org.gluu.credmanager.plugins.authnmethod.service.U2fService クラス

org.gluu.credmanager.plugins.authnmethod.service.U2fService の継承関係図

org.gluu.credmanager.plugins.authnmethod.service.U2fService 連携図

公開メンバ関数
void	reloadConfiguration ()
int	getDevicesTotal (String userId, boolean active)
List< SecurityKey >	getDevices (String userId, boolean active)
String	generateJsonRegisterMessage (String userName, String enrollmentCode) throws Exception
void	finishRegistration (String userName, String response)
String	getRegistrationResult (String jsonString) throws Exception
SecurityKey	getLatestSecurityKey (String userId, long time)
boolean	updateDevice (FidoDevice device)
boolean	removeDevice (FidoDevice device)
int	getDevicesTotal (String appId, String userId, boolean active)

関数
public< T extends FidoDevice > T	getLatestFidoDevice (String userId, long time, String oxApp, Class< T > clazz) throws Exception
private< T extends FidoDevice > List< T >	getDevices (String userId, boolean active, String oxApplication, Class< T > clazz) throws Exception
< T extends FidoDevice > List< T >	getSortedDevices (String userId, boolean active, String appId, Class< T > clazz)
private< T extends FidoDevice > T	getRecentlyCreatedDevice (List< T > devices, long time)

変数
LdapService	ldapService
ObjectMapper	mapper

非公開メンバ関数
void	inited ()

非公開変数類
Logger	logger
MainSettings	settings
U2FConfig	conf
RegistrationRequestService	registrationRequestService

詳解

An app. scoped bean that encapsulates logic related to management of registration requests for u2f devices

著者

jgomer

関数詳解

finishRegistration()

void org.gluu.credmanager.plugins.authnmethod.service.U2fService.finishRegistration ( String  userName, String  response  )

inline

Executes the finish registration step of the U2F service

引数

userName	As required per org.xdi.oxauth.client.fido.u2f.RegistrationRequestService::finishRegistration
response	This is the Json response obtained in the web browser after calling the u2f.register function in Javascript

                                                                     {
        //first parameter is not used in current implementation, see: org.xdi.oxauth.ws.rs.fido.u2f.U2fRegistrationWS#finishRegistration
        RegisterStatus status = registrationRequestService.finishRegistration(userName, response);
        logger.info("Response of finish registration: {}", status.getStatus());
    }

generateJsonRegisterMessage()

String org.gluu.credmanager.plugins.authnmethod.service.U2fService.generateJsonRegisterMessage ( String  userName, String  enrollmentCode  ) throws Exception

inline

Triggers a registration request to a U2F endpoint and outputs the request message returned by the service in form of JSON

引数

userName	As required per org.xdi.oxauth.client.fido.u2f.RegistrationRequestService::startRegistration
enrollmentCode	A previously generated random code stored under user's LDAP entry

戻り値

Json string representation

例外

Exception

Network problem, De/Serialization error, ...

                                                                                                       {

        RegisterRequestMessage message = registrationRequestService.startRegistration(userName, conf.getAppId(), null, enrollmentCode);

        //This is needed as serialization of RegisterRequestMessage instances behave very weirdly making Chrome suck more than usual
        Map<String, Object> request = mapper.convertValue(message, new TypeReference<Map<String, Object>>() { });
        request.put("authenticateRequests", Collections.emptyList());

        logger.info("Beginning registration start with uid={}, app_id={}", userName, conf.getAppId());
        return mapper.writeValueAsString(request);

    }

getDevices() [1/2]

List<SecurityKey> org.gluu.credmanager.plugins.authnmethod.service.U2fService.getDevices ( String  userId, boolean  active  )

inline

                                                                       {
        return getSortedDevices(userId, active, conf.getAppId(), SecurityKey.class);
    }

getDevices() [2/2]

private<T extends FidoDevice> List<T> org.gluu.credmanager.plugins.authnmethod.service.FidoService.getDevices ( String  userId, boolean  active, String  oxApplication, Class< T >  clazz  ) throws Exception

inlinepackageinherited

Returns a list of FidoDevice instances found under the given branch that matches the oxApplication value given and whose oxStatus attribute equals to "active"

引数

userId
oxApplication	Value to match for oxApplication attribute (see LDAP object class oxDeviceRegistration)
clazz	Any subclass of FidoDevice
<T>

戻り値

List of FidoDevices

                                                                                                                                            {

        List<T> devices = new ArrayList<>();
        List<oxDeviceRegistration> list = getRegistrations(oxApplication, userId, active);

        for (oxDeviceRegistration deviceRegistration : list) {
            T device = clazz.getConstructor().newInstance();

            if (clazz.equals(SuperGluuDevice.class)) {
                //DeviceData class is annotated with org.codehaus and has no default constructor so using normal mapper gives trouble
                DeviceData data = codehausMapper.readValue(deviceRegistration.getDeviceData(), DeviceData.class);
                ((SuperGluuDevice) device).setDeviceData(data);
            }
            device.setApplication(deviceRegistration.getOxApplication());
            device.setNickName(deviceRegistration.getDisplayName());
            device.setStatus(deviceRegistration.getOxStatus());
            device.setId(deviceRegistration.getOxId());
            device.setCreationDate(deviceRegistration.getCreationDate());
            device.setCounter(deviceRegistration.getOxCounter());

            devices.add(device);
        }
        return devices;

    }

getDevicesTotal() [1/2]

int org.gluu.credmanager.plugins.authnmethod.service.FidoService.getDevicesTotal ( String  appId, String  userId, boolean  active  )

inlineinherited

                                                                            {

        int total = 0;
        try {
            total = getRegistrations(appId, userId, active).size();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return total;

    }

getDevicesTotal() [2/2]

int org.gluu.credmanager.plugins.authnmethod.service.U2fService.getDevicesTotal ( String  userId, boolean  active  )

inline

                                                              {
        return getDevicesTotal(conf.getAppId(), userId, active);
    }

getLatestFidoDevice()

public<T extends FidoDevice> T org.gluu.credmanager.plugins.authnmethod.service.FidoService.getLatestFidoDevice ( String  userId, long  time, String  oxApp, Class< T >  clazz  ) throws Exception

inlinepackageinherited

                                                                                                                                 {
        List<T> list = getDevices(userId, true, oxApp, clazz);
        logger.debug("getLatestFidoDevice. list is {}", list.stream().map(FidoDevice::getId).collect(Collectors.toList()).toString());
        return getRecentlyCreatedDevice(list, time);
    }

getLatestSecurityKey()

SecurityKey org.gluu.credmanager.plugins.authnmethod.service.U2fService.getLatestSecurityKey ( String  userId, long  time  )

inline

                                                                      {

        SecurityKey sk = null;
        try {
            sk = getLatestFidoDevice(userId, time, conf.getAppId(), SecurityKey.class);
            if (sk != null && sk.getNickName() != null) {
                sk = null;    //should have no name
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return sk;

    }

getRecentlyCreatedDevice()

private<T extends FidoDevice> T org.gluu.credmanager.plugins.authnmethod.service.FidoService.getRecentlyCreatedDevice ( List< T >  devices, long  time  )

inlinepackageinherited

Chooses one device from a list of devices, such that its creation time is the closest to the timestamp given

引数

devices	A non-null list of fido devices
time	A timestamp as milliseconds elapsed from the "epoch"
<T>

戻り値

The best matching device (only devices added before the time supplied are considered). Null if no suitable device could be found

                                                                                          {

        long[] diffs = devices.stream().mapToLong(key -> time - key.getCreationDate().getTime()).toArray();

        logger.trace("getRecentlyCreatedDevice. diffs {}", Arrays.asList(diffs));
        //Search for the smallest time difference
        int i;
        Pair<Long, Integer> min = new Pair<>(Long.MAX_VALUE, -1);
        //it always holds that diffs.length==devices.size()
        for (i = 0; i < diffs.length; i++) {
            if (diffs[i] >= 0 && min.getX() > diffs[i]) {  //Only search non-negative differences
                min = new Pair<>(diffs[i], i);
            }
        }

        i = min.getY();
        return i == -1 ? null : devices.get(i);

    }

getRegistrationResult()

String org.gluu.credmanager.plugins.authnmethod.service.U2fService.getRegistrationResult ( String  jsonString ) throws Exception

inline

                                                                            {

        String value = null;
        JsonNode tree = mapper.readTree(jsonString);

        logger.info("Finished registration start with response: {}", jsonString);
        JsonNode tmp = tree.get("errorCode");

        if (tmp != null) {
            try {
                value = U2fClientCodes.get(tmp.asInt()).toString();
                logger.error("Registration failed with error: {}", value);
                value = value.toLowerCase();
            } catch (Exception e) {
                logger.error(e.getMessage(), e);
                value = Labels.getLabel("general.error.general");
            }
        }
        return value;

    }

getSortedDevices()

<T extends FidoDevice> List<T> org.gluu.credmanager.plugins.authnmethod.service.FidoService.getSortedDevices ( String  userId, boolean  active, String  appId, Class< T >  clazz  )

inlinepackageinherited

                                                                                                                 {

        List<T> devices = new ArrayList<>();
        try {
            devices = getDevices(userId, active, appId, clazz).stream().sorted().collect(Collectors.toList());
            logger.trace("getDevices. User '{}' has {}", userId, devices.stream().map(FidoDevice::getId).collect(Collectors.toList()));
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }
        return devices;
    }

inited()

void org.gluu.credmanager.plugins.authnmethod.service.U2fService.inited ( )

inlineprivate

                          {
        reloadConfiguration();
    }

reloadConfiguration()

void org.gluu.credmanager.plugins.authnmethod.service.U2fService.reloadConfiguration ( )

inline

                                      {

        conf = new U2FConfig();
        String metadataUri = Optional.ofNullable(settings.getU2fSettings()).map(U2fSettings::getRelativeMetadataUri)
                .orElse(".well-known/fido-u2f-configuration");
        conf.setEndpointUrl(String.format("%s/%s", ldapService.getIssuerUrl(), metadataUri));

        try {
            Map<String, String> props = ldapService.getCustScriptConfigProperties(ConfigurationHandler.DEFAULT_ACR);
            conf.setAppId(props.get("u2f_app_id"));

            logger.info("U2f settings found were: {}", mapper.writeValueAsString(conf));

            U2fConfigurationService u2fCfgServ = FidoU2fClientFactory.instance().createMetaDataConfigurationService(conf.getEndpointUrl());
            U2fConfiguration metadataConf = u2fCfgServ.getMetadataConfiguration();
            registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(metadataConf);
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        }

    }

removeDevice()

boolean org.gluu.credmanager.plugins.authnmethod.service.FidoService.removeDevice ( FidoDevice  device )

inlineinherited

                                                   {

        boolean success = false;
        oxDeviceRegistration deviceRegistration = getDeviceRegistrationFor(device);
        if (deviceRegistration != null) {
            success = ldapService.delete(deviceRegistration, oxDeviceRegistration.class);
        }
        return success;

    }

updateDevice()

boolean org.gluu.credmanager.plugins.authnmethod.service.FidoService.updateDevice ( FidoDevice  device )

inlineinherited

                                                   {

        boolean success = false;
        oxDeviceRegistration deviceRegistration = getDeviceRegistrationFor(device);
        if (deviceRegistration != null) {
            deviceRegistration.setDisplayName(device.getNickName());
            success = ldapService.modify(deviceRegistration, oxDeviceRegistration.class);
        }
        return success;

    }

メンバ詳解

conf

U2FConfig org.gluu.credmanager.plugins.authnmethod.service.U2fService.conf

private

ldapService

LdapService org.gluu.credmanager.plugins.authnmethod.service.BaseService.ldapService

packageinherited

logger

Logger org.gluu.credmanager.plugins.authnmethod.service.U2fService.logger

private

mapper

ObjectMapper org.gluu.credmanager.plugins.authnmethod.service.BaseService.mapper

packageinherited

registrationRequestService

RegistrationRequestService org.gluu.credmanager.plugins.authnmethod.service.U2fService.registrationRequestService

private

settings

MainSettings org.gluu.credmanager.plugins.authnmethod.service.U2fService.settings

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/cred-manager/app/src/main/java/org/gluu/credmanager/plugins/authnmethod/service/U2fService.java