use of org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator in project cas by apereo.
the class YubiKeyAuthenticationEventExecutionPlanConfiguration method yubiKeyAccountRegistry.
@Bean
@RefreshScope
@ConditionalOnMissingBean(name = "yubiKeyAccountRegistry")
public YubiKeyAccountRegistry yubiKeyAccountRegistry() {
final YubiKeyMultifactorProperties yubi = casProperties.getAuthn().getMfa().getYubikey();
if (yubi.getJsonFile() != null) {
LOGGER.debug("Using JSON resource [{}] as the YubiKey account registry", yubi.getJsonFile());
final JsonYubiKeyAccountRegistry registry = new JsonYubiKeyAccountRegistry(yubi.getJsonFile(), yubiKeyAccountValidator());
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
if (yubi.getAllowedDevices() != null) {
LOGGER.debug("Using statically-defined devices for [{}] as the YubiKey account registry", yubi.getAllowedDevices().keySet());
final WhitelistYubiKeyAccountRegistry registry = new WhitelistYubiKeyAccountRegistry(yubi.getAllowedDevices(), yubiKeyAccountValidator());
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
LOGGER.warn("All credentials are considered eligible for YubiKey authentication. " + "Consider providing an account registry implementation via [{}]", YubiKeyAccountRegistry.class.getName());
final OpenYubiKeyAccountRegistry registry = new OpenYubiKeyAccountRegistry(new DefaultYubiKeyAccountValidator(yubicoClient()));
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
Aggregations