def performBiometricOperation(self, token, task):
httpService = CdiUtil.bean(HttpService)
http_client = httpService.getHttpsClient()
http_client_params = http_client.getParams()
bioID_service_url = self.ENDPOINT + task + "?livedetection=true"
bioID_service_headers = {"Authorization": "Bearer " + token}
try:
http_service_response = httpService.executeGet(
http_client, bioID_service_url, bioID_service_headers)
http_response = http_service_response.getHttpResponse()
response_bytes = httpService.getResponseContent(http_response)
response_string = httpService.convertEntityToString(
response_bytes, Charset.forName("UTF-8"))
json_response = JSONObject(response_string)
httpService.consume(http_response)
if json_response.get("Success") == True:
return True
else:
print "BioID. Reason for failure : %s " % json_response.get(
"Error")
return False
except:
print "BioID. failed to invoke %s API: %s" % (task,
sys.exc_info()[1])
return None
finally:
http_service_response.closeConnection()
def initialize_thumbsignin(self, identity, request_path):
# Invoking the authenticate/register ThumbSignIn API via the Java SDK
thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(
request_path, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response
thumbsignin_response_json = JSONObject(thumbsignin_response)
transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
status_request = status_request_type + "/" + transaction_id
print "ThumbSignIn. Value of status_request is %s" % status_request
authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(
status_request, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
# {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
authorization_header_json = JSONObject(authorization_header)
auth_header = authorization_header_json.get("authHeader")
x_ts_date = authorization_header_json.get("XTsDate")
tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
identity.setWorkingParameter("authorizationHeader", auth_header)
identity.setWorkingParameter("xTsDate", x_ts_date)
return None
def set_relying_party_login_url(identity):
print "ThumbSignIn. Inside set_relying_party_login_url..."
session_id = identity.getSessionId()
session_attribute = session_id.getSessionAttributes()
state_jwt_token = session_attribute.get("state")
relying_party_login_url = ""
if state_jwt_token is not None:
state_jwt_token_array = String(state_jwt_token).split("\\.")
state_jwt_token_payload = state_jwt_token_array[1]
state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
state_payload_json = JSONObject(state_payload_str)
print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
additional_claims = state_payload_json.get("additional_claims")
relying_party_id = additional_claims.get(RELYING_PARTY_ID)
print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)
if String(relying_party_id).startsWith("google.com"):
# google.com/a/unphishableenterprise.com
relying_party_id_array = String(relying_party_id).split("/")
google_domain = relying_party_id_array[2]
print "ThumbSignIn. Value of google_domain is %s" % google_domain
relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
# elif (String(relying_party_id).startsWith("xyz")):
# relying_party_login_url = "xyz.com"
else:
# If relying_party_login_url is empty, Gluu's default login URL will be used
relying_party_login_url = ""
print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
return None
def prepareForStep(self, configurationAttributes, requestParameters, step):
print "Person Authentication. prepare for step... %s" % step
jwkSet = JWKSet.load( URL(self.tpp_jwks_url));
signedRequest = ServerUtil.getFirstValue(requestParameters, "request")
for key in jwkSet.getKeys() :
result = self.isSignatureValid(signedRequest, key)
if (result == True):
signedJWT = SignedJWT.parse(signedRequest)
claims = JSONObject(signedJWT.getJWTClaimsSet().getClaims().get("claims"))
print "Person Authentication. claims : %s " % claims.toString()
id_token = claims.get("id_token");
openbanking_intent_id = id_token.getJSONObject("openbanking_intent_id").getString("value")
print "Person Authentication. openbanking_intent_id %s " % openbanking_intent_id
redirectURL = self.redirect_url+"&state="+UUID.randomUUID().toString()+"&intent_id="+openbanking_intent_id
identity = CdiUtil.bean(Identity)
identity.setWorkingParameter("openbanking_intent_id",openbanking_intent_id)
print "OpenBanking. Redirecting to ... %s " % redirectURL
facesService = CdiUtil.bean(FacesService)
facesService.redirectToExternalURL(redirectURL)
return True
print "Person Authentication. Call to Jans-auth server's /authorize endpoint should contain openbanking_intent_id as an encoded JWT"
return False
def setRelyingPartyLoginUrl(self, identity):
print "ThumbSignIn. Inside setRelyingPartyLoginUrl..."
sessionId = identity.getSessionId()
sessionAttribute = sessionId.getSessionAttributes()
stateJWTToken = sessionAttribute.get("state")
relyingPartyLoginUrl = ""
relyingPartyId = ""
if (stateJWTToken != None):
stateJWTTokenArray = String(stateJWTToken).split("\\.")
stateJWTTokenPayload = stateJWTTokenArray[1]
statePayloadStr = String(
Base64Util.base64urldecode(stateJWTTokenPayload), "UTF-8")
statePayloadJson = JSONObject(statePayloadStr)
print "ThumbSignIn. Value of state JWT token Payload is %s" % statePayloadJson
additional_claims = statePayloadJson.get("additional_claims")
relyingPartyId = additional_claims.get("relyingPartyId")
print "ThumbSignIn. Value of relyingPartyId is %s" % relyingPartyId
identity.setWorkingParameter("relyingPartyId", relyingPartyId)
if (String(relyingPartyId).startsWith("google.com")):
#google.com/a/unphishableenterprise.com
relyingPartyIdArray = String(relyingPartyId).split("/")
googleDomain = relyingPartyIdArray[2]
print "ThumbSignIn. Value of googleDomain is %s" % googleDomain
relyingPartyLoginUrl = "https://www.google.com/accounts/AccountChooser?hd=" + googleDomain + "%26continue=https://apps.google.com/user/hub"
#elif (String(relyingPartyId).startsWith("xyz")):
#relyingPartyLoginUrl = "xyz.com"
else:
relyingPartyLoginUrl = relyingPartyId
print "ThumbSignIn. Value of relyingPartyLoginUrl is %s" % relyingPartyLoginUrl
identity.setWorkingParameter("relyingPartyLoginUrl",
relyingPartyLoginUrl)
return None
def loadServices(self):
if self.DCHOSTS is None:
return
for host in self.DCHOSTS:
url = 'http://%s:9022/sv/*/status' % host
fd = None
try:
try:
fd = urllib.urlopen(url)
data = ''
for d in fd.readlines():
data = data + str(d.strip())
self.SVCBYHOST[host] = []
jo = JSONObject(data)
for key in jo.keys():
so = jo.get(key)
service = so.get('service')
self.SVCBYHOST[host].append(service)
if not self.HOSTBYSVC.has_key(service):
self.HOSTBYSVC[service] = []
self.HOSTBYSVC[service].append(host)
except:
# ignore hosts that do not respond
pass
finally:
if fd is not None:
fd.close()
def get_user_id_from_thumbsignin(self, request_parameters):
transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
get_user_request = "getUser/" + transaction_id
print "ThumbSignIn. Value of get_user_request is %s" % get_user_request
get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
get_user_response_json = JSONObject(get_user_response)
thumbsignin_user_id = get_user_response_json.get(USER_ID)
print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
return thumbsignin_user_id
def get_user_id_from_thumbsignin(self, request_parameters):
transaction_id = ServerUtil.getFirstValue(request_parameters, TRANSACTION_ID)
print "ThumbSignIn. Value of transaction_id is %s" % transaction_id
get_user_request = "getUser/" + transaction_id
print "ThumbSignIn. Value of get_user_request is %s" % get_user_request
get_user_response = self.thumbsigninApiController.handleThumbSigninRequest(get_user_request, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of get_user_response is %s" % get_user_response
get_user_response_json = JSONObject(get_user_response)
thumbsignin_user_id = get_user_response_json.get(USER_ID)
print "ThumbSignIn. Value of thumbsignin_user_id is %s" % thumbsignin_user_id
return thumbsignin_user_id
def initialize_thumbsignin(self, identity, request_path):
# Invoking the authenticate/register ThumbSignIn API via the Java SDK
thumbsignin_response = self.thumbsigninApiController.handleThumbSigninRequest(request_path, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of thumbsignin_response is %s" % thumbsignin_response
thumbsignin_response_json = JSONObject(thumbsignin_response)
transaction_id = thumbsignin_response_json.get(TRANSACTION_ID)
status_request_type = "authStatus" if request_path == AUTHENTICATE else "regStatus"
status_request = status_request_type + "/" + transaction_id
print "ThumbSignIn. Value of status_request is %s" % status_request
authorization_header = self.thumbsigninApiController.getAuthorizationHeaderJsonStr(status_request, ts_api_key, ts_api_secret)
print "ThumbSignIn. Value of authorization_header is %s" % authorization_header
# {"authHeader":"HmacSHA256 Credential=X,SignedHeaders=accept;content-type;x-ts-date,Signature=X","XTsDate":"X"}
authorization_header_json = JSONObject(authorization_header)
auth_header = authorization_header_json.get("authHeader")
x_ts_date = authorization_header_json.get("XTsDate")
tsi_response_key = "authenticateResponseJsonStr" if request_path == AUTHENTICATE else "registerResponseJsonStr"
identity.setWorkingParameter(tsi_response_key, thumbsignin_response)
identity.setWorkingParameter("authorizationHeader", auth_header)
identity.setWorkingParameter("xTsDate", x_ts_date)
return None
def set_relying_party_login_url(identity):
print "ThumbSignIn. Inside set_relying_party_login_url..."
session_id = identity.getSessionId()
session_attribute = session_id.getSessionAttributes()
state_jwt_token = session_attribute.get("state")
print "ThumbSignIn. Value of state_jwt_token is %s" % state_jwt_token
relying_party_login_url = ""
if (state_jwt_token is None) or ("." not in state_jwt_token):
print "ThumbSignIn. Value of state parameter is not in the format of JWT Token"
identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
return None
state_jwt_token_array = String(state_jwt_token).split("\\.")
state_jwt_token_payload = state_jwt_token_array[1]
state_payload_str = String(Base64Util.base64urldecode(state_jwt_token_payload), "UTF-8")
state_payload_json = JSONObject(state_payload_str)
print "ThumbSignIn. Value of state JWT token Payload is %s" % state_payload_json
if state_payload_json.has("additional_claims"):
additional_claims = state_payload_json.get("additional_claims")
relying_party_id = additional_claims.get(RELYING_PARTY_ID)
print "ThumbSignIn. Value of relying_party_id is %s" % relying_party_id
identity.setWorkingParameter(RELYING_PARTY_ID, relying_party_id)
if String(relying_party_id).startsWith("google.com"):
# google.com/a/unphishableenterprise.com
relying_party_id_array = String(relying_party_id).split("/")
google_domain = relying_party_id_array[2]
print "ThumbSignIn. Value of google_domain is %s" % google_domain
relying_party_login_url = "https://www.google.com/accounts/AccountChooser?hd="+ google_domain + "%26continue=https://apps.google.com/user/hub"
# elif (String(relying_party_id).startsWith("xyz")):
# relying_party_login_url = "xyz.com"
else:
# If relying_party_login_url is empty, Gluu's default login URL will be used
relying_party_login_url = ""
print "ThumbSignIn. Value of relying_party_login_url is %s" % relying_party_login_url
identity.setWorkingParameter(RELYING_PARTY_LOGIN_URL, relying_party_login_url)
return None
def prepareForStep(self, configurationAttributes, requestParameters, step):
print "ThumbSignIn. Inside prepareForStep. Step %d" % step
identity = CdiUtil.bean(Identity)
authenticationService = CdiUtil.bean(AuthenticationService)
global ts_host
global ts_apiKey
global ts_apiSecret
global ts_statusPath
identity.setWorkingParameter("ts_host", ts_host)
identity.setWorkingParameter("ts_statusPath", ts_statusPath)
self.setRelyingPartyLoginUrl(identity)
thumbsigninApiController = ThumbsigninApiController()
if (step == 1 or step == 3):
print "ThumbSignIn. Prepare for step 1"
# Invoking the authenticate ThumbSignIn API via the Java SDK
authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
"authenticate", ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr
authenticateResponseJsonObj = JSONObject(
authenticateResponseJsonStr)
transactionId = authenticateResponseJsonObj.get("transactionId")
authenticationStatusRequest = "authStatus/" + transactionId
print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest
authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
authenticationStatusRequest, ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
# {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}
authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
xTsDate = authorizationHeaderJsonObj.get("XTsDate")
print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
print "ThumbSignIn. Value of xTsDate is %s" % xTsDate
identity.setWorkingParameter("authenticateResponseJsonStr",
authenticateResponseJsonStr)
identity.setWorkingParameter("authorizationHeader",
authorizationHeader)
identity.setWorkingParameter("xTsDate", xTsDate)
return True
elif (step == 2):
print "ThumbSignIn. Prepare for step 2"
if (identity.isSetWorkingParameter("userLoginFlow")):
userLoginFlow = identity.getWorkingParameter("userLoginFlow")
print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow
user = authenticationService.getAuthenticatedUser()
if (user == None):
print "ThumbSignIn. Prepare for step 2. Failed to determine user name"
return False
user_name = user.getUserId()
print "ThumbSignIn. Prepare for step 2. user_name: " + user_name
if (user_name == None):
return False
registerRequestPath = "register/" + user_name
# Invoking the register ThumbSignIn API via the Java SDK
registerResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
registerRequestPath, ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of registerResponseJsonStr is %s" % registerResponseJsonStr
registerResponseJsonObj = JSONObject(registerResponseJsonStr)
transactionId = registerResponseJsonObj.get("transactionId")
registrationStatusRequest = "regStatus/" + transactionId
print "ThumbSignIn. Value of registrationStatusRequest is %s" % registrationStatusRequest
authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
registrationStatusRequest, ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
# {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}
authorizationHeaderJsonObj = JSONObject(authorizationHeaderJsonStr)
authorizationHeader = authorizationHeaderJsonObj.get("authHeader")
xTsDate = authorizationHeaderJsonObj.get("XTsDate")
print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
print "ThumbSignIn. Value of xTsDate is %s" % xTsDate
identity.setWorkingParameter("userId", user_name)
identity.setWorkingParameter("registerResponseJsonStr",
registerResponseJsonStr)
identity.setWorkingParameter("authorizationHeader",
authorizationHeader)
identity.setWorkingParameter("xTsDate", xTsDate)
return True
else:
return False
def authenticate(self, configurationAttributes, requestParameters, step):
print "ThumbSignIn. Inside authenticate. Step %d" % step
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
global ts_host
global ts_apiKey
global ts_apiSecret
global ts_statusPath
identity.setWorkingParameter("ts_host", ts_host)
identity.setWorkingParameter("ts_statusPath", ts_statusPath)
thumbsigninApiController = ThumbsigninApiController()
if (step == 1 or step == 3):
print "ThumbSignIn. Authenticate for Step %d" % step
login_flow = ServerUtil.getFirstValue(requestParameters,
"login_flow")
print "ThumbSignIn. Value of login_flow parameter is %s" % login_flow
#Logic for ThumbSignIn Authentication Flow
if (login_flow == "ThumbSignIn_Authentication"
or login_flow == "ThumbSignIn_RegistrationSucess"):
identity.setWorkingParameter("userLoginFlow", login_flow)
print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
"userLoginFlow")
transactionId = ServerUtil.getFirstValue(
requestParameters, "transactionId")
print "ThumbSignIn. Value of transactionId is %s" % transactionId
getUserRequest = "getUser/" + transactionId
print "ThumbSignIn. Value of getUserRequest is %s" % getUserRequest
getUserResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
getUserRequest, ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of getUserResponseJsonStr is %s" % getUserResponseJsonStr
getUserResponseJsonObj = JSONObject(getUserResponseJsonStr)
thumbSignIn_UserId = getUserResponseJsonObj.get("userId")
print "ThumbSignIn. Value of thumbSignIn_UserId is %s" % thumbSignIn_UserId
logged_in_status = authenticationService.authenticate(
thumbSignIn_UserId)
print "ThumbSignIn. logged_in status : %r" % (logged_in_status)
return logged_in_status
#Logic for ThumbSignIn Registration Flow
identity.setWorkingParameter("userLoginFlow",
"ThumbSignIn_Registration")
print "ThumbSignIn. Value of userLoginFlow is %s" % identity.getWorkingParameter(
"userLoginFlow")
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
print "ThumbSignIn. user_name: " + user_name
#print "ThumbSignIn. user_password: "******"ThumbSignIn. Status of LDAP Authentication : %r" % (
logged_in)
if (not logged_in):
# Invoking the authenticate ThumbSignIn API via the Java SDK
authenticateResponseJsonStr = thumbsigninApiController.handleThumbSigninRequest(
"authenticate", ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of authenticateResponseJsonStr is %s" % authenticateResponseJsonStr
authenticateResponseJsonObj = JSONObject(
authenticateResponseJsonStr)
transactionId = authenticateResponseJsonObj.get(
"transactionId")
authenticationStatusRequest = "authStatus/" + transactionId
print "ThumbSignIn. Value of authenticationStatusRequest is %s" % authenticationStatusRequest
authorizationHeaderJsonStr = thumbsigninApiController.getAuthorizationHeaderJsonStr(
authenticationStatusRequest, ts_apiKey, ts_apiSecret)
print "ThumbSignIn. Value of authorizationHeaderJsonStr is %s" % authorizationHeaderJsonStr
# {"authHeader":"HmacSHA256 Credential=XXX, SignedHeaders=accept;content-type;x-ts-date, Signature=XXX","XTsDate":"XXX"}
authorizationHeaderJsonObj = JSONObject(
authorizationHeaderJsonStr)
authorizationHeader = authorizationHeaderJsonObj.get(
"authHeader")
xTsDate = authorizationHeaderJsonObj.get("XTsDate")
print "ThumbSignIn. Value of authorizationHeader is %s" % authorizationHeader
print "ThumbSignIn. Value of xTsDate is %s" % xTsDate
identity.setWorkingParameter("authenticateResponseJsonStr",
authenticateResponseJsonStr)
identity.setWorkingParameter("authorizationHeader",
authorizationHeader)
identity.setWorkingParameter("xTsDate", xTsDate)
return False
print "ThumbSignIn. Authenticate for step 1 successful"
return True
elif (step == 2):
print "ThumbSignIn. Registration flow (step 2)"
if (identity.isSetWorkingParameter("userLoginFlow")):
userLoginFlow = identity.getWorkingParameter("userLoginFlow")
print "ThumbSignIn. Value of userLoginFlow is %s" % userLoginFlow
else:
identity.setWorkingParameter("userLoginFlow",
"ThumbSignIn_Registration")
print "ThumbSignIn. Setting the value of userLoginFlow to %s" % identity.getWorkingParameter(
"userLoginFlow")
user = authenticationService.getAuthenticatedUser()
if user == None:
print "ThumbSignIn. Registration flow (step 2). Failed to determine user name"
return False
user_name = user.getUserId()
print "ThumbSignIn. Registration flow (step 2). user_name: " + user_name
print "ThumbSignIn. Registration flow (step 2) successful"
return True
else:
return False
