Examples with DeviceRegistration org.xdi.oxauth.model.fido.u2f.DeviceRegistration used on opensource projects

Search in sources :

Example 6 with DeviceRegistration

use of org.xdi.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class DeviceRegistrationService method attachUserDeviceRegistration.

public boolean attachUserDeviceRegistration(String userInum, String oneStepDeviceId) {
    String oneStepDeviceDn = getDnForOneStepU2fDevice(oneStepDeviceId);
    // Load temporary stored device registration
    DeviceRegistration deviceRegistration = ldapEntryManager.find(DeviceRegistration.class, oneStepDeviceDn);
    if (deviceRegistration == null) {
        return false;
    }
    // Remove temporary stored device registration
    removeUserDeviceRegistration(deviceRegistration);
    // Attach user device registration to user
    String deviceDn = getDnForU2fDevice(userInum, deviceRegistration.getId());
    deviceRegistration.setDn(deviceDn);
    addUserDeviceRegistration(userInum, deviceRegistration);
    return true;
}
Also used : DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration)

Example 7 with DeviceRegistration

use of org.xdi.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class RegistrationService method finishRegistration.

public DeviceRegistrationResult finishRegistration(RegisterRequestMessage requestMessage, RegisterResponse response, String userInum, Set<String> facets) throws BadInputException {
    RegisterRequest request = requestMessage.getRegisterRequest();
    String appId = request.getAppId();
    ClientData clientData = response.getClientData();
    clientDataValidationService.checkContent(clientData, RawRegistrationService.SUPPORTED_REGISTER_TYPES, request.getChallenge(), facets);
    RawRegisterResponse rawRegisterResponse = rawRegistrationService.parseRawRegisterResponse(response.getRegistrationData());
    rawRegistrationService.checkSignature(appId, clientData, rawRegisterResponse);
    Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
    DeviceRegistration deviceRegistration = rawRegistrationService.createDevice(rawRegisterResponse);
    deviceRegistration.setStatus(DeviceRegistrationStatus.ACTIVE);
    deviceRegistration.setApplication(appId);
    deviceRegistration.setCreationDate(now);
    int keyHandleHashCode = deviceRegistrationService.getKeyHandleHashCode(rawRegisterResponse.getKeyHandle());
    deviceRegistration.setKeyHandleHashCode(keyHandleHashCode);
    final String deviceRegistrationId = String.valueOf(System.currentTimeMillis());
    deviceRegistration.setId(deviceRegistrationId);
    String responseDeviceData = response.getDeviceData();
    if (StringHelper.isNotEmpty(responseDeviceData)) {
        try {
            String responseDeviceDataDecoded = new String(Base64Util.base64urldecode(responseDeviceData));
            DeviceData deviceData = ServerUtil.jsonMapperWithWrapRoot().readValue(responseDeviceDataDecoded, DeviceData.class);
            deviceRegistration.setDeviceData(deviceData);
        } catch (Exception ex) {
            throw new BadInputException(String.format("Device data is invalid: %s", responseDeviceData), ex);
        }
    }
    boolean approved = StringHelper.equals(RawRegistrationService.REGISTER_FINISH_TYPE, response.getClientData().getTyp());
    if (!approved) {
        log.debug("Registratio request with keyHandle '{}' was canceled", rawRegisterResponse.getKeyHandle());
        return new DeviceRegistrationResult(deviceRegistration, DeviceRegistrationResult.Status.CANCELED);
    }
    boolean twoStep = StringHelper.isNotEmpty(userInum);
    if (twoStep) {
        deviceRegistration.setDn(deviceRegistrationService.getDnForU2fDevice(userInum, deviceRegistrationId));
        // Check if there is device registration with keyHandle in LDAP already
        List<DeviceRegistration> foundDeviceRegistrations = deviceRegistrationService.findDeviceRegistrationsByKeyHandle(appId, deviceRegistration.getKeyHandle(), "oxId");
        if (foundDeviceRegistrations.size() != 0) {
            throw new BadInputException(String.format("KeyHandle %s was compromised", deviceRegistration.getKeyHandle()));
        }
        deviceRegistrationService.addUserDeviceRegistration(userInum, deviceRegistration);
    } else {
        deviceRegistration.setDn(deviceRegistrationService.getDnForOneStepU2fDevice(deviceRegistrationId));
        deviceRegistrationService.addOneStepDeviceRegistration(deviceRegistration);
    }
    return new DeviceRegistrationResult(deviceRegistration, DeviceRegistrationResult.Status.APPROVED);
}
Also used : RegisterRequest(org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequest) GregorianCalendar(java.util.GregorianCalendar) RawRegisterResponse(org.xdi.oxauth.model.fido.u2f.message.RawRegisterResponse) DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration) Date(java.util.Date) DeviceCompromisedException(org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException) BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException) BadInputException(org.xdi.oxauth.model.fido.u2f.exception.BadInputException) ClientData(org.xdi.oxauth.model.fido.u2f.protocol.ClientData) DeviceData(org.xdi.oxauth.model.fido.u2f.protocol.DeviceData) DeviceRegistrationResult(org.xdi.oxauth.model.fido.u2f.DeviceRegistrationResult)

Example 8 with DeviceRegistration

use of org.xdi.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class CleanerTimer method processU2fDeviceRegistrations.

private void processU2fDeviceRegistrations() {
    log.debug("Start U2F request clean up");
    Calendar calendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
    calendar.add(Calendar.SECOND, -90);
    final Date expirationDate = calendar.getTime();
    BatchOperation<DeviceRegistration> deviceRegistrationBatchService = new BatchOperation<DeviceRegistration>(ldapEntryManager) {

        @Override
        protected List<DeviceRegistration> getChunkOrNull(int chunkSize) {
            return deviceRegistrationService.getExpiredDeviceRegistrations(this, expirationDate);
        }

        @Override
        protected void performAction(List<DeviceRegistration> entries) {
            for (DeviceRegistration deviceRegistration : entries) {
                try {
                    log.debug("Removing DeviceRegistration: {}, Creation date: {}", deviceRegistration.getId(), deviceRegistration.getCreationDate());
                    deviceRegistrationService.removeUserDeviceRegistration(deviceRegistration);
                } catch (Exception e) {
                    log.error("Failed to remove entry", e);
                }
            }
        }
    };
    deviceRegistrationBatchService.iterateAllByChunks(BATCH_SIZE);
    log.debug("End U2F request clean up");
}
Also used : DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration) AuthorizationGrantList(org.xdi.oxauth.model.common.AuthorizationGrantList) BatchOperation(org.gluu.site.ldap.persistence.BatchOperation)

Example 9 with DeviceRegistration

use of org.xdi.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class RegistrationService method builRegisterRequestMessage.

public RegisterRequestMessage builRegisterRequestMessage(String appId, String userInum) {
    if (applicationService.isValidateApplication()) {
        applicationService.checkIsValid(appId);
    }
    List<AuthenticateRequest> authenticateRequests = new ArrayList<AuthenticateRequest>();
    List<RegisterRequest> registerRequests = new ArrayList<RegisterRequest>();
    boolean twoStep = StringHelper.isNotEmpty(userInum);
    if (twoStep) {
        // In two steps we expects not empty userInum
        List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
        for (DeviceRegistration deviceRegistration : deviceRegistrations) {
            if (!deviceRegistration.isCompromised()) {
                try {
                    AuthenticateRequest authenticateRequest = u2fAuthenticationService.startAuthentication(appId, deviceRegistration);
                    authenticateRequests.add(authenticateRequest);
                } catch (DeviceCompromisedException ex) {
                    log.error("Faield to authenticate device", ex);
                }
            }
        }
    }
    RegisterRequest request = startRegistration(appId);
    registerRequests.add(request);
    return new RegisterRequestMessage(authenticateRequests, registerRequests);
}
Also used : RegisterRequest(org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequest) AuthenticateRequest(org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequest) ArrayList(java.util.ArrayList) DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException) RegisterRequestMessage(org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequestMessage)

Example 10 with DeviceRegistration

use of org.xdi.oxauth.model.fido.u2f.DeviceRegistration in project oxAuth by GluuFederation.

the class DeviceRegistrationService method getExpiredDeviceRegistrations.

public List<DeviceRegistration> getExpiredDeviceRegistrations(BatchOperation<DeviceRegistration> batchOperation, Date expirationDate) {
    final String u2fBaseDn = getDnForOneStepU2fDevice(null);
    Filter expirationFilter = Filter.createLessOrEqualFilter("creationDate", ldapEntryManager.encodeGeneralizedTime(expirationDate));
    List<DeviceRegistration> deviceRegistrations = ldapEntryManager.findEntries(u2fBaseDn, DeviceRegistration.class, expirationFilter, SearchScope.SUB, null, batchOperation, 0, CleanerTimer.BATCH_SIZE, CleanerTimer.BATCH_SIZE);
    return deviceRegistrations;
}
Also used : Filter(com.unboundid.ldap.sdk.Filter) DeviceRegistration(org.xdi.oxauth.model.fido.u2f.DeviceRegistration)

Aggregations

DeviceRegistration (org.xdi.oxauth.model.fido.u2f.DeviceRegistration)10 DeviceCompromisedException (org.xdi.oxauth.exception.fido.u2f.DeviceCompromisedException)5 BadInputException (org.xdi.oxauth.model.fido.u2f.exception.BadInputException)5 DeviceRegistrationResult (org.xdi.oxauth.model.fido.u2f.DeviceRegistrationResult)3 AuthenticateRequest (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequest)3 ArrayList (java.util.ArrayList)2 Date (java.util.Date)2 Produces (javax.ws.rs.Produces)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 InvalidKeyHandleDeviceException (org.xdi.oxauth.exception.fido.u2f.InvalidKeyHandleDeviceException)2 NoEligableDevicesException (org.xdi.oxauth.exception.fido.u2f.NoEligableDevicesException)2 AuthenticateRequestMessage (org.xdi.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage)2 ClientData (org.xdi.oxauth.model.fido.u2f.protocol.ClientData)2 RegisterRequest (org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequest)2 RegisterRequestMessage (org.xdi.oxauth.model.fido.u2f.protocol.RegisterRequestMessage)2 Filter (com.unboundid.ldap.sdk.Filter)1 GregorianCalendar (java.util.GregorianCalendar)1 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 BatchOperation (org.gluu.site.ldap.persistence.BatchOperation)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial