Search in sources :

Example 1 with OTPCredentialData

use of org.keycloak.models.credential.dto.OTPCredentialData in project keycloak by keycloak.

the class RepresentationToModel method convertDeprecatedCredentialsFormat.

private static void convertDeprecatedCredentialsFormat(UserRepresentation user) {
    if (user.getCredentials() != null) {
        for (CredentialRepresentation cred : user.getCredentials()) {
            try {
                if ((cred.getCredentialData() == null || cred.getSecretData() == null) && cred.getValue() == null) {
                    logger.warnf("Using deprecated 'credentials' format in JSON representation for user '%s'. It will be removed in future versions", user.getUsername());
                    if (PasswordCredentialModel.TYPE.equals(cred.getType()) || PasswordCredentialModel.PASSWORD_HISTORY.equals(cred.getType())) {
                        PasswordCredentialData credentialData = new PasswordCredentialData(cred.getHashIterations(), cred.getAlgorithm());
                        cred.setCredentialData(JsonSerialization.writeValueAsString(credentialData));
                        // Created this manually to avoid conversion from Base64 and back
                        cred.setSecretData("{\"value\":\"" + cred.getHashedSaltedValue() + "\",\"salt\":\"" + cred.getSalt() + "\"}");
                        cred.setPriority(10);
                    } else if (OTPCredentialModel.TOTP.equals(cred.getType()) || OTPCredentialModel.HOTP.equals(cred.getType())) {
                        OTPCredentialData credentialData = new OTPCredentialData(cred.getType(), cred.getDigits(), cred.getCounter(), cred.getPeriod(), cred.getAlgorithm());
                        OTPSecretData secretData = new OTPSecretData(cred.getHashedSaltedValue());
                        cred.setCredentialData(JsonSerialization.writeValueAsString(credentialData));
                        cred.setSecretData(JsonSerialization.writeValueAsString(secretData));
                        cred.setPriority(20);
                        cred.setType(OTPCredentialModel.TYPE);
                    }
                }
            } catch (IOException ioe) {
                throw new RuntimeException(ioe);
            }
        }
    }
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) OTPSecretData(org.keycloak.models.credential.dto.OTPSecretData) PasswordCredentialData(org.keycloak.models.credential.dto.PasswordCredentialData) OTPCredentialData(org.keycloak.models.credential.dto.OTPCredentialData) IOException(java.io.IOException)

Example 2 with OTPCredentialData

use of org.keycloak.models.credential.dto.OTPCredentialData in project keycloak by keycloak.

the class OTPCredentialProvider method isValid.

@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput credentialInput) {
    if (!(credentialInput instanceof UserCredentialModel)) {
        logger.debug("Expected instance of UserCredentialModel for CredentialInput");
        return false;
    }
    String challengeResponse = credentialInput.getChallengeResponse();
    if (challengeResponse == null) {
        return false;
    }
    if (ObjectUtil.isBlank(credentialInput.getCredentialId())) {
        logger.debugf("CredentialId is null when validating credential of user %s", user.getUsername());
        return false;
    }
    CredentialModel credential = getCredentialStore().getStoredCredentialById(realm, user, credentialInput.getCredentialId());
    OTPCredentialModel otpCredentialModel = OTPCredentialModel.createFromCredentialModel(credential);
    OTPSecretData secretData = otpCredentialModel.getOTPSecretData();
    OTPCredentialData credentialData = otpCredentialModel.getOTPCredentialData();
    OTPPolicy policy = realm.getOTPPolicy();
    if (OTPCredentialModel.HOTP.equals(credentialData.getSubType())) {
        HmacOTP validator = new HmacOTP(credentialData.getDigits(), credentialData.getAlgorithm(), policy.getLookAheadWindow());
        int counter = validator.validateHOTP(challengeResponse, secretData.getValue(), credentialData.getCounter());
        if (counter < 0) {
            return false;
        }
        otpCredentialModel.updateCounter(counter);
        getCredentialStore().updateCredential(realm, user, otpCredentialModel);
        return true;
    } else if (OTPCredentialModel.TOTP.equals(credentialData.getSubType())) {
        TimeBasedOTP validator = new TimeBasedOTP(credentialData.getAlgorithm(), credentialData.getDigits(), credentialData.getPeriod(), policy.getLookAheadWindow());
        return validator.validateTOTP(challengeResponse, secretData.getValue().getBytes(StandardCharsets.UTF_8));
    }
    return false;
}
Also used : OTPSecretData(org.keycloak.models.credential.dto.OTPSecretData) HmacOTP(org.keycloak.models.utils.HmacOTP) UserCredentialModel(org.keycloak.models.UserCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) TimeBasedOTP(org.keycloak.models.utils.TimeBasedOTP) OTPCredentialData(org.keycloak.models.credential.dto.OTPCredentialData) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) OTPPolicy(org.keycloak.models.OTPPolicy) UserCredentialModel(org.keycloak.models.UserCredentialModel)

Example 3 with OTPCredentialData

use of org.keycloak.models.credential.dto.OTPCredentialData in project keycloak by keycloak.

the class OTPCredentialModel method createFromCredentialModel.

public static OTPCredentialModel createFromCredentialModel(CredentialModel credentialModel) {
    try {
        OTPCredentialData credentialData = JsonSerialization.readValue(credentialModel.getCredentialData(), OTPCredentialData.class);
        OTPSecretData secretData = JsonSerialization.readValue(credentialModel.getSecretData(), OTPSecretData.class);
        OTPCredentialModel otpCredentialModel = new OTPCredentialModel(credentialData, secretData);
        otpCredentialModel.setUserLabel(credentialModel.getUserLabel());
        otpCredentialModel.setCreatedDate(credentialModel.getCreatedDate());
        otpCredentialModel.setType(TYPE);
        otpCredentialModel.setId(credentialModel.getId());
        otpCredentialModel.setSecretData(credentialModel.getSecretData());
        otpCredentialModel.setCredentialData(credentialModel.getCredentialData());
        return otpCredentialModel;
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
Also used : OTPSecretData(org.keycloak.models.credential.dto.OTPSecretData) OTPCredentialData(org.keycloak.models.credential.dto.OTPCredentialData) IOException(java.io.IOException)

Aggregations

OTPCredentialData (org.keycloak.models.credential.dto.OTPCredentialData)3 OTPSecretData (org.keycloak.models.credential.dto.OTPSecretData)3 IOException (java.io.IOException)2 OTPPolicy (org.keycloak.models.OTPPolicy)1 UserCredentialModel (org.keycloak.models.UserCredentialModel)1 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)1 PasswordCredentialData (org.keycloak.models.credential.dto.PasswordCredentialData)1 HmacOTP (org.keycloak.models.utils.HmacOTP)1 TimeBasedOTP (org.keycloak.models.utils.TimeBasedOTP)1 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1