Examples with YubiKeyAccount - org.apereo.cas.adaptors.yubikey.YubiKeyAccount

Example 6 with YubiKeyAccount

use of org.apereo.cas.adaptors.yubikey.YubiKeyAccount in project cas by apereo.

the class YubiKeyAuthenticationEventExecutionPlanConfiguration method yubiKeyAccountRegistry.

@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = "yubiKeyAccountRegistry")
public YubiKeyAccountRegistry yubiKeyAccountRegistry(final CasConfigurationProperties casProperties, @Qualifier("yubiKeyAccountValidator") final YubiKeyAccountValidator yubiKeyAccountValidator, @Qualifier("yubicoClient") final YubicoClient yubicoClient, @Qualifier("yubikeyAccountCipherExecutor") final CipherExecutor yubikeyAccountCipherExecutor) {
    val yubi = casProperties.getAuthn().getMfa().getYubikey();
    if (yubi.getJsonFile() != null) {
        LOGGER.debug("Using JSON resource [{}] as the YubiKey account registry", yubi.getJsonFile());
        val registry = new JsonYubiKeyAccountRegistry(yubi.getJsonFile(), yubiKeyAccountValidator);
        registry.setCipherExecutor(yubikeyAccountCipherExecutor);
        return registry;
    }
    if (StringUtils.isNotBlank(yubi.getRest().getUrl())) {
        LOGGER.debug("Using REST API resource [{}] as the YubiKey account registry", yubi.getRest().getUrl());
        val registry = new RestfulYubiKeyAccountRegistry(yubi.getRest(), yubiKeyAccountValidator);
        registry.setCipherExecutor(yubikeyAccountCipherExecutor);
        return registry;
    }
    if (yubi.getAllowedDevices() != null && !yubi.getAllowedDevices().isEmpty()) {
        LOGGER.debug("Using statically-defined devices for [{}] as the YubiKey account registry", yubi.getAllowedDevices().keySet());
        val map = (Map<String, YubiKeyAccount>) yubi.getAllowedDevices().entrySet().stream().map(entry -> YubiKeyAccount.builder().id(System.currentTimeMillis()).username(entry.getKey()).devices(List.of(YubiKeyRegisteredDevice.builder().publicId(entry.getValue()).name(UUID.randomUUID().toString()).registrationDate(ZonedDateTime.now(Clock.systemUTC())).build())).build()).collect(Collectors.toMap(YubiKeyAccount::getUsername, acct -> acct));
        val registry = new PermissiveYubiKeyAccountRegistry(map, yubiKeyAccountValidator);
        registry.setCipherExecutor(CipherExecutor.noOpOfSerializableToString());
        return registry;
    }
    LOGGER.warn("All credentials are considered eligible for YubiKey authentication. " + "Consider providing an account registry implementation via [{}]", YubiKeyAccountRegistry.class.getName());
    val registry = new OpenYubiKeyAccountRegistry(new DefaultYubiKeyAccountValidator(yubicoClient));
    registry.setCipherExecutor(yubikeyAccountCipherExecutor);
    return registry;
}

Also used : lombok.val(lombok.val) PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry) OpenYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry) YubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry) RestfulYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.RestfulYubiKeyAccountRegistry) OpenYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry) PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry) JsonYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry) RestfulYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.RestfulYubiKeyAccountRegistry) YubiKeyAccount(org.apereo.cas.adaptors.yubikey.YubiKeyAccount) DefaultYubiKeyAccountValidator(org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator) JsonYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry) Map(java.util.Map) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

YubiKeyAccount (org.apereo.cas.adaptors.yubikey.YubiKeyAccount)6 lombok.val (lombok.val)3 Operation (io.swagger.v3.oas.annotations.Operation)2 YubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry)2 PostMapping (org.springframework.web.bind.annotation.PostMapping)2 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 Parameter (io.swagger.v3.oas.annotations.Parameter)1 File (java.io.File)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Collection (java.util.Collection)1 Map (java.util.Map)1 Objects (java.util.Objects)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Slf4j (lombok.extern.slf4j.Slf4j)1 IOUtils (org.apache.commons.io.IOUtils)1 DefaultYubiKeyAccountValidator (org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator)1 JsonYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry)1 OpenYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry)1 PermissiveYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)1