Search in sources :

Example 1 with NoEligableDevicesException

use of org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException in project oxAuth by GluuFederation.

the class U2fAuthenticationWS method startAuthentication.

@GET
@Produces({ "application/json" })
public Response startAuthentication(@QueryParam("username") String userName, @QueryParam("keyhandle") String keyHandle, @QueryParam("application") String appId, @QueryParam("session_id") String sessionId) {
    // Parameter username is deprecated. We uses it only to determine is it's one or two step workflow
    try {
        if (appConfiguration.getDisableU2fEndpoint()) {
            return Response.status(Status.FORBIDDEN).build();
        }
        log.debug("Startig authentication with username '{}', keyhandle '{}' for appId '{}' and session_id '{}'", userName, keyHandle, appId, sessionId);
        if (StringHelper.isEmpty(userName) && StringHelper.isEmpty(keyHandle)) {
            throw new BadInputException("The request should contains either username or keyhandle");
        }
        String foundUserInum = null;
        boolean twoStep = StringHelper.isNotEmpty(userName);
        if (twoStep) {
            boolean valid = u2fValidationService.isValidSessionId(userName, sessionId);
            if (!valid) {
                throw new BadInputException(String.format("session_id '%s' is invalid", sessionId));
            }
            foundUserInum = userService.getUserInum(userName);
        } else {
            // Convert to non padding URL base64 string
            String keyHandleWithoutPading = Base64Util.base64urlencode(Base64Util.base64urldecode(keyHandle));
            // In one step we expects empty username and not empty keyhandle
            foundUserInum = u2fAuthenticationService.getUserInumByKeyHandle(appId, keyHandleWithoutPading);
        }
        if (StringHelper.isEmpty(foundUserInum)) {
            throw new BadInputException(String.format("Failed to find user by userName '%s' or keyHandle '%s' in LDAP", userName, keyHandle));
        }
        AuthenticateRequestMessage authenticateRequestMessage = u2fAuthenticationService.buildAuthenticateRequestMessage(appId, foundUserInum);
        u2fAuthenticationService.storeAuthenticationRequestMessage(authenticateRequestMessage, foundUserInum, sessionId);
        // convert manually to avoid possible conflict between resteasy
        // providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(authenticateRequestMessage);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        if ((ex instanceof NoEligableDevicesException) || (ex instanceof InvalidKeyHandleDeviceException)) {
            throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.NO_ELIGABLE_DEVICES)).build());
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
    }
}
Also used : BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage) NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException) InvalidKeyHandleDeviceException(org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) InvalidKeyHandleDeviceException(org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException) NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)

Example 2 with NoEligableDevicesException

use of org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException in project oxAuth by GluuFederation.

the class AuthenticationService method buildAuthenticateRequestMessage.

public AuthenticateRequestMessage buildAuthenticateRequestMessage(String appId, String userInum) throws BadInputException, NoEligableDevicesException {
    if (applicationService.isValidateApplication()) {
        applicationService.checkIsValid(appId);
    }
    List<AuthenticateRequest> authenticateRequests = new ArrayList<AuthenticateRequest>();
    byte[] challenge = challengeGenerator.generateChallenge();
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
    for (DeviceRegistration deviceRegistration : deviceRegistrations) {
        if (!deviceRegistration.isCompromised()) {
            AuthenticateRequest request;
            try {
                request = startAuthentication(appId, deviceRegistration, challenge);
                authenticateRequests.add(request);
            } catch (DeviceCompromisedException ex) {
                log.error("Faield to authenticate device", ex);
            }
        }
    }
    if (authenticateRequests.isEmpty()) {
        if (deviceRegistrations.isEmpty()) {
            throw new NoEligableDevicesException(deviceRegistrations, "No devices registrered");
        } else {
            throw new NoEligableDevicesException(deviceRegistrations, "All devices compromised");
        }
    }
    return new AuthenticateRequestMessage(authenticateRequests);
}
Also used : AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest) AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage) NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException) ArrayList(java.util.ArrayList) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)

Aggregations

DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)2 NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)2 AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)2 ArrayList (java.util.ArrayList)1 InvalidKeyHandleDeviceException (org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)1 DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)1 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1 AuthenticateRequest (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)1