Example 1 with InvalidKeyHandleDeviceException
use of org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException in project oxAuth by GluuFederation.
the class AuthenticationService method getUserInumByKeyHandle.
public String getUserInumByKeyHandle(String appId, String keyHandle) throws InvalidKeyHandleDeviceException {
if (org.xdi.util.StringHelper.isEmpty(appId) || StringHelper.isEmpty(keyHandle)) {
return null;
}
List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findDeviceRegistrationsByKeyHandle(appId, keyHandle, "oxId");
if (deviceRegistrations.isEmpty()) {
throw new InvalidKeyHandleDeviceException(String.format("Failed to find device by keyHandle '%s' in LDAP", keyHandle));
}
if (deviceRegistrations.size() != 1) {
throw new BadInputException(String.format("There are '%d' devices with keyHandle '%s' in LDAP", deviceRegistrations.size(), keyHandle));
}
DeviceRegistration deviceRegistration = deviceRegistrations.get(0);
return userService.getUserInumByDn(deviceRegistration.getDn());
}
Also used :
BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException)
InvalidKeyHandleDeviceException(org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)
DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration)
Example 2 with InvalidKeyHandleDeviceException
use of org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException in project oxAuth by GluuFederation.
the class U2fAuthenticationWS method startAuthentication.
@GET
@Produces({ "application/json" })
public Response startAuthentication(@QueryParam("username") String userName, @QueryParam("keyhandle") String keyHandle, @QueryParam("application") String appId, @QueryParam("session_state") String sessionState) {
// Parameter username is deprecated. We uses it only to determine is it's one or two step workflow
try {
log.debug("Startig authentication with username '{}', keyhandle '{}' for appId '{}' and session_state '{}'", userName, keyHandle, appId, sessionState);
if (StringHelper.isEmpty(userName) && StringHelper.isEmpty(keyHandle)) {
throw new BadInputException(String.format("The request should contains either username or keyhandle"));
}
String foundUserInum = null;
boolean twoStep = StringHelper.isNotEmpty(userName);
if (twoStep) {
boolean valid = u2fValidationService.isValidSessionState(userName, sessionState);
if (!valid) {
throw new BadInputException(String.format("session_state '%s' is invalid", sessionState));
}
foundUserInum = userService.getUserInum(userName);
} else {
// Convert to non padding URL base64 string
String keyHandleWithoutPading = Base64Util.base64urlencode(Base64Util.base64urldecode(keyHandle));
// In one step we expects empty username and not empty keyhandle
foundUserInum = u2fAuthenticationService.getUserInumByKeyHandle(appId, keyHandleWithoutPading);
}
if (StringHelper.isEmpty(foundUserInum)) {
throw new BadInputException(String.format("Failed to find user by userName '%s' or keyHandle '%s' in LDAP", userName, keyHandle));
}
AuthenticateRequestMessage authenticateRequestMessage = u2fAuthenticationService.buildAuthenticateRequestMessage(appId, foundUserInum);
u2fAuthenticationService.storeAuthenticationRequestMessage(authenticateRequestMessage, foundUserInum, sessionState);
// convert manually to avoid possible conflict between resteasy
// providers, e.g. jettison, jackson
final String entity = ServerUtil.asJson(authenticateRequestMessage);
return Response.status(Response.Status.OK).entity(entity).cacheControl(ServerUtil.cacheControl(true)).build();
} catch (Exception ex) {
log.error("Exception happened", ex);
if (ex instanceof WebApplicationException) {
throw (WebApplicationException) ex;
}
if ((ex instanceof NoEligableDevicesException) || (ex instanceof InvalidKeyHandleDeviceException)) {
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND).entity(errorResponseFactory.getErrorResponse(U2fErrorResponseType.NO_ELIGABLE_DEVICES)).build());
}
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(errorResponseFactory.getJsonErrorResponse(U2fErrorResponseType.SERVER_ERROR)).build());
}
}
Also used :
BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException)
AuthenticateRequestMessage(org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)
WebApplicationException(javax.ws.rs.WebApplicationException)
NoEligableDevicesException(org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException)
InvalidKeyHandleDeviceException(org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)
DeviceCompromisedException(org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException)
NoEligableDevicesException(org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException)
InvalidKeyHandleDeviceException(org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)
BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException)
WebApplicationException(javax.ws.rs.WebApplicationException)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Aggregations
InvalidKeyHandleDeviceException (org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)2
BadInputException (org.xdi.oxauth.model.fido.u2f.exception.BadInputException)2
GET (javax.ws.rs.GET)1
Produces (javax.ws.rs.Produces)1
WebApplicationException (javax.ws.rs.WebApplicationException)1
DeviceCompromisedException (org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException)1
NoEligableDevicesException (org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException)1
DeviceRegistration (org.xdi.oxauth.model.fido.u2f.DeviceRegistration)1
AuthenticateRequestMessage (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)1
