Examples with DeviceRegistration org.gluu.oxauth.model.fido.u2f.DeviceRegistration used on opensource projects

Search in sources :

Example 6 with DeviceRegistration

use of org.gluu.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class AuthenticationService method getUserInumByKeyHandle.

public String getUserInumByKeyHandle(String appId, String keyHandle) throws InvalidKeyHandleDeviceException {
    if (org.gluu.util.StringHelper.isEmpty(appId) || StringHelper.isEmpty(keyHandle)) {
        return null;
    }
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findDeviceRegistrationsByKeyHandle(appId, keyHandle, "oxId");
    if (deviceRegistrations.isEmpty()) {
        throw new InvalidKeyHandleDeviceException(String.format("Failed to find device by keyHandle '%s' in LDAP", keyHandle));
    }
    if (deviceRegistrations.size() != 1) {
        throw new BadInputException(String.format("There are '%d' devices with keyHandle '%s' in LDAP", deviceRegistrations.size(), keyHandle));
    }
    DeviceRegistration deviceRegistration = deviceRegistrations.get(0);
    return userService.getUserInumByDn(deviceRegistration.getDn());
}
Also used : BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) InvalidKeyHandleDeviceException(org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration)

Example 7 with DeviceRegistration

use of org.gluu.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class AuthenticationService method finishAuthentication.

public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage requestMessage, AuthenticateResponse response, String userInum, Set<String> facets) throws BadInputException, DeviceCompromisedException {
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, requestMessage.getAppId());
    final AuthenticateRequest request = getAuthenticateRequest(requestMessage, response);
    DeviceRegistration usedDeviceRegistration = null;
    for (DeviceRegistration deviceRegistration : deviceRegistrations) {
        if (StringHelper.equals(request.getKeyHandle(), deviceRegistration.getKeyHandle())) {
            usedDeviceRegistration = deviceRegistration;
            break;
        }
    }
    if (usedDeviceRegistration == null) {
        throw new BadInputException("Failed to find DeviceRegistration for the given AuthenticateRequest");
    }
    if (usedDeviceRegistration.isCompromised()) {
        throw new DeviceCompromisedException(usedDeviceRegistration, "The device is marked as possibly compromised, and cannot be authenticated");
    }
    ClientData clientData = response.getClientData();
    log.debug("Client data HEX '{}'", Hex.encodeHexString(response.getClientDataRaw().getBytes()));
    log.debug("Signature data HEX '{}'", Hex.encodeHexString(response.getSignatureData().getBytes()));
    clientDataValidationService.checkContent(clientData, RawAuthenticationService.SUPPORTED_AUTHENTICATE_TYPES, request.getChallenge(), facets);
    RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(response.getSignatureData());
    rawAuthenticationService.checkSignature(request.getAppId(), clientData, rawAuthenticateResponse, Base64Util.base64urldecode(usedDeviceRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
    rawAuthenticateResponse.checkUserPresence();
    log.debug("Counter in finish authentication request'{}', countr in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
    usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
    usedDeviceRegistration.setLastAccessTime(new Date());
    deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
    DeviceRegistrationResult.Status status = DeviceRegistrationResult.Status.APPROVED;
    boolean approved = StringHelper.equals(RawAuthenticationService.AUTHENTICATE_GET_TYPE, clientData.getTyp());
    if (!approved) {
        status = DeviceRegistrationResult.Status.CANCELED;
        log.debug("Authentication request with keyHandle '{}' was canceled", response.getKeyHandle());
    }
    return new DeviceRegistrationResult(usedDeviceRegistration, status);
}
Also used : AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) ClientData(org.gluu.oxauth.model.fido.u2f.protocol.ClientData) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult) RawAuthenticateResponse(org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse) Date(java.util.Date)

Example 8 with DeviceRegistration

use of org.gluu.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class DeviceRegistrationService method attachUserDeviceRegistration.

public boolean attachUserDeviceRegistration(String userInum, String oneStepDeviceId) {
    String oneStepDeviceDn = getDnForOneStepU2fDevice(oneStepDeviceId);
    // Load temporary stored device registration
    DeviceRegistration deviceRegistration = ldapEntryManager.find(DeviceRegistration.class, oneStepDeviceDn);
    if (deviceRegistration == null) {
        return false;
    }
    // Remove temporary stored device registration
    removeUserDeviceRegistration(deviceRegistration);
    // Attach user device registration to user
    String deviceDn = getDnForU2fDevice(userInum, deviceRegistration.getId());
    deviceRegistration.setDn(deviceDn);
    // Final registration entry should be without expiration
    deviceRegistration.clearExpiration();
    addUserDeviceRegistration(userInum, deviceRegistration);
    return true;
}
Also used : DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration)

Aggregations

DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)8 DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)3 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)3 InvalidKeyHandleDeviceException (org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)2 NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)2 DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)2 AuthenticateRequest (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)2 AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)2 Filter (org.gluu.search.filter.Filter)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 List (java.util.List)1 ApplicationScoped (javax.enterprise.context.ApplicationScoped)1 Inject (javax.inject.Inject)1 StringUtils (org.apache.commons.lang.StringUtils)1 Fido2RegistrationEntry (org.gluu.fido2.model.entry.Fido2RegistrationEntry)1 BaseComponentTest (org.gluu.oxauth.BaseComponentTest)1 StaticConfiguration (org.gluu.oxauth.model.config.StaticConfiguration)1 AppConfiguration (org.gluu.oxauth.model.configuration.AppConfiguration)1 AuthenticateRequestMessageLdap (org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial