feat: update to MDS version 3.0 #16 (#19)

* feat: update to MDS version 3.0 #16 * fix: sonar code issues * fix: refactoring * fix: some more refactoring
GluuFederation · Feb 2, 2022 · 0dacb0c · 0dacb0c
1 parent 377b4c9
commit 0dacb0c
Show file tree

Hide file tree

Showing 5 changed files with 257 additions and 113 deletions.
diff --git a/server/src/main/java/org/gluu/fido2/service/app/AppInitializer.java b/server/src/main/java/org/gluu/fido2/service/app/AppInitializer.java
@@ -93,6 +93,9 @@ public class AppInitializer {
 
 	@Inject
 	private CleanerTimer cleanerTimer;
+
+	@Inject
+	private MDS3UpdateTimer mds3UpdateTimer;
 
 	@Inject
 	private QuartzSchedulerManager quartzSchedulerManager;
@@ -130,6 +133,7 @@ public void applicationInitialized(@Observes @Initialized(ApplicationScoped.clas
 		configurationFactory.initTimer();
 		loggerService.initTimer();
 		cleanerTimer.initTimer();
+		mds3UpdateTimer.initTimer();
 		customScriptManager.initTimer(supportedCustomScriptTypes);
 
 		// Notify plugins about finish application initialization

diff --git a/server/src/main/java/org/gluu/fido2/service/app/MDS3UpdateEvent.java b/server/src/main/java/org/gluu/fido2/service/app/MDS3UpdateEvent.java
@@ -0,0 +1,5 @@
+package org.gluu.fido2.service.app;
+
+public interface MDS3UpdateEvent {
+
+}
diff --git a/server/src/main/java/org/gluu/fido2/service/app/MDS3UpdateTimer.java b/server/src/main/java/org/gluu/fido2/service/app/MDS3UpdateTimer.java
@@ -0,0 +1,73 @@
+/*
+ * oxAuth is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
+ *
+ * Copyright (c) 2014, Gluu
+ */
+
+package org.gluu.fido2.service.app;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.time.LocalDate;
+import java.time.temporal.ChronoUnit;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.event.Event;
+import javax.enterprise.event.Observes;
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import org.gluu.fido2.service.mds.TocService;
+import org.gluu.service.cdi.async.Asynchronous;
+import org.gluu.service.cdi.event.Scheduled;
+import org.gluu.service.timer.event.TimerEvent;
+import org.gluu.service.timer.schedule.TimerSchedule;
+import org.slf4j.Logger;
+
+/**
+ * @author madhumitas
+ *
+ */
+@ApplicationScoped
+@Named
+public class MDS3UpdateTimer {
+
+	private static final int DEFAULT_INTERVAL = 60 *60*24; // every 24 hours
+
+	@Inject
+	private Logger log;
+
+	@Inject
+	private Event<TimerEvent> timerEvent;
+
+	@Inject
+	private TocService tocService;
+
+	public void initTimer() {
+		log.info("Initializing MDS3 Update Timer");
+
+		timerEvent.fire(new TimerEvent(new TimerSchedule(DEFAULT_INTERVAL, DEFAULT_INTERVAL), new MDS3UpdateEvent() {},
+				Scheduled.Literal.INSTANCE));
+
+		log.info("Initialized MDS3 Update Timer");
+	}
+
+	@Asynchronous
+	public void process(@Observes @Scheduled MDS3UpdateEvent mds3UpdateEvent) {
+		LocalDate nextUpdate = tocService.getNextUpdateDate();
+		if (nextUpdate.equals(LocalDate.now()) || nextUpdate.isBefore(LocalDate.now())) {
+			log.info("Downloading the latest TOC from https://mds.fidoalliance.org/");
+			try {
+				tocService.downloadMdsFromServer(new URL("https://mds.fidoalliance.org/"));
+
+			} catch (MalformedURLException e) {
+				log.error("Error while parsing the FIDO alliance URL :", e);
+				return;
+			}
+			tocService.refresh();
+		} else {
+			log.info( "{} more days for MDS3 Update",LocalDate.now().until(nextUpdate, ChronoUnit.DAYS) );
+		}
+	}
+
+}
diff --git a/server/src/main/java/org/gluu/fido2/service/mds/MdsService.java b/server/src/main/java/org/gluu/fido2/service/mds/MdsService.java
@@ -13,10 +13,6 @@
 
 package org.gluu.fido2.service.mds;
 
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -27,10 +23,6 @@
 import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.event.Observes;
 import javax.inject.Inject;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
-import javax.ws.rs.core.Response.StatusType;
 
 import org.apache.commons.codec.binary.Hex;
 import org.gluu.fido2.exception.Fido2RuntimeException;
@@ -42,8 +34,6 @@
 import org.gluu.fido2.service.client.ResteasyClientFactory;
 import org.gluu.fido2.service.verifier.CommonVerifiers;
 import org.gluu.service.cdi.event.ApplicationInitialized;
-import org.gluu.util.StringHelper;
-import org.jboss.resteasy.client.jaxrs.ResteasyClient;
 import org.slf4j.Logger;
 
 import com.fasterxml.jackson.databind.JsonNode;
@@ -84,10 +74,7 @@ public JsonNode fetchMetadata(byte[] aaguidBuffer) {
             throw new Fido2RuntimeException("Fido2 configuration not exists");
         }
 
-        String mdsAccessToken = fido2Configuration.getMdsAccessToken();
-        if (StringHelper.isEmpty(mdsAccessToken)) {
-            throw new Fido2RuntimeException("Fido2 MDS access token should be set");
-        }
+
 
         String aaguid = deconvert(aaguidBuffer);
 
@@ -102,57 +89,12 @@ public JsonNode fetchMetadata(byte[] aaguidBuffer) {
             throw new Fido2RuntimeException("Authenticator not in TOC aaguid " + aaguid);
         }
 
-        String tocEntryUrl = tocEntry.get("url").asText();
-        URI metadataUrl;
-        try {
-            metadataUrl = new URI(String.format("%s/?token=%s", tocEntryUrl, mdsAccessToken));
-            log.debug("Authenticator AAGUI {} url metadataUrl {} downloaded", aaguid, metadataUrl);
-        } catch (URISyntaxException e) {
-            throw new Fido2RuntimeException("Invalid URI in TOC aaguid " + aaguid);
-        }
-
         verifyTocEntryStatus(aaguid, tocEntry);
-        String metadataHash = commonVerifiers.verifyThatFieldString(tocEntry, "hash");
-
-        log.debug("Reaching MDS at {}", tocEntryUrl);
-
-        mdsEntry = downloadMdsFromServer(aaguid, metadataUrl, metadataHash);
-
-        mdsEntries.put(aaguid, mdsEntry);
 
         return mdsEntry;
     }
 
-	private JsonNode downloadMdsFromServer(String aaguid, URI metadataUrl, String metadataHash) {
-		ResteasyClient resteasyClient = resteasyClientFactory.buildResteasyClient();
-        Response response = resteasyClient.target(metadataUrl).request().header("Content-Type", MediaType.APPLICATION_JSON).get();
-        String body = response.readEntity(String.class);
-
-        StatusType status = response.getStatusInfo();
-        log.debug("Response from resource server {}", status);
-        if (status.getFamily() == Status.Family.SUCCESSFUL) {
-            byte[] bodyBuffer;
-            try {
-                bodyBuffer = body.getBytes("UTF-8");
-            } catch (UnsupportedEncodingException e) {
-                throw new Fido2RuntimeException("Unable to verify metadata hash for aaguid " + aaguid);
-            }
-
-            byte[] digest = tocService.getDigester().digest(bodyBuffer);
-            if (!Arrays.equals(digest, base64Service.urlDecode(metadataHash))) {
-                throw new Fido2RuntimeException("Unable to verify metadata hash for aaguid " + aaguid);
-            }
-
-            try {
-            	return dataMapperService.readTree(base64Service.urlDecode(body));
-            } catch (IOException e) {
-                log.error("Can't parse payload from the server");
-                throw new Fido2RuntimeException("Unable to parse payload from server for aaguid " + aaguid);
-            }
-        } else {
-            throw new Fido2RuntimeException("Unable to retrieve metadata for aaguid " + aaguid + " status " + status);
-        }
-	}
+
 
     private void verifyTocEntryStatus(String aaguid, JsonNode tocEntry) {
         JsonNode statusReports = tocEntry.get("statusReports");