net.shibboleth.idp.authn.duo.impl

Class DuoSupport

java.lang.Object

net.shibboleth.idp.authn.duo.impl.DuoSupport

public final class DuoSupport
extends Object

Helpers for DuoWeb and Duo AuthAPI operations.

Since:

3.3.0

Field Summary

Fields

Modifier and Type	Field and Description
static org.joda.time.format.DateTimeFormatter	RFC_2822_DATE_FORMAT RFC 2822 formatter for date/time.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	DuoSupport() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
private static String	canonRequest(RequestBuilder request, String date, int sigVersion) The signature requires that the request parameters being in a particular order as specified in the API.
private static String	createQueryString(List<org.apache.http.NameValuePair> params) Builds a string representaion of the query string with the parameter names is alphabetical order.
static String	generateSignedRequestToken(DuoIntegration duo, String username) Created a signed request to Duo for a user.
static void	signRequest(RequestBuilder request, DuoIntegration duo) Sign a Duo AuthAPI request.
static String	validateSignedResponseToken(DuoIntegration duo, String signedResponseToken) Verify a signed response from Duo and extract the username.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RFC_2822_DATE_FORMAT

public static final org.joda.time.format.DateTimeFormatter RFC_2822_DATE_FORMAT

RFC 2822 formatter for date/time.

Constructor Detail

DuoSupport

private DuoSupport()

Constructor.

Method Detail

generateSignedRequestToken

@Nonnull
@NotEmpty
public static String generateSignedRequestToken(@Nonnull
                                                 DuoIntegration duo,
                                                 @Nonnull@NotEmpty
                                                 String username)
                                         throws com.duosecurity.duoweb.DuoWebException

Created a signed request to Duo for a user.

Parameters:

duo - integration parameters to use

username - user to authenticate

Returns:

the signed request string

Throws:

com.duosecurity.duoweb.DuoWebException - if an error occurs

validateSignedResponseToken

@Nonnull
@NotEmpty
public static String validateSignedResponseToken(@Nonnull
                                                  DuoIntegration duo,
                                                  @Nonnull@NotEmpty
                                                  String signedResponseToken)
                                          throws com.duosecurity.duoweb.DuoWebException,
                                                 InvalidKeyException,
                                                 IOException,
                                                 NoSuchAlgorithmException

Verify a signed response from Duo and extract the username.

Parameters:

duo - integration parameters to use

signedResponseToken - response to validate

Returns:

the username from the response

Throws:

com.duosecurity.duoweb.DuoWebException - if a Duo failure occurs

InvalidKeyException - if a key is invalid

IOException - if an I/O error occurs

NoSuchAlgorithmException - if the hashing algorithm is unavailable

signRequest

@Nonnull
@NotEmpty
public static void signRequest(@Nonnull
                                RequestBuilder request,
                                @Nonnull
                                DuoIntegration duo)
                        throws InvalidKeyException,
                               NoSuchAlgorithmException,
                               UnsupportedEncodingException

Sign a Duo AuthAPI request.

Parameters:

request - the request to be signed

duo - integration parameters to use

Throws:

InvalidKeyException - bad skey value

NoSuchAlgorithmException - unknown encryption algorithm

UnsupportedEncodingException - failure from URLEncoder

Since:

3.4.0

canonRequest

private static String canonRequest(@Nonnull
                  RequestBuilder request,
                  @Nonnull
                  String date,
                  int sigVersion)
                            throws UnsupportedEncodingException

The signature requires that the request parameters being in a particular order as specified in the API.

Parameters:

request - the request

date - the date

sigVersion - the signature version

Returns:

the parameters to be signed in their canonical order

Throws:

UnsupportedEncodingException - failure from URLEncoder

createQueryString

private static String createQueryString(@Nonnull
                       List<org.apache.http.NameValuePair> params)
                                 throws UnsupportedEncodingException

Builds a string representaion of the query string with the parameter names is alphabetical order. The names and values are URL encoded and then they are concatenated with '&' in between.

Parameters:

params - the name/value pairs to be joined

Returns:

the canonical query string

Throws:

UnsupportedEncodingException - failure from URLEncoder