Skip to content

Commit

Permalink
fix: changes in passkey script (#9582)
Browse files Browse the repository at this point in the history 
fix:changes in passkey script

Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com>
  • Loading branch information
@duttarnab
duttarnab authored Sep 24, 2024
1 parent 779582f commit 9082677
Showing 1 changed file with 79 additions and 66 deletions.
145 changes: 79 additions & 66 deletions demos/jans-chip/android/docs/authChallengeScript.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,16 @@
import jakarta.ws.rs.core.Response;
import io.jans.fido2.client.Fido2ClientFactory;
import io.jans.fido2.client.AssertionService;
import java.util.HashMap;

/**
* @author Yuriy Z
*/
public class AuthorizationChallenge implements AuthorizationChallengeType {

public static final String USERNAME_PARAMETER = "username";
public static final String PASSWORD_PARAMETER = "password";

private String fido2ServerUri = null;

private static final Logger log = LoggerFactory.getLogger(AuthorizationChallenge.class);
private static final Logger scriptLogger = LoggerFactory.getLogger(CustomScriptManager.class);

Expand All @@ -43,72 +45,72 @@ public class AuthorizationChallenge implements AuthorizationChallengeType {
*/
@Override
public boolean authorize(Object scriptContext) {
try {
ExternalScriptContext context = (ExternalScriptContext) scriptContext;
try {
ExternalScriptContext context = (ExternalScriptContext) scriptContext;

// 1. validate all required parameters are present
final String username = getParameterOrCreateError(context, USERNAME_PARAMETER);
if (StringUtils.isBlank(username)) {
return false;
}
// 1. validate all required parameters are present
final String username = getParameterOrCreateError(context, USERNAME_PARAMETER);
if (StringUtils.isBlank(username)) {
return false;
}

scriptLogger.trace("All required parameters are present");

// 2. main authorization logic, if ok -> set authorized user into "context.getExecutionContext().setUser(user);" and return true
UserService userService = CdiUtil.bean(UserService.class);
PersistenceEntryManager entryManager = CdiUtil.bean(PersistenceEntryManager.class);
scriptLogger.trace("All required parameters are present");

final User user = userService.getUser(username);
if (user == null) {
scriptLogger.trace("User is not found by username {}", username);
createError(context, "username_invalid");
return false;
}
// 2. main authorization logic, if ok -> set authorized user into "context.getExecutionContext().setUser(user);" and return true
UserService userService = CdiUtil.bean(UserService.class);
PersistenceEntryManager entryManager = CdiUtil.bean(PersistenceEntryManager.class);

final String authMethod = getParameterOrCreateError(context, "auth_method");
final User user = userService.getUser(username);
if (user == null) {
scriptLogger.trace("User is not found by username {}", username);
createError(context, "username_invalid");
return false;
}

scriptLogger.trace("Executing {} steps.", authMethod);
if(authMethod.equals("authenticate")) {
final String assertionResultRequest = getParameterOrCreateError(context, "assertion_result_request");
scriptLogger.trace("assertionResultRequest : {}", assertionResultRequest);

scriptLogger.info(this.fido2ServerUri);
ConfigurationService metaDataConfigurationService = Fido2ClientFactory.instance().createMetaDataConfigurationService(this.fido2ServerUri + "/.well-known/fido2-configuration");
final String authMethod = getParameterOrCreateError(context, "auth_method");

String metaDataConfiguration = metaDataConfigurationService.getMetadataConfiguration().readEntity(String.class);

AssertionService assertionService = Fido2ClientFactory.instance().createAssertionService(metaDataConfiguration);
Response attestationStatus = assertionService.verify(assertionResultRequest);
scriptLogger.trace("Executing {} steps.", authMethod);
if(authMethod.equals("authenticate")) {
final String assertionResultRequest = getParameterOrCreateError(context, "assertion_result_request");
scriptLogger.trace("assertionResultRequest : {}", assertionResultRequest);

if(attestationStatus.getStatus() != Response.Status.OK.getStatusCode()) {

scriptLogger.trace("Fido2. Authenticate for step 2. Get invalid registration status from Fido2 server");
return false;
}
context.getExecutionContext().setUser(user);
return true;

} else if(authMethod.equals("enroll")) {

final String password = getParameterOrCreateError(context, PASSWORD_PARAMETER);
if (StringUtils.isBlank(password)) {
return false;
}

final boolean ok = entryManager.authenticate(user.getDn(), User.class, password);
if (ok) {
context.getExecutionContext().setUser(user); // <- IMPORTANT : without user set, user relation will not be associated with token
scriptLogger.trace("User {} is authenticated successfully.", username);
return true;
}
// 3. not ok -> set error which explains what is wrong and return false
scriptLogger.trace("Failed to authenticate user {}. Please check username and password.", username);
createError(context, "username_or_password_invalid");
return false;
scriptLogger.info(this.fido2ServerUri);
ConfigurationService metaDataConfigurationService = Fido2ClientFactory.instance().createMetaDataConfigurationService(this.fido2ServerUri + "/.well-known/fido2-configuration");

}

return false;
String metaDataConfiguration = metaDataConfigurationService.getMetadataConfiguration().readEntity(String.class);

AssertionService assertionService = Fido2ClientFactory.instance().createAssertionService(metaDataConfiguration);
Response attestationStatus = assertionService.verify(assertionResultRequest);

if(attestationStatus.getStatus() != Response.Status.OK.getStatusCode()) {

scriptLogger.trace("Fido2. Authenticate for step 2. Get invalid registration status from Fido2 server");
return false;
}
context.getExecutionContext().setUser(user);
return true;

} else if(authMethod.equals("enroll")) {

final String password = getParameterOrCreateError(context, PASSWORD_PARAMETER);
if (StringUtils.isBlank(password)) {
return false;
}

final boolean ok = entryManager.authenticate(user.getDn(), User.class, password);
if (ok) {
context.getExecutionContext().setUser(user); // <- IMPORTANT : without user set, user relation will not be associated with token
scriptLogger.trace("User {} is authenticated successfully.", username);
return true;
}
// 3. not ok -> set error which explains what is wrong and return false
scriptLogger.trace("Failed to authenticate user {}. Please check username and password.", username);
createError(context, "username_or_password_invalid");
return false;

}

return false;
} catch(Exception e) {
scriptLogger.trace("Error in processing request {}", e.getMessage());
return false;
Expand Down Expand Up @@ -170,12 +172,12 @@ private DeviceSession prepareDeviceSession(ExternalScriptContext context, Device
if (StringUtils.isNotBlank(password)) {
deviceSessionObject.getAttributes().getAttributes().put(PASSWORD_PARAMETER, password);
}

String clientId = context.getHttpRequest().getParameter("client_id");
if (StringUtils.isNotBlank(clientId)) {
deviceSessionObject.getAttributes().getAttributes().put("client_id", clientId);
}

String acrValues = context.getHttpRequest().getParameter("acr_values");
if (StringUtils.isNotBlank(acrValues)) {
deviceSessionObject.getAttributes().getAttributes().put("acr_values", acrValues);
Expand All @@ -200,7 +202,7 @@ private String getParameterFromDeviceSession(ExternalScriptContext context, Stri

@Override
public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
scriptLogger.info("Initialized Default AuthorizationChallenge (with passkey authn) Java custom script.");
scriptLogger.info("Initialized Default AuthorizationChallenge Java custom script.");
return true;
}

Expand All @@ -209,12 +211,12 @@ public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty>
scriptLogger.info("Initialized Default AuthorizationChallenge (with passkey authn) Java custom script.");

if(!configurationAttributes.containsKey("fido2_server_uri")) {
scriptLogger.error("Initialization. Property fido2_server_uri is not specified.");
return false;
scriptLogger.error("Initialization. Property fido2_server_uri is not specified.");
return false;
}
fido2ServerUri = configurationAttributes.get("fido2_server_uri").getValue2();
scriptLogger.error(configurationAttributes.get("fido2_server_uri").getValue2());

return true;
}

Expand All @@ -228,4 +230,15 @@ public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes
public int getApiVersion() {
return 11;
}

/**
* Returns claims represented by key-value map. Claims are added to id_token jwt.
*
* @param context external script context
* @return authentication method claims represented by key-value map.
*/
@Override
public Map<String, String> getAuthenticationMethodClaims(Object context) {
return new HashMap<>();
}
}

0 comments on commit 9082677

Please sign in to comment.