ApplicationService.java example

Explorer
uma-master
- oxAuth-master
/*
 * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.xdi.oxauth.service.fido.u2f;

import java.net.URI;
import java.net.URISyntaxException;

import javax.ejb.Stateless;
import javax.inject.Named;

import org.xdi.net.InetAddressUtility;
import org.xdi.oxauth.exception.fido.u2f.BadConfigurationException;

/**
 * Provides operations with U2F applications
 *
 * @author Yuriy Movchan Date: 05/19/2015
 */
@Stateless
@Named
public class ApplicationService {

	private boolean validateApplication = true;

	public boolean isValidateApplication() {
		return validateApplication;
	}

	/**
	 * Throws {@link BadConfigurationException} if the given App ID is found to
	 * be incompatible with the U2F specification or any major U2F Client
	 * implementation.
	 *
	 * @param appId
	 *            the App ID to be validated
	 */
	public void checkIsValid(String appId) {
		if (!appId.contains(":")) {
			throw new BadConfigurationException("App ID does not look like a valid facet or URL. Web facets must start with 'https://'.");
		}

		if (appId.startsWith("http:")) {
			throw new BadConfigurationException("HTTP is not supported for App IDs. Use HTTPS instead.");
		}

		if (appId.startsWith("https://")) {
			URI url = checkValidUrl(appId);
			checkPathIsNotSlash(url);
			checkNotIpAddress(url);
		}
	}

	private void checkPathIsNotSlash(URI url) {
		if ("/".equals(url.getPath())) {
			throw new BadConfigurationException(
					"The path of the URL set as App ID is '/'. This is probably not what you want -- remove the trailing slash of the App ID URL.");
		}
	}

	private URI checkValidUrl(String appId) {
		URI url = null;
		try {
			url = new URI(appId);
		} catch (URISyntaxException e) {
			throw new BadConfigurationException("App ID looks like a HTTPS URL, but has syntax errors.", e);
		}
		return url;
	}

	private void checkNotIpAddress(URI url) {
		if (InetAddressUtility.isIpAddress(url.getAuthority()) || (url.getHost() != null && InetAddressUtility.isIpAddress(url.getHost()))) {
			throw new BadConfigurationException("App ID must not be an IP-address, since it is not supported. Use a host name instead.");
		}
	}
}