feat: endpoint to get details of connected FIDO devices registered to…

… users #1465 (#1466)

* feat: need endpoint to get details of connected FIDO devices registered to users #1465

* feat: need endpoint to get details of connected FIDO devices registered to users #1465

jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java

@@ -73,6 +73,7 @@ private ApiConstants() {}
     public static final String USER = "/user";
     public static final String ORG = "/org";
     public static final String SERVER_STAT = "/server-stat";
+    public static final String USERNAME_PATH = "{username}";
 
     public static final String LIMIT = "limit";
     public static final String START_INDEX = "startIndex";

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -162,6 +162,30 @@ paths:
       security:
         - oauth2: [https://jans.io/oauth/config/fido2.write]
     parameters: []
+  /jans-config-api/fido2/registration/entries/{username}:
+    get:
+      summary: Get details of connected FIDO2 devices registered to user.
+      description: Get details of connected FIDO2 devices registered to user.
+      operationId: get-registration-entries-fido2
+      tags:
+        - Fido2 - Configuration
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+                title: FIDO2 registered devices
+                description: List of all FIDO2 registered devices.
+                type: array
+                items:
+                  $ref: '#/components/schemas/Fido2RegistrationEntry'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '500':
+          $ref: '#/components/responses/InternalServerError'
+      security:
+        - oauth2: [ https://jans.io/oauth/config/fido2.readonly ]
   /jans-config-api/api/v1/attributes:
     get:
       summary: Gets a list of Gluu attributes.
@@ -5752,6 +5776,87 @@ components:
           description: Fido2Configuration.
           $ref: '#/components/schemas/Fido2Configuration'
 
+    Fido2RegistrationEntry:
+      type: object
+      description: Fido2 registration entry
+      properties:
+        publicKeyId:
+          description: Public key id
+          type: string
+        displayName:
+          description: Dislay name
+          type: string
+        counter:
+          description: counter
+          type: integer
+        deviceNotificationConf:
+          description: Device notification configuration
+          type: string
+        challangeHash:
+          description: Challange hash
+          type: string
+        registrationData:
+          description: Fido2 registration data.
+          $ref: '#/components/schemas/Fido2RegistrationData'
+        registrationStatus:
+          description: registration status
+          type: string
+          enum:
+            - pending
+            - registered
+            - compromised
+
+    Fido2RegistrationData:
+      type: object
+      description: Fido2 registration data.
+      properties:
+        username:
+          description: Username
+          type: string
+        domain:
+          description: Domain
+          type: string
+        userId:
+          description: user id
+          type: string
+        challenge:
+          description: challenge
+          type: string
+        attenstationRequest:
+          description: Attenstation request
+          type: string
+        attenstationResponse:
+          description: Attenstation response
+          type: string
+        uncompressedECPoint:
+          description: uncompressed EC point
+          type: string
+        publicKeyId:
+          description: public key id
+          type: string
+        type:
+          description: type
+          type: string
+        counter:
+          description: counter
+          type: integer
+        attestationType:
+          description: attestation type
+          type: string
+        signatureAlgorithm:
+          description: signature algorithm
+          type: integer
+        applicationId:
+          description: application id
+          type: string
+        status:
+          description: status
+          type: string
+          enum:
+            - pending
+            - registered
+            - compromised
+
     Fido2Configuration:
       type: object
       description: Fido2 configuration properties.

jans-config-api/plugins/admin-ui-plugin/pom.xml

@@ -21,7 +21,7 @@
         <!-- config api -->
         <dependency>
             <groupId>io.jans</groupId>
-            <artifactId>jans-config-api-server</artifactId>
+            <artifactId>jans-config-api-shared</artifactId>
             <scope>compile</scope>
         </dependency>
         <dependency>

jans-config-api/plugins/fido2-plugin/pom.xml

@@ -22,6 +22,11 @@
 			<artifactId>jans-config-api-shared</artifactId>
 			<version>${jans.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>io.jans</groupId>
+			<artifactId>jans-fido2-model</artifactId>
+			<version>${jans.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>io.jans</groupId>
 			<artifactId>jans-config-api-server</artifactId>

jans-config-api/plugins/fido2-plugin/src/main/assembly/assembly.xml

@@ -7,6 +7,17 @@
 		<format>jar</format>
 	</formats>
 	<includeBaseDirectory>false</includeBaseDirectory>
+	<dependencySets>
+		<dependencySet>
+			<unpack>true</unpack>
+			<outputDirectory>/</outputDirectory>
+			<useProjectArtifact>false</useProjectArtifact>
+			<includes>
+				<include>io.jans:jans-fido2-model</include>
+			</includes>
+			<scope>runtime</scope>
+		</dependencySet>
+	</dependencySets>
 	<fileSets>
 		<fileSet>
 			<directory>${project.build.directory}/classes</directory>

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/ApiApplication.java

@@ -13,6 +13,7 @@ public Set<Class<?>> getClasses() {
         HashSet<Class<?>> classes = new HashSet<>();
 
         classes.add(Fido2ConfigResource.class);
+        classes.add(Fido2RegistrationResource.class);
 
         return classes;
     }

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/rest/Fido2RegistrationResource.java

@@ -0,0 +1,38 @@
+package io.jans.configapi.plugin.fido2.rest;
+
+import io.jans.configapi.core.rest.BaseResource;
+import io.jans.configapi.core.rest.ProtectedApi;
+import io.jans.configapi.plugin.fido2.service.Fido2RegistrationService;
+import io.jans.configapi.plugin.fido2.util.Constants;
+import io.jans.configapi.util.ApiAccessConstants;
+import io.jans.configapi.util.ApiConstants;
+import io.jans.fido2.model.entry.Fido2RegistrationEntry;
+import jakarta.inject.Inject;
+import jakarta.validation.constraints.NotNull;
+import jakarta.ws.rs.*;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+import org.slf4j.Logger;
+
+import java.util.List;
+
+@Path(Constants.REGISTRATION)
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+public class Fido2RegistrationResource extends BaseResource {
+
+    @Inject
+    Logger logger;
+
+    @Inject
+    Fido2RegistrationService fido2RegistrationService;
+
+    @GET
+    @Path(Constants.ENTRIES + ApiConstants.USERNAME_PATH)
+    @ProtectedApi(scopes = {ApiAccessConstants.FIDO2_CONFIG_READ_ACCESS})
+    public Response findAllRegisteredByUsername(@PathParam("username") @NotNull String username) {
+        logger.debug("FIDO2 registration entries by username.");
+        List<Fido2RegistrationEntry> entries = fido2RegistrationService.findAllRegisteredByUsername(username);
+        return Response.ok(entries).build();
+    }
+}

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/service/Fido2RegistrationService.java

@@ -0,0 +1,106 @@
+/*
+ * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
+ *
+ * Copyright (c) 2020, Janssen Project
+ */
+
+package io.jans.configapi.plugin.fido2.service;
+
+import io.jans.as.common.service.common.UserService;
+import io.jans.as.model.config.StaticConfiguration;
+import io.jans.fido2.model.entry.Fido2RegistrationEntry;
+import io.jans.fido2.model.entry.Fido2RegistrationStatus;
+import io.jans.orm.PersistenceEntryManager;
+import io.jans.orm.model.base.SimpleBranch;
+import io.jans.orm.search.filter.Filter;
+import io.jans.util.StringHelper;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.inject.Inject;
+import org.slf4j.Logger;
+
+import java.util.Collections;
+import java.util.List;
+
+/**
+ * @author Yuriy Movchan
+ * @version May 08, 2020
+ */
+@ApplicationScoped
+public class Fido2RegistrationService {
+
+    @Inject
+    private Logger log;
+
+    @Inject
+    private StaticConfiguration staticConfiguration;
+
+    @Inject
+    private UserService userService;
+
+    @Inject
+    private PersistenceEntryManager persistenceEntryManager;
+
+    public List<Fido2RegistrationEntry> findAllByUsername(String username) {
+        String userInum = userService.getUserInum(username);
+        if (userInum == null) {
+            return Collections.emptyList();
+        }
+
+        String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
+        if (persistenceEntryManager.hasBranchesSupport(baseDn)) {
+            if (!containsBranch(baseDn)) {
+                return Collections.emptyList();
+            }
+        }
+
+        Filter userFilter = Filter.createEqualityFilter("personInum", userInum);
+
+        List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, userFilter);
+
+        return fido2RegistrationnEntries;
+    }
+
+    public List<Fido2RegistrationEntry> findAllRegisteredByUsername(String username) {
+        String userInum = userService.getUserInum(username);
+        if (userInum == null) {
+            return Collections.emptyList();
+        }
+
+        String baseDn = getBaseDnForFido2RegistrationEntries(userInum);
+        if (persistenceEntryManager.hasBranchesSupport(baseDn)) {
+            if (!containsBranch(baseDn)) {
+                return Collections.emptyList();
+            }
+        }
+
+        Filter userInumFilter = Filter.createEqualityFilter("personInum", userInum);
+        Filter registeredFilter = Filter.createEqualityFilter("jansStatus", Fido2RegistrationStatus.registered.getValue());
+        Filter filter = Filter.createANDFilter(userInumFilter, registeredFilter);
+
+        List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, filter);
+
+        return fido2RegistrationnEntries;
+    }
+
+    public String getBaseDnForFido2RegistrationEntries(String userInum) {
+        final String userBaseDn = getDnForUser(userInum); // "ou=fido2_register,inum=1234,ou=people,o=jans"
+        if (StringHelper.isEmpty(userInum)) {
+            return userBaseDn;
+        }
+
+        return String.format("ou=fido2_register,%s", userBaseDn);
+    }
+
+    public String getDnForUser(String userInum) {
+        String peopleDn = staticConfiguration.getBaseDn().getPeople();
+        if (StringHelper.isEmpty(userInum)) {
+            return peopleDn;
+        }
+
+        return String.format("inum=%s,%s", userInum, peopleDn);
+    }
+
+    public boolean containsBranch(final String baseDn) {
+        return persistenceEntryManager.contains(baseDn, SimpleBranch.class);
+    }
+}

jans-config-api/plugins/fido2-plugin/src/main/java/io/jans/configapi/plugin/fido2/util/Constants.java

@@ -10,5 +10,7 @@ public class Constants {
 
     private Constants() {}
 
-    public static final String CONFIG = "/config"; 
+    public static final String CONFIG = "/config";
+    public static final String REGISTRATION = "/registration";
+    public static final String ENTRIES = "/entries";
 }