration.toJsonWithAttestationCert())).username(principal.getId()).build();
        u2FDeviceRepository.verifyRegisteredDevice(record);
        return createHandlerResult(tokenCredential, principal);
    } catch (final Exception e) {
        throw new PreventedException(e);
    }
}
Also used : lombok.val(lombok.val) Unchecked(org.jooq.lambda.Unchecked) SignRequestData(com.yubico.u2f.data.messages.SignRequestData) lombok.val(lombok.val) AuthenticationHandlerExecutionResult(org.apereo.cas.authentication.AuthenticationHandlerExecutionResult) U2FDeviceRegistration(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRegistration) StringUtils(org.apache.commons.lang3.StringUtils) Collectors(java.util.stream.Collectors) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) Objects(java.util.Objects) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) U2FDeviceRepository(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository) U2F(com.yubico.u2f.U2F) AbstractPreAndPostProcessingAuthenticationHandler(org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler) MultifactorAuthenticationHandler(org.apereo.cas.authentication.MultifactorAuthenticationHandler) PreventedException(org.apereo.cas.authentication.PreventedException) Credential(org.apereo.cas.authentication.Credential) WebUtils(org.apereo.cas.web.support.WebUtils) SignResponse(com.yubico.u2f.data.messages.SignResponse) ServicesManager(org.apereo.cas.services.ServicesManager) PreventedException(org.apereo.cas.authentication.PreventedException) PreventedException(org.apereo.cas.authentication.PreventedException)

Example 2 with U2FDeviceRepository

use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.

the class U2FStartRegistrationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    val p = resolvePrincipal(WebUtils.getAuthentication(requestContext).getPrincipal());
    val registeredDevices = u2FDeviceRepository.getRegisteredDevices(p.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
    val registerRequestData = u2f.startRegistration(this.serverAddress, registeredDevices);
    u2FDeviceRepository.requestDeviceRegistration(registerRequestData.getRequestId(), p.getId(), registerRequestData.toJson());
    if (!registerRequestData.getRegisterRequests().isEmpty()) {
        val req = registerRequestData.getRegisterRequests().get(0);
        val u2fReg = new U2FRegistration(req.getChallenge(), req.getAppId(), registerRequestData.getRequestId(), p.getId(), registerRequestData.toJson());
        requestContext.getFlowScope().put("u2fReg", u2fReg);
        return success();
    }
    return error();
}
Also used : lombok.val(lombok.val) Unchecked(org.jooq.lambda.Unchecked) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) RequestContext(org.springframework.webflow.execution.RequestContext) Collectors(java.util.stream.Collectors) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) U2FMultifactorAuthenticationProvider(org.apereo.cas.adaptors.u2f.U2FMultifactorAuthenticationProvider) Objects(java.util.Objects) AbstractMultifactorAuthenticationAction(org.apereo.cas.web.flow.actions.AbstractMultifactorAuthenticationAction) U2FDeviceRepository(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository) U2F(com.yubico.u2f.U2F) U2FRegistration(org.apereo.cas.adaptors.u2f.U2FRegistration) WebUtils(org.apereo.cas.web.support.WebUtils) Event(org.springframework.webflow.execution.Event) U2FRegistration(org.apereo.cas.adaptors.u2f.U2FRegistration)

Example 3 with U2FDeviceRepository

use of org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository in project cas by apereo.

the class U2FStartAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    val p = resolvePrincipal(WebUtils.getAuthentication(requestContext).getPrincipal());
    val registeredDevices = u2FDeviceRepository.getRegisteredDevices(p.getId()).stream().map(u2FDeviceRepository::decode).map(Unchecked.function(r -> DeviceRegistration.fromJson(r.getRecord()))).filter(Objects::nonNull).collect(Collectors.toList());
    val requestData = u2f.startSignature(this.serverAddress, registeredDevices);
    u2FDeviceRepository.requestDeviceAuthentication(requestData.getRequestId(), p.getId(), requestData.toJson());
    if (!requestData.getSignRequests().isEmpty()) {
        val req = requestData.getSignRequests().get(0);
        val u2fAuth = new U2FAuthentication(req.getChallenge(), req.getAppId(), req.getKeyHandle());
        requestContext.getFlowScope().put("u2fAuth", u2fAuth);
        return success();
    }
    return error();
}
Also used : lombok.val(lombok.val) Unchecked(org.jooq.lambda.Unchecked) U2FAuthentication(org.apereo.cas.adaptors.u2f.U2FAuthentication) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) RequestContext(org.springframework.webflow.execution.RequestContext) Collectors(java.util.stream.Collectors) DeviceRegistration(com.yubico.u2f.data.DeviceRegistration) U2FMultifactorAuthenticationProvider(org.apereo.cas.adaptors.u2f.U2FMultifactorAuthenticationProvider) Objects(java.util.Objects) AbstractMultifactorAuthenticationAction(org.apereo.cas.web.flow.actions.AbstractMultifactorAuthenticationAction) U2FDeviceRepository(org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository) U2F(com.yubico.u2f.U2F) WebUtils(org.apereo.cas.web.support.WebUtils) Event(org.springframework.webflow.execution.Event) U2FAuthentication(org.apereo.cas.adaptors.u2f.U2FAuthentication)

Aggregations

U2F (com.yubico.u2f.U2F)3 DeviceRegistration (com.yubico.u2f.data.DeviceRegistration)3 Objects (java.util.Objects)3 Collectors (java.util.stream.Collectors)3 lombok.val (lombok.val)3 U2FDeviceRepository (org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository)3 WebUtils (org.apereo.cas.web.support.WebUtils)3 Unchecked (org.jooq.lambda.Unchecked)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)2 U2FMultifactorAuthenticationProvider (org.apereo.cas.adaptors.u2f.U2FMultifactorAuthenticationProvider)2 AbstractMultifactorAuthenticationAction (org.apereo.cas.web.flow.actions.AbstractMultifactorAuthenticationAction)2 Event (org.springframework.webflow.execution.Event)2 RequestContext (org.springframework.webflow.execution.RequestContext)2 SignRequestData (com.yubico.u2f.data.messages.SignRequestData)1 SignResponse (com.yubico.u2f.data.messages.SignResponse)1 StringUtils (org.apache.commons.lang3.StringUtils)1 U2FAuthentication (org.apereo.cas.adaptors.u2f.U2FAuthentication)1 U2FRegistration (org.apereo.cas.adaptors.u2f.U2FRegistration)1 U2FDeviceRegistration (org.apereo.cas.adaptors.u2f.storage.U2FDeviceRegistration)1 AuthenticationHandlerExecutionResult (org.apereo.cas.authentication.AuthenticationHandlerExecutionResult)1