add function to add backup tan list

d0ccb136 · ls1947 · d61c4da6 · d0ccb136 · d0ccb136 · d0ccb136
Commit d0ccb136 authored Aug 05, 2020 by ls1947
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaService.java
 package edu.kit.scc.webreg.service.twofa;

+import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
+import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResult;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
@@ -27,4 +29,9 @@ public interface TwoFaService {

 	LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException;

+	LinotpInitAuthenticatorTokenResponse createBackupTanList(Long userId, String executor) throws TwoFaException;
+
+	LinotpGetBackupTanListResponse getBackupTanList(Long userId, String serial, String executor)
+			throws TwoFaException;
+
 }
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/TwoFaServiceImpl.java
@@ -16,6 +16,7 @@ import edu.kit.scc.webreg.event.EventSubmitter;
 import edu.kit.scc.webreg.event.TokenEvent;
 import edu.kit.scc.webreg.exc.EventSubmitException;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpConnection;
+import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSetFieldResult;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpShowUserResponse;
@@ -190,6 +191,58 @@ public class TwoFaServiceImpl implements TwoFaService {
 		return response;
 	}

+	@Override
+	public LinotpInitAuthenticatorTokenResponse createBackupTanList(Long userId, String executor) throws TwoFaException {
+		UserEntity user = userDao.findById(userId);
+		
+		Map<String, String> configMap = configResolver.resolveConfig(user);
+
+		LinotpConnection linotpConnection = new LinotpConnection(configMap);
+		linotpConnection.requestAdminSession();
+		
+		LinotpInitAuthenticatorTokenResponse response = linotpConnection.createBackupTanList(user);
+		
+		if (response == null) {
+			throw new TwoFaException("Token generation did not succeed!");
+		}
+
+		HashMap<String, Object> eventMap = new HashMap<String, Object>();
+		eventMap.put("user", user);
+		eventMap.put("respone", response);
+		if (response.getDetail() != null)
+			eventMap.put("serial", response.getDetail().getSerial());
+		TokenEvent event = new TokenEvent(eventMap);
+		try {
+			eventSubmitter.submit(event, EventType.TWOFA_CREATED, executor);
+		} catch (EventSubmitException e) {
+			logger.warn("Could not submit event", e);
+		}
+
+		return response;
+	}
+
+	@Override
+	public LinotpGetBackupTanListResponse getBackupTanList(Long userId, String serial, String executor) throws TwoFaException {
+		UserEntity user = userDao.findById(userId);
+		
+		Map<String, String> configMap = configResolver.resolveConfig(user);
+
+		LinotpConnection linotpConnection = new LinotpConnection(configMap);
+		linotpConnection.requestAdminSession();
+		
+		int count = 5;
+		if (configMap.containsKey("backup_count")) {
+			count = Integer.parseInt(configMap.get("backup_count"));
+		}
+		LinotpGetBackupTanListResponse response = linotpConnection.getBackupTanList(serial, count);
+		
+		if (response == null) {
+			throw new TwoFaException("Could not get backup tan list!");
+		}
+
+		return response;
+	}
+
 	@Override
 	public LinotpSimpleResponse disableToken(Long userId, String serial, String executor) throws TwoFaException {
 		UserEntity user = userDao.findById(userId);

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpConnection.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpConnection.java
@@ -230,6 +230,73 @@ public class LinotpConnection {
 		}		
 	}

+	public LinotpInitAuthenticatorTokenResponse createBackupTanList(UserEntity user) throws TwoFaException {
+		try {
+			HttpPost httpPost = new HttpPost(configMap.get("url") + "/admin/init");
+			
+			List<NameValuePair> nvps = new ArrayList <NameValuePair>();
+			nvps.add(new BasicNameValuePair("session", adminSession));
+			nvps.add(new BasicNameValuePair("type", "hmac"));
+			nvps.add(new BasicNameValuePair("otplen", "8"));
+			nvps.add(new BasicNameValuePair("genkey", "1"));
+			nvps.add(new BasicNameValuePair("hashlib", "sha1"));
+			nvps.add(new BasicNameValuePair("description", "INIT,DELABLE,BWIDM,TS " + formatDate() + ","));
+
+			if (configMap.containsKey("userId"))
+			    nvps.add(new BasicNameValuePair("user", configMap.get("userId")));
+			else
+				nvps.add(new BasicNameValuePair("user", user.getEppn()));
+			if (configMap.containsKey("realm"))
+				nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
+			
+			httpPost.setEntity(new UrlEncodedFormEntity(nvps));
+			
+			CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
+			try {
+			    HttpEntity entity = response.getEntity();
+			    String responseString = EntityUtils.toString(entity);
+			    logger.trace(responseString);
+			    
+			    return resultParser.parseInitAuthenticatorTokenResponse(responseString);
+
+			} finally {
+				response.close();
+			}
+		} catch (ParseException | IOException e) {
+			throw new TwoFaException(e);
+		}		
+	}
+
+	public LinotpGetBackupTanListResponse getBackupTanList(String serial, int count) throws TwoFaException {
+		try {
+			HttpPost httpPost = new HttpPost(configMap.get("url") + "/gettoken/getmultiotp");
+			
+			List<NameValuePair> nvps = new ArrayList <NameValuePair>();
+			nvps.add(new BasicNameValuePair("serial", serial));
+			nvps.add(new BasicNameValuePair("session", adminSession));
+			nvps.add(new BasicNameValuePair("count", "" + count));
+
+			if (configMap.containsKey("realm"))
+				nvps.add(new BasicNameValuePair("realm", configMap.get("realm")));
+			
+			httpPost.setEntity(new UrlEncodedFormEntity(nvps));
+			
+			CloseableHttpResponse response = httpClient.execute(targetHost, httpPost, context);
+			try {
+			    HttpEntity entity = response.getEntity();
+			    String responseString = EntityUtils.toString(entity);
+			    logger.trace(responseString);
+			    
+			    return resultParser.parseGetBackupTanListResponse(responseString);
+
+			} finally {
+				response.close();
+			}
+		} catch (ParseException | IOException e) {
+			throw new TwoFaException(e);
+		}		
+	}
+	
 	public LinotpSetFieldResult initToken(String serial) throws TwoFaException {
 		return setTokenField(serial, "description", "ACTIVE,DELABLE,TS " + formatDate() + ",");
 	}

--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListResponse.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListResponse.java
+package edu.kit.scc.webreg.service.twofa.linotp;
+
+import java.io.Serializable;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class LinotpGetBackupTanListResponse implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	private String version;
+	
+	@JsonProperty("jsonrpc")
+	private String jsonRpc;
+	
+	private LinotpGetBackupTanListResult result;
+	
+	private Integer id;
+
+	public String getVersion() {
+		return version;
+	}
+	
+	public void setVersion(String version) {
+		this.version = version;
+	}
+	
+	public String getJsonRpc() {
+		return jsonRpc;
+	}
+	
+	public void setJsonRpc(String jsonRpc) {
+		this.jsonRpc = jsonRpc;
+	}
+
+	public Integer getId() {
+		return id;
+	}
+
+	public void setId(Integer id) {
+		this.id = id;
+	}
+
+	public LinotpGetBackupTanListResult getResult() {
+		return result;
+	}
+
+	public void setResult(LinotpGetBackupTanListResult result) {
+		this.result = result;
+	}
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListResult.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListResult.java
+package edu.kit.scc.webreg.service.twofa.linotp;
+
+public class LinotpGetBackupTanListResult {
+
+	private boolean status;
+	private LinotpGetBackupTanListValue value;
+
+	public boolean isStatus() {
+		return status;
+	}
+
+	public void setStatus(boolean status) {
+		this.status = status;
+	}
+
+	public LinotpGetBackupTanListValue getValue() {
+		return value;
+	}
+
+	public void setValue(LinotpGetBackupTanListValue value) {
+		this.value = value;
+	}
+
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListValue.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpGetBackupTanListValue.java
+package edu.kit.scc.webreg.service.twofa.linotp;
+
+import java.util.Map;
+
+public class LinotpGetBackupTanListValue {
+
+	private Map<String, String> otp;
+	private String serial;
+	private String type;
+	private boolean result;
+
+	public Map<String, String> getOtp() {
+		return otp;
+	}
+	
+	public void setOtp(Map<String, String> otp) {
+		this.otp = otp;
+	}
+
+	public String getSerial() {
+		return serial;
+	}
+
+	public void setSerial(String serial) {
+		this.serial = serial;
+	}
+
+	public String getType() {
+		return type;
+	}
+
+	public void setType(String type) {
+		this.type = type;
+	}
+
+	public boolean isResult() {
+		return result;
+	}
+
+	public void setResult(boolean result) {
+		this.result = result;
+	}
+}
--- a/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpResultParser.java
+++ b/bwreg-service/src/main/java/edu/kit/scc/webreg/service/twofa/linotp/LinotpResultParser.java
@@ -42,8 +42,18 @@ public class LinotpResultParser {
 		} catch (IOException e) {
 			throw new TwoFaException(e);
 		}		
+	}	
+	
+	public LinotpGetBackupTanListResponse parseGetBackupTanListResponse(String responseString) throws TwoFaException {
+		try {
+			LinotpGetBackupTanListResponse response = 
+					om.readValue(responseString, LinotpGetBackupTanListResponse.class);
+			return response;
+		} catch (IOException e) {
+			throw new TwoFaException(e);
+		}		
 	}
-
+	
 	public LinotpSetFieldResult parseSetFieldResponse(String responseString) throws TwoFaException {
 		try {
 			LinotpSetFieldResult response = 

--- a/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
+++ b/bwreg-webapp/src/main/java/edu/kit/scc/webreg/bean/TwoFaUserBean.java
@@ -25,6 +25,7 @@ import edu.kit.scc.webreg.entity.UserEntity;
 import edu.kit.scc.webreg.service.UserService;
 import edu.kit.scc.webreg.service.twofa.TwoFaException;
 import edu.kit.scc.webreg.service.twofa.TwoFaService;
+import edu.kit.scc.webreg.service.twofa.linotp.LinotpGetBackupTanListResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpInitAuthenticatorTokenResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpSimpleResponse;
 import edu.kit.scc.webreg.service.twofa.linotp.LinotpTokenResultList;
@@ -119,6 +120,49 @@ public class TwoFaUserBean implements Serializable {
 			}
 		}
 	}
+
+	public void createBackupTanList() {
+		if (! getReadOnly()) {
+			try {
+				LinotpInitAuthenticatorTokenResponse response = twoFaService.createBackupTanList(user.getId(), "user-" + user.getId());
+
+				if (response.getResult().isStatus() && response.getResult().isValue()) {
+					if (response != null && response.getDetail() != null) {
+						String serial = response.getDetail().getSerial();
+						twoFaService.initToken(user.getId(), serial, "user-" + user.getId());
+						
+					}
+					
+					tokenList = twoFaService.findByUserId(sessionManager.getUserId());
+					if (tokenList.size() == 1) {
+						// this was the first token. We have to set 2fa elevation
+						sessionManager.setTwoFaElevation(Instant.now());
+					}					
+				}
+				else {
+					messageGenerator.addResolvedWarningMessage("warn", "twofa_token_failed", true);
+				}
+	
+				PrimeFaces.current().executeScript("PF('addBackupTanDlg').hide();");
+				createTokenResponse = null;
+				yubicoCode = "";
+				
+			} catch (TwoFaException e) {
+				logger.warn("TwoFaException", e);
+			}
+		}
+	}	
+
+	public void getBackupTanList(String serial) {
+		if (! getReadOnly()) {
+			try {
+				LinotpGetBackupTanListResponse response = twoFaService.getBackupTanList(user.getId(), serial, "user-" + user.getId());
+				
+			} catch (TwoFaException e) {
+				logger.warn("TwoFaException", e);
+			}
+		}
+	}
 	
 	public void checkAuthenticatorToken() {
 		try {

--- a/bwreg-webapp/src/main/webapp/user/twofa.xhtml
+++ b/bwreg-webapp/src/main/webapp/user/twofa.xhtml
@@ -89,7 +89,7 @@
 							<h:panelGroup>
 								<h:outputText value="#{messages.twofa_tokentype_totp}" rendered="#{token.tokenType == 'TOTP' and token.serial.startsWith('TOTP')}"/>
 								<h:outputText value="#{messages.twofa_tokentype_totp_hardware}" rendered="#{token.tokenType == 'TOTP' and not token.serial.startsWith('TOTP')}"/>
-								<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HOTP'}"/>
+								<h:outputText value="#{messages.twofa_tokentype_tanlist}" rendered="#{token.tokenType == 'HMAC'}"/>
 								<h:outputText value="#{messages.twofa_tokentype_yubikey}" rendered="#{token.tokenType == 'yubico'}"/>
 							</h:panelGroup>
 		
@@ -107,6 +107,8 @@
 							update="@form" rendered="#{! token.isactive and (token.tokenDesc.contains('DELABLE'))}" style="color:red;">
 							<p:confirm header="#{messages.confirm_header}" message="#{messages.confirm}" />
 						</p:commandButton>
+						<p:commandButton action="#{twoFaUserBean.getBackupTanList(token.serial)}" value="#{messages.token_get_tanlist_values}" 
+							update="@form" rendered="#{token.isactive and token.tokenType == 'HMAC'}"/>
 					</p:outputPanel>
 				</p:panelGrid>
 			</p:panel>
@@ -119,6 +121,7 @@
 			<p:outputPanel style="margin-bottom: 16px;">
 				<p:commandButton id="openAddTotpDialog" oncomplete="PF('addTotpDlg').show();" value="#{messages.twofa_create_new_totp}"></p:commandButton>
 				<p:commandButton id="openAddYubicoDialog" oncomplete="PF('addYubicoDlg').show();" value="#{messages.twofa_create_new_yubico}"></p:commandButton>
+				<p:commandButton id="openAddBackupTanDialog" oncomplete="PF('addBackupTanDlg').show();" value="#{messages.twofa_create_backup_tan_list}"></p:commandButton>
 			</p:outputPanel>
 			<p:outputPanel rendered="#{not empty twoFaUserBean.returnServiceId}">
 				<p:link href="../user/register-service.xhtml" value="#{messages.twofa_back_to_register}">
@@ -179,6 +182,21 @@

 		</p:dialog>
 		
+		<p:dialog header="#{messages.twofa_create_backup_tan_list}" 
+					widgetVar="addBackupTanDlg" id="addBackupTanDlgId" modal="true" closable="true" closeOnEscape="true"
+					showEffect="fade" hideEffect="fade">
+			<p:ajax event="close" update="@form" />
+			<div class="panel" style="width:360px;">
+			    <h:outputText value="#{messages.twofa_create_backup_tan_list_desc}" escape="false" />
+		    </div>
+		
+			<p:panel id="backupTanResponsePanel">
+			    <p:commandButton id="backupTanStartButton" action="#{twoFaUserBean.createBackupTanList()}" value="#{messages.start}"
+		    		update="backupTanResponsePanel"/>
+			</p:panel>
+
+		</p:dialog>
+		
 		<p:dialog header="#{messages.twofa_create_backuptan_token}" 
 					widgetVar="addBackuptanDlg" id="addBackuptanDlgId" modal="true" closable="true" closeOnEscape="true"
 					showEffect="fade" hideEffect="fade">