Java tutorial
/* * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. * * WSO2 Inc. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.wso2.carbon.identity.application.authenticator.fido.u2f; import com.yubico.u2f.U2F; import com.yubico.u2f.data.DeviceRegistration; import com.yubico.u2f.data.messages.AuthenticateRequestData; import com.yubico.u2f.data.messages.RegisterRequestData; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException; import org.wso2.carbon.identity.application.authenticator.fido.dao.DeviceStoreDAO; import org.wso2.carbon.identity.application.authenticator.fido.dto.FIDOUser; import org.wso2.carbon.identity.application.authenticator.fido.exception.FIDOAuthenticatorServerException; import org.wso2.carbon.identity.base.IdentityException; import java.sql.Timestamp; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; public class U2FService { private static Log log = LogFactory.getLog(U2FService.class); private static volatile U2FService u2FService; private final U2F u2f = new U2F(); private static Map<String, String> requestStorage = new HashMap<String, String>(); /** * Gets a U2FService instance. * @return a U2FService. */ public static U2FService getInstance() { if (u2FService == null) { synchronized (U2FService.class) { if (u2FService == null) { u2FService = new U2FService(); return u2FService; } else { return u2FService; } } } else { return u2FService; } } private U2FService() { } private Iterable<DeviceRegistration> getRegistrations(final FIDOUser user) throws FIDOAuthenticatorServerException { Collection<String> serializedRegistrations = null; serializedRegistrations = DeviceStoreDAO.getInstance().getDeviceRegistration(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain()); List<DeviceRegistration> registrations = new ArrayList<DeviceRegistration>(); for (String serialized : serializedRegistrations) { registrations.add(DeviceRegistration.fromJson(serialized)); } return registrations; } /** * Initiate FIDO authentication. * * @param user the FIDO user. * @return AuthenticateRequestData. * @throws AuthenticationFailedException when U2F can not generate the challenge */ public AuthenticateRequestData startAuthentication(final FIDOUser user) throws AuthenticationFailedException { AuthenticateRequestData authenticateRequestData = null; int numberOfRegistereddevice = 0; Iterable<DeviceRegistration> registeredDeviceList = null; try { registeredDeviceList = getRegistrations(user); } catch (Exception e) { throw new AuthenticationFailedException(e.getMessage(), e); } if (registeredDeviceList instanceof Collection<?>) { numberOfRegistereddevice = ((Collection<?>) registeredDeviceList).size(); } if (numberOfRegistereddevice > 0) { try { authenticateRequestData = u2f.startAuthentication(user.getAppID(), registeredDeviceList); } catch (Exception e) { throw new AuthenticationFailedException("Could not start FIDO authentication", e); } requestStorage.put(authenticateRequestData.getRequestId(), authenticateRequestData.toJson()); } return authenticateRequestData; } /** * Finish FIDO authentication. * * @param user the FIDO user. * @throws AuthenticationFailedException when validation fails. */ public void finishAuthentication(final FIDOUser user) throws AuthenticationFailedException { AuthenticateRequestData authenticateRequest; try { authenticateRequest = AuthenticateRequestData .fromJson(requestStorage.remove(user.getAuthenticateResponse().getRequestId())); u2f.finishAuthentication(authenticateRequest, user.getAuthenticateResponse(), getRegistrations(user)); } catch (Exception e) { throw new AuthenticationFailedException("Could not complete FIDO authentication", e); } } /** * Initiate FIDO Device Registration. * * @param user the FIDO user. * @throws IdentityException when U2F can not generate the challenge. */ public RegisterRequestData startRegistration(final FIDOUser user) throws FIDOAuthenticatorServerException { RegisterRequestData registerRequestData = u2f.startRegistration(user.getAppID(), getRegistrations(user)); requestStorage.put(registerRequestData.getRequestId(), registerRequestData.toJson()); return registerRequestData; } /** * Finish FIDO Device registration * * @param user the FIDO user. * @return success or failure. * @throws IdentityException when validation fails. */ public void finishRegistration(final FIDOUser user) throws FIDOAuthenticatorServerException { RegisterRequestData registerRequestData = RegisterRequestData .fromJson(requestStorage.remove(user.getRegisterResponse().getRequestId())); user.setDeviceRegistration(u2f.finishRegistration(registerRequestData, user.getRegisterResponse())); addRegistration(user); } private void addRegistration(FIDOUser user) throws FIDOAuthenticatorServerException { Timestamp timestamp = new Timestamp(new Date().getTime()); DeviceStoreDAO.getInstance().addDeviceRegistration(user.getUserName(), user.getDeviceRegistration(), user.getTenantDomain(), user.getUserStoreDomain(), timestamp); } public boolean isDeviceRegistered(FIDOUser user) throws FIDOAuthenticatorServerException { Collection<String> registrations = DeviceStoreDAO.getInstance().getDeviceRegistration(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain()); if (!registrations.isEmpty()) { return true; } else { return false; } } public ArrayList<String> getDeviceMetadata(FIDOUser user) throws FIDOAuthenticatorServerException { return DeviceStoreDAO.getInstance().getDeviceMetadata(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain()); } public void removeAllRegistrations(FIDOUser user) throws FIDOAuthenticatorServerException { DeviceStoreDAO.getInstance().removeAllRegistrations(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain()); } public void removeRegistration(FIDOUser user, String deviceRemarks) throws FIDOAuthenticatorServerException { DeviceStoreDAO.getInstance().removeRegistration(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain(), Timestamp.valueOf(deviceRemarks)); } }