def performBiometricOperation(self, token, task):
        httpService = CdiUtil.bean(HttpService)
        http_client = httpService.getHttpsClient()
        http_client_params = http_client.getParams()
        bioID_service_url = self.ENDPOINT + task + "?livedetection=true"
        bioID_service_headers = {"Authorization": "Bearer " + token}

        try:
            http_service_response = httpService.executeGet(
                http_client, bioID_service_url, bioID_service_headers)
            http_response = http_service_response.getHttpResponse()
            response_bytes = httpService.getResponseContent(http_response)
            response_string = httpService.convertEntityToString(
                response_bytes, Charset.forName("UTF-8"))
            json_response = JSONObject(response_string)
            httpService.consume(http_response)
            if json_response.get("Success") == True:
                return True
            else:
                print "BioID. Reason for failure : %s " % json_response.get(
                    "Error")
                return False
        except:
            print "BioID. failed to invoke %s API: %s" % (task,
                                                          sys.exc_info()[1])
            return None

        finally:
            http_service_response.closeConnection()
Exemplo n.º 2
0
    def initialize_thumbsignin(self, identity, request_path):
        # Invoking the authenticate/register ThumbSignIn API via the Java SDK
        thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(
            request_path, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response

        thumbsignin_response_json = JSONObject(thumbsignin_response)
        transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
        status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
        status_request = status_request_type + "/" + transaction_id
        print "ThumbSignIn. Value of status_request is %s" % status_request

        authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(
            status_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
        # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
        authorization_header_json = JSONObject(authorization_header)
        auth_header = authorization_header_json.get("authHeader")
        x_ts_date = authorization_header_json.get("XTsDate")

        tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
        identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
        identity.setWorkingParameter("authorizationHeader", auth_header)
        identity.setWorkingParameter("xTsDate", x_ts_date)
        return None
Exemplo n.º 3
0
    def set_relying_party_login_url(identity):
        print "ThumbSignIn. Inside set_relying_party_login_url..."
        session_id =  identity.getSessionId()
        session_attribute = session_id.getSessionAttributes()
        state_jwt_token = session_attribute.get("state")

        relying_party_login_url = ""
        if state_jwt_token is not None:
            state_jwt_token_array = String(state_jwt_token).split("\\.")
            state_jwt_token_payload = state_jwt_token_array[1]
            state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
            state_payload_json = JSONObject(state_payload_str)
            print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
            additional_claims = state_payload_json.get("additional_claims")
            relying_party_id = additional_claims.get(RELYING_PARTY_ID)
            print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
            identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)

            if String(relying_party_id).startsWith("google.com"):
                # google.com/a/unphishableenterprise.com
                relying_party_id_array = String(relying_party_id).split("/")
                google_domain = relying_party_id_array[2]
                print "ThumbSignIn. Value of google_domain is %s" % google_domain
                relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
                # elif (String(relying_party_id).startsWith("xyz")):
                # relying_party_login_url = "xyz.com"
            else:
                # If relying_party_login_url is empty, Gluu's default login URL will be used
                relying_party_login_url = ""

        print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
        identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
        return None
 def prepareForStep(self, configurationAttributes, requestParameters, step):
     print "Person Authentication. prepare for step... %s" % step 
     
     jwkSet = JWKSet.load( URL(self.tpp_jwks_url));
     signedRequest = ServerUtil.getFirstValue(requestParameters, "request")
     for key in jwkSet.getKeys() : 
         result = self.isSignatureValid(signedRequest, key)
         if (result == True):
             signedJWT = SignedJWT.parse(signedRequest)
             claims = JSONObject(signedJWT.getJWTClaimsSet().getClaims().get("claims"))
             print "Person Authentication. claims : %s " % claims.toString()
             id_token = claims.get("id_token");
             openbanking_intent_id = id_token.getJSONObject("openbanking_intent_id").getString("value")
             print "Person Authentication. openbanking_intent_id %s " % openbanking_intent_id
             redirectURL = self.redirect_url+"&state="+UUID.randomUUID().toString()+"&intent_id="+openbanking_intent_id
             identity = CdiUtil.bean(Identity)
             identity.setWorkingParameter("openbanking_intent_id",openbanking_intent_id)
             print "OpenBanking. Redirecting to ... %s " % redirectURL 
             facesService = CdiUtil.bean(FacesService)
             facesService.redirectToExternalURL(redirectURL)
             return True
   
     
     
     print "Person Authentication. Call to Jans-auth server's /authorize endpoint should contain openbanking_intent_id as an encoded JWT"
     return False
    def setRelyingPartyLoginUrl(self, identity):
        print "ThumbSignIn. Inside setRelyingPartyLoginUrl..."
        sessionId = identity.getSessionId()
        sessionAttribute = sessionId.getSessionAttributes()
        stateJWTToken = sessionAttribute.get("state")

        relyingPartyLoginUrl = ""
        relyingPartyId = ""
        if (stateJWTToken != None):
            stateJWTTokenArray = String(stateJWTToken).split("\\.")
            stateJWTTokenPayload = stateJWTTokenArray[1]
            statePayloadStr = String(
                Base64Util.base64urldecode(stateJWTTokenPayload), "UTF-8")
            statePayloadJson = JSONObject(statePayloadStr)
            print "ThumbSignIn. Value of state JWT token Payload is %s" % statePayloadJson
            additional_claims = statePayloadJson.get("additional_claims")
            relyingPartyId = additional_claims.get("relyingPartyId")
            print "ThumbSignIn. Value of relyingPartyId is %s" % relyingPartyId
            identity.setWorkingParameter("relyingPartyId", relyingPartyId)

            if (String(relyingPartyId).startsWith("google.com")):
                #google.com/a/unphishableenterprise.com
                relyingPartyIdArray = String(relyingPartyId).split("/")
                googleDomain = relyingPartyIdArray[2]
                print "ThumbSignIn. Value of googleDomain is %s" % googleDomain
                relyingPartyLoginUrl = "https://www.google.com/accounts/AccountChooser?hd=" + googleDomain + "%26continue=https://apps.google.com/user/hub"
            #elif (String(relyingPartyId).startsWith("xyz")):
            #relyingPartyLoginUrl = "xyz.com"
            else:
                relyingPartyLoginUrl = relyingPartyId

        print "ThumbSignIn. Value of relyingPartyLoginUrl is %s" % relyingPartyLoginUrl
        identity.setWorkingParameter("relyingPartyLoginUrl",
                                     relyingPartyLoginUrl)
        return None
Exemplo n.º 6
0
Arquivo: sor.py Projeto: piyush76/EMS
 def loadServices(self):
     if self.DCHOSTS is None:
         return
     for host in self.DCHOSTS:
         url = 'http://%s:9022/sv/*/status' % host
         fd = None
         try:
             try:
                 fd = urllib.urlopen(url)
                 data = ''
                 for d in fd.readlines():
                     data = data + str(d.strip())
 
                 self.SVCBYHOST[host] = []
 
                 jo = JSONObject(data)
                 for key in jo.keys():
                     so = jo.get(key)
                     service = so.get('service')
                     self.SVCBYHOST[host].append(service)
                     if not self.HOSTBYSVC.has_key(service):
                         self.HOSTBYSVC[service] = []
                     self.HOSTBYSVC[service].append(host)
             except:
                 # ignore hosts that do not respond
                 pass
         finally:
             if fd is not None:
                 fd.close()
Exemplo n.º 7
0
    def get_user_id_from_thumbsignin(self, request_parameters):
        transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
        print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
        get_user_request = "getUser/" + transaction_id
        print "ThumbSignIn. Value of get_user_request is %s" % get_user_request

        get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
        get_user_response_json = JSONObject(get_user_response)
        thumbsignin_user_id = get_user_response_json.get(USER_ID)
        print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
        return thumbsignin_user_id
    def get_user_id_from_thumbsignin(self, request_parameters):
        transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
        print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
        get_user_request = "getUser/" + transaction_id
        print "ThumbSignIn. Value of get_user_request is %s" % get_user_request

        get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
        get_user_response_json = JSONObject(get_user_response)
        thumbsignin_user_id = get_user_response_json.get(USER_ID)
        print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
        return thumbsignin_user_id
    def initialize_thumbsignin(self, identity, request_path):
        # Invoking the authenticate/register ThumbSignIn API via the Java SDK
        thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(request_path, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response

        thumbsignin_response_json = JSONObject(thumbsignin_response)
        transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
        status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
        status_request = status_request_type + "/" + transaction_id
        print "ThumbSignIn. Value of status_request is %s" % status_request

        authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(status_request, ts_api_key, ts_api_secret)
        print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
        # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
        authorization_header_json = JSONObject(authorization_header)
        auth_header = authorization_header_json.get("authHeader")
        x_ts_date = authorization_header_json.get("XTsDate")

        tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
        identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
        identity.setWorkingParameter("authorizationHeader", auth_header)
        identity.setWorkingParameter("xTsDate", x_ts_date)
        return None
    def set_relying_party_login_url(identity):
        print "ThumbSignIn. Inside set_relying_party_login_url..."
        session_id = identity.getSessionId()
        session_attribute = session_id.getSessionAttributes()
        state_jwt_token = session_attribute.get("state")
        print "ThumbSignIn. Value of state_jwt_token is %s" % state_jwt_token
        relying_party_login_url = ""
        if (state_jwt_token is None) or ("." not in state_jwt_token):
            print "ThumbSignIn. Value of state parameter is not in the format of JWT Token"
            identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
            return None

        state_jwt_token_array = String(state_jwt_token).split("\\.")
        state_jwt_token_payload = state_jwt_token_array[1]
        state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
        state_payload_json = JSONObject(state_payload_str)
        print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
        if state_payload_json.has("additional_claims"):
            additional_claims = state_payload_json.get("additional_claims")
            relying_party_id = additional_claims.get(RELYING_PARTY_ID)
            print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
            identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)

            if String(relying_party_id).startsWith("google.com"):
                # google.com/a/unphishableenterprise.com
                relying_party_id_array = String(relying_party_id).split("/")
                google_domain = relying_party_id_array[2]
                print "ThumbSignIn. Value of google_domain is %s" % google_domain
                relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
                # elif (String(relying_party_id).startsWith("xyz")):
                # relying_party_login_url = "xyz.com"
            else:
                # If relying_party_login_url is empty, Gluu's default login URL will be used
                relying_party_login_url = ""

        print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
        identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
        return None
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        print "ThumbSignIn. Inside prepareForStep. Step %d" % step
        identity = CdiUtil.bean(Identity)
        authenticationService = CdiUtil.bean(AuthenticationService)

        global ts_host
        global ts_apiKey
        global ts_apiSecret
        global ts_statusPath

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        self.setRelyingPartyLoginUrl(identity)
        thumbsigninApiController = ThumbsigninApiController()

        if (step == 1 or step == 3):
            print "ThumbSignIn. Prepare for step 1"

            # Invoking the authenticate ThumbSignIn API via the Java SDK
            authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                "authenticate", ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr

            authenticateResponseJsonObj = JSONObject(
                authenticateResponseJsonStr)
            transactionId = authenticateResponseJsonObj.get("transactionId")
            authenticationStatusRequest = "authStatus/" + transactionId
            print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest

            authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                authenticationStatusRequest, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
            # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

            authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
            authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
            xTsDate = authorizationHeaderJsonObj.get("XTsDate")
            print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
            print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

            identity.setWorkingParameter("authenticateResponseJsonStr",
                                         authenticateResponseJsonStr)
            identity.setWorkingParameter("authorizationHeader",
                                         authorizationHeader)
            identity.setWorkingParameter("xTsDate", xTsDate)

            return True

        elif (step == 2):
            print "ThumbSignIn. Prepare for step 2"

            if (identity.isSetWorkingParameter("userLoginFlow")):
                userLoginFlow = identity.getWorkingParameter("userLoginFlow")
                print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow

            user = authenticationService.getAuthenticatedUser()
            if (user == None):
                print "ThumbSignIn. Prepare for step 2. Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Prepare for step 2. user_name: " + user_name
            if (user_name == None):
                return False

            registerRequestPath = "register/" + user_name

            # Invoking the register ThumbSignIn API via the Java SDK
            registerResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                registerRequestPath, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of registerResponseJsonStr is %s" % registerResponseJsonStr

            registerResponseJsonObj = JSONObject(registerResponseJsonStr)
            transactionId = registerResponseJsonObj.get("transactionId")
            registrationStatusRequest = "regStatus/" + transactionId
            print "ThumbSignIn. Value of registrationStatusRequest is %s" % registrationStatusRequest

            authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                registrationStatusRequest, ts_apiKey, ts_apiSecret)
            print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
            # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

            authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
            authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
            xTsDate = authorizationHeaderJsonObj.get("XTsDate")
            print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
            print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

            identity.setWorkingParameter("userId", user_name)
            identity.setWorkingParameter("registerResponseJsonStr",
                                         registerResponseJsonStr)
            identity.setWorkingParameter("authorizationHeader",
                                         authorizationHeader)
            identity.setWorkingParameter("xTsDate", xTsDate)

            return True
        else:
            return False
    def authenticate(self, configurationAttributes, requestParameters, step):
        print "ThumbSignIn. Inside authenticate. Step %d" % step
        authenticationService = CdiUtil.bean(AuthenticationService)
        identity = CdiUtil.bean(Identity)

        global ts_host
        global ts_apiKey
        global ts_apiSecret
        global ts_statusPath

        identity.setWorkingParameter("ts_host", ts_host)
        identity.setWorkingParameter("ts_statusPath", ts_statusPath)

        thumbsigninApiController = ThumbsigninApiController()

        if (step == 1 or step == 3):
            print "ThumbSignIn. Authenticate for Step %d" % step

            login_flow = ServerUtil.getFirstValue(requestParameters,
                                                  "login_flow")
            print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow

            #Logic for ThumbSignIn Authentication Flow
            if (login_flow == "ThumbSignIn_Authentication"
                    or login_flow == "ThumbSignIn_RegistrationSucess"):
                identity.setWorkingParameter("userLoginFlow", login_flow)
                print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
                    "userLoginFlow")

                transactionId = ServerUtil.getFirstValue(
                    requestParameters, "transactionId")
                print "ThumbSignIn. Value of transactionId is %s" % transactionId
                getUserRequest = "getUser/" + transactionId
                print "ThumbSignIn. Value of getUserRequest is %s" % getUserRequest

                getUserResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                    getUserRequest, ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of getUserResponseJsonStr is %s" % getUserResponseJsonStr
                getUserResponseJsonObj = JSONObject(getUserResponseJsonStr)
                thumbSignIn_UserId = getUserResponseJsonObj.get("userId")
                print "ThumbSignIn. Value of thumbSignIn_UserId is %s" % thumbSignIn_UserId

                logged_in_status = authenticationService.authenticate(
                    thumbSignIn_UserId)
                print "ThumbSignIn. logged_in status : %r" % (logged_in_status)
                return logged_in_status

            #Logic for ThumbSignIn Registration Flow
            identity.setWorkingParameter("userLoginFlow",
                                         "ThumbSignIn_Registration")
            print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
                "userLoginFlow")
            credentials = identity.getCredentials()

            user_name = credentials.getUsername()
            user_password = credentials.getPassword()
            print "ThumbSignIn. user_name: " + user_name
            #print "ThumbSignIn. user_password: "******"ThumbSignIn. Status of LDAP Authentication : %r" % (
                logged_in)

            if (not logged_in):
                # Invoking the authenticate ThumbSignIn API via the Java SDK
                authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
                    "authenticate", ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr

                authenticateResponseJsonObj = JSONObject(
                    authenticateResponseJsonStr)
                transactionId = authenticateResponseJsonObj.get(
                    "transactionId")
                authenticationStatusRequest = "authStatus/" + transactionId
                print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest

                authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
                    authenticationStatusRequest, ts_apiKey, ts_apiSecret)
                print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
                # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}

                authorizationHeaderJsonObj = JSONObject(
                    authorizationHeaderJsonStr)
                authorizationHeader = authorizationHeaderJsonObj.get(
                    "authHeader")
                xTsDate = authorizationHeaderJsonObj.get("XTsDate")
                print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
                print "ThumbSignIn. Value of xTsDate is %s" % xTsDate

                identity.setWorkingParameter("authenticateResponseJsonStr",
                                             authenticateResponseJsonStr)
                identity.setWorkingParameter("authorizationHeader",
                                             authorizationHeader)
                identity.setWorkingParameter("xTsDate", xTsDate)
                return False

            print "ThumbSignIn. Authenticate for step 1 successful"
            return True

        elif (step == 2):
            print "ThumbSignIn. Registration flow (step 2)"

            if (identity.isSetWorkingParameter("userLoginFlow")):
                userLoginFlow = identity.getWorkingParameter("userLoginFlow")
                print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow
            else:
                identity.setWorkingParameter("userLoginFlow",
                                             "ThumbSignIn_Registration")
                print "ThumbSignIn. Setting the value of userLoginFlow to %s" % identity.getWorkingParameter(
                    "userLoginFlow")

            user = authenticationService.getAuthenticatedUser()
            if user == None:
                print "ThumbSignIn. Registration flow (step 2). Failed to determine user name"
                return False

            user_name = user.getUserId()
            print "ThumbSignIn. Registration flow (step 2). user_name: " + user_name

            print "ThumbSignIn. Registration flow (step 2) successful"
            return True
        else:
            return False