Added fidouaf - example UAF Jersey server, demoing the fido-uaf-core

fidouaf/.gitignore

@@ -0,0 +1,24 @@
+dist
+build
+bin
+rebel.xml
+MANIFEST.MF
+/tests/
+/coverage/
+/cobertura.ser
+*/ebay.log
+*.class
+*.jar
+*.zip
+*/target/*
+*/temp_persist_config_*.xml
+*/src/main/resources/buildinfo.properties
+/.idea/
+**/*.iml
+build.xml
+ebay-build.xml
+4cc.checksum
+/.metadata
+/.project
+/target
+.DS_Store

fidouaf/README.md

@@ -0,0 +1,95 @@
+# FIDO UAF Demo Server
+[FIDO Specification](http://fidoalliance.org/specifications/download)
+
+This code is to demo the how the implementation of the FIDO UAF protocol can be used.
+## UAF Server Endpoints
+### UAF Operations
+- Registration
+  - GET /v1/public/regRequest/{username}
+  - POST /v1/public/regResponse
+- Authentication
+  - GET /v1/public/authRequest
+  - POST /v1/public/authResponse
+- Deregistration
+  - POST /v1/public/deregRequest
+
+### Demo Server Utils
+These endpoints are providing the quick info about what is happening with the server. You can see all registered keys, history of operations requests, etc.
+- /v1/registrations
+- /v1/stats
+- /v1/history
+
+## UAF Protocol Implementation Details
+The UAF protocol implementation is included in Maven dependencies for the demo server like this:
+```
+<dependency>
+  <groupId>org.ebayopensource</groupId>
+  <artifactId>fido-uaf-core</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+</dependency>
+```
+### Implementing Registration Data Storage
+The storage where the registration data will be kept is something that is specific to the particular deployment.
+
+It is opposite to how the UAF operations are set: The same operation implementation can be used in any deployment.
+
+For that reason storage can be implemented separately by implementing this interface:
+```
+org.ebayopensource.fido.uaf.storage.StorageInterface
+```
+To demo this, the demo server is implementing it in this class:
+```
+org.ebayopensource.fidouaf.res.util.StorageImpl
+```
+The most important methods would be:
+```
+public void store(RegistrationRecord[] records)
+    throws DuplicateKeyException, SystemErrorException {
+  if (records != null && records.length > 0) {
+    for (int i = 0; i < records.length; i++) {
+      if (db.containsKey(records[i].authenticator.toString())) {
+        throw new DuplicateKeyException();
+      }
+      db.put(records[i].authenticator.toString(), records[i]);
+    }
+
+  }
+}
+
+public RegistrationRecord readRegistrationRecord(String key) {
+  return db.get(key);
+}
+```
+### Implementing Notary
+Similar to the storage, the way how the server data will be authenticated by the server is matter of the particular deployment.
+
+In this case it is assumed that if server data is signed with a key only known by the server, this would be good enough to verify data later on. By verifying the signature, server can decide if this was the server data produced by it earlier.
+
+The actual implementation needs to be done for each use-case, by implementing the following interface:
+```
+org.ebayopensource.fido.uaf.crypto.Notary;
+```
+For demo server it is implemented like this:
+```
+public class NotaryImpl implements Notary {
+
+	private static Notary instance = new NotaryImpl();
+
+	private NotaryImpl() {
+		// Init
+	}
+
+	public static Notary getInstance() {
+		return instance;
+	}
+
+	public String sign(String signData) {
+		return SHA.sha256(signData);
+	}
+
+	public boolean verify(String signData, String signature) {
+		return signature.equals(SHA.sha256(signData));
+	}
+
+}
+```

fidouaf/pom.xml

@@ -0,0 +1,31 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>org.ebayopensource</groupId>
+	<artifactId>fidouaf</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>war</packaging>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-server</artifactId>
+			<version>1.8</version>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-json</artifactId>
+			<version>1.8</version>
+		</dependency>
+		<dependency>
+			<groupId>org.ebayopensource</groupId>
+			<artifactId>fido-uaf-core</artifactId>
+			<version>0.0.1-SNAPSHOT</version>
+		</dependency>
+		<dependency>
+			<groupId>com.google.code.gson</groupId>
+			<artifactId>gson</artifactId>
+			<version>2.3.1</version>
+		</dependency>
+	</dependencies>
+</project>

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/GetUAFRequest.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+import org.ebayopensource.fido.uaf.msg.Operation;
+
+public class GetUAFRequest 
+{
+	public Operation op;
+	public String previousRequest;
+	public String context;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/ReturnUAFAuthenticationRequest.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+import org.ebayopensource.fido.uaf.msg.AuthenticationRequest;
+import org.ebayopensource.fido.uaf.msg.Operation;
+
+public class ReturnUAFAuthenticationRequest 
+{
+	public long statusCode;
+	public AuthenticationRequest[] uafRequest;
+	public Operation op;
+	public long lifetimeMillis;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/ReturnUAFDeregistrationRequest.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+import org.ebayopensource.fido.uaf.msg.DeregistrationRequest;
+import org.ebayopensource.fido.uaf.msg.Operation;
+
+public class ReturnUAFDeregistrationRequest 
+{
+	public long statusCode;
+	public DeregistrationRequest uafRequest;
+	public Operation op;
+	public long lifetimeMillis;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/ReturnUAFRegistrationRequest.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+import org.ebayopensource.fido.uaf.msg.Operation;
+import org.ebayopensource.fido.uaf.msg.RegistrationRequest;
+
+public class ReturnUAFRegistrationRequest 
+{
+	public long statusCode;
+	public RegistrationRequest[] uafRequest;
+	public Operation op;
+	public long lifetimeMillis;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/ServerResponse.java

@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+public class ServerResponse
+{
+	public long statusCode;
+	public String Description;
+	public Token[] token;
+	public String location;
+	public String postData;
+	public String newUAFRequest;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/Token.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+public class Token 
+{
+	public TokenType type;
+	public String value;
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/RPserver/msg/TokenType.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.RPserver.msg;
+
+public enum TokenType 
+{
+	HTTP_COOKIE,
+	OAUTH,
+	OAUTH2,
+	SAML1_1,
+	SAML2,
+	JWT,
+	OPENID_CONNECT
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/facets/Facets.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.facets;
+
+public class Facets {
+
+	public TrustedFacets[] trustedFacets;
+
+}

fidouaf/src/main/java/org/ebayopensource/fidouaf/facets/TrustedFacets.java

@@ -0,0 +1,24 @@
+/*
+ * Copyright 2015 eBay Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.ebayopensource.fidouaf.facets;
+
+import org.ebayopensource.fido.uaf.msg.Version;
+
+public class TrustedFacets {
+	public Version version;
+	public String[] ids;
+}