ValidationService.java example

Explorer
uma-master
- oxAuth-master
/*
 * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
 *
 * Copyright (c) 2014, Gluu
 */

package org.xdi.oxauth.service.fido.u2f;

import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.inject.Named;

import org.slf4j.Logger;
import org.xdi.oxauth.model.common.SessionState;
import org.xdi.oxauth.model.common.User;
import org.xdi.oxauth.model.config.Constants;
import org.xdi.oxauth.model.fido.u2f.U2fConstants;
import org.xdi.oxauth.service.SessionStateService;
import org.xdi.oxauth.service.UserService;
import org.xdi.util.StringHelper;

/**
 * Utility to validate U2F input data
 *
 * @author Yuriy Movchan Date: 05/11/2016
 */
@Stateless
@Named("u2fValidationService")
public class ValidationService {

	@Inject
	private Logger log;

	@Inject
	private SessionStateService sessionStateService;

	@Inject
	private UserService userService;

	public boolean isValidSessionState(String userName, String sessionState) {
		if (sessionState == null) {
			log.error("In two step authentication workflow session_state is mandatory");
			return false;
		}
		
		SessionState ldapSessionState = sessionStateService.getSessionState(sessionState);
		if (ldapSessionState == null) {
			log.error("Specified session_state '{}' is invalid", sessionState);
			return false;
		}
		
		String sessionStateUser = ldapSessionState.getSessionAttributes().get(Constants.AUTHENTICATED_USER);
		if (!StringHelper.equalsIgnoreCase(userName, sessionStateUser)) {
			log.error("Username '{}' and session_state '{}' don't match", userName, sessionState);
			return false;
		}

		return true;
	}

	public boolean isValidEnrollmentCode(String userName, String enrollmentCode) {
		if (enrollmentCode == null) {
			log.error("In two step authentication workflow enrollment_code is mandatory");
			return false;
		}
		
		User user = userService.getUser(userName, U2fConstants.U2F_ENROLLMENT_CODE_ATTRIBUTE);
		if (user == null) {
			log.error("Specified user_name '{}' is invalid", userName);
			return false;
		}
		
		String userEnrollmentCode = user.getAttribute(U2fConstants.U2F_ENROLLMENT_CODE_ATTRIBUTE);
		if (userEnrollmentCode == null) {
			log.error("Specified enrollment_code '{}' is invalid", enrollmentCode);
			return false;
		}

		if (!StringHelper.equalsIgnoreCase(userEnrollmentCode, enrollmentCode)) {
			log.error("Username '{}' and enrollment_code '{}' don't match", userName, enrollmentCode);
			return false;
		}

		return true;
	}

}