Search in sources :

Example 1 with AuthenticateRequestMessageLdap

use of org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap in project oxAuth by GluuFederation.

the class U2fAuthenticationWS method finishAuthentication.

@POST
@Produces({ "application/json" })
public Response finishAuthentication(@FormParam("username") String userName, @FormParam("tokenResponse") String authenticateResponseString) {
    String sessionId = null;
    try {
        if (appConfiguration.getDisableU2fEndpoint()) {
            return Response.status(Status.FORBIDDEN).build();
        }
        log.debug("Finishing authentication for username '{}' with response '{}'", userName, authenticateResponseString);
        AuthenticateResponse authenticateResponse = ServerUtil.jsonMapperWithWrapRoot().readValue(authenticateResponseString, AuthenticateResponse.class);
        String requestId = authenticateResponse.getRequestId();
        AuthenticateRequestMessageLdap authenticateRequestMessageLdap = u2fAuthenticationService.getAuthenticationRequestMessageByRequestId(requestId);
        if (authenticateRequestMessageLdap == null) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SESSION_EXPIRED)).build());
        }
        sessionId = authenticateRequestMessageLdap.getSessionId();
        u2fAuthenticationService.removeAuthenticationRequestMessage(authenticateRequestMessageLdap);
        AuthenticateRequestMessage authenticateRequestMessage = authenticateRequestMessageLdap.getAuthenticateRequestMessage();
        String foundUserInum = authenticateRequestMessageLdap.getUserInum();
        DeviceRegistrationResult deviceRegistrationResult = u2fAuthenticationService.finishAuthentication(authenticateRequestMessage, authenticateResponse, foundUserInum);
        // If sessionId is not empty update session
        if (StringHelper.isNotEmpty(sessionId)) {
            log.debug("There is session id. Setting session id attributes");
            boolean oneStep = StringHelper.isEmpty(userName);
            userSessionIdService.updateUserSessionIdOnFinishRequest(sessionId, foundUserInum, deviceRegistrationResult, false, oneStep);
        }
        AuthenticateStatus authenticationStatus = new AuthenticateStatus(Constants.RESULT_SUCCESS, requestId);
        // convert manually to avoid possible conflict between resteasy
        // providers, e.g. jettison, jackson
        final String entity = ServerUtil.asJson(authenticationStatus);
        return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
    } catch (Exception ex) {
        log.error("Exception happened", ex);
        if (ex instanceof WebApplicationException) {
            throw (WebApplicationException) ex;
        }
        try {
            // If sessionId is not empty update session
            if (StringHelper.isNotEmpty(sessionId)) {
                log.debug("There is session id. Setting session id status to 'declined'");
                userSessionIdService.updateUserSessionIdOnError(sessionId);
            }
        } catch (Exception ex2) {
            log.error("Failed to update session id status", ex2);
        }
        if (ex instanceof BadInputException) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.INVALID_REQUEST)).build());
        }
        if (ex instanceof DeviceCompromisedException) {
            DeviceRegistration deviceRegistration = ((DeviceCompromisedException) ex).getDeviceRegistration();
            try {
                deviceRegistrationService.disableUserDeviceRegistration(deviceRegistration);
            } catch (Exception ex2) {
                log.error("Failed to mark device '{}' as compomised", ex2, deviceRegistration.getId());
            }
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.DEVICE_COMPROMISED)).build());
        }
        throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
    }
}
Also used : AuthenticateStatus(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateStatus) AuthenticateResponse(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse) AuthenticateRequestMessageLdap(org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap) AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) InvalidKeyHandleDeviceException(org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException) NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)

Example 2 with AuthenticateRequestMessageLdap

use of org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap in project oxAuth by GluuFederation.

the class AuthenticationService method getAuthenticationRequestMessage.

public AuthenticateRequestMessage getAuthenticationRequestMessage(String oxId) {
    String requestDn = getDnForAuthenticateRequestMessage(oxId);
    AuthenticateRequestMessageLdap authenticateRequestMessageLdap = ldapEntryManager.find(AuthenticateRequestMessageLdap.class, requestDn);
    if (authenticateRequestMessageLdap == null) {
        return null;
    }
    return authenticateRequestMessageLdap.getAuthenticateRequestMessage();
}
Also used : AuthenticateRequestMessageLdap(org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)

Example 3 with AuthenticateRequestMessageLdap

use of org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap in project oxAuth by GluuFederation.

the class AuthenticationService method getAuthenticationRequestMessageByRequestId.

public AuthenticateRequestMessageLdap getAuthenticationRequestMessageByRequestId(String requestId) {
    String baseDn = getDnForAuthenticateRequestMessage(null);
    Filter requestIdFilter = Filter.createEqualityFilter("oxRequestId", requestId);
    List<AuthenticateRequestMessageLdap> authenticateRequestMessagesLdap = ldapEntryManager.findEntries(baseDn, AuthenticateRequestMessageLdap.class, requestIdFilter);
    if ((authenticateRequestMessagesLdap == null) || authenticateRequestMessagesLdap.isEmpty()) {
        return null;
    }
    return authenticateRequestMessagesLdap.get(0);
}
Also used : AuthenticateRequestMessageLdap(org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap) Filter(org.gluu.search.filter.Filter)

Example 4 with AuthenticateRequestMessageLdap

use of org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap in project oxAuth by GluuFederation.

the class AuthenticationService method storeAuthenticationRequestMessage.

public void storeAuthenticationRequestMessage(AuthenticateRequestMessage requestMessage, String userInum, String sessionId) {
    Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
    final String authenticateRequestMessageId = UUID.randomUUID().toString();
    AuthenticateRequestMessageLdap authenticateRequestMessageLdap = new AuthenticateRequestMessageLdap(getDnForAuthenticateRequestMessage(authenticateRequestMessageId), authenticateRequestMessageId, now, sessionId, userInum, requestMessage);
    ldapEntryManager.persist(authenticateRequestMessageLdap);
}
Also used : AuthenticateRequestMessageLdap(org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap) GregorianCalendar(java.util.GregorianCalendar) Date(java.util.Date)

Aggregations

AuthenticateRequestMessageLdap (org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)4 Date (java.util.Date)1 GregorianCalendar (java.util.GregorianCalendar)1 DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)1 InvalidKeyHandleDeviceException (org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)1 NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)1 DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)1 DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)1 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1 AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1 AuthenticateResponse (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse)1 AuthenticateStatus (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateStatus)1 Filter (org.gluu.search.filter.Filter)1