def performBiometricOperation(self, token, task): httpService = CdiUtil.bean(HttpService) http_client = httpService.getHttpsClient() http_client_params = http_client.getParams() bioID_service_url = self.ENDPOINT + task + "?livedetection=true" bioID_service_headers = {"Authorization": "Bearer " + token} try: http_service_response = httpService.executeGet( http_client, bioID_service_url, bioID_service_headers) http_response = http_service_response.getHttpResponse() response_bytes = httpService.getResponseContent(http_response) response_string = httpService.convertEntityToString( response_bytes, Charset.forName("UTF-8")) json_response = JSONObject(response_string) httpService.consume(http_response) if json_response.get("Success") == True: return True else: print "BioID. Reason for failure : %s " % json_response.get( "Error") return False except: print "BioID. failed to invoke %s API: %s" % (task, sys.exc_info()[1]) return None finally: http_service_response.closeConnection()
def initialize_thumbsignin(self, identity, request_path): # Invoking the authenticate/register ThumbSignIn API via the Java SDK thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest( request_path, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response thumbsignin_response_json = JSONObject(thumbsignin_response) transaction_id = thumbsignin_response_json.get(TRANSACTION_ID) status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus" status_request = status_request_type + "/" + transaction_id print "ThumbSignIn. Value of status_request is %s" % status_request authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr( status_request, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of authorization_header is %s" % authorization_header # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"} authorization_header_json = JSONObject(authorization_header) auth_header = authorization_header_json.get("authHeader") x_ts_date = authorization_header_json.get("XTsDate") tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr" identity.setWorkingParameter(tsi_response_key, thumbsignin_response) identity.setWorkingParameter("authorizationHeader", auth_header) identity.setWorkingParameter("xTsDate", x_ts_date) return None
def set_relying_party_login_url(identity): print "ThumbSignIn. Inside set_relying_party_login_url..." session_id = identity.getSessionId() session_attribute = session_id.getSessionAttributes() state_jwt_token = session_attribute.get("state") relying_party_login_url = "" if state_jwt_token is not None: state_jwt_token_array = String(state_jwt_token).split("\\.") state_jwt_token_payload = state_jwt_token_array[1] state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8") state_payload_json = JSONObject(state_payload_str) print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json additional_claims = state_payload_json.get("additional_claims") relying_party_id = additional_claims.get(RELYING_PARTY_ID) print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id) if String(relying_party_id).startsWith("google.com"): # google.com/a/unphishableenterprise.com relying_party_id_array = String(relying_party_id).split("/") google_domain = relying_party_id_array[2] print "ThumbSignIn. Value of google_domain is %s" % google_domain relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub" # elif (String(relying_party_id).startsWith("xyz")): # relying_party_login_url = "xyz.com" else: # If relying_party_login_url is empty, Gluu's default login URL will be used relying_party_login_url = "" print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url) return None
def prepareForStep(self, configurationAttributes, requestParameters, step): print "Person Authentication. prepare for step... %s" % step jwkSet = JWKSet.load( URL(self.tpp_jwks_url)); signedRequest = ServerUtil.getFirstValue(requestParameters, "request") for key in jwkSet.getKeys() : result = self.isSignatureValid(signedRequest, key) if (result == True): signedJWT = SignedJWT.parse(signedRequest) claims = JSONObject(signedJWT.getJWTClaimsSet().getClaims().get("claims")) print "Person Authentication. claims : %s " % claims.toString() id_token = claims.get("id_token"); openbanking_intent_id = id_token.getJSONObject("openbanking_intent_id").getString("value") print "Person Authentication. openbanking_intent_id %s " % openbanking_intent_id redirectURL = self.redirect_url+"&state="+UUID.randomUUID().toString()+"&intent_id="+openbanking_intent_id identity = CdiUtil.bean(Identity) identity.setWorkingParameter("openbanking_intent_id",openbanking_intent_id) print "OpenBanking. Redirecting to ... %s " % redirectURL facesService = CdiUtil.bean(FacesService) facesService.redirectToExternalURL(redirectURL) return True print "Person Authentication. Call to Jans-auth server's /authorize endpoint should contain openbanking_intent_id as an encoded JWT" return False
def setRelyingPartyLoginUrl(self, identity): print "ThumbSignIn. Inside setRelyingPartyLoginUrl..." sessionId = identity.getSessionId() sessionAttribute = sessionId.getSessionAttributes() stateJWTToken = sessionAttribute.get("state") relyingPartyLoginUrl = "" relyingPartyId = "" if (stateJWTToken != None): stateJWTTokenArray = String(stateJWTToken).split("\\.") stateJWTTokenPayload = stateJWTTokenArray[1] statePayloadStr = String( Base64Util.base64urldecode(stateJWTTokenPayload), "UTF-8") statePayloadJson = JSONObject(statePayloadStr) print "ThumbSignIn. Value of state JWT token Payload is %s" % statePayloadJson additional_claims = statePayloadJson.get("additional_claims") relyingPartyId = additional_claims.get("relyingPartyId") print "ThumbSignIn. Value of relyingPartyId is %s" % relyingPartyId identity.setWorkingParameter("relyingPartyId", relyingPartyId) if (String(relyingPartyId).startsWith("google.com")): #google.com/a/unphishableenterprise.com relyingPartyIdArray = String(relyingPartyId).split("/") googleDomain = relyingPartyIdArray[2] print "ThumbSignIn. Value of googleDomain is %s" % googleDomain relyingPartyLoginUrl = "https://www.google.com/accounts/AccountChooser?hd=" + googleDomain + "%26continue=https://apps.google.com/user/hub" #elif (String(relyingPartyId).startsWith("xyz")): #relyingPartyLoginUrl = "xyz.com" else: relyingPartyLoginUrl = relyingPartyId print "ThumbSignIn. Value of relyingPartyLoginUrl is %s" % relyingPartyLoginUrl identity.setWorkingParameter("relyingPartyLoginUrl", relyingPartyLoginUrl) return None
def loadServices(self): if self.DCHOSTS is None: return for host in self.DCHOSTS: url = 'http://%s:9022/sv/*/status' % host fd = None try: try: fd = urllib.urlopen(url) data = '' for d in fd.readlines(): data = data + str(d.strip()) self.SVCBYHOST[host] = [] jo = JSONObject(data) for key in jo.keys(): so = jo.get(key) service = so.get('service') self.SVCBYHOST[host].append(service) if not self.HOSTBYSVC.has_key(service): self.HOSTBYSVC[service] = [] self.HOSTBYSVC[service].append(host) except: # ignore hosts that do not respond pass finally: if fd is not None: fd.close()
def get_user_id_from_thumbsignin(self, request_parameters): transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID) print "ThumbSignIn. Value of transaction_id is %s" % transaction_id get_user_request = "getUser/" + transaction_id print "ThumbSignIn. Value of get_user_request is %s" % get_user_request get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of get_user_response is %s" % get_user_response get_user_response_json = JSONObject(get_user_response) thumbsignin_user_id = get_user_response_json.get(USER_ID) print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id return thumbsignin_user_id
def get_user_id_from_thumbsignin(self, request_parameters): transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID) print "ThumbSignIn. Value of transaction_id is %s" % transaction_id get_user_request = "getUser/" + transaction_id print "ThumbSignIn. Value of get_user_request is %s" % get_user_request get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of get_user_response is %s" % get_user_response get_user_response_json = JSONObject(get_user_response) thumbsignin_user_id = get_user_response_json.get(USER_ID) print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id return thumbsignin_user_id
def initialize_thumbsignin(self, identity, request_path): # Invoking the authenticate/register ThumbSignIn API via the Java SDK thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(request_path, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response thumbsignin_response_json = JSONObject(thumbsignin_response) transaction_id = thumbsignin_response_json.get(TRANSACTION_ID) status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus" status_request = status_request_type + "/" + transaction_id print "ThumbSignIn. Value of status_request is %s" % status_request authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(status_request, ts_api_key, ts_api_secret) print "ThumbSignIn. Value of authorization_header is %s" % authorization_header # {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"} authorization_header_json = JSONObject(authorization_header) auth_header = authorization_header_json.get("authHeader") x_ts_date = authorization_header_json.get("XTsDate") tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr" identity.setWorkingParameter(tsi_response_key, thumbsignin_response) identity.setWorkingParameter("authorizationHeader", auth_header) identity.setWorkingParameter("xTsDate", x_ts_date) return None
def set_relying_party_login_url(identity): print "ThumbSignIn. Inside set_relying_party_login_url..." session_id = identity.getSessionId() session_attribute = session_id.getSessionAttributes() state_jwt_token = session_attribute.get("state") print "ThumbSignIn. Value of state_jwt_token is %s" % state_jwt_token relying_party_login_url = "" if (state_jwt_token is None) or ("." not in state_jwt_token): print "ThumbSignIn. Value of state parameter is not in the format of JWT Token" identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url) return None state_jwt_token_array = String(state_jwt_token).split("\\.") state_jwt_token_payload = state_jwt_token_array[1] state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8") state_payload_json = JSONObject(state_payload_str) print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json if state_payload_json.has("additional_claims"): additional_claims = state_payload_json.get("additional_claims") relying_party_id = additional_claims.get(RELYING_PARTY_ID) print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id) if String(relying_party_id).startsWith("google.com"): # google.com/a/unphishableenterprise.com relying_party_id_array = String(relying_party_id).split("/") google_domain = relying_party_id_array[2] print "ThumbSignIn. Value of google_domain is %s" % google_domain relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub" # elif (String(relying_party_id).startsWith("xyz")): # relying_party_login_url = "xyz.com" else: # If relying_party_login_url is empty, Gluu's default login URL will be used relying_party_login_url = "" print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url) return None
def prepareForStep(self, configurationAttributes, requestParameters, step): print "ThumbSignIn. Inside prepareForStep. Step %d" % step identity = CdiUtil.bean(Identity) authenticationService = CdiUtil.bean(AuthenticationService) global ts_host global ts_apiKey global ts_apiSecret global ts_statusPath identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) self.setRelyingPartyLoginUrl(identity) thumbsigninApiController = ThumbsigninApiController() if (step == 1 or step == 3): print "ThumbSignIn. Prepare for step 1" # Invoking the authenticate ThumbSignIn API via the Java SDK authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest( "authenticate", ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr authenticateResponseJsonObj = JSONObject( authenticateResponseJsonStr) transactionId = authenticateResponseJsonObj.get("transactionId") authenticationStatusRequest = "authStatus/" + transactionId print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr( authenticationStatusRequest, ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"} authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr) authorizationHeader = authorizationHeaderJsonObj.get("authHeader") xTsDate = authorizationHeaderJsonObj.get("XTsDate") print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader print "ThumbSignIn. Value of xTsDate is %s" % xTsDate identity.setWorkingParameter("authenticateResponseJsonStr", authenticateResponseJsonStr) identity.setWorkingParameter("authorizationHeader", authorizationHeader) identity.setWorkingParameter("xTsDate", xTsDate) return True elif (step == 2): print "ThumbSignIn. Prepare for step 2" if (identity.isSetWorkingParameter("userLoginFlow")): userLoginFlow = identity.getWorkingParameter("userLoginFlow") print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow user = authenticationService.getAuthenticatedUser() if (user == None): print "ThumbSignIn. Prepare for step 2. Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Prepare for step 2. user_name: " + user_name if (user_name == None): return False registerRequestPath = "register/" + user_name # Invoking the register ThumbSignIn API via the Java SDK registerResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest( registerRequestPath, ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of registerResponseJsonStr is %s" % registerResponseJsonStr registerResponseJsonObj = JSONObject(registerResponseJsonStr) transactionId = registerResponseJsonObj.get("transactionId") registrationStatusRequest = "regStatus/" + transactionId print "ThumbSignIn. Value of registrationStatusRequest is %s" % registrationStatusRequest authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr( registrationStatusRequest, ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"} authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr) authorizationHeader = authorizationHeaderJsonObj.get("authHeader") xTsDate = authorizationHeaderJsonObj.get("XTsDate") print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader print "ThumbSignIn. Value of xTsDate is %s" % xTsDate identity.setWorkingParameter("userId", user_name) identity.setWorkingParameter("registerResponseJsonStr", registerResponseJsonStr) identity.setWorkingParameter("authorizationHeader", authorizationHeader) identity.setWorkingParameter("xTsDate", xTsDate) return True else: return False
def authenticate(self, configurationAttributes, requestParameters, step): print "ThumbSignIn. Inside authenticate. Step %d" % step authenticationService = CdiUtil.bean(AuthenticationService) identity = CdiUtil.bean(Identity) global ts_host global ts_apiKey global ts_apiSecret global ts_statusPath identity.setWorkingParameter("ts_host", ts_host) identity.setWorkingParameter("ts_statusPath", ts_statusPath) thumbsigninApiController = ThumbsigninApiController() if (step == 1 or step == 3): print "ThumbSignIn. Authenticate for Step %d" % step login_flow = ServerUtil.getFirstValue(requestParameters, "login_flow") print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow #Logic for ThumbSignIn Authentication Flow if (login_flow == "ThumbSignIn_Authentication" or login_flow == "ThumbSignIn_RegistrationSucess"): identity.setWorkingParameter("userLoginFlow", login_flow) print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter( "userLoginFlow") transactionId = ServerUtil.getFirstValue( requestParameters, "transactionId") print "ThumbSignIn. Value of transactionId is %s" % transactionId getUserRequest = "getUser/" + transactionId print "ThumbSignIn. Value of getUserRequest is %s" % getUserRequest getUserResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest( getUserRequest, ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of getUserResponseJsonStr is %s" % getUserResponseJsonStr getUserResponseJsonObj = JSONObject(getUserResponseJsonStr) thumbSignIn_UserId = getUserResponseJsonObj.get("userId") print "ThumbSignIn. Value of thumbSignIn_UserId is %s" % thumbSignIn_UserId logged_in_status = authenticationService.authenticate( thumbSignIn_UserId) print "ThumbSignIn. logged_in status : %r" % (logged_in_status) return logged_in_status #Logic for ThumbSignIn Registration Flow identity.setWorkingParameter("userLoginFlow", "ThumbSignIn_Registration") print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter( "userLoginFlow") credentials = identity.getCredentials() user_name = credentials.getUsername() user_password = credentials.getPassword() print "ThumbSignIn. user_name: " + user_name #print "ThumbSignIn. user_password: "******"ThumbSignIn. Status of LDAP Authentication : %r" % ( logged_in) if (not logged_in): # Invoking the authenticate ThumbSignIn API via the Java SDK authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest( "authenticate", ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr authenticateResponseJsonObj = JSONObject( authenticateResponseJsonStr) transactionId = authenticateResponseJsonObj.get( "transactionId") authenticationStatusRequest = "authStatus/" + transactionId print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr( authenticationStatusRequest, ts_apiKey, ts_apiSecret) print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr # {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"} authorizationHeaderJsonObj = JSONObject( authorizationHeaderJsonStr) authorizationHeader = authorizationHeaderJsonObj.get( "authHeader") xTsDate = authorizationHeaderJsonObj.get("XTsDate") print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader print "ThumbSignIn. Value of xTsDate is %s" % xTsDate identity.setWorkingParameter("authenticateResponseJsonStr", authenticateResponseJsonStr) identity.setWorkingParameter("authorizationHeader", authorizationHeader) identity.setWorkingParameter("xTsDate", xTsDate) return False print "ThumbSignIn. Authenticate for step 1 successful" return True elif (step == 2): print "ThumbSignIn. Registration flow (step 2)" if (identity.isSetWorkingParameter("userLoginFlow")): userLoginFlow = identity.getWorkingParameter("userLoginFlow") print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow else: identity.setWorkingParameter("userLoginFlow", "ThumbSignIn_Registration") print "ThumbSignIn. Setting the value of userLoginFlow to %s" % identity.getWorkingParameter( "userLoginFlow") user = authenticationService.getAuthenticatedUser() if user == None: print "ThumbSignIn. Registration flow (step 2). Failed to determine user name" return False user_name = user.getUserId() print "ThumbSignIn. Registration flow (step 2). user_name: " + user_name print "ThumbSignIn. Registration flow (step 2) successful" return True else: return False