Example 1 with AuthenticateRequest
use of org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest in project oxAuth by GluuFederation.
the class AuthenticationService method buildAuthenticateRequestMessage.
public AuthenticateRequestMessage buildAuthenticateRequestMessage(String appId, String userInum) throws BadInputException, NoEligableDevicesException {
if (applicationService.isValidateApplication()) {
applicationService.checkIsValid(appId);
}
List<AuthenticateRequest> authenticateRequests = new ArrayList<AuthenticateRequest>();
byte[] challenge = challengeGenerator.generateChallenge();
List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
for (DeviceRegistration deviceRegistration : deviceRegistrations) {
if (!deviceRegistration.isCompromised()) {
AuthenticateRequest request;
try {
request = startAuthentication(appId, deviceRegistration, challenge);
authenticateRequests.add(request);
} catch (DeviceCompromisedException ex) {
log.error("Faield to authenticate device", ex);
}
}
}
if (authenticateRequests.isEmpty()) {
if (deviceRegistrations.isEmpty()) {
throw new NoEligableDevicesException(deviceRegistrations, "No devices registrered");
} else {
throw new NoEligableDevicesException(deviceRegistrations, "All devices compromised");
}
}
return new AuthenticateRequestMessage(authenticateRequests);
}
Also used :
AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)
AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)
NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)
ArrayList(java.util.ArrayList)
DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration)
DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)
Example 2 with AuthenticateRequest
use of org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest in project oxAuth by GluuFederation.
the class AuthenticationService method finishAuthentication.
public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage requestMessage, AuthenticateResponse response, String userInum, Set<String> facets) throws BadInputException, DeviceCompromisedException {
List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, requestMessage.getAppId());
final AuthenticateRequest request = getAuthenticateRequest(requestMessage, response);
DeviceRegistration usedDeviceRegistration = null;
for (DeviceRegistration deviceRegistration : deviceRegistrations) {
if (StringHelper.equals(request.getKeyHandle(), deviceRegistration.getKeyHandle())) {
usedDeviceRegistration = deviceRegistration;
break;
}
}
if (usedDeviceRegistration == null) {
throw new BadInputException("Failed to find DeviceRegistration for the given AuthenticateRequest");
}
if (usedDeviceRegistration.isCompromised()) {
throw new DeviceCompromisedException(usedDeviceRegistration, "The device is marked as possibly compromised, and cannot be authenticated");
}
ClientData clientData = response.getClientData();
log.debug("Client data HEX '{}'", Hex.encodeHexString(response.getClientDataRaw().getBytes()));
log.debug("Signature data HEX '{}'", Hex.encodeHexString(response.getSignatureData().getBytes()));
clientDataValidationService.checkContent(clientData, RawAuthenticationService.SUPPORTED_AUTHENTICATE_TYPES, request.getChallenge(), facets);
RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(response.getSignatureData());
rawAuthenticationService.checkSignature(request.getAppId(), clientData, rawAuthenticateResponse, Base64Util.base64urldecode(usedDeviceRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
rawAuthenticateResponse.checkUserPresence();
log.debug("Counter in finish authentication request'{}', countr in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
usedDeviceRegistration.setLastAccessTime(new Date());
deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
DeviceRegistrationResult.Status status = DeviceRegistrationResult.Status.APPROVED;
boolean approved = StringHelper.equals(RawAuthenticationService.AUTHENTICATE_GET_TYPE, clientData.getTyp());
if (!approved) {
status = DeviceRegistrationResult.Status.CANCELED;
log.debug("Authentication request with keyHandle '{}' was canceled", response.getKeyHandle());
}
return new DeviceRegistrationResult(usedDeviceRegistration, status);
}
Also used :
AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)
BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)
ClientData(org.gluu.oxauth.model.fido.u2f.protocol.ClientData)
DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration)
DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)
DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)
RawAuthenticateResponse(org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse)
Date(java.util.Date)
Aggregations
DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)2
DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)2
AuthenticateRequest (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)2
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)1
DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)1
BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1
RawAuthenticateResponse (org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse)1
AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1
ClientData (org.gluu.oxauth.model.fido.u2f.protocol.ClientData)1
