Fido2 merge from jans (#70)

* chore(fido2): merge from jans Signed-off-by: Yuriy Movchan <[email protected]> * chore(fido2): merge from jans Signed-off-by: Yuriy Movchan <[email protected]> --------- Signed-off-by: Yuriy Movchan <[email protected]>
GluuFederation · Jul 2, 2024 · 39f35e4 · 39f35e4
1 parent bac0960
commit 39f35e4
Show file tree

Hide file tree

Showing 158 changed files with 13,519 additions and 2,069 deletions.
diff --git a/client/pom.xml b/client/pom.xml
@@ -31,6 +31,16 @@
             </testResource>
         </testResources>
 
+		<resources>
+			<resource>
+				<directory>src/main/resources</directory>
+				<filtering>true</filtering>
+				<excludes>
+					<exclude>log4j2.xml</exclude>
+				</excludes>
+			</resource>
+		</resources>
+
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>

diff --git a/client/src/main/java/org/gluu/fido2/client/AssertionService.java b/client/src/main/java/org/gluu/fido2/client/AssertionService.java
@@ -26,6 +26,12 @@ public interface AssertionService {
     @Path("/options")
     public Response authenticate(String content);
 
+    @POST
+    @Consumes({ "application/json" })
+    @Produces({ "application/json" })
+    @Path("/options/generate")
+    public Response generateAuthenticate(String content);
+
     @POST
     @Consumes({ "application/json" })
     @Produces({ "application/json" })

diff --git a/model/pom.xml b/model/pom.xml
@@ -31,12 +31,40 @@
                 <groupId>org.gluu</groupId>
                 <artifactId>oxauth-model</artifactId>
             </dependency>
+	        <dependency>
+	            <groupId>org.gluu</groupId>
+	            <artifactId>oxauth-common</artifactId>
+	            <exclusions>
+	            	<exclusion>
+	            		<groupId>org.apache.jackrabbit</groupId>
+	            		<artifactId>jackrabbit-core</artifactId>
+	            	</exclusion>
+	            	<exclusion>
+	            		<groupId>org.bouncycastle</groupId>
+	            		<artifactId>bcprov-jdk15on</artifactId>
+	            	</exclusion>
+	            </exclusions>
+	        </dependency>
 
 			<!-- Jackson -->
 			<dependency>
 				<groupId>com.fasterxml.jackson.core</groupId>
 				<artifactId>jackson-annotations</artifactId>
 			</dependency>
-	</dependencies>
+
+			<!-- Weld -->
+	        <dependency>
+	            <groupId>org.jboss.weld.servlet</groupId>
+	            <artifactId>weld-servlet-core</artifactId>
+	        </dependency>
+	        <dependency>
+	            <groupId>org.jboss.weld</groupId>
+	            <artifactId>weld-core-impl</artifactId>
+	        </dependency>
+			<dependency>
+				<groupId>org.gluu</groupId>
+				<artifactId>gluu-doc</artifactId>
+			</dependency>
+		</dependencies>
 
 </project>
diff --git a/.../fido/model/entry/DeviceRegistration.java → ...va/org/gluu/entry/DeviceRegistration.java b/.../fido/model/entry/DeviceRegistration.java → ...va/org/gluu/entry/DeviceRegistration.java
@@ -4,7 +4,7 @@
  * Copyright (c) 2020, Gluu
  */
 
-package org.gluu.fido.model.entry;
+package org.gluu.entry;
 
 import java.io.Serializable;
 import java.util.Calendar;

diff --git a/...ntry/DeviceRegistrationConfiguration.java → ...ntry/DeviceRegistrationConfiguration.java b/...ntry/DeviceRegistrationConfiguration.java → ...ntry/DeviceRegistrationConfiguration.java
@@ -4,7 +4,7 @@
  * Copyright (c) 2020, Gluu
  */
 
-package org.gluu.fido.model.entry;
+package org.gluu.entry;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 

diff --git a/...model/entry/DeviceRegistrationStatus.java → .../gluu/entry/DeviceRegistrationStatus.java b/...model/entry/DeviceRegistrationStatus.java → .../gluu/entry/DeviceRegistrationStatus.java
@@ -4,7 +4,7 @@
  * Copyright (c) 2020, Gluu
  */
 
-package org.gluu.fido.model.entry;
+package org.gluu.entry;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -25,7 +25,7 @@ public enum DeviceRegistrationStatus implements AttributeEnum {
     private final String value;
 	private final String displayName;
 
-	private static Map<String, DeviceRegistrationStatus> mapByValues = new HashMap<String, DeviceRegistrationStatus>();
+	private static Map<String, DeviceRegistrationStatus> mapByValues = new HashMap<>();
 
 	static {
 		for (DeviceRegistrationStatus enumType : values()) {

diff --git a/model/src/main/java/org/gluu/fido2/ctap/AttestationFormat.java b/model/src/main/java/org/gluu/fido2/ctap/AttestationFormat.java
@@ -8,7 +8,8 @@
 
 public enum AttestationFormat {
 
-    fido_u2f("fido-u2f"), packed("packed"), tpm("tpm"), android_key("android-key"), android_safetynet("android-safetynet"), none("none"), apple("apple");
+    fido_u2f("fido-u2f"), packed("packed"), tpm("tpm"), android_key("android-key"), android_safetynet("android-safetynet"), none("none"), apple("apple"),
+    fido_u2f_super_gluu("fido-u2f-super-gluu");
 
     private final String fmt;
 

diff --git a/model/src/main/java/org/gluu/fido2/ctap/TokenBindingSupport.java b/model/src/main/java/org/gluu/fido2/ctap/TokenBindingSupport.java
@@ -20,7 +20,7 @@ public enum TokenBindingSupport {
 
     private final String status;
 
-    private static Map<String, TokenBindingSupport> KEY_MAPPINGS = new HashMap<String, TokenBindingSupport>();
+    private static Map<String, TokenBindingSupport> KEY_MAPPINGS = new HashMap<>();
 
     static {
         for (TokenBindingSupport enumType : values()) {

diff --git a/model/src/main/java/org/gluu/fido2/ctap/UserVerification.java b/model/src/main/java/org/gluu/fido2/ctap/UserVerification.java
diff --git a/model/src/main/java/org/gluu/fido2/model/assertion/AssertionErrorResponseType.java b/model/src/main/java/org/gluu/fido2/model/assertion/AssertionErrorResponseType.java
@@ -0,0 +1,49 @@
+package org.gluu.fido2.model.assertion;
+
+import org.gluu.oxauth.model.error.IErrorType;
+
+public enum AssertionErrorResponseType implements IErrorType {
+
+    /**
+     * The request is missing a required parameter, includes an
+     * invalid parameter value or is otherwise malformed id_session.
+     */
+    INVALID_SESSION_ID("invalid_session_id"),
+
+    /**
+     *  The request is missing a required parameter, username or key_handle
+     */
+    INVALID_USERNAME_OR_KEY_HANDLE("invalid_username_or_key_handle"),
+
+    /**
+     * The request contains an unsupported authentication type
+     */
+    UNSUPPORTED_AUTHENTICATION_TYPE("unsupported_authentication_type"),
+
+    /**
+     * The request contains conflicts with Super Gluu parameters
+     */
+    CONFLICT_WITH_SUPER_GLUU("conflict_with_super_gluu"),
+
+    /**
+     * Can't find associated key(s)
+     */
+    KEYS_NOT_FOUND("keys_not_found"),
+    ;
+
+    private final String paramName;
+
+    AssertionErrorResponseType(String paramName) {
+        this.paramName = paramName;
+    }
+
+    @Override
+    public String getParameter() {
+        return paramName;
+    }
+
+    @Override
+    public String toString() {
+        return paramName;
+    }
+}
diff --git a/model/src/main/java/org/gluu/fido2/model/attestation/AttestationErrorResponseType.java b/model/src/main/java/org/gluu/fido2/model/attestation/AttestationErrorResponseType.java
@@ -0,0 +1,84 @@
+package org.gluu.fido2.model.attestation;
+
+import org.gluu.oxauth.model.error.IErrorType;
+
+public enum AttestationErrorResponseType implements IErrorType {
+
+    /**
+     * The request contains a challenge with error.
+     */
+    INVALID_CHALLENGE("invalid_challenge"),
+
+    /**
+     * The request contains unsupported attestation format (fmt)
+     */
+    UNSUPPORTED_ATTESTATION_FORMAT("unsupported_attestation_format"),
+
+    /**
+     * The request is missing a required parameter, includes an
+     * invalid parameter value or is otherwise malformed id_session.
+     */
+    INVALID_SESSION_ID("invalid_session_id"),
+
+    /**
+     * The request contains an unsupported register type
+     */
+    UNSUPPORTED_REGISTER_TYPE("unsupported_register_type"),
+
+    /**
+     * Auto enrollment is disabled
+     */
+    USER_AUTO_ENROLLMENT_IS_DISABLED("user_auto_enrollment_is_disabled"),
+
+    /**
+     * Certificate validation error
+     */
+    INVALID_CERTIFICATE("invalid_certificate"),
+
+    /**
+     * Packed validation error
+     */
+    PACKED_ERROR("packed_error"),
+
+    /**
+     * Tpm validation error
+     */
+    TPM_ERROR("tpm_error"),
+
+    /**
+     * Android key validation error
+     */
+    ANDROID_KEY_ERROR("android_key_error"),
+
+    /**
+     * Android safetynet validation error
+     */
+    ANDROID_SAFETYNET_ERROR("android_safetynet_error"),
+
+    /**
+     * Apple validation error
+     */
+    APPLE_ERROR("apple_error"),
+
+    /**
+     * Fido U2F validation error
+     */
+    FIDO_U2F_ERROR("fido_u2f_error"),
+    ;
+
+    private final String paramName;
+
+    AttestationErrorResponseType(String paramName) {
+        this.paramName = paramName;
+    }
+
+    @Override
+    public String getParameter() {
+        return paramName;
+    }
+
+    @Override
+    public String toString() {
+        return paramName;
+    }
+}
diff --git a/...uu/fido2/model/conf/AppConfiguration.java → ...uu/fido2/model/conf/AppConfiguration.java b/...uu/fido2/model/conf/AppConfiguration.java → ...uu/fido2/model/conf/AppConfiguration.java
@@ -8,6 +8,9 @@
 
 import java.util.List;
 
+import javax.enterprise.inject.Vetoed;
+
+import org.gluu.doc.annotation.DocProperty;
 import org.gluu.oxauth.model.configuration.Configuration;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@@ -19,26 +22,43 @@
  * @version May 13, 2020
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
+@Vetoed
 public class AppConfiguration implements Configuration {
 
+	@DocProperty(description = "URL using the https scheme for Issuer identifier")
     private String issuer;
+	@DocProperty(description = "The base URL for Fido2 endpoints")
     private String baseEndpoint;
-
+	@DocProperty(description = "Time interval for the Clean Service in seconds")
     private int cleanServiceInterval;
+	@DocProperty(description = "Each clean up iteration fetches chunk of expired data per base dn and removes it from storage")
     private int cleanServiceBatchChunkSize = 100;
-
+	@DocProperty(description = "Boolean value to indicate if Local Cache is to be used")
     private boolean useLocalCache;
-
+	@DocProperty(description = "Boolean value specifying whether to enable JDK Loggers")
     private boolean disableJdkLogger = true;
+	@DocProperty(description = "Logging level for Fido2 logger")
     private String loggingLevel;
+	@DocProperty(description = "Logging layout used for Fido2")
     private String loggingLayout;
+	@DocProperty(description = "Path to external Fido2 logging configuration")
     private String externalLoggerConfiguration;
-
+	@DocProperty(description = "The interval for metric reporter in seconds")
     private int metricReporterInterval;
+	@DocProperty(description = "The days to keep report data")
     private int metricReporterKeepDataDays;
+	@DocProperty(description = "Boolean value specifying whether metric reporter is enabled")
     private boolean metricReporterEnabled = true;
-
+	@DocProperty(description = "Custom object class list for dynamic person enrolment")
     private List<String> personCustomObjectClassList;
+	@DocProperty(description = "Boolean value to enable disable Super Gluu extension")
+    private boolean superGluuEnabled;
+    @DocProperty(description = "Boolean value specifying whether to persist session_id in cache", defaultValue = "false")
+    private Boolean sessionIdPersistInCache = false;
+	@DocProperty(description = "Boolean value to enable disable old oxAuth U2F enrollments migration")
+    private boolean oldU2fMigrationEnabled;
+	@DocProperty(description = "Boolean value specifying whether to return detailed reason of the error from Fido2. Default value is false", defaultValue = "false")
+	private Boolean errorReasonEnabled = false;
 
     private Fido2Configuration fido2Configuration;
 
@@ -130,11 +150,11 @@ public void setMetricReporterKeepDataDays(int metricReporterKeepDataDays) {
 		this.metricReporterKeepDataDays = metricReporterKeepDataDays;
 	}
 
-	public Boolean getMetricReporterEnabled() {
+	public boolean getMetricReporterEnabled() {
 		return metricReporterEnabled;
 	}
 
-	public void setMetricReporterEnabled(Boolean metricReporterEnabled) {
+	public void setMetricReporterEnabled(boolean metricReporterEnabled) {
 		this.metricReporterEnabled = metricReporterEnabled;
 	}
 
@@ -154,4 +174,36 @@ public void setFido2Configuration(Fido2Configuration fido2Configuration) {
 		this.fido2Configuration = fido2Configuration;
 	}
 
+	public boolean isSuperGluuEnabled() {
+		return superGluuEnabled;
+	}
+
+	public void setSuperGluuEnabled(boolean superGluuEnabled) {
+		this.superGluuEnabled = superGluuEnabled;
+	}
+
+    public Boolean getSessionIdPersistInCache() {
+        if (sessionIdPersistInCache == null) sessionIdPersistInCache = false;
+        return sessionIdPersistInCache;
+    }
+
+    public void setSessionIdPersistInCache(Boolean sessionIdPersistInCache) {
+        this.sessionIdPersistInCache = sessionIdPersistInCache;
+    }
+
+	public boolean isOldU2fMigrationEnabled() {
+		return oldU2fMigrationEnabled;
+	}
+
+	public void setOldU2fMigrationEnabled(boolean oldU2fMigrationEnabled) {
+		this.oldU2fMigrationEnabled = oldU2fMigrationEnabled;
+	}
+
+	public Boolean getErrorReasonEnabled() {
+		return errorReasonEnabled;
+	}
+
+	public void setErrorReasonEnabled(Boolean errorReasonEnabled) {
+		this.errorReasonEnabled = errorReasonEnabled;
+	}
 }