From 8517ec7ca0aaebb183f0e962d4cff778aa3f0b97 Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Sat, 29 Jun 2024 09:57:34 +0300 Subject: [PATCH] feat (fido2): merge from jans Signed-off-by: Yuriy Movchan --- .../oxauth/auth/AuthenticationFilter.java | 2 + .../org/gluu/oxauth/auth/Authenticator.java | 4 +- .../org/gluu/oxauth/auth/MTLSService.java | 4 +- .../gluu/oxauth/auth/SelectAccountAction.java | 2 +- .../authorize/ws/rs/AuthorizeAction.java | 2 + .../ws/rs/AuthorizeRestWebServiceImpl.java | 2 + .../rs/AuthorizeRestWebServiceValidator.java | 1 + .../ws/rs/ConsentGathererService.java | 2 +- .../ws/rs/ConsentGatheringSessionService.java | 2 +- .../ws/rs/DeviceAuthorizationAction.java | 4 +- .../oxauth/authorize/ws/rs/LogoutAction.java | 2 +- .../gluu/oxauth/model/error/ErrorMessage.java | 76 ------- .../oxauth/model/error/ErrorMessageList.java | 2 + .../oxauth/model/error/ErrorMessages.java | 3 + .../model/error/ErrorResponseFactory.java | 1 + .../oxauth/model/token/IdTokenFactory.java | 1 + .../revoke/RevokeSessionRestWebService.java | 4 +- .../org/gluu/oxauth/security/Identity.java | 2 +- .../oxauth/service/AuthenticationService.java | 2 +- .../gluu/oxauth/service/AuthorizeService.java | 1 + .../org/gluu/oxauth/service/CleanerTimer.java | 2 +- .../gluu/oxauth/service/CookieService.java | 4 +- .../service/DeviceAuthorizationService.java | 2 +- .../oxauth/service/RedirectionUriService.java | 2 +- .../service/RequestParameterService.java | 2 +- .../gluu/oxauth/service/SessionIdService.java | 4 +- .../org/gluu/oxauth/service/UserService.java | 2 +- .../ExpirationNotificatorTimer.java | 3 +- .../ExternalApplicationSessionService.java | 2 +- .../context/ConsentGatheringContext.java | 2 +- .../external/context/EndSessionContext.java | 2 +- .../context/ExternalPostAuthnContext.java | 2 +- .../external/session/SessionEvent.java | 2 +- .../fido/u2f/RawRegistrationService.java | 21 +- .../fido/u2f/UserSessionIdService.java | 4 +- .../service/fido/u2f/ValidationService.java | 2 +- .../CheckSessionStatusRestWebServiceImpl.java | 3 +- .../ws/rs/EndSessionRestWebServiceImpl.java | 2 +- .../token/ws/rs/TokenRestWebServiceImpl.java | 1 + .../UmaAuthorizationContext.java | 2 +- .../uma/authorization/UmaGatherContext.java | 2 +- .../gluu/oxauth/uma/service/UmaGatherer.java | 2 +- .../oxauth/uma/service/UmaSessionService.java | 2 +- .../gluu/oxauth/uma/ws/rs/UmaGatheringWS.java | 2 +- .../ws/rs/fido/u2f/U2fRegistrationWS.java | 2 +- .../AuthorizeRestWebServiceValidatorTest.java | 2 +- .../java/org/gluu/oxauth/comp/LocaleTest.java | 2 +- .../oxauth/comp/SessionIdServiceTest.java | 4 +- .../org/gluu/oxauth/dev/CacheGrantManual.java | 2 +- .../gluu/oxauth/dev/ConfSerialization.java | 2 +- .../rs/EndSessionRestWebServiceImplTest.java | 1 + .../model/config/BaseDnConfiguration.java | 21 ++ .../gluu/oxauth/model/session}/SessionId.java | 5 +- .../model/session}/SessionIdAccessMap.java | 2 +- .../oxauth/model/session}/SessionIdState.java | 2 +- .../fido2/RegistrationPersistenceService.java | 206 ++++++++++++++++++ 56 files changed, 313 insertions(+), 131 deletions(-) delete mode 100644 Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessage.java rename {Server/src/main/java/org/gluu/oxauth/model/common => common/src/main/java/org/gluu/oxauth/model/session}/SessionId.java (98%) rename {Server/src/main/java/org/gluu/oxauth/model/common => common/src/main/java/org/gluu/oxauth/model/session}/SessionIdAccessMap.java (98%) rename {Server/src/main/java/org/gluu/oxauth/model/common => common/src/main/java/org/gluu/oxauth/model/session}/SessionIdState.java (96%) create mode 100644 common/src/main/java/org/gluu/oxauth/service/common/fido2/RegistrationPersistenceService.java diff --git a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java index be10b82c29..a3a5b8f49c 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/AuthenticationFilter.java @@ -19,6 +19,8 @@ import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.exception.InvalidJwtException; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.token.ClientAssertion; import org.gluu.oxauth.model.token.ClientAssertionType; import org.gluu.oxauth.model.token.HttpAuthTokenType; diff --git a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java index 4d7265a45a..6b864d666e 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/Authenticator.java @@ -14,14 +14,14 @@ import org.gluu.model.security.Credentials; import org.gluu.oxauth.i18n.LanguageBean; import org.gluu.oxauth.model.authorize.AuthorizeErrorResponseType; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.exception.InvalidSessionStateException; import org.gluu.oxauth.model.jwt.JwtClaimName; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.*; import org.gluu.oxauth.service.external.ExternalAuthenticationService; diff --git a/Server/src/main/java/org/gluu/oxauth/auth/MTLSService.java b/Server/src/main/java/org/gluu/oxauth/auth/MTLSService.java index 66f29a1b72..961c62f61a 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/MTLSService.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/MTLSService.java @@ -6,13 +6,13 @@ import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; import org.gluu.oxauth.model.common.AuthenticationMethod; import org.gluu.oxauth.model.common.Prompt; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.crypto.AbstractCryptoProvider; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.jwk.JSONWebKey; import org.gluu.oxauth.model.jwk.JSONWebKeySet; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.token.TokenErrorResponseType; import org.gluu.oxauth.model.util.CertUtils; import org.gluu.oxauth.service.SessionIdService; diff --git a/Server/src/main/java/org/gluu/oxauth/auth/SelectAccountAction.java b/Server/src/main/java/org/gluu/oxauth/auth/SelectAccountAction.java index 09c62f7291..ac48801356 100644 --- a/Server/src/main/java/org/gluu/oxauth/auth/SelectAccountAction.java +++ b/Server/src/main/java/org/gluu/oxauth/auth/SelectAccountAction.java @@ -15,8 +15,8 @@ import org.apache.commons.lang.StringUtils; import org.gluu.jsf2.service.FacesService; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.CookieService; import org.gluu.oxauth.service.RequestParameterService; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeAction.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeAction.java index 4cabd413a5..4f7fe66fc1 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeAction.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeAction.java @@ -27,6 +27,8 @@ import org.gluu.oxauth.model.jwt.JwtClaimName; import org.gluu.oxauth.model.ldap.ClientAuthorization; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.util.Base64Util; import org.gluu.oxauth.model.util.JwtUtil; import org.gluu.oxauth.model.util.Util; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java index c9b427c68b..930cca1c67 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceImpl.java @@ -30,6 +30,8 @@ import org.gluu.oxauth.model.jwt.JwtClaimName; import org.gluu.oxauth.model.ldap.ClientAuthorization; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.token.JsonWebResponse; import org.gluu.oxauth.model.token.JwrService; import org.gluu.oxauth.model.util.Util; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidator.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidator.java index ee650b3a22..5fbfd950a4 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidator.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidator.java @@ -9,6 +9,7 @@ import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.ClientService; import org.gluu.oxauth.service.DeviceAuthorizationService; import org.gluu.oxauth.service.RedirectUriResponse; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java index deb48d4187..262d66f7c4 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGathererService.java @@ -11,9 +11,9 @@ import org.gluu.oxauth.i18n.LanguageBean; import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; import org.gluu.oxauth.model.authorize.ScopeChecker; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.AuthorizeService; import org.gluu.oxauth.service.ClientService; import org.gluu.oxauth.service.SessionIdService; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGatheringSessionService.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGatheringSessionService.java index d72dd9e6bd..c0777b06b7 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGatheringSessionService.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/ConsentGatheringSessionService.java @@ -7,9 +7,9 @@ package org.gluu.oxauth.authorize.ws.rs; import org.apache.commons.lang.StringUtils; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.util.Util; import org.gluu.oxauth.service.ClientService; import org.gluu.oxauth.service.CookieService; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/DeviceAuthorizationAction.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/DeviceAuthorizationAction.java index c172c6a9dd..e5e152474f 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/DeviceAuthorizationAction.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/DeviceAuthorizationAction.java @@ -11,9 +11,9 @@ import org.gluu.oxauth.i18n.LanguageBean; import org.gluu.oxauth.model.common.DeviceAuthorizationCacheControl; import org.gluu.oxauth.model.common.DeviceAuthorizationStatus; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.util.Util; import org.gluu.oxauth.service.CookieService; import org.gluu.oxauth.service.DeviceAuthorizationService; diff --git a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/LogoutAction.java b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/LogoutAction.java index 59439203e3..a0e864a4b8 100644 --- a/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/LogoutAction.java +++ b/Server/src/main/java/org/gluu/oxauth/authorize/ws/rs/LogoutAction.java @@ -14,9 +14,9 @@ import org.gluu.oxauth.i18n.LanguageBean; import org.gluu.oxauth.model.common.AuthorizationGrant; import org.gluu.oxauth.model.common.AuthorizationGrantList; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.session.EndSessionRequestParam; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.util.Base64Util; import org.gluu.oxauth.model.util.Util; import org.gluu.oxauth.service.SessionIdService; diff --git a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessage.java b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessage.java deleted file mode 100644 index 69e87fd18c..0000000000 --- a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessage.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. - * - * Copyright (c) 2014, Gluu - */ - -package org.gluu.oxauth.model.error; - -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlRootElement; - -/** - *

- * Represents an error message in a configuration XML file. - *

- *

- * The attribute id is REQUIRED. A single error code. - *

- *

- * The element description is OPTIONAL. A human-readable UTF-8 encoded text - * providing additional information, used to assist the client developer in - * understanding the error that occurred. - *

- *

- * The element URI is OPTIONAL. A URI identifying a human-readable web page with - * information about the error, used to provide the client developer with - * additional information about the error. - *

- * - * @author Javier Rojas Date: 09.23.2011 - * - */ -@XmlRootElement(name = "error") -public class ErrorMessage { - - private String id; - private String description; - private String uri; - - public ErrorMessage() { - } - - public ErrorMessage(String id, String description, String uri) { - this.id = id; - this.description = description; - this.uri = uri; - } - - @XmlAttribute(name = "id") - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - @XmlElement(name = "error-description") - public String getDescription() { - return description; - } - - public void setDescription(String description) { - this.description = description; - } - - @XmlElement(name = "error-uri") - public String getUri() { - return uri; - } - - public void setUri(String uri) { - this.uri = uri; - } -} diff --git a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessageList.java b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessageList.java index 2039930c29..d06deb61cd 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessageList.java +++ b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessageList.java @@ -11,6 +11,8 @@ import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; +import org.gluu.model.error.ErrorMessage; + /** * Represents an error message list in a configuration XML file. diff --git a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessages.java b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessages.java index d2bf0be16d..128978610d 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessages.java +++ b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorMessages.java @@ -9,6 +9,9 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import javax.xml.bind.annotation.*; + +import org.gluu.model.error.ErrorMessage; + import java.util.List; /** diff --git a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorResponseFactory.java b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorResponseFactory.java index 0a1673d5fc..b50e4b729d 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/error/ErrorResponseFactory.java +++ b/Server/src/main/java/org/gluu/oxauth/model/error/ErrorResponseFactory.java @@ -6,6 +6,7 @@ package org.gluu.oxauth.model.error; +import org.gluu.model.error.ErrorMessage; import org.gluu.oxauth.model.authorize.AuthorizeErrorResponseType; import org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType; import org.gluu.oxauth.model.clientinfo.ClientInfoErrorResponseType; diff --git a/Server/src/main/java/org/gluu/oxauth/model/token/IdTokenFactory.java b/Server/src/main/java/org/gluu/oxauth/model/token/IdTokenFactory.java index 87f45dedc7..f5667f6e23 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/token/IdTokenFactory.java +++ b/Server/src/main/java/org/gluu/oxauth/model/token/IdTokenFactory.java @@ -22,6 +22,7 @@ import org.gluu.oxauth.model.jwt.JwtClaimName; import org.gluu.oxauth.model.jwt.JwtSubClaimObject; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.AttributeService; import org.gluu.oxauth.service.ScopeService; import org.gluu.oxauth.service.SessionIdService; diff --git a/Server/src/main/java/org/gluu/oxauth/revoke/RevokeSessionRestWebService.java b/Server/src/main/java/org/gluu/oxauth/revoke/RevokeSessionRestWebService.java index a4b9dcac51..fbc33a7b80 100644 --- a/Server/src/main/java/org/gluu/oxauth/revoke/RevokeSessionRestWebService.java +++ b/Server/src/main/java/org/gluu/oxauth/revoke/RevokeSessionRestWebService.java @@ -1,13 +1,13 @@ package org.gluu.oxauth.revoke; import org.apache.commons.lang.ArrayUtils; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.session.EndSessionErrorResponseType; import org.gluu.oxauth.model.session.SessionClient; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.ScopeService; import org.gluu.oxauth.service.SessionIdService; diff --git a/Server/src/main/java/org/gluu/oxauth/security/Identity.java b/Server/src/main/java/org/gluu/oxauth/security/Identity.java index 2de20f04f6..1eb2927dd0 100644 --- a/Server/src/main/java/org/gluu/oxauth/security/Identity.java +++ b/Server/src/main/java/org/gluu/oxauth/security/Identity.java @@ -12,8 +12,8 @@ import javax.inject.Named; import javax.interceptor.Interceptor; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.session.SessionClient; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.common.User; /** diff --git a/Server/src/main/java/org/gluu/oxauth/service/AuthenticationService.java b/Server/src/main/java/org/gluu/oxauth/service/AuthenticationService.java index 9da79b2bb0..ae89a8e3ed 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/AuthenticationService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/AuthenticationService.java @@ -37,13 +37,13 @@ import org.gluu.model.metric.MetricType; import org.gluu.model.security.Credentials; import org.gluu.model.security.SimplePrincipal; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.SimpleUser; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.registration.Client; import org.gluu.oxauth.model.session.SessionClient; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.util.Util; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.common.ApplicationFactory; diff --git a/Server/src/main/java/org/gluu/oxauth/service/AuthorizeService.java b/Server/src/main/java/org/gluu/oxauth/service/AuthorizeService.java index 0cad5d0db2..343e947aa7 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/AuthorizeService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/AuthorizeService.java @@ -20,6 +20,7 @@ import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.ciba.CibaRequestService; import org.gluu.oxauth.util.RedirectUri; diff --git a/Server/src/main/java/org/gluu/oxauth/service/CleanerTimer.java b/Server/src/main/java/org/gluu/oxauth/service/CleanerTimer.java index c9336c8696..d2322d92b7 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/CleanerTimer.java +++ b/Server/src/main/java/org/gluu/oxauth/service/CleanerTimer.java @@ -21,7 +21,6 @@ import org.gluu.model.ApplicationType; import org.gluu.model.metric.ldap.MetricEntry; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.config.StaticConfiguration; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.fido.u2f.DeviceRegistration; @@ -29,6 +28,7 @@ import org.gluu.oxauth.model.ldap.ClientAuthorization; import org.gluu.oxauth.model.ldap.TokenLdap; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.persistence.UmaResource; import org.gluu.oxauth.service.fido.u2f.RequestService; import org.gluu.oxauth.uma.authorization.UmaPCT; diff --git a/Server/src/main/java/org/gluu/oxauth/service/CookieService.java b/Server/src/main/java/org/gluu/oxauth/service/CookieService.java index d14e80b4ae..77322303b6 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/CookieService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/CookieService.java @@ -2,10 +2,10 @@ import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.config.ConfigurationFactory; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.persist.exception.EntryPersistenceException; import org.gluu.service.cdi.util.CdiUtil; import org.json.JSONArray; diff --git a/Server/src/main/java/org/gluu/oxauth/service/DeviceAuthorizationService.java b/Server/src/main/java/org/gluu/oxauth/service/DeviceAuthorizationService.java index 789957e0d6..f9e652e60e 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/DeviceAuthorizationService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/DeviceAuthorizationService.java @@ -11,10 +11,10 @@ import org.gluu.oxauth.model.common.DeviceAuthorizationCacheControl; import org.gluu.oxauth.model.common.DeviceAuthorizationStatus; import org.gluu.oxauth.model.common.GrantType; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.service.CacheService; import org.slf4j.Logger; diff --git a/Server/src/main/java/org/gluu/oxauth/service/RedirectionUriService.java b/Server/src/main/java/org/gluu/oxauth/service/RedirectionUriService.java index 54da37704e..fc83945307 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/RedirectionUriService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/RedirectionUriService.java @@ -11,11 +11,11 @@ import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; import org.gluu.oxauth.client.QueryStringDecoder; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; import org.gluu.oxauth.model.session.EndSessionErrorResponseType; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.util.URLPatternList; import org.gluu.oxauth.model.util.Util; import org.jetbrains.annotations.NotNull; diff --git a/Server/src/main/java/org/gluu/oxauth/service/RequestParameterService.java b/Server/src/main/java/org/gluu/oxauth/service/RequestParameterService.java index de1e6c695c..eba0556345 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/RequestParameterService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/RequestParameterService.java @@ -11,8 +11,8 @@ import org.gluu.model.security.Identity; import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; import org.gluu.oxauth.model.authorize.JwtAuthorizationRequest; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.util.Util; import org.gluu.util.Pair; import org.gluu.util.StringHelper; diff --git a/Server/src/main/java/org/gluu/oxauth/service/SessionIdService.java b/Server/src/main/java/org/gluu/oxauth/service/SessionIdService.java index 3c9ccf7f65..c556a50d75 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/SessionIdService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/SessionIdService.java @@ -17,8 +17,6 @@ import org.gluu.oxauth.model.audit.OAuth2AuditLog; import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; import org.gluu.oxauth.model.common.Prompt; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.config.StaticConfiguration; @@ -30,6 +28,8 @@ import org.gluu.oxauth.model.jwt.Jwt; import org.gluu.oxauth.model.jwt.JwtClaimName; import org.gluu.oxauth.model.jwt.JwtSubClaimObject; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.model.token.JwtSigner; import org.gluu.oxauth.model.util.JwtUtil; import org.gluu.oxauth.model.util.Pair; diff --git a/Server/src/main/java/org/gluu/oxauth/service/UserService.java b/Server/src/main/java/org/gluu/oxauth/service/UserService.java index e7d863162e..25d2206f86 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/UserService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/UserService.java @@ -12,13 +12,13 @@ import javax.inject.Inject; import org.apache.commons.lang.StringUtils; -import org.gluu.fido2.model.entry.Fido2RegistrationEntry; import org.gluu.oxauth.model.config.StaticConfiguration; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.fido.u2f.DeviceRegistration; import org.gluu.oxauth.model.fido.u2f.DeviceRegistrationStatus; import org.gluu.persist.model.base.CustomEntry; import org.gluu.persist.model.base.SimpleBranch; +import org.gluu.persist.model.fido2.Fido2RegistrationEntry; import org.gluu.search.filter.Filter; import org.gluu.service.net.NetworkService; import org.gluu.util.StringHelper; diff --git a/Server/src/main/java/org/gluu/oxauth/service/expiration/ExpirationNotificatorTimer.java b/Server/src/main/java/org/gluu/oxauth/service/expiration/ExpirationNotificatorTimer.java index af62a5a48e..83206571a0 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/expiration/ExpirationNotificatorTimer.java +++ b/Server/src/main/java/org/gluu/oxauth/service/expiration/ExpirationNotificatorTimer.java @@ -3,9 +3,10 @@ import net.jodah.expiringmap.ExpirationListener; import net.jodah.expiringmap.ExpirationPolicy; import net.jodah.expiringmap.ExpiringMap; -import org.gluu.oxauth.model.common.SessionId; + import org.gluu.oxauth.model.config.StaticConfiguration; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.cdi.event.ExpirationEvent; import org.gluu.oxauth.service.external.ExternalApplicationSessionService; import org.gluu.oxauth.service.external.session.SessionEvent; diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/ExternalApplicationSessionService.java b/Server/src/main/java/org/gluu/oxauth/service/external/ExternalApplicationSessionService.java index 29cdd381e8..e892ef47b4 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/external/ExternalApplicationSessionService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/external/ExternalApplicationSessionService.java @@ -10,7 +10,7 @@ import org.gluu.model.custom.script.CustomScriptType; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; import org.gluu.model.custom.script.type.session.ApplicationSessionType; -import org.gluu.oxauth.model.common.SessionId; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.external.session.SessionEvent; import org.gluu.service.custom.script.ExternalScriptService; diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/context/ConsentGatheringContext.java b/Server/src/main/java/org/gluu/oxauth/service/external/context/ConsentGatheringContext.java index e9d85eb62f..0fccc80816 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/external/context/ConsentGatheringContext.java +++ b/Server/src/main/java/org/gluu/oxauth/service/external/context/ConsentGatheringContext.java @@ -15,9 +15,9 @@ import org.gluu.jsf2.service.FacesService; import org.gluu.model.SimpleCustomProperty; import org.gluu.oxauth.authorize.ws.rs.ConsentGatheringSessionService; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.common.UserService; import org.gluu.oxauth.model.common.User; diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/context/EndSessionContext.java b/Server/src/main/java/org/gluu/oxauth/service/external/context/EndSessionContext.java index bc6ca73cc0..71eef38cd7 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/external/context/EndSessionContext.java +++ b/Server/src/main/java/org/gluu/oxauth/service/external/context/EndSessionContext.java @@ -2,7 +2,7 @@ import com.google.common.collect.Sets; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; -import org.gluu.oxauth.model.common.SessionId; +import org.gluu.oxauth.model.session.SessionId; import javax.servlet.http.HttpServletRequest; import java.util.Set; diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/context/ExternalPostAuthnContext.java b/Server/src/main/java/org/gluu/oxauth/service/external/context/ExternalPostAuthnContext.java index 36de5129eb..c9852e498c 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/external/context/ExternalPostAuthnContext.java +++ b/Server/src/main/java/org/gluu/oxauth/service/external/context/ExternalPostAuthnContext.java @@ -1,8 +1,8 @@ package org.gluu.oxauth.service.external.context; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; diff --git a/Server/src/main/java/org/gluu/oxauth/service/external/session/SessionEvent.java b/Server/src/main/java/org/gluu/oxauth/service/external/session/SessionEvent.java index 4e5fcea00c..0bb32e967f 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/external/session/SessionEvent.java +++ b/Server/src/main/java/org/gluu/oxauth/service/external/session/SessionEvent.java @@ -1,7 +1,7 @@ package org.gluu.oxauth.service.external.session; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; -import org.gluu.oxauth.model.common.SessionId; +import org.gluu.oxauth.model.session.SessionId; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; diff --git a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/RawRegistrationService.java b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/RawRegistrationService.java index 551e4f6b68..e070043277 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/RawRegistrationService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/RawRegistrationService.java @@ -7,14 +7,17 @@ package org.gluu.oxauth.service.fido.u2f; import java.io.IOException; +import java.io.InputStream; +import java.security.NoSuchProviderException; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; import javax.inject.Named; import org.apache.commons.io.IOUtils; -import org.gluu.oxauth.crypto.cert.CertificateParser; import org.gluu.oxauth.crypto.signature.SHA256withECDSASignatureVerification; import org.gluu.oxauth.model.exception.SignatureException; import org.gluu.oxauth.model.fido.u2f.DeviceRegistration; @@ -23,6 +26,7 @@ import org.gluu.oxauth.model.fido.u2f.protocol.ClientData; import org.gluu.oxauth.model.util.Base64Util; import org.gluu.util.io.ByteDataInputStream; +import org.gluu.util.security.SecurityProviderUtility; import org.slf4j.Logger; import com.google.common.io.ByteArrayDataOutput; @@ -39,6 +43,10 @@ public class RawRegistrationService { @Inject private Logger log; + @Inject + @Named("sha256withECDSASignatureVerification") + private SHA256withECDSASignatureVerification signatureVerification; + public static final byte REGISTRATION_RESERVED_BYTE_VALUE = (byte) 0x05; public static final byte REGISTRATION_SIGNED_RESERVED_BYTE_VALUE = (byte) 0x00; public static final long INITIAL_DEVICE_COUNTER_VALUE = -1; @@ -47,9 +55,6 @@ public class RawRegistrationService { public static final String REGISTER_CANCEL_TYPE = "navigator.id.cancelEnrollment"; public static final String[] SUPPORTED_REGISTER_TYPES = new String[] { REGISTER_FINISH_TYPE, REGISTER_CANCEL_TYPE }; - @Inject - @Named("sha256withECDSASignatureVerification") - private SHA256withECDSASignatureVerification signatureVerification; public RawRegisterResponse parseRawRegisterResponse(String rawDataBase64) throws BadInputException { ByteDataInputStream bis = new ByteDataInputStream(Base64Util.base64urldecode(rawDataBase64)); @@ -59,17 +64,23 @@ public RawRegisterResponse parseRawRegisterResponse(String rawDataBase64) throws if (reservedByte != REGISTRATION_RESERVED_BYTE_VALUE) { throw new BadInputException("Incorrect value of reserved byte. Expected: " + REGISTRATION_RESERVED_BYTE_VALUE + ". Was: " + reservedByte); } - return new RawRegisterResponse(bis.read(65), bis.read(bis.readUnsigned()), CertificateParser.parseDer(bis), bis.readAll()); + return new RawRegisterResponse(bis.read(65), bis.read(bis.readUnsigned()), parseDer(bis), bis.readAll()); } catch (IOException ex) { throw new BadInputException("Failed to parse RAW register response", ex); } catch (CertificateException e) { throw new BadInputException("Malformed attestation certificate", e); + } catch (NoSuchProviderException e) { + throw new BadInputException("Failed to parse attestation certificate", e); } } finally { IOUtils.closeQuietly(bis); } } + public X509Certificate parseDer(InputStream is) throws CertificateException, NoSuchProviderException { + return (X509Certificate) CertificateFactory.getInstance("X.509", SecurityProviderUtility.getBCProvider()).generateCertificate(is); + } + public void checkSignature(String appId, ClientData clientData, RawRegisterResponse rawRegisterResponse) throws BadInputException { String rawClientData = clientData.getRawClientData(); byte[] signedBytes = packBytesToSign(signatureVerification.hash(appId), signatureVerification.hash(rawClientData), rawRegisterResponse.getKeyHandle(), diff --git a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/UserSessionIdService.java b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/UserSessionIdService.java index 2d94c81325..e8b0c17b34 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/UserSessionIdService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/UserSessionIdService.java @@ -11,9 +11,9 @@ import javax.enterprise.context.ApplicationScoped; import javax.inject.Inject; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; import org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.ws.rs.fido.u2f.U2fAuthenticationWS; import org.gluu.util.StringHelper; diff --git a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/ValidationService.java b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/ValidationService.java index 8a35a6ea67..d384ed0a1b 100644 --- a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/ValidationService.java +++ b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/ValidationService.java @@ -10,9 +10,9 @@ import javax.inject.Inject; import javax.inject.Named; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.fido.u2f.U2fConstants; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.service.common.UserService; import org.gluu.util.StringHelper; diff --git a/Server/src/main/java/org/gluu/oxauth/session/ws/rs/CheckSessionStatusRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/session/ws/rs/CheckSessionStatusRestWebServiceImpl.java index 349703499e..c2b2401d22 100644 --- a/Server/src/main/java/org/gluu/oxauth/session/ws/rs/CheckSessionStatusRestWebServiceImpl.java +++ b/Server/src/main/java/org/gluu/oxauth/session/ws/rs/CheckSessionStatusRestWebServiceImpl.java @@ -7,7 +7,8 @@ package org.gluu.oxauth.session.ws.rs; import com.fasterxml.jackson.annotation.JsonProperty; -import org.gluu.oxauth.model.common.SessionId; + +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.CookieService; import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.util.ServerUtil; diff --git a/Server/src/main/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImpl.java index 91ec0b7e70..16e582ed3f 100644 --- a/Server/src/main/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImpl.java +++ b/Server/src/main/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImpl.java @@ -16,7 +16,6 @@ import org.gluu.oxauth.model.authorize.AuthorizeRequestParam; import org.gluu.oxauth.model.common.AuthorizationGrant; import org.gluu.oxauth.model.common.AuthorizationGrantList; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; @@ -28,6 +27,7 @@ import org.gluu.oxauth.model.jwt.Jwt; import org.gluu.oxauth.model.registration.Client; import org.gluu.oxauth.model.session.EndSessionErrorResponseType; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.token.JsonWebResponse; import org.gluu.oxauth.model.util.URLPatternList; import org.gluu.oxauth.model.util.Util; diff --git a/Server/src/main/java/org/gluu/oxauth/token/ws/rs/TokenRestWebServiceImpl.java b/Server/src/main/java/org/gluu/oxauth/token/ws/rs/TokenRestWebServiceImpl.java index 983a535bfd..194ba44a64 100644 --- a/Server/src/main/java/org/gluu/oxauth/token/ws/rs/TokenRestWebServiceImpl.java +++ b/Server/src/main/java/org/gluu/oxauth/token/ws/rs/TokenRestWebServiceImpl.java @@ -20,6 +20,7 @@ import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; import org.gluu.oxauth.model.session.SessionClient; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.token.JsonWebResponse; import org.gluu.oxauth.model.token.JwrService; import org.gluu.oxauth.model.token.TokenErrorResponseType; diff --git a/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaAuthorizationContext.java b/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaAuthorizationContext.java index ab6ebef74b..d1e17404fc 100644 --- a/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaAuthorizationContext.java +++ b/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaAuthorizationContext.java @@ -9,10 +9,10 @@ import com.google.common.collect.Lists; import com.google.common.collect.Maps; import org.gluu.model.SimpleCustomProperty; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.persistence.UmaPermission; import org.gluu.oxauth.model.uma.persistence.UmaResource; import org.gluu.oxauth.service.AttributeService; diff --git a/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaGatherContext.java b/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaGatherContext.java index 01e8911dcc..2ea077a4a7 100644 --- a/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaGatherContext.java +++ b/Server/src/main/java/org/gluu/oxauth/uma/authorization/UmaGatherContext.java @@ -15,11 +15,11 @@ import org.gluu.jsf2.service.FacesService; import org.gluu.model.SimpleCustomProperty; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.exception.InvalidJwtException; import org.gluu.oxauth.model.jwt.JwtClaims; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.persistence.UmaPermission; import org.gluu.oxauth.service.common.UserService; import org.gluu.oxauth.service.external.context.ExternalScriptContext; diff --git a/Server/src/main/java/org/gluu/oxauth/uma/service/UmaGatherer.java b/Server/src/main/java/org/gluu/oxauth/uma/service/UmaGatherer.java index b9dccd1e4a..b24ca770f7 100644 --- a/Server/src/main/java/org/gluu/oxauth/uma/service/UmaGatherer.java +++ b/Server/src/main/java/org/gluu/oxauth/uma/service/UmaGatherer.java @@ -23,9 +23,9 @@ import org.gluu.jsf2.service.FacesService; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; import org.gluu.oxauth.i18n.LanguageBean; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.persistence.UmaPermission; import org.gluu.oxauth.service.common.UserService; import org.gluu.oxauth.service.external.ExternalUmaClaimsGatheringService; diff --git a/Server/src/main/java/org/gluu/oxauth/uma/service/UmaSessionService.java b/Server/src/main/java/org/gluu/oxauth/uma/service/UmaSessionService.java index 0ce2e768ec..e002ff338d 100644 --- a/Server/src/main/java/org/gluu/oxauth/uma/service/UmaSessionService.java +++ b/Server/src/main/java/org/gluu/oxauth/uma/service/UmaSessionService.java @@ -7,9 +7,9 @@ package org.gluu.oxauth.uma.service; import org.apache.commons.lang.StringUtils; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.persistence.UmaPermission; import org.gluu.oxauth.model.util.Util; import org.gluu.oxauth.service.ClientService; diff --git a/Server/src/main/java/org/gluu/oxauth/uma/ws/rs/UmaGatheringWS.java b/Server/src/main/java/org/gluu/oxauth/uma/ws/rs/UmaGatheringWS.java index d232d7f2e6..9b83f2f8ee 100644 --- a/Server/src/main/java/org/gluu/oxauth/uma/ws/rs/UmaGatheringWS.java +++ b/Server/src/main/java/org/gluu/oxauth/uma/ws/rs/UmaGatheringWS.java @@ -8,9 +8,9 @@ import org.apache.commons.lang.StringUtils; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.uma.UmaConstants; import org.gluu.oxauth.model.uma.UmaErrorResponseType; import org.gluu.oxauth.model.uma.persistence.UmaPermission; diff --git a/Server/src/main/java/org/gluu/oxauth/ws/rs/fido/u2f/U2fRegistrationWS.java b/Server/src/main/java/org/gluu/oxauth/ws/rs/fido/u2f/U2fRegistrationWS.java index 42a7cffb07..01184673f4 100644 --- a/Server/src/main/java/org/gluu/oxauth/ws/rs/fido/u2f/U2fRegistrationWS.java +++ b/Server/src/main/java/org/gluu/oxauth/ws/rs/fido/u2f/U2fRegistrationWS.java @@ -7,7 +7,6 @@ package org.gluu.oxauth.ws.rs.fido.u2f; import org.gluu.model.custom.script.conf.CustomScriptConfiguration; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.common.User; import org.gluu.oxauth.model.config.Constants; import org.gluu.oxauth.model.configuration.AppConfiguration; @@ -18,6 +17,7 @@ import org.gluu.oxauth.model.fido.u2f.protocol.RegisterRequestMessage; import org.gluu.oxauth.model.fido.u2f.protocol.RegisterResponse; import org.gluu.oxauth.model.fido.u2f.protocol.RegisterStatus; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.service.common.UserService; import org.gluu.oxauth.service.external.ExternalAuthenticationService; diff --git a/Server/src/test/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java b/Server/src/test/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java index f69d73ac12..a09902c212 100644 --- a/Server/src/test/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java +++ b/Server/src/test/java/org/gluu/oxauth/authorize/ws/rs/AuthorizeRestWebServiceValidatorTest.java @@ -1,9 +1,9 @@ package org.gluu.oxauth.authorize.ws.rs; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.configuration.AppConfiguration; import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.security.Identity; import org.gluu.oxauth.service.ClientService; import org.gluu.oxauth.service.DeviceAuthorizationService; diff --git a/Server/src/test/java/org/gluu/oxauth/comp/LocaleTest.java b/Server/src/test/java/org/gluu/oxauth/comp/LocaleTest.java index 3aa338ddc9..aeef07d7c5 100644 --- a/Server/src/test/java/org/gluu/oxauth/comp/LocaleTest.java +++ b/Server/src/test/java/org/gluu/oxauth/comp/LocaleTest.java @@ -14,7 +14,7 @@ import java.util.Locale; import org.gluu.oxauth.BaseTest; -import org.gluu.util.ilocale.LocaleUtil; +import org.gluu.util.locale.LocaleUtil; import org.testng.annotations.Test; /** diff --git a/Server/src/test/java/org/gluu/oxauth/comp/SessionIdServiceTest.java b/Server/src/test/java/org/gluu/oxauth/comp/SessionIdServiceTest.java index f344592f3f..0ce234d62c 100644 --- a/Server/src/test/java/org/gluu/oxauth/comp/SessionIdServiceTest.java +++ b/Server/src/test/java/org/gluu/oxauth/comp/SessionIdServiceTest.java @@ -7,8 +7,8 @@ package org.gluu.oxauth.comp; import org.gluu.oxauth.BaseComponentTest; -import org.gluu.oxauth.model.common.SessionId; -import org.gluu.oxauth.model.common.SessionIdState; +import org.gluu.oxauth.model.session.SessionId; +import org.gluu.oxauth.model.session.SessionIdState; import org.gluu.oxauth.service.SessionIdService; import org.gluu.oxauth.service.common.UserService; import org.testng.Assert; diff --git a/Server/src/test/java/org/gluu/oxauth/dev/CacheGrantManual.java b/Server/src/test/java/org/gluu/oxauth/dev/CacheGrantManual.java index 0ad6bbb3ed..ea9ab7394b 100644 --- a/Server/src/test/java/org/gluu/oxauth/dev/CacheGrantManual.java +++ b/Server/src/test/java/org/gluu/oxauth/dev/CacheGrantManual.java @@ -17,8 +17,8 @@ import java.util.concurrent.ThreadFactory; import org.gluu.oxauth.model.common.CacheGrant; -import org.gluu.oxauth.model.common.SessionId; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.model.common.User; import com.google.common.collect.Lists; diff --git a/Server/src/test/java/org/gluu/oxauth/dev/ConfSerialization.java b/Server/src/test/java/org/gluu/oxauth/dev/ConfSerialization.java index db323048e6..2099e13d85 100644 --- a/Server/src/test/java/org/gluu/oxauth/dev/ConfSerialization.java +++ b/Server/src/test/java/org/gluu/oxauth/dev/ConfSerialization.java @@ -6,12 +6,12 @@ package org.gluu.oxauth.dev; -import org.gluu.oxauth.model.error.ErrorMessage; import org.gluu.oxauth.model.error.ErrorMessages; import org.gluu.oxauth.model.jwk.JSONWebKeySet; import org.gluu.oxauth.util.ServerUtil; import org.testng.Assert; import org.testng.annotations.Test; +import org.gluu.model.error.ErrorMessage; import org.gluu.oxauth.model.config.BaseDnConfiguration; import org.gluu.oxauth.model.config.StaticConfiguration; diff --git a/Server/src/test/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImplTest.java b/Server/src/test/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImplTest.java index 519c6608da..e1d23bad33 100644 --- a/Server/src/test/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImplTest.java +++ b/Server/src/test/java/org/gluu/oxauth/session/ws/rs/EndSessionRestWebServiceImplTest.java @@ -8,6 +8,7 @@ import org.gluu.oxauth.model.error.ErrorResponseFactory; import org.gluu.oxauth.model.jwt.Jwt; import org.gluu.oxauth.model.registration.Client; +import org.gluu.oxauth.model.session.SessionId; import org.gluu.oxauth.service.*; import org.gluu.oxauth.service.external.ExternalApplicationSessionService; import org.gluu.oxauth.service.external.ExternalEndSessionService; diff --git a/common/src/main/java/org/gluu/oxauth/model/config/BaseDnConfiguration.java b/common/src/main/java/org/gluu/oxauth/model/config/BaseDnConfiguration.java index fafc349557..b231a10fb4 100644 --- a/common/src/main/java/org/gluu/oxauth/model/config/BaseDnConfiguration.java +++ b/common/src/main/java/org/gluu/oxauth/model/config/BaseDnConfiguration.java @@ -57,6 +57,10 @@ public class BaseDnConfiguration { private String ciba; @XmlElement(name = "stat") private String stat; + @XmlElement(name = "fido2Attestation") + private String fido2Attestation; + @XmlElement(name = "fido2Assertion") + private String fido2Assertion; public String getAuthorizations() { return authorizations; @@ -193,4 +197,21 @@ public String getStat() { public void setStat(String stat) { this.stat = stat; } + + public String getFido2Attestation() { + return fido2Attestation; + } + + public void setFido2Attestation(String fido2Attestation) { + this.fido2Attestation = fido2Attestation; + } + + public String getFido2Assertion() { + return fido2Assertion; + } + + public void setFido2Assertion(String fido2Assertion) { + this.fido2Assertion = fido2Assertion; + } + } diff --git a/Server/src/main/java/org/gluu/oxauth/model/common/SessionId.java b/common/src/main/java/org/gluu/oxauth/model/session/SessionId.java similarity index 98% rename from Server/src/main/java/org/gluu/oxauth/model/common/SessionId.java rename to common/src/main/java/org/gluu/oxauth/model/session/SessionId.java index f99fe7c328..cd251147cc 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/common/SessionId.java +++ b/common/src/main/java/org/gluu/oxauth/model/session/SessionId.java @@ -4,11 +4,12 @@ * Copyright (c) 2014, Gluu */ -package org.gluu.oxauth.model.common; +package org.gluu.oxauth.model.session; import com.google.common.collect.Maps; import com.google.common.collect.Sets; import org.apache.commons.lang.StringUtils; +import org.gluu.oxauth.model.common.User; import org.gluu.persist.annotation.*; import org.gluu.persist.model.base.Deletable; @@ -24,7 +25,6 @@ import static org.apache.commons.lang.BooleanUtils.isTrue; import static org.gluu.oxauth.model.util.StringUtils.implode; import static org.gluu.oxauth.model.util.StringUtils.spaceSeparatedToList; -import static org.gluu.oxauth.service.SessionIdService.OP_BROWSER_STATE; /** * @author Yuriy Zabrovarnyy @@ -37,6 +37,7 @@ public class SessionId implements Deletable, Serializable { public static final String OLD_SESSION_ID_ATTR_KEY = "old_session_id"; + public static final String OP_BROWSER_STATE = "opbs"; private static final long serialVersionUID = -237476411915686378L; diff --git a/Server/src/main/java/org/gluu/oxauth/model/common/SessionIdAccessMap.java b/common/src/main/java/org/gluu/oxauth/model/session/SessionIdAccessMap.java similarity index 98% rename from Server/src/main/java/org/gluu/oxauth/model/common/SessionIdAccessMap.java rename to common/src/main/java/org/gluu/oxauth/model/session/SessionIdAccessMap.java index 6c8feaa00e..612e0b50b8 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/common/SessionIdAccessMap.java +++ b/common/src/main/java/org/gluu/oxauth/model/session/SessionIdAccessMap.java @@ -4,7 +4,7 @@ * Copyright (c) 2014, Gluu */ -package org.gluu.oxauth.model.common; +package org.gluu.oxauth.model.session; import com.google.common.collect.Sets; diff --git a/Server/src/main/java/org/gluu/oxauth/model/common/SessionIdState.java b/common/src/main/java/org/gluu/oxauth/model/session/SessionIdState.java similarity index 96% rename from Server/src/main/java/org/gluu/oxauth/model/common/SessionIdState.java rename to common/src/main/java/org/gluu/oxauth/model/session/SessionIdState.java index dc06de3c1b..8c69185cfe 100644 --- a/Server/src/main/java/org/gluu/oxauth/model/common/SessionIdState.java +++ b/common/src/main/java/org/gluu/oxauth/model/session/SessionIdState.java @@ -1,4 +1,4 @@ -package org.gluu.oxauth.model.common; +package org.gluu.oxauth.model.session; import java.util.HashMap; import java.util.Map; diff --git a/common/src/main/java/org/gluu/oxauth/service/common/fido2/RegistrationPersistenceService.java b/common/src/main/java/org/gluu/oxauth/service/common/fido2/RegistrationPersistenceService.java new file mode 100644 index 0000000000..b388725b67 --- /dev/null +++ b/common/src/main/java/org/gluu/oxauth/service/common/fido2/RegistrationPersistenceService.java @@ -0,0 +1,206 @@ +package org.gluu.oxauth.service.common.fido2; + +import java.util.Collections; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.TimeZone; +import java.util.UUID; + +import javax.inject.Inject; + +import org.gluu.oxauth.model.common.User; +import org.gluu.oxauth.model.config.StaticConfiguration; +import org.gluu.oxauth.service.common.UserService; +import org.gluu.persist.PersistenceEntryManager; +import org.gluu.persist.model.base.SimpleBranch; +import org.gluu.persist.model.fido2.Fido2RegistrationData; +import org.gluu.persist.model.fido2.Fido2RegistrationEntry; +import org.gluu.persist.model.fido2.Fido2RegistrationStatus; +import org.gluu.search.filter.Filter; +import org.gluu.util.StringHelper; +import org.slf4j.Logger; + +/** + * Abstract class for registrations that are persisted under Person Entry + * @author madhumitas + * + */ + +public abstract class RegistrationPersistenceService { + + @Inject + protected Logger log; + + @Inject + protected PersistenceEntryManager persistenceEntryManager; + + @Inject + protected UserService userService; + + @Inject + protected StaticConfiguration staticConfiguration; + + public void save(Fido2RegistrationEntry registrationEntry) { + prepareBranch(registrationEntry.getUserInum()); + + persistenceEntryManager.persist(registrationEntry); + } + + public void update(Fido2RegistrationEntry registrationEntry) { + prepareBranch(registrationEntry.getUserInum()); + + Date now = new GregorianCalendar(TimeZone.getTimeZone("UTC")).getTime(); + + Fido2RegistrationData registrationData = registrationEntry.getRegistrationData(); + registrationData.setUpdatedDate(now); + registrationData.setUpdatedBy(registrationData.getUsername()); + + registrationEntry.setRegistrationStatus(registrationData.getStatus()); + + persistenceEntryManager.merge(registrationEntry); + } + + public void addBranch(final String baseDn) { + SimpleBranch branch = new SimpleBranch(); + branch.setOrganizationalUnitName("fido2_register"); + branch.setDn(baseDn); + + persistenceEntryManager.persist(branch); + } + + public boolean containsBranch(final String baseDn) { + return persistenceEntryManager.contains(baseDn, SimpleBranch.class); + } + + public String prepareBranch(final String userInum) { + String baseDn = getBaseDnForFido2RegistrationEntries(userInum); + if (!persistenceEntryManager.hasBranchesSupport(baseDn)) { + return baseDn; + } + + // Create Fido2 base branch for registration entries if needed + if (!containsBranch(baseDn)) { + addBranch(baseDn); + } + + return baseDn; + } + + public Fido2RegistrationEntry findRegisteredUserDevice(String userInum, String deviceId, String... returnAttributes) { + String baseDn = getBaseDnForFido2RegistrationEntries(userInum); + if (persistenceEntryManager.hasBranchesSupport(baseDn)) { + if (!containsBranch(baseDn)) { + return null; + } + } + + String deviceDn = getDnForRegistrationEntry(userInum, deviceId); + + return persistenceEntryManager.find(deviceDn, Fido2RegistrationEntry.class, returnAttributes); + } + + public List findByRpRegisteredUserDevices(String userName, String rpId, String ... returnAttributes) { + String userInum = userService.getUserInum(userName); + if (userInum == null) { + return Collections.emptyList(); + } + + String baseDn = getBaseDnForFido2RegistrationEntries(userInum); + if (persistenceEntryManager.hasBranchesSupport(baseDn)) { + if (!containsBranch(baseDn)) { + return Collections.emptyList(); + } + } + + Filter userInumFilter = Filter.createEqualityFilter("personInum", userInum); + Filter registeredFilter = Filter.createEqualityFilter("jansStatus", Fido2RegistrationStatus.registered.getValue()); + Filter filter = null; + if (StringHelper.isNotEmpty(rpId)) { + Filter appIdFilter = Filter.createEqualityFilter("jansApp", rpId); + filter = Filter.createANDFilter(userInumFilter, registeredFilter, appIdFilter); + } + else + { + filter = Filter.createANDFilter(userInumFilter, registeredFilter); + } + List fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, filter, returnAttributes); + + return fido2RegistrationnEntries; + } + + + public boolean attachDeviceRegistrationToUser(String userInum, String deviceDn) { + return attachDeviceRegistrationToUser(userInum, deviceDn, null); + } + + public boolean attachDeviceRegistrationToUser(String userInum, String deviceDn, String deviceName) { + Fido2RegistrationEntry registrationEntry = persistenceEntryManager.find(Fido2RegistrationEntry.class, deviceDn); + if (registrationEntry == null) { + return false; + } + + User user = userService.getUserByInum(userInum, "uid"); + if (user == null) { + return false; + } + + persistenceEntryManager.remove(deviceDn, Fido2RegistrationEntry.class); + + final String id = UUID.randomUUID().toString(); + + String userAttestationDn = getDnForRegistrationEntry(userInum, id); + registrationEntry.setId(id); + registrationEntry.setDn(userAttestationDn); + registrationEntry.setUserInum(userInum); + registrationEntry.setDisplayName(deviceName); + + Fido2RegistrationData registrationData = registrationEntry.getRegistrationData(); + registrationData.setUsername(user.getUserId()); + registrationEntry.clearExpiration(); + + save(registrationEntry); + + return true; + } + + public Fido2RegistrationEntry findOneStepUserDeviceRegistration(String deviceDn) { + Fido2RegistrationEntry registrationEntry = persistenceEntryManager.find(Fido2RegistrationEntry.class, deviceDn); + + return registrationEntry; + } + + public String getDnForRegistrationEntry(String userInum, String jsId) { + // Build DN string for Fido2 registration entry + String baseDn = getBaseDnForFido2RegistrationEntries(userInum); + if (StringHelper.isEmpty(jsId)) { + return baseDn; + } + return String.format("jansId=%s,%s", jsId, baseDn); + } + + public String getBaseDnForFido2RegistrationEntries(String userInum) { + final String userBaseDn = getDnForUser(userInum); // "ou=fido2_register,inum=1234,ou=people,o=jans" + if (StringHelper.isEmpty(userInum)) { + return userBaseDn; + } + + return String.format("ou=fido2_register,%s", userBaseDn); + } + + public String getDnForUser(String userInum) { + String peopleDn = getBasedPeopleDn(); + if (StringHelper.isEmpty(userInum)) { + return peopleDn; + } + + return String.format("inum=%s,%s", userInum, peopleDn); + } + + public String getBasedPeopleDn() { + return staticConfiguration.getBaseDn().getPeople(); + } + + public abstract String getUserInum(String userName); + +}