Commit d0ccb136 authored by ls1947's avatar ls1947
Browse files

add function to add backup tan list

parent d61c4da6
package edu.kit.scc.webreg.service.twofa;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResult;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
......@@ -27,4 +29,9 @@ public interface TwoFaService {
LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException;
LinotpInitAuthenticatorTokenResponse createBackupTanList(Long userId, String executor) throws TwoFaException;
LinotpGetBackupTanListResponse getBackupTanList(Long userId, String serial, String executor)
throws TwoFaException;
}
......@@ -16,6 +16,7 @@ import edu.kit.scc.webreg.event.EventSubmitter;
import edu.kit.scc.webreg.event.TokenEvent;
import edu.kit.scc.webreg.exc.EventSubmitException;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpShowUserResponse;
......@@ -190,6 +191,58 @@ public class TwoFaServiceImpl implements TwoFaService {
return response;
}
@Override
public LinotpInitAuthenticatorTokenResponse createBackupTanList(Long userId, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
LinotpInitAuthenticatorTokenResponse response = linotpConnection.createBackupTanList(user);
if (response == null) {
throw new TwoFaException("Token generation did not succeed!");
}
HashMap<String, Object> eventMap = new HashMap<String, Object>();
eventMap.put("user", user);
eventMap.put("respone", response);
if (response.getDetail() != null)
eventMap.put("serial", response.getDetail().getSerial());
TokenEvent event = new TokenEvent(eventMap);
try {
eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return response;
}
@Override
public LinotpGetBackupTanListResponse getBackupTanList(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
Map<String, String> configMap = configResolver.resolveConfig(user);
LinotpConnection linotpConnection = new LinotpConnection(configMap);
linotpConnection.requestAdminSession();
int count = 5;
if (configMap.containsKey("backup_count")) {
count = Integer.parseInt(configMap.get("backup_count"));
}
LinotpGetBackupTanListResponse response = linotpConnection.getBackupTanList(serial, count);
if (response == null) {
throw new TwoFaException("Could not get backup tan list!");
}
return response;
}
@Override
public LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException {
UserEntity user = userDao.findById(userId);
......
......@@ -230,6 +230,73 @@ public class LinotpConnection {
}
}
public LinotpInitAuthenticatorTokenResponse createBackupTanList(UserEntity user) throws TwoFaException {
try {
HttpPost httpPost = new HttpPost(configMap.get("url") + "/admin/init");
List<NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("session", adminSession));
nvps.add(new BasicNameValuePair("type", "hmac"));
nvps.add(new BasicNameValuePair("otplen", "8"));
nvps.add(new BasicNameValuePair("genkey", "1"));
nvps.add(new BasicNameValuePair("hashlib", "sha1"));
nvps.add(new BasicNameValuePair("description", "INIT,DELABLE,BWIDM,TS " + formatDate() + ","));
if (configMap.containsKey("userId"))
nvps.add(new BasicNameValuePair("user", configMap.get("userId")));
else
nvps.add(new BasicNameValuePair("user", user.getEppn()));
if (configMap.containsKey("realm"))
nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
try {
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity);
logger.trace(responseString);
return resultParser.parseInitAuthenticatorTokenResponse(responseString);
} finally {
response.close();
}
} catch (ParseException | IOException e) {
throw new TwoFaException(e);
}
}
public LinotpGetBackupTanListResponse getBackupTanList(String serial, int count) throws TwoFaException {
try {
HttpPost httpPost = new HttpPost(configMap.get("url") + "/gettoken/getmultiotp");
List<NameValuePair> nvps = new ArrayList <NameValuePair>();
nvps.add(new BasicNameValuePair("serial", serial));
nvps.add(new BasicNameValuePair("session", adminSession));
nvps.add(new BasicNameValuePair("count", "" + count));
if (configMap.containsKey("realm"))
nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
httpPost.setEntity(new UrlEncodedFormEntity(nvps));
CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
try {
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity);
logger.trace(responseString);
return resultParser.parseGetBackupTanListResponse(responseString);
} finally {
response.close();
}
} catch (ParseException | IOException e) {
throw new TwoFaException(e);
}
}
public LinotpSetFieldResult initToken(String serial) throws TwoFaException {
return setTokenField(serial, "description", "ACTIVE,DELABLE,TS " + formatDate() + ",");
}
......
package edu.kit.scc.webreg.service.twofa.linotp;
import java.io.Serializable;
import com.fasterxml.jackson.annotation.JsonProperty;
public class LinotpGetBackupTanListResponse implements Serializable {
private static final long serialVersionUID = 1L;
private String version;
@JsonProperty("jsonrpc")
private String jsonRpc;
private LinotpGetBackupTanListResult result;
private Integer id;
public String getVersion() {
return version;
}
public void setVersion(String version) {
this.version = version;
}
public String getJsonRpc() {
return jsonRpc;
}
public void setJsonRpc(String jsonRpc) {
this.jsonRpc = jsonRpc;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public LinotpGetBackupTanListResult getResult() {
return result;
}
public void setResult(LinotpGetBackupTanListResult result) {
this.result = result;
}
}
package edu.kit.scc.webreg.service.twofa.linotp;
public class LinotpGetBackupTanListResult {
private boolean status;
private LinotpGetBackupTanListValue value;
public boolean isStatus() {
return status;
}
public void setStatus(boolean status) {
this.status = status;
}
public LinotpGetBackupTanListValue getValue() {
return value;
}
public void setValue(LinotpGetBackupTanListValue value) {
this.value = value;
}
}
package edu.kit.scc.webreg.service.twofa.linotp;
import java.util.Map;
public class LinotpGetBackupTanListValue {
private Map<String, String> otp;
private String serial;
private String type;
private boolean result;
public Map<String, String> getOtp() {
return otp;
}
public void setOtp(Map<String, String> otp) {
this.otp = otp;
}
public String getSerial() {
return serial;
}
public void setSerial(String serial) {
this.serial = serial;
}
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public boolean isResult() {
return result;
}
public void setResult(boolean result) {
this.result = result;
}
}
......@@ -42,8 +42,18 @@ public class LinotpResultParser {
} catch (IOException e) {
throw new TwoFaException(e);
}
}
public LinotpGetBackupTanListResponse parseGetBackupTanListResponse(String responseString) throws TwoFaException {
try {
LinotpGetBackupTanListResponse response =
om.readValue(responseString, LinotpGetBackupTanListResponse.class);
return response;
} catch (IOException e) {
throw new TwoFaException(e);
}
}
public LinotpSetFieldResult parseSetFieldResponse(String responseString) throws TwoFaException {
try {
LinotpSetFieldResult response =
......
......@@ -25,6 +25,7 @@ import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.service.twofa.TwoFaException;
import edu.kit.scc.webreg.service.twofa.TwoFaService;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;
......@@ -119,6 +120,49 @@ public class TwoFaUserBean implements Serializable {
}
}
}
public void createBackupTanList() {
if (! getReadOnly()) {
try {
LinotpInitAuthenticatorTokenResponse response = twoFaService.createBackupTanList(user.getId(), "user-" + user.getId());
if (response.getResult().isStatus() && response.getResult().isValue()) {
if (response != null && response.getDetail() != null) {
String serial = response.getDetail().getSerial();
twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
}
tokenList = twoFaService.findByUserId(sessionManager.getUserId());
if (tokenList.size() == 1) {
// this was the first token. We have to set 2fa elevation
sessionManager.setTwoFaElevation(Instant.now());
}
}
else {
messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
}
PrimeFaces.current().executeScript("PF('addBackupTanDlg').hide();");
createTokenResponse = null;
yubicoCode = "";
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
}
}
}
public void getBackupTanList(String serial) {
if (! getReadOnly()) {
try {
LinotpGetBackupTanListResponse response = twoFaService.getBackupTanList(user.getId(), serial, "user-" + user.getId());
} catch (TwoFaException e) {
logger.warn("TwoFaException", e);
}
}
}
public void checkAuthenticatorToken() {
try {
......
......@@ -89,7 +89,7 @@
<h:panelGroup>
<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HMAC'}"/>
<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
</h:panelGroup>
......@@ -107,6 +107,8 @@
update="@form" rendered="#{! token.isactive and (token.tokenDesc.contains('DELABLE'))}" style="color:red;">
<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
</p:commandButton>
<p:commandButton action="#{twoFaUserBean.getBackupTanList(token.serial)}" value="#{messages.token_get_tanlist_values}"
update="@form" rendered="#{token.isactive and token.tokenType == 'HMAC'}"/>
</p:outputPanel>
</p:panelGrid>
</p:panel>
......@@ -119,6 +121,7 @@
<p:outputPanel style="margin-bottom: 16px;">
<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
<p:commandButton id="openAddBackupTanDialog" oncomplete="PF('addBackupTanDlg').show();" value="#{messages.twofa_create_backup_tan_list}"></p:commandButton>
</p:outputPanel>
<p:outputPanel rendered="#{not empty twoFaUserBean.returnServiceId}">
<p:link href="../user/register-service.xhtml" value="#{messages.twofa_back_to_register}">
......@@ -179,6 +182,21 @@
</p:dialog>
<p:dialog header="#{messages.twofa_create_backup_tan_list}"
widgetVar="addBackupTanDlg" id="addBackupTanDlgId" modal="true" closable="true" closeOnEscape="true"
showEffect="fade" hideEffect="fade">
<p:ajax event="close" update="@form" />
<div class="panel" style="width:360px;">
<h:outputText value="#{messages.twofa_create_backup_tan_list_desc}" escape="false" />
</div>
<p:panel id="backupTanResponsePanel">
<p:commandButton id="backupTanStartButton" action="#{twoFaUserBean.createBackupTanList()}" value="#{messages.start}"
update="backupTanResponsePanel"/>
</p:panel>
</p:dialog>
<p:dialog header="#{messages.twofa_create_backuptan_token}"
widgetVar="addBackuptanDlg" id="addBackuptanDlgId" modal="true" closable="true" closeOnEscape="true"
showEffect="fade" hideEffect="fade">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment