Package net.shibboleth.idp.authn.duo.impl

Class DuoSupport

java.lang.Object
net.shibboleth.idp.authn.duo.impl.DuoSupport
public final class DuoSupport
extends Object
Helpers for DuoWeb and Duo AuthAPI operations.
Since:
3.3.0

  • Field Details

    • RFC_2822_DATE_FORMAT

      public static final DateTimeFormatter RFC_2822_DATE_FORMAT
      RFC 2822 formatter for date/time.

  • Constructor Details

    • DuoSupport

      private DuoSupport()
      Constructor.

  • Method Details

    • generateSignedRequestToken

      @Nonnull @NotEmpty public static String generateSignedRequestToken​(@Nonnull DuoIntegration duo, @Nonnull @NotEmpty String username) throws com.duosecurity.duoweb.DuoWebException
      Created a signed request to Duo for a user.
      Parameters:
      duo - integration parameters to use
      username - user to authenticate
      Returns:
      the signed request string
      Throws:
      com.duosecurity.duoweb.DuoWebException - if an error occurs

    • validateSignedResponseToken

      @Nonnull @NotEmpty public static String validateSignedResponseToken​(@Nonnull DuoIntegration duo, @Nonnull @NotEmpty String signedResponseToken) throws com.duosecurity.duoweb.DuoWebException, InvalidKeyException, IOException, NoSuchAlgorithmException
      Verify a signed response from Duo and extract the username.
      Parameters:
      duo - integration parameters to use
      signedResponseToken - response to validate
      Returns:
      the username from the response
      Throws:
      com.duosecurity.duoweb.DuoWebException - if a Duo failure occurs
      InvalidKeyException - if a key is invalid
      IOException - if an I/O error occurs
      NoSuchAlgorithmException - if the hashing algorithm is unavailable

    • signRequest

      @Nonnull @NotEmpty public static void signRequest​(@Nonnull org.apache.http.client.methods.RequestBuilder request, @Nonnull DuoIntegration duo) throws InvalidKeyException, NoSuchAlgorithmException, UnsupportedEncodingException
      Sign a Duo AuthAPI request.
      Parameters:
      request - the request to be signed
      duo - integration parameters to use
      Throws:
      InvalidKeyException - bad skey value
      NoSuchAlgorithmException - unknown encryption algorithm
      UnsupportedEncodingException - failure from URLEncoder
      Since:
      3.4.0

    • canonRequest

      private static String canonRequest​(@Nonnull org.apache.http.client.methods.RequestBuilder request, @Nonnull String date, int sigVersion) throws UnsupportedEncodingException
      The signature requires that the request parameters being in a particular order as specified in the API.
      Parameters:
      request - the request
      date - the date
      sigVersion - the signature version
      Returns:
      the parameters to be signed in their canonical order
      Throws:
      UnsupportedEncodingException - failure from URLEncoder

    • createQueryString

      private static String createQueryString​(@Nonnull List<org.apache.http.NameValuePair> params) throws UnsupportedEncodingException
      Builds a string representation of the query string with the parameter names is alphabetical order. The names and values are URL encoded and then they are concatenated with '&' in between.
      Parameters:
      params - the name/value pairs to be joined
      Returns:
      the canonical query string
      Throws:
      UnsupportedEncodingException - failure from URLEncoder