org.xdi.oxauth.service.fido.u2f.RegistrationService クラス

org.xdi.oxauth.service.fido.u2f.RegistrationService の継承関係図

org.xdi.oxauth.service.fido.u2f.RegistrationService 連携図

公開メンバ関数
RegisterRequestMessage	builRegisterRequestMessage (String appId, String userInum)
RegisterRequest	startRegistration (String appId)
RegisterRequest	startRegistration (String appId, byte[] challenge)
DeviceRegistrationResult	finishRegistration (RegisterRequestMessage requestMessage, RegisterResponse response, String userInum) throws BadInputException
DeviceRegistrationResult	finishRegistration (RegisterRequestMessage requestMessage, RegisterResponse response, String userInum, Set< String > facets) throws BadInputException
void	storeRegisterRequestMessage (RegisterRequestMessage requestMessage, String userInum, String sessionId)
RegisterRequestMessage	getRegisterRequestMessage (String oxId)
RegisterRequestMessageLdap	getRegisterRequestMessageByRequestId (String requestId)
void	removeRegisterRequestMessage (RequestMessageLdap registerRequestMessageLdap)
String	getDnForRegisterRequestMessage (String oxId)
List< RequestMessageLdap >	getExpiredRequestMessages (BatchOperation< RequestMessageLdap > batchOperation, Date expirationDate, String[] returnAttributes, int sizeLimit, int chunkSize)
void	removeRequestMessage (RequestMessageLdap requestMessageLdap)

非公開変数類
Logger	log
PersistenceEntryManager	ldapEntryManager
ApplicationService	applicationService
UserService	userService
AuthenticationService	u2fAuthenticationService
RawRegistrationService	rawRegistrationService
ClientDataValidationService	clientDataValidationService
DeviceRegistrationService	deviceRegistrationService
ChallengeGenerator	challengeGenerator
StaticConfiguration	staticConfiguration

詳解

Provides operations with U2F registration requests

著者

Yuriy Movchan

バージョン

August 9, 2017

関数詳解

builRegisterRequestMessage()

RegisterRequestMessage org.xdi.oxauth.service.fido.u2f.RegistrationService.builRegisterRequestMessage ( String  appId, String  userInum  )

inline

                                                                                            {
        if (applicationService.isValidateApplication()) {
            applicationService.checkIsValid(appId);
        }

        List<AuthenticateRequest> authenticateRequests = new ArrayList<AuthenticateRequest>();
        List<RegisterRequest> registerRequests = new ArrayList<RegisterRequest>();

        boolean twoStep = StringHelper.isNotEmpty(userInum);
        if (twoStep) {
            // In two steps we expects not empty userInum
            List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, appId);
            for (DeviceRegistration deviceRegistration : deviceRegistrations) {
                if (!deviceRegistration.isCompromised()) {
                    try {
                        AuthenticateRequest authenticateRequest = u2fAuthenticationService.startAuthentication(appId, deviceRegistration);
                        authenticateRequests.add(authenticateRequest);
                    } catch (DeviceCompromisedException ex) {
                        log.error("Faield to authenticate device", ex);
                    }
                }
            }
        }

        RegisterRequest request = startRegistration(appId);
        registerRequests.add(request);

        return new RegisterRequestMessage(authenticateRequests, registerRequests);
    }

finishRegistration() [1/2]

DeviceRegistrationResult org.xdi.oxauth.service.fido.u2f.RegistrationService.finishRegistration ( RegisterRequestMessage  requestMessage, RegisterResponse  response, String  userInum  ) throws BadInputException

inline

                                                                                                                                                                   {
        return finishRegistration(requestMessage, response, userInum, null);
    }

finishRegistration() [2/2]

DeviceRegistrationResult org.xdi.oxauth.service.fido.u2f.RegistrationService.finishRegistration ( RegisterRequestMessage  requestMessage, RegisterResponse  response, String  userInum, Set< String >  facets  ) throws BadInputException

inline

                                     {
        RegisterRequest request = requestMessage.getRegisterRequest();
        String appId = request.getAppId();

        ClientData clientData = response.getClientData();
        clientDataValidationService.checkContent(clientData, RawRegistrationService.SUPPORTED_REGISTER_TYPES, request.getChallenge(), facets);

        RawRegisterResponse rawRegisterResponse = rawRegistrationService.parseRawRegisterResponse(response.getRegistrationData());
        rawRegistrationService.checkSignature(appId, clientData, rawRegisterResponse);

        Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        DeviceRegistration deviceRegistration = rawRegistrationService.createDevice(rawRegisterResponse);
        deviceRegistration.setStatus(DeviceRegistrationStatus.ACTIVE);
        deviceRegistration.setApplication(appId);
        deviceRegistration.setCreationDate(now);

        int keyHandleHashCode = deviceRegistrationService.getKeyHandleHashCode(rawRegisterResponse.getKeyHandle());
        deviceRegistration.setKeyHandleHashCode(keyHandleHashCode);

        final String deviceRegistrationId = String.valueOf(System.currentTimeMillis());
        deviceRegistration.setId(deviceRegistrationId);

        String responseDeviceData = response.getDeviceData();
        if (StringHelper.isNotEmpty(responseDeviceData)) {
            try {
                String responseDeviceDataDecoded = new String(Base64Util.base64urldecode(responseDeviceData));
                DeviceData deviceData = ServerUtil.jsonMapperWithWrapRoot().readValue(responseDeviceDataDecoded, DeviceData.class);
                deviceRegistration.setDeviceData(deviceData);
            } catch (Exception ex) {
                throw new BadInputException(String.format("Device data is invalid: %s", responseDeviceData), ex);
            }
        }

        boolean approved = StringHelper.equals(RawRegistrationService.REGISTER_FINISH_TYPE, response.getClientData().getTyp());
        if (!approved) {
            log.debug("Registratio request with keyHandle '{}' was canceled", rawRegisterResponse.getKeyHandle());
            return new DeviceRegistrationResult(deviceRegistration, DeviceRegistrationResult.Status.CANCELED);
        }

        boolean twoStep = StringHelper.isNotEmpty(userInum);
        if (twoStep) {
            deviceRegistration.setDn(deviceRegistrationService.getDnForU2fDevice(userInum, deviceRegistrationId));

            // Check if there is device registration with keyHandle in LDAP already
            List<DeviceRegistration> foundDeviceRegistrations = deviceRegistrationService.findDeviceRegistrationsByKeyHandle(appId, deviceRegistration.getKeyHandle(), "oxId");
            if (foundDeviceRegistrations.size() != 0) {
                throw new BadInputException(String.format("KeyHandle %s was compromised", deviceRegistration.getKeyHandle()));
            }

            deviceRegistrationService.addUserDeviceRegistration(userInum, deviceRegistration);
        } else {
            deviceRegistration.setDn(deviceRegistrationService.getDnForOneStepU2fDevice(deviceRegistrationId));

            deviceRegistrationService.addOneStepDeviceRegistration(deviceRegistration);
        }

        return new DeviceRegistrationResult(deviceRegistration, DeviceRegistrationResult.Status.APPROVED);
    }

getDnForRegisterRequestMessage()

String org.xdi.oxauth.service.fido.u2f.RegistrationService.getDnForRegisterRequestMessage ( String  oxId )

inline

Build DN string for U2F register request

                                                              {
        final String u2fBaseDn = staticConfiguration.getBaseDn().getU2fBase(); // ou=registration_requests,ou=u2f,o=@!1111,o=gluu
        if (StringHelper.isEmpty(oxId)) {
            return String.format("ou=registration_requests,%s", u2fBaseDn);
        }

        return String.format("oxid=%s,ou=registration_requests,%s", oxId, u2fBaseDn);
    }

getExpiredRequestMessages()

List<RequestMessageLdap> org.xdi.oxauth.service.fido.u2f.RequestService.getExpiredRequestMessages ( BatchOperation< RequestMessageLdap >  batchOperation, Date  expirationDate, String []  returnAttributes, int  sizeLimit, int  chunkSize  )

inlineinherited

                                                                                                                                                                                                   {
                final String u2fBaseDn = staticConfiguration.getBaseDn().getU2fBase(); // ou=u2f,o=@!1111,o=gluu
                Filter expirationFilter = Filter.createLessOrEqualFilter("creationDate", ldapEntryManager.encodeTime(expirationDate));

                List<RequestMessageLdap> requestMessageLdap = ldapEntryManager.findEntries(u2fBaseDn, RequestMessageLdap.class, expirationFilter, SearchScope.SUB, returnAttributes, batchOperation, 0, sizeLimit, chunkSize);

                return requestMessageLdap;
        }

getRegisterRequestMessage()

RegisterRequestMessage org.xdi.oxauth.service.fido.u2f.RegistrationService.getRegisterRequestMessage ( String  oxId )

inline

                                                                         {
        String requestDn = getDnForRegisterRequestMessage(oxId);

        RegisterRequestMessageLdap registerRequestMessageLdap = ldapEntryManager.find(RegisterRequestMessageLdap.class, requestDn);
        if (registerRequestMessageLdap == null) {
            return null;
        }

        return registerRequestMessageLdap.getRegisterRequestMessage();
    }

getRegisterRequestMessageByRequestId()

RegisterRequestMessageLdap org.xdi.oxauth.service.fido.u2f.RegistrationService.getRegisterRequestMessageByRequestId ( String  requestId )

inline

                                                                                             {
        String baseDn = getDnForRegisterRequestMessage(null);
        Filter requestIdFilter = Filter.createEqualityFilter("oxRequestId", requestId);

        List<RegisterRequestMessageLdap> registerRequestMessagesLdap = ldapEntryManager.findEntries(baseDn, RegisterRequestMessageLdap.class,
                requestIdFilter);
        if ((registerRequestMessagesLdap == null) || registerRequestMessagesLdap.isEmpty()) {
            return null;
        }

        return registerRequestMessagesLdap.get(0);
    }

removeRegisterRequestMessage()

void org.xdi.oxauth.service.fido.u2f.RegistrationService.removeRegisterRequestMessage ( RequestMessageLdap  registerRequestMessageLdap )

inline

                                                                                            {
        removeRequestMessage(registerRequestMessageLdap);
    }

removeRequestMessage()

void org.xdi.oxauth.service.fido.u2f.RequestService.removeRequestMessage ( RequestMessageLdap  requestMessageLdap )

inlineinherited

                                                                                {
                ldapEntryManager.remove(requestMessageLdap);
        }

startRegistration() [1/2]

RegisterRequest org.xdi.oxauth.service.fido.u2f.RegistrationService.startRegistration ( String  appId )

inline

                                                           {
        return startRegistration(appId, challengeGenerator.generateChallenge());
    }

startRegistration() [2/2]

RegisterRequest org.xdi.oxauth.service.fido.u2f.RegistrationService.startRegistration ( String  appId, byte []  challenge  )

inline

                                                                             {
        return new RegisterRequest(Base64Util.base64urlencode(challenge), appId);
    }

storeRegisterRequestMessage()

void org.xdi.oxauth.service.fido.u2f.RegistrationService.storeRegisterRequestMessage ( RegisterRequestMessage  requestMessage, String  userInum, String  sessionId  )

inline

                                                                                                                      {
        Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime();
        final String registerRequestMessageId = UUID.randomUUID().toString();

        RequestMessageLdap registerRequestMessageLdap = new RegisterRequestMessageLdap(getDnForRegisterRequestMessage(registerRequestMessageId),
                registerRequestMessageId, now, sessionId, userInum, requestMessage);

        ldapEntryManager.persist(registerRequestMessageLdap);
    }

メンバ詳解

applicationService

ApplicationService org.xdi.oxauth.service.fido.u2f.RegistrationService.applicationService

private

challengeGenerator

ChallengeGenerator org.xdi.oxauth.service.fido.u2f.RegistrationService.challengeGenerator

private

clientDataValidationService

ClientDataValidationService org.xdi.oxauth.service.fido.u2f.RegistrationService.clientDataValidationService

private

deviceRegistrationService

DeviceRegistrationService org.xdi.oxauth.service.fido.u2f.RegistrationService.deviceRegistrationService

private

ldapEntryManager

PersistenceEntryManager org.xdi.oxauth.service.fido.u2f.RegistrationService.ldapEntryManager

private

log

Logger org.xdi.oxauth.service.fido.u2f.RegistrationService.log

private

rawRegistrationService

RawRegistrationService org.xdi.oxauth.service.fido.u2f.RegistrationService.rawRegistrationService

private

staticConfiguration

StaticConfiguration org.xdi.oxauth.service.fido.u2f.RegistrationService.staticConfiguration

private

u2fAuthenticationService

AuthenticationService org.xdi.oxauth.service.fido.u2f.RegistrationService.u2fAuthenticationService

private

userService

UserService org.xdi.oxauth.service.fido.u2f.RegistrationService.userService

private

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/src/main/java/org/xdi/oxauth/service/fido/u2f/RegistrationService.java