Search in sources :

Example 1 with AuthenticateRequest

use of org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest in project oxAuth by GluuFederation.

the class AuthenticationService method buildAuthenticateRequestMessage.

public AuthenticateRequestMessage buildAuthenticateRequestMessage(String appId, String userInum) throws BadInputException, NoEligableDevicesException {
    if (applicationService.isValidateApplication()) {
        applicationService.checkIsValid(appId);
    }
    List<AuthenticateRequest> authenticateRequests = new ArrayList<AuthenticateRequest>();
    byte[] challenge = challengeGenerator.generateChallenge();
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
    for (DeviceRegistration deviceRegistration : deviceRegistrations) {
        if (!deviceRegistration.isCompromised()) {
            AuthenticateRequest request;
            try {
                request = startAuthentication(appId, deviceRegistration, challenge);
                authenticateRequests.add(request);
            } catch (DeviceCompromisedException ex) {
                log.error("Faield to authenticate device", ex);
            }
        }
    }
    if (authenticateRequests.isEmpty()) {
        if (deviceRegistrations.isEmpty()) {
            throw new NoEligableDevicesException(deviceRegistrations, "No devices registrered");
        } else {
            throw new NoEligableDevicesException(deviceRegistrations, "All devices compromised");
        }
    }
    return new AuthenticateRequestMessage(authenticateRequests);
}
Also used : AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest) AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage) NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException) ArrayList(java.util.ArrayList) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)

Example 2 with AuthenticateRequest

use of org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest in project oxAuth by GluuFederation.

the class AuthenticationService method finishAuthentication.

public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage requestMessage, AuthenticateResponse response, String userInum, Set<String> facets) throws BadInputException, DeviceCompromisedException {
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, requestMessage.getAppId());
    final AuthenticateRequest request = getAuthenticateRequest(requestMessage, response);
    DeviceRegistration usedDeviceRegistration = null;
    for (DeviceRegistration deviceRegistration : deviceRegistrations) {
        if (StringHelper.equals(request.getKeyHandle(), deviceRegistration.getKeyHandle())) {
            usedDeviceRegistration = deviceRegistration;
            break;
        }
    }
    if (usedDeviceRegistration == null) {
        throw new BadInputException("Failed to find DeviceRegistration for the given AuthenticateRequest");
    }
    if (usedDeviceRegistration.isCompromised()) {
        throw new DeviceCompromisedException(usedDeviceRegistration, "The device is marked as possibly compromised, and cannot be authenticated");
    }
    ClientData clientData = response.getClientData();
    log.debug("Client data HEX '{}'", Hex.encodeHexString(response.getClientDataRaw().getBytes()));
    log.debug("Signature data HEX '{}'", Hex.encodeHexString(response.getSignatureData().getBytes()));
    clientDataValidationService.checkContent(clientData, RawAuthenticationService.SUPPORTED_AUTHENTICATE_TYPES, request.getChallenge(), facets);
    RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(response.getSignatureData());
    rawAuthenticationService.checkSignature(request.getAppId(), clientData, rawAuthenticateResponse, Base64Util.base64urldecode(usedDeviceRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
    rawAuthenticateResponse.checkUserPresence();
    log.debug("Counter in finish authentication request'{}', countr in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
    usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
    usedDeviceRegistration.setLastAccessTime(new Date());
    deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
    DeviceRegistrationResult.Status status = DeviceRegistrationResult.Status.APPROVED;
    boolean approved = StringHelper.equals(RawAuthenticationService.AUTHENTICATE_GET_TYPE, clientData.getTyp());
    if (!approved) {
        status = DeviceRegistrationResult.Status.CANCELED;
        log.debug("Authentication request with keyHandle '{}' was canceled", response.getKeyHandle());
    }
    return new DeviceRegistrationResult(usedDeviceRegistration, status);
}
Also used : AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) ClientData(org.gluu.oxauth.model.fido.u2f.protocol.ClientData) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult) RawAuthenticateResponse(org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse) Date(java.util.Date)

Aggregations

DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)2 DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)2 AuthenticateRequest (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)2 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)1 DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)1 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1 RawAuthenticateResponse (org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse)1 AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1 ClientData (org.gluu.oxauth.model.fido.u2f.protocol.ClientData)1