use of org.apereo.cas.adaptors.yubikey.registry.WhitelistYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationHandlerTests method checkEncryptedAccount.
@Test
public void checkEncryptedAccount() {
final WhitelistYubiKeyAccountRegistry registry = new WhitelistYubiKeyAccountRegistry(new HashMap<>(), (uid, token) -> true);
registry.setCipherExecutor(new YubikeyAccountCipherExecutor("1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM", "szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w"));
assertTrue(registry.registerAccountFor("encrypteduser", OTP));
assertTrue(registry.isYubiKeyRegisteredFor("encrypteduser", registry.getAccountValidator().getTokenPublicId(OTP)));
}
use of org.apereo.cas.adaptors.yubikey.registry.WhitelistYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationHandlerTests method checkAccountNotFound.
@Test
public void checkAccountNotFound() throws Exception {
final WhitelistYubiKeyAccountRegistry registry = new WhitelistYubiKeyAccountRegistry(new HashMap<>(), new DefaultYubiKeyAccountValidator(YubicoClient.getClient(CLIENT_ID, SECRET_KEY)));
registry.setCipherExecutor(CipherExecutor.noOpOfSerializableToString());
final YubiKeyAuthenticationHandler handler = new YubiKeyAuthenticationHandler(StringUtils.EMPTY, null, new DefaultPrincipalFactory(), YubicoClient.getClient(CLIENT_ID, SECRET_KEY), registry);
this.thrown.expect(AccountNotFoundException.class);
handler.authenticate(new YubiKeyCredential(OTP));
}
use of org.apereo.cas.adaptors.yubikey.registry.WhitelistYubiKeyAccountRegistry in project cas by apereo.
the class YubiKeyAuthenticationEventExecutionPlanConfiguration method yubiKeyAccountRegistry.
@Bean
@RefreshScope
@ConditionalOnMissingBean(name = "yubiKeyAccountRegistry")
public YubiKeyAccountRegistry yubiKeyAccountRegistry() {
final YubiKeyMultifactorProperties yubi = casProperties.getAuthn().getMfa().getYubikey();
if (yubi.getJsonFile() != null) {
LOGGER.debug("Using JSON resource [{}] as the YubiKey account registry", yubi.getJsonFile());
final JsonYubiKeyAccountRegistry registry = new JsonYubiKeyAccountRegistry(yubi.getJsonFile(), yubiKeyAccountValidator());
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
if (yubi.getAllowedDevices() != null) {
LOGGER.debug("Using statically-defined devices for [{}] as the YubiKey account registry", yubi.getAllowedDevices().keySet());
final WhitelistYubiKeyAccountRegistry registry = new WhitelistYubiKeyAccountRegistry(yubi.getAllowedDevices(), yubiKeyAccountValidator());
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
LOGGER.warn("All credentials are considered eligible for YubiKey authentication. " + "Consider providing an account registry implementation via [{}]", YubiKeyAccountRegistry.class.getName());
final OpenYubiKeyAccountRegistry registry = new OpenYubiKeyAccountRegistry(new DefaultYubiKeyAccountValidator(yubicoClient()));
registry.setCipherExecutor(this.yubikeyAccountCipherExecutor);
return registry;
}
Aggregations