Example 1 with PermissiveYubiKeyAccountRegistry
use of org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationHandlerTests method checkAccountNotFound.
@Test
public void checkAccountNotFound() {
val registry = new PermissiveYubiKeyAccountRegistry(new LinkedHashMap<>(), new DefaultYubiKeyAccountValidator(YubicoClient.getClient(CLIENT_ID, SECRET_KEY)));
registry.setCipherExecutor(CipherExecutor.noOpOfSerializableToString());
val handler = new YubiKeyAuthenticationHandler(StringUtils.EMPTY, null, PrincipalFactoryUtils.newPrincipalFactory(), YubicoClient.getClient(CLIENT_ID, SECRET_KEY), registry, null);
assertThrows(AccountNotFoundException.class, () -> handler.authenticate(new YubiKeyCredential(OTP)));
}
Also used :
lombok.val(lombok.val)
PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)
Test(org.junit.jupiter.api.Test)
Example 2 with PermissiveYubiKeyAccountRegistry
use of org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationHandlerTests method checkEncryptedAccount.
@Test
public void checkEncryptedAccount() {
val registry = new PermissiveYubiKeyAccountRegistry(new LinkedHashMap<>(), (uid, token) -> true);
assertNotNull(registry.save(YubiKeyAccount.builder().username(UUID.randomUUID().toString()).build()));
registry.setCipherExecutor(new YubikeyAccountCipherExecutor("1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM", "szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w", 0, 0));
val request = YubiKeyDeviceRegistrationRequest.builder().username("encrypteduser").token(OTP).name(UUID.randomUUID().toString()).build();
assertTrue(registry.registerAccountFor(request));
assertTrue(registry.isYubiKeyRegisteredFor("encrypteduser", registry.getAccountValidator().getTokenPublicId(OTP)));
}
Also used :
lombok.val(lombok.val)
PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)
Test(org.junit.jupiter.api.Test)
Example 3 with PermissiveYubiKeyAccountRegistry
use of org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationEventExecutionPlanConfiguration method yubiKeyAccountRegistry.
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = "yubiKeyAccountRegistry")
public YubiKeyAccountRegistry yubiKeyAccountRegistry(final CasConfigurationProperties casProperties, @Qualifier("yubiKeyAccountValidator") final YubiKeyAccountValidator yubiKeyAccountValidator, @Qualifier("yubicoClient") final YubicoClient yubicoClient, @Qualifier("yubikeyAccountCipherExecutor") final CipherExecutor yubikeyAccountCipherExecutor) {
val yubi = casProperties.getAuthn().getMfa().getYubikey();
if (yubi.getJsonFile() != null) {
LOGGER.debug("Using JSON resource [{}] as the YubiKey account registry", yubi.getJsonFile());
val registry = new JsonYubiKeyAccountRegistry(yubi.getJsonFile(), yubiKeyAccountValidator);
registry.setCipherExecutor(yubikeyAccountCipherExecutor);
return registry;
}
if (StringUtils.isNotBlank(yubi.getRest().getUrl())) {
LOGGER.debug("Using REST API resource [{}] as the YubiKey account registry", yubi.getRest().getUrl());
val registry = new RestfulYubiKeyAccountRegistry(yubi.getRest(), yubiKeyAccountValidator);
registry.setCipherExecutor(yubikeyAccountCipherExecutor);
return registry;
}
if (yubi.getAllowedDevices() != null && !yubi.getAllowedDevices().isEmpty()) {
LOGGER.debug("Using statically-defined devices for [{}] as the YubiKey account registry", yubi.getAllowedDevices().keySet());
val map = (Map<String, YubiKeyAccount>) yubi.getAllowedDevices().entrySet().stream().map(entry -> YubiKeyAccount.builder().id(System.currentTimeMillis()).username(entry.getKey()).devices(List.of(YubiKeyRegisteredDevice.builder().publicId(entry.getValue()).name(UUID.randomUUID().toString()).registrationDate(ZonedDateTime.now(Clock.systemUTC())).build())).build()).collect(Collectors.toMap(YubiKeyAccount::getUsername, acct -> acct));
val registry = new PermissiveYubiKeyAccountRegistry(map, yubiKeyAccountValidator);
registry.setCipherExecutor(CipherExecutor.noOpOfSerializableToString());
return registry;
}
LOGGER.warn("All credentials are considered eligible for YubiKey authentication. " + "Consider providing an account registry implementation via [{}]", YubiKeyAccountRegistry.class.getName());
val registry = new OpenYubiKeyAccountRegistry(new DefaultYubiKeyAccountValidator(yubicoClient));
registry.setCipherExecutor(yubikeyAccountCipherExecutor);
return registry;
}
Also used :
lombok.val(lombok.val)
PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)
OpenYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry)
YubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry)
RestfulYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.RestfulYubiKeyAccountRegistry)
OpenYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry)
PermissiveYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)
JsonYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry)
RestfulYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.RestfulYubiKeyAccountRegistry)
YubiKeyAccount(org.apereo.cas.adaptors.yubikey.YubiKeyAccount)
DefaultYubiKeyAccountValidator(org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator)
JsonYubiKeyAccountRegistry(org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry)
Map(java.util.Map)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
lombok.val (lombok.val)3
PermissiveYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.PermissiveYubiKeyAccountRegistry)3
Test (org.junit.jupiter.api.Test)2
Map (java.util.Map)1
DefaultYubiKeyAccountValidator (org.apereo.cas.adaptors.yubikey.DefaultYubiKeyAccountValidator)1
YubiKeyAccount (org.apereo.cas.adaptors.yubikey.YubiKeyAccount)1
YubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.YubiKeyAccountRegistry)1
JsonYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.JsonYubiKeyAccountRegistry)1
OpenYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.OpenYubiKeyAccountRegistry)1
RestfulYubiKeyAccountRegistry (org.apereo.cas.adaptors.yubikey.registry.RestfulYubiKeyAccountRegistry)1
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1
Bean (org.springframework.context.annotation.Bean)1
