Example 1 with AuthenticateResponse
use of org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse in project oxAuth by GluuFederation.
the class U2fAuthenticationWS method finishAuthentication.
@POST
@Produces({ "application/json" })
public Response finishAuthentication(@FormParam("username") String userName, @FormParam("tokenResponse") String authenticateResponseString) {
String sessionId = null;
try {
if (appConfiguration.getDisableU2fEndpoint()) {
return Response.status(Status.FORBIDDEN).build();
}
log.debug("Finishing authentication for username '{}' with response '{}'", userName, authenticateResponseString);
AuthenticateResponse authenticateResponse = ServerUtil.jsonMapperWithWrapRoot().readValue(authenticateResponseString, AuthenticateResponse.class);
String requestId = authenticateResponse.getRequestId();
AuthenticateRequestMessageLdap authenticateRequestMessageLdap = u2fAuthenticationService.getAuthenticationRequestMessageByRequestId(requestId);
if (authenticateRequestMessageLdap == null) {
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SESSION_EXPIRED)).build());
}
sessionId = authenticateRequestMessageLdap.getSessionId();
u2fAuthenticationService.removeAuthenticationRequestMessage(authenticateRequestMessageLdap);
AuthenticateRequestMessage authenticateRequestMessage = authenticateRequestMessageLdap.getAuthenticateRequestMessage();
String foundUserInum = authenticateRequestMessageLdap.getUserInum();
DeviceRegistrationResult deviceRegistrationResult = u2fAuthenticationService.finishAuthentication(authenticateRequestMessage, authenticateResponse, foundUserInum);
// If sessionId is not empty update session
if (StringHelper.isNotEmpty(sessionId)) {
log.debug("There is session id. Setting session id attributes");
boolean oneStep = StringHelper.isEmpty(userName);
userSessionIdService.updateUserSessionIdOnFinishRequest(sessionId, foundUserInum, deviceRegistrationResult, false, oneStep);
}
AuthenticateStatus authenticationStatus = new AuthenticateStatus(Constants.RESULT_SUCCESS, requestId);
// convert manually to avoid possible conflict between resteasy
// providers, e.g. jettison, jackson
final String entity = ServerUtil.asJson(authenticationStatus);
return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
try {
// If sessionId is not empty update session
if (StringHelper.isNotEmpty(sessionId)) {
log.debug("There is session id. Setting session id status to 'declined'");
userSessionIdService.updateUserSessionIdOnError(sessionId);
}
} catch (Exception ex2) {
log.error("Failed to update session id status", ex2);
}
if (ex instanceof BadInputException) {
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.INVALID_REQUEST)).build());
}
if (ex instanceof DeviceCompromisedException) {
DeviceRegistration deviceRegistration = ((DeviceCompromisedException) ex).getDeviceRegistration();
try {
deviceRegistrationService.disableUserDeviceRegistration(deviceRegistration);
} catch (Exception ex2) {
log.error("Failed to mark device '{}' as compomised", ex2, deviceRegistration.getId());
}
throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.DEVICE_COMPROMISED)).build());
}
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
}
}
Also used :
AuthenticateStatus(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateStatus)
AuthenticateResponse(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse)
AuthenticateRequestMessageLdap(org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)
AuthenticateRequestMessage(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)
BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)
DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration)
DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)
DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)
DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)
InvalidKeyHandleDeviceException(org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)
NoEligableDevicesException(org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)
BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException)
Aggregations
DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)1
InvalidKeyHandleDeviceException (org.gluu.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)1
NoEligableDevicesException (org.gluu.oxauth.exception.fido.u2f.NoEligableDevicesException)1
AuthenticateRequestMessageLdap (org.gluu.oxauth.model.fido.u2f.AuthenticateRequestMessageLdap)1
DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)1
DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)1
BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1
AuthenticateRequestMessage (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1
AuthenticateResponse (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse)1
AuthenticateStatus (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateStatus)1
