Package net.shibboleth.idp.authn.duo.impl

Class DuoSupport

java.lang.Object

net.shibboleth.idp.authn.duo.impl.DuoSupport

public final class DuoSupport
extends Object

Helpers for DuoWeb and Duo AuthAPI operations.

Since:

3.3.0

Field Summary

Fields

Modifier and Type	Field	Description
static DateTimeFormatter	RFC_2822_DATE_FORMAT	RFC 2822 formatter for date/time.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	DuoSupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
private static String	canonRequest(org.apache.http.client.methods.RequestBuilder request, String date, int sigVersion)	The signature requires that the request parameters being in a particular order as specified in the API.
private static String	createQueryString(List<org.apache.http.NameValuePair> params)	Builds a string representation of the query string with the parameter names is alphabetical order.
static String	generateSignedRequestToken(DuoIntegration duo, String username)	Created a signed request to Duo for a user.
static void	signRequest(org.apache.http.client.methods.RequestBuilder request, DuoIntegration duo)	Sign a Duo AuthAPI request.
static String	validateSignedResponseToken(DuoIntegration duo, String signedResponseToken)	Verify a signed response from Duo and extract the username.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

RFC_2822_DATE_FORMAT

public static final DateTimeFormatter RFC_2822_DATE_FORMAT

RFC 2822 formatter for date/time.

Constructor Detail

DuoSupport

private DuoSupport()

Constructor.

Method Detail

generateSignedRequestToken

@Nonnull
@NotEmpty
public static String generateSignedRequestToken(@Nonnull
                                                DuoIntegration duo,
                                                @Nonnull @NotEmpty
                                                String username)
                                         throws com.duosecurity.duoweb.DuoWebException

Created a signed request to Duo for a user.

Parameters:

duo - integration parameters to use

username - user to authenticate

Returns:

the signed request string

Throws:

com.duosecurity.duoweb.DuoWebException - if an error occurs

validateSignedResponseToken

@Nonnull
@NotEmpty
public static String validateSignedResponseToken(@Nonnull
                                                 DuoIntegration duo,
                                                 @Nonnull @NotEmpty
                                                 String signedResponseToken)
                                          throws com.duosecurity.duoweb.DuoWebException,
                                                 InvalidKeyException,
                                                 IOException,
                                                 NoSuchAlgorithmException

Verify a signed response from Duo and extract the username.

Parameters:

duo - integration parameters to use

signedResponseToken - response to validate

Returns:

the username from the response

Throws:

com.duosecurity.duoweb.DuoWebException - if a Duo failure occurs

InvalidKeyException - if a key is invalid

IOException - if an I/O error occurs

NoSuchAlgorithmException - if the hashing algorithm is unavailable

signRequest

@Nonnull
@NotEmpty
public static void signRequest(@Nonnull
                               org.apache.http.client.methods.RequestBuilder request,
                               @Nonnull
                               DuoIntegration duo)
                        throws InvalidKeyException,
                               NoSuchAlgorithmException,
                               UnsupportedEncodingException

Sign a Duo AuthAPI request.

Parameters:

request - the request to be signed

duo - integration parameters to use

Throws:

InvalidKeyException - bad skey value

NoSuchAlgorithmException - unknown encryption algorithm

UnsupportedEncodingException - failure from URLEncoder

Since:

3.4.0

canonRequest

private static String canonRequest(@Nonnull
                                   org.apache.http.client.methods.RequestBuilder request,
                                   @Nonnull
                                   String date,
                                   int sigVersion)
                            throws UnsupportedEncodingException

The signature requires that the request parameters being in a particular order as specified in the API.

Parameters:

request - the request

date - the date

sigVersion - the signature version

Returns:

the parameters to be signed in their canonical order

Throws:

UnsupportedEncodingException - failure from URLEncoder

createQueryString

private static String createQueryString(@Nonnull
                                        List<org.apache.http.NameValuePair> params)
                                 throws UnsupportedEncodingException

Builds a string representation of the query string with the parameter names is alphabetical order. The names and values are URL encoded and then they are concatenated with '&' in between.

Parameters:

params - the name/value pairs to be joined

Returns:

the canonical query string

Throws:

UnsupportedEncodingException - failure from URLEncoder