Skip to content

Commit

Permalink
Add fido authenticator modification to delete associations
Browse files Browse the repository at this point in the history
  • Loading branch information
isharak committed Jun 19, 2015
1 parent 1faa630 commit ea38a51
Show file tree
Hide file tree
Showing 15 changed files with 1,057 additions and 151 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
Expand Down Expand Up @@ -67,9 +67,8 @@ protected void processAuthenticationResponse(HttpServletRequest request,
AuthenticatedUser user = getUsername(context);

U2FService u2FService = U2FService.getInstance();
//TODO enhancement: tenant domain, user store domain
FIDOUser fidoUser = new FIDOUser(user.getUserName(), user.getTenantDomain(),
user.getUserStoreDomain(), AuthenticateResponse.fromJson(tokenResponse));
user.getUserStoreDomain(), AuthenticateResponse.fromJson(tokenResponse));
fidoUser.setAppID(appID);
u2FService.finishAuthentication(fidoUser);
} else {
Expand Down Expand Up @@ -132,7 +131,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request,
request.getParameter("sessionDataKey") +
"&data=" + data.toJson());
} else {
String redirectURL = loginPage.replace("login.do", "retry.do");
String redirectURL = loginPage.replace("authentication.jsp", "retry.do");
redirectURL = response.encodeRedirectURL(redirectURL + ("?")) + "&failedUsername=" + URLEncoder.encode(user.getUserName(), FIDOAuthenticatorConstants.UTF_8) +
"&statusMsg=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_ERROR_MESSAGE, FIDOAuthenticatorConstants.UTF_8) +
"&status=" + URLEncoder.encode(FIDOAuthenticatorConstants.AUTHENTICATION_STATUS, FIDOAuthenticatorConstants.UTF_8);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
Expand All @@ -23,6 +23,7 @@
import com.yubico.u2f.data.DeviceRegistration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.application.authenticator.fido.exception.FIDOAuthenticatorServerException;
import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOAuthenticatorConstants;
import org.wso2.carbon.identity.application.authenticator.fido.util.FIDOUtil;
import org.wso2.carbon.identity.base.IdentityException;
Expand Down Expand Up @@ -51,18 +52,16 @@ public class DeviceStoreDAO {
*/
public void addDeviceRegistration(String username, DeviceRegistration registration,
int tenantID, String userStoreDomain)
throws IdentityException {
throws FIDOAuthenticatorServerException {

FIDOUtil.logTrace("Executing {addDeviceRegistration} method", log);
if (log.isDebugEnabled()) {
log.debug("addDeviceRegistration inputs {username: " + username + ", registration :" +
registration.toJsonWithAttestationCert() + "}");
registration.toJsonWithAttestationCert() + "}");
}
Connection connection = null;
Connection connection = getDBConnection();
PreparedStatement preparedStatement = null;

try {
connection = IdentityDatabaseUtil.getDBConnection();
preparedStatement = connection.prepareStatement(FIDOAuthenticatorConstants.SQLQueries.ADD_DEVICE_REGISTRATION_QUERY);
preparedStatement.setInt(1, tenantID);
preparedStatement.setString(2, username);
Expand All @@ -71,20 +70,16 @@ public void addDeviceRegistration(String username, DeviceRegistration registrati
preparedStatement.setString(5, userStoreDomain);
preparedStatement.setInt(6, tenantID);
preparedStatement.executeUpdate();
connection.commit();
if (!connection.getAutoCommit()) {
connection.commit();
}

} catch (SQLException e) {
try {
connection.rollback();
} catch (SQLException e1) {
log.error("Error rolling back the transaction to FIDO registration", e1);
}
throw new IdentityException("Error when executing FIDO registration SQL : " +
FIDOAuthenticatorConstants.SQLQueries.ADD_DEVICE_REGISTRATION_QUERY, e);
throw new FIDOAuthenticatorServerException("Error when executing FIDO registration SQL : " +
FIDOAuthenticatorConstants.SQLQueries.ADD_DEVICE_REGISTRATION_QUERY, e);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, null, preparedStatement);
}
FIDOUtil.logTrace("Completed {addDeviceRegistration} method", log);
}

/**
Expand All @@ -95,19 +90,17 @@ public void addDeviceRegistration(String username, DeviceRegistration registrati
* @throws IdentityException when SQL statement can not be executed.
*/
public Collection getDeviceRegistration(String username, int tenantID, String userStoreDomain)
throws IdentityException {
throws FIDOAuthenticatorServerException {

FIDOUtil.logTrace("Executing {getDeviceRegistration} method", log);
if (log.isDebugEnabled()) {
log.debug("getDeviceRegistration inputs {username:" + username + "}");
}
Connection connection = null;
Connection connection = getDBConnection();
PreparedStatement preparedStatement = null;
ResultSet resultSet = null;
Multimap<String, String> devices = ArrayListMultimap.create();

try {
connection = IdentityDatabaseUtil.getDBConnection();
preparedStatement = connection.prepareStatement(FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY);
preparedStatement.setString(1, userStoreDomain);
preparedStatement.setInt(2, tenantID);
Expand All @@ -124,13 +117,51 @@ public Collection getDeviceRegistration(String username, int tenantID, String us
log.debug("getDeviceRegistration result length {" + devices.size() + "}");
}
} catch (SQLException e) {
throw new IdentityException(
throw new FIDOAuthenticatorServerException(
"Error executing get device registration SQL : " +
FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY, e);
FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY, e
);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, resultSet, preparedStatement);
}
FIDOUtil.logTrace("Completed {getDeviceRegistration} method, returns devices of size :" + devices.size(), log);
return devices.values();
}

public void removeRegistration(String username, int tenantID, String userStoreDomain)
throws FIDOAuthenticatorServerException {

if (log.isDebugEnabled()) {
log.debug("removeRegistration inputs {username:" + username + "}");
}
Connection connection = getDBConnection();
PreparedStatement preparedStatement = null;

try {
preparedStatement = connection.prepareStatement(FIDOAuthenticatorConstants.SQLQueries.REMOVE_REGISTRATION_QUERY);
preparedStatement.setString(1, userStoreDomain);
preparedStatement.setInt(2, tenantID);
preparedStatement.setInt(3, tenantID);
preparedStatement.setString(4, username);
preparedStatement.executeUpdate();

if (!connection.getAutoCommit()) {
connection.commit();
}
} catch (SQLException e) {
throw new FIDOAuthenticatorServerException(
"Error executing remove registrations SQL : " +
FIDOAuthenticatorConstants.SQLQueries.GET_DEVICE_REGISTRATION_QUERY, e
);
} finally {
IdentityDatabaseUtil.closeAllConnections(connection, null, preparedStatement);
}
}

private Connection getDBConnection() throws FIDOAuthenticatorServerException {
try {
return IdentityDatabaseUtil.getDBConnection();
} catch (IdentityException e) {
throw new FIDOAuthenticatorServerException("Error while getting database connection ", e);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.application.authenticator.fido.exception;

public class FIDOAuthenticatorClientException extends FIDOAuthenticatorException {

public FIDOAuthenticatorClientException(){
super();
}

public FIDOAuthenticatorClientException(String message){
super(message);
}

public FIDOAuthenticatorClientException(String message, Throwable cause){
super(message, cause);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.application.authenticator.fido.exception;

public class FIDOAuthenticatorException extends Exception {

public FIDOAuthenticatorException(){
super();
}

public FIDOAuthenticatorException(String message){
super(message);
}

public FIDOAuthenticatorException(String message, Throwable cause){
super(message, cause);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.application.authenticator.fido.exception;

public class FIDOAuthenticatorServerException extends FIDOAuthenticatorException {

public FIDOAuthenticatorServerException(){
super();
}

public FIDOAuthenticatorServerException(String message){
super(message);
}

public FIDOAuthenticatorServerException(String message, Throwable cause){
super(message, cause);
}

}
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
/*
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.application.authenticator.fido.internal;
Expand All @@ -25,6 +27,8 @@
import org.wso2.carbon.identity.application.authenticator.fido.u2f.U2FService;
import org.wso2.carbon.user.core.service.RealmService;

import java.util.Hashtable;
import java.util.Map;

/**
* @scr.component name="identity.application.authenticator.fido.component" immediate="true"
Expand All @@ -48,17 +52,17 @@ protected void activate(ComponentContext context) {
log.debug("FIDOAuthenticator service is registered");
}
} catch (Exception e) {
log.fatal("Error registering FIDOAuthenticator service", e);
log.error("Error registering FIDOAuthenticator service", e);
}

U2FService u2FService = U2FService.getInstance();
try {
bundleContext.registerService(U2FService.class, u2FService, null);
if (log.isDebugEnabled()) {
log.debug("U2FService service is registered");
log.debug("U2FService is registered");
}
} catch (Throwable e) {
log.fatal("Error registering U2FService service", e);
} catch (Exception e) {
log.error("Error registering U2FService ", e);
}
}

Expand All @@ -69,12 +73,16 @@ protected void deactivate(ComponentContext context) {
}

protected void setRealmService(RealmService realmService) {
log.debug("Setting the Realm Service");
if (log.isDebugEnabled()) {
log.debug("Setting the Realm Service");
}
FIDOAuthenticatorServiceComponent.realmService = realmService;
}

protected void unsetRealmService(RealmService realmService) {
log.debug("UnSetting the Realm Service");
if (log.isDebugEnabled()) {
log.debug("UnSetting the Realm Service");
}
FIDOAuthenticatorServiceComponent.realmService = null;
}

Expand Down
Loading

0 comments on commit ea38a51

Please sign in to comment.