feat(fido2): allow to update device data in SG authentication respons…

…e jans #8116 Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
GluuFederation · Mar 27, 2024 · 43b2dae · 43b2dae
1 parent 8796b1b
commit 43b2dae
Show file tree

Hide file tree

Showing 2 changed files with 125 additions and 1 deletion.
diff --git a/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/protocol/DeviceNotificationConf.java b/Model/src/main/java/org/gluu/oxauth/model/fido/u2f/protocol/DeviceNotificationConf.java
@@ -0,0 +1,71 @@
+/*
+ * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
+ *
+ * Copyright (c) 2015, Gluu
+ */
+
+package org.gluu.oxauth.model.fido.u2f.protocol;
+
+import java.io.Serializable;
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * FIDO2 U2F device notification configuration
+ *
+ * @author Yuriy Movchan Date: 03/21/2024
+ */
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class DeviceNotificationConf implements Serializable {
+
+	private static final long serialVersionUID = -8173244116167488365L;
+
+	@JsonProperty(value = "sns_endpoint_arn")
+	private String snsEndpointArn;
+
+	@JsonProperty(value = "sns_endpoint_arn_remove")
+	private String snsEndpointArnRemove;
+
+    @JsonProperty(value = "sns_endpoint_arn_history")
+    private List<String> snsEndpointArnHistory;
+
+	public DeviceNotificationConf(@JsonProperty(value = "sns_endpoint_arn") String snsEndpointArn, @JsonProperty(value = "sns_endpoint_arn_remove") String snsEndpointArnRemove,
+			@JsonProperty(value = "sns_endpoint_arn_history") List<String> snsEndpointArnHistory) {
+		this.snsEndpointArn = snsEndpointArn;
+		this.snsEndpointArnRemove = snsEndpointArnRemove;
+		this.snsEndpointArnHistory = snsEndpointArnHistory;
+	}
+
+	public String getSnsEndpointArn() {
+		return snsEndpointArn;
+	}
+
+	public void setSnsEndpointArn(String snsEndpointArn) {
+		this.snsEndpointArn = snsEndpointArn;
+	}
+
+	public String getSnsEndpointArnRemove() {
+		return snsEndpointArnRemove;
+	}
+
+	public void setSnsEndpointArnRemove(String snsEndpointArnRemove) {
+		this.snsEndpointArnRemove = snsEndpointArnRemove;
+	}
+
+	public List<String> getSnsEndpointArnHistory() {
+		return snsEndpointArnHistory;
+	}
+
+	public void setSnsEndpointArnHistory(List<String> snsEndpointArnHistory) {
+		this.snsEndpointArnHistory = snsEndpointArnHistory;
+	}
+
+	@Override
+	public String toString() {
+		return "Fido2DeviceNotificationConf [snsEndpointArn=" + snsEndpointArn + ", snsEndpointArnRemove="
+				+ snsEndpointArnRemove + ", snsEndpointArnHistory=" + snsEndpointArnHistory + "]";
+	}
+
+}
diff --git a/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/AuthenticationService.java b/Server/src/main/java/org/gluu/oxauth/service/fido/u2f/AuthenticationService.java
@@ -35,8 +35,11 @@
 import org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequestMessage;
 import org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateResponse;
 import org.gluu.oxauth.model.fido.u2f.protocol.ClientData;
+import org.gluu.oxauth.model.fido.u2f.protocol.DeviceData;
+import org.gluu.oxauth.model.fido.u2f.protocol.DeviceNotificationConf;
 import org.gluu.oxauth.model.util.Base64Util;
 import org.gluu.oxauth.service.common.UserService;
+import org.gluu.oxauth.util.ServerUtil;
 import org.gluu.persist.PersistenceEntryManager;
 import org.gluu.persist.reflect.property.Setter;
 import org.gluu.persist.reflect.util.ReflectHelper;
@@ -175,6 +178,22 @@ public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage
         log.debug("Counter in finish authentication request'{}', counter in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
         usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
 
+        String responseDeviceData = response.getDeviceData();
+        if (StringHelper.isNotEmpty(responseDeviceData)) {
+            try {
+                String responseDeviceDataDecoded = new String(Base64Util.base64urldecode(responseDeviceData));
+                DeviceData deviceData = ServerUtil.jsonMapperWithWrapRoot().readValue(responseDeviceDataDecoded, DeviceData.class);
+
+                boolean pushTokenUpdated = !StringHelper.equals(usedDeviceRegistration.getDeviceData().getPushToken(), deviceData.getPushToken());
+	            if (pushTokenUpdated) {
+	            	prepareForPushTokenChange(usedDeviceRegistration);
+	            }
+
+            } catch (Exception ex) {
+                throw new BadInputException(String.format("Device data is invalid: %s", responseDeviceData), ex);
+            }
+        }
+
         usedDeviceRegistration.setLastAccessTime(new Date());
 
         deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
@@ -190,7 +209,41 @@ public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage
         return new DeviceRegistrationResult(usedDeviceRegistration, status);
     }
 
-    public AuthenticateRequest getAuthenticateRequest(AuthenticateRequestMessage requestMessage, AuthenticateResponse response) throws BadInputException {
+    private void prepareForPushTokenChange(DeviceRegistration deviceRegistration) {
+		String deviceNotificationConfString = deviceRegistration.getDeviceNotificationConf();
+		if (deviceNotificationConfString == null) {
+			return;
+		}
+
+		DeviceNotificationConf deviceNotificationConf = null;
+		try {
+            String responseDeviceDataDecoded = new String(Base64Util.base64urldecode(deviceNotificationConfString));
+            deviceNotificationConf = ServerUtil.jsonMapperWithWrapRoot().readValue(responseDeviceDataDecoded, DeviceNotificationConf.class);
+        } catch (Exception ex) {
+            log.error("Failed to parse device notifacation configuration '{}'", deviceNotificationConfString);
+        }
+
+		if (deviceNotificationConf == null) {
+			return;
+		}
+
+		String snsEndpointArn = deviceNotificationConf.getSnsEndpointArn();
+		if (StringHelper.isEmpty(snsEndpointArn)) {
+			return;
+		}
+
+		deviceNotificationConf.setSnsEndpointArn(null);
+		deviceNotificationConf.setSnsEndpointArnRemove(snsEndpointArn);
+		List<String> snsEndpointArnHistory = deviceNotificationConf.getSnsEndpointArnHistory();
+		if (snsEndpointArnHistory == null) {
+			snsEndpointArnHistory = new ArrayList<>();
+			deviceNotificationConf.setSnsEndpointArnHistory(snsEndpointArnHistory);
+		}
+
+		snsEndpointArnHistory.add(snsEndpointArn);
+	}
+
+	public AuthenticateRequest getAuthenticateRequest(AuthenticateRequestMessage requestMessage, AuthenticateResponse response) throws BadInputException {
         if (!StringHelper.equals(requestMessage.getRequestId(), response.getRequestId())) {
             throw new BadInputException("Wrong request for response data");
         }