Issue 9111 (#9276)

* feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com>
JanssenProject · Aug 27, 2024 · 6ae6aa3 · 6ae6aa3
1 parent 3a2cbf2
commit 6ae6aa3
Show file tree

Hide file tree

Showing 23 changed files with 363 additions and 174 deletions.
diff --git a/docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md b/docs/admin/config-guide/fido2-config/janssen-fido2-configuration.md
@@ -91,11 +91,11 @@ It will return the result as below:
     "mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
     "mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc",
     "checkU2fAttestations": false,
-    "userAutoEnrollment": false,
+    "debugUserAutoEnrollment": false,
     "unfinishedRequestExpiration": 180,
     "authenticationHistoryExpiration": 1296000,
     "serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata",
-    "requestedCredentialTypes": [
+    "enabledFidoAlgorithms": [
       "RS256",
       "ES256"
     ],
@@ -107,7 +107,7 @@ It will return the result as below:
         ]
       }
     ],
-    "skipDownloadMdsEnabled": false,
+    "disableMetadataService": false,
     "skipValidateMdsInAttestationEnabled": false,
     "assertionOptionsGenerateEndpointEnabled": true
   }

diff --git a/docs/admin/fido/config.md b/docs/admin/fido/config.md
@@ -33,12 +33,12 @@ tags:
 | mdsTocsFolder                           | /etc/jans/conf/fido2/mds/toc                                                     | MDS TOC files folder.                                                                                   |
 | serverMetadataFolder                    | /etc/jans/conf/fido2/server_metadata                                             | Authenticators metadata in json format. Example: virtual devices.                                       |
 | metadataUrlsProvider                    | https://mds3.fido.tools                                                          | String value to provide source of URLs with external metadata.                                          |
-| requestedCredentialTypes                | ["RS256","ES256"]                                                                |                                                                                                         |
+| enabledFidoAlgorithms                | ["RS256","ES256"]                                                                |                                                                                                         |
 | requestedParties                        | [{"name":"https://my-jans-server.jans.io","domains":["my-jans-server.jans.io"]}] | Requested party name.                                                                                   |
-| userAutoEnrollment                      | false                                                                            | Allow to enroll users on enrollment/authentication requests. (Useful while running tests)               |
+| debugUserAutoEnrollment                      | false                                                                            | Allow to enroll users on enrollment/authentication requests. (Useful while running tests)               |
 | unfinishedRequestExpiration             | 180                                                                              | Expiration time in seconds for pending enrollment/authentication requests                               |
 | authenticationHistoryExpiration         | 1296000                                                                          | Expiration time in seconds for approved authentication requests.                                        |
-| skipDownloadMdsEnabled                  | false                                                                            | Boolean value indicating whether the MDS download should be omitted                                     |
+| disableMetadataService                  | false                                                                            | Boolean value indicating whether the MDS download should be omitted                                     |
 | skipValidateMdsInAttestationEnabled     | false                                                                            | Boolean value indicating whether MDS validation should be omitted during attestation                    |
 | assertionOptionsGenerateEndpointEnabled | false                                                                            | Boolean value indicating whether the assertion custom endpoint (used especially in passkey) is enabled. |
 
@@ -75,15 +75,15 @@ Response:
     "mdsCertsFolder": "/etc/jans/conf/fido2/mds/cert",
     "mdsTocsFolder": "/etc/jans/conf/fido2/mds/toc",
     "checkU2fAttestations": false,
-    "userAutoEnrollment": false,
+    "debugUserAutoEnrollment": false,
     "unfinishedRequestExpiration": 180,
     "authenticationHistoryExpiration": 1296000,
     "serverMetadataFolder": "/etc/jans/conf/fido2/server_metadata",
     "metadataUrlsProvider": "",
-    "skipDownloadMdsEnabled": false,
+    "disableMetadataService": false,
     "skipValidateMdsInAttestationEnabled": false,
     "assertionOptionsGenerateEndpointEnabled":true,
-    "requestedCredentialTypes": [
+    "enabledFidoAlgorithms": [
       "RS256",
       "ES256"
     ],

diff --git a/docs/admin/fido/logs.md b/docs/admin/fido/logs.md
@@ -41,7 +41,7 @@ Response:
       "mdsCertsFolder":"/etc/jans/conf/fido2/mds/cert",
       "mdsTocsFolder":"/etc/jans/conf/fido2/mds/toc",
       "serverMetadataFolder":"/etc/jans/conf/fido2/server_metadata",
-      "requestedCredentialTypes":[
+      "enabledFidoAlgorithms":[
          "RS256",
          "ES256"
       ],
@@ -53,7 +53,7 @@ Response:
             ]
          }
       ],
-      "userAutoEnrollment":false,
+      "debugUserAutoEnrollment":false,
       "unfinishedRequestExpiration":180,
       "authenticationHistoryExpiration":1296000
    }

diff --git a/docs/admin/reference/json/properties/fido2-properties.md b/docs/admin/reference/json/properties/fido2-properties.md
@@ -30,14 +30,14 @@ tags:
 | metricReporterKeepDataDays | The days to keep report data | [Details](#metricreporterkeepdatadays) |
 | oldU2fMigrationEnabled | Boolean value to enable disable old oxAuth U2F enrollments migration | [Details](#oldu2fmigrationenabled) |
 | personCustomObjectClassList | Custom object class list for dynamic person enrolment | [Details](#personcustomobjectclasslist) |
-| requestedCredentialTypes | List of Requested Credential Types | [Details](#requestedcredentialtypes) |
+| enabledFidoAlgorithms | List of Requested Credential Types | [Details](#enabledFidoAlgorithms) |
 | requestedParties | Authenticators metadata in json format | [Details](#requestedparties) |
 | serverMetadataFolder | Authenticators metadata in json format | [Details](#servermetadatafolder) |
 | sessionIdPersistInCache | Boolean value specifying whether to persist session_id in cache | [Details](#sessionidpersistincache) |
 | superGluuEnabled | Boolean value to enable disable Super Gluu extension | [Details](#supergluuenabled) |
 | unfinishedRequestExpiration | Expiration time in seconds for pending enrollment/authentication requests | [Details](#unfinishedrequestexpiration) |
 | useLocalCache | Boolean value to indicate if Local Cache is to be used | [Details](#uselocalcache) |
-| userAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
+| debugUserAutoEnrollment | Allow to enroll users on enrollment/authentication requests | [Details](#userautoenrollment) |
 
 
 ### authenticationHistoryExpiration
@@ -220,7 +220,7 @@ tags:
 - Default value: None
 
 
-### requestedCredentialTypes
+### enabledFidoAlgorithms
 
 - Description: List of Requested Credential Types
 
@@ -282,7 +282,7 @@ tags:
 - Default value: None
 
 
-### userAutoEnrollment
+### debugUserAutoEnrollment
 
 - Description: Allow to enroll users on enrollment/authentication requests
 

diff --git a/jans-cli-tui/cli_tui/plugins/020_fido/main.py b/jans-cli-tui/cli_tui/plugins/020_fido/main.py
@@ -177,13 +177,13 @@ def create_widgets(self):
                                 self.app.getTitledText(_("Authentication History Expiration"), name='authenticationHistoryExpiration', value=fido2_static_config.get('authenticationHistoryExpiration',''), jans_help=self.app.get_help_from_schema(static_schema, 'authenticationHistoryExpiration'), style='class:outh-scope-text', text_type='integer',widget_style=cli_style.black_bg_widget),
                                 self.app.getTitledText(_("Server Metadata Folder"), name='serverMetadataFolder', value=fido2_static_config.get('serverMetadataFolder',''), jans_help=self.app.get_help_from_schema(static_schema, 'serverMetadataFolder'), style='class:outh-scope-text',widget_style=cli_style.black_bg_widget),
 
-                                self.app.getTitledCheckBox(_("User Auto Enrollment"), name='userAutoEnrollment', checked=fido2_static_config.get('userAutoEnrollment'), jans_help=self.app.get_help_from_schema(static_schema, 'userAutoEnrollment'), style=cli_style.check_box,widget_style=cli_style.black_bg_widget),
+                                self.app.getTitledCheckBox(_("User Auto Enrollment"), name='debugUserAutoEnrollment', checked=fido2_static_config.get('userAutoEnrollment'), jans_help=self.app.get_help_from_schema(static_schema, 'userAutoEnrollment'), style=cli_style.check_box,widget_style=cli_style.black_bg_widget),
                                 self.app.getTitledText(
                                             _("Requested Credential Types"),
-                                            name='requestedCredentialTypes',
-                                            value='\n'.join(fido2_static_config.get('requestedCredentialTypes', [])),
+                                            name='enabledFidoAlgorithms',
+                                            value='\n'.join(fido2_static_config.get('enabledFidoAlgorithms', [])),
                                             height=3, 
-                                            jans_help=self.app.get_help_from_schema(static_schema, 'requestedCredentialTypes'), 
+                                            jans_help=self.app.get_help_from_schema(static_schema, 'enabledFidoAlgorithms'),
                                             style='class:outh-scope-text'
                                             ,widget_style=cli_style.black_bg_widget
                                             ),
@@ -286,7 +286,7 @@ def save_config(self) -> None:
         fido2_static = self.make_data_from_dialog(tabs={'static': self.tabs['static']})
 
         fido2_config['personCustomObjectClassList'] = fido2_config['personCustomObjectClassList'].splitlines()
-        fido2_static['requestedCredentialTypes'] = fido2_static['requestedCredentialTypes'].splitlines()
+        fido2_static['enabledFidoAlgorithms'] = fido2_static['enabledFidoAlgorithms'].splitlines()
 
         fido2_static['requestedParties'] = []
         for name, domains in self.requested_parties_container.data:

diff --git a/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml b/jans-config-api/plugins/docs/fido2-plugin-swagger.yaml
@@ -152,7 +152,7 @@ components:
           type: string
         checkU2fAttestations:
           type: boolean
-        userAutoEnrollment:
+        debugUserAutoEnrollment:
           type: boolean
         unfinishedRequestExpiration:
           type: integer
@@ -162,7 +162,7 @@ components:
           format: int32
         serverMetadataFolder:
           type: string
-        requestedCredentialTypes:
+        enabledFidoAlgorithms:
           type: array
           items:
             type: string
@@ -172,7 +172,7 @@ components:
             $ref: '#/components/schemas/RequestedParty'
         metadataUrlsProvider:
           type: string
-        skipDownloadMdsEnabled:
+        disableMetadataService:
           type: boolean
         skipValidateMdsInAttestationEnabled:
           type: boolean

diff --git a/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/dynamiconf.json b/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/dynamiconf.json
@@ -27,12 +27,12 @@
     ],
     "authenticationHistoryExpiration": 800,
     "mdsTocsFolder": "/etc/gluu/conf/fido2/mds/toc",
-    "requestedCredentialTypes": [
+    "enabledFidoAlgorithms": [
       "RS256",
       "ES256"
     ],
     "authenticatorCertsFolder": "/etc/gluu/conf/fido2/authenticator_cert",
-    "userAutoEnrollment": false,
+    "debugUserAutoEnrollment": false,
     "unfinishedRequestExpiration": 180,
     "mdsCertsFolder": "/etc/gluu/conf/fido2/mds/cert"
   }

diff --git a/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/fido2.json b/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/fido2.json
@@ -10,12 +10,12 @@
     }
   ],
   "mdsTocsFolder": "/etc/gluu/conf/fido2/mds/toc",
-  "requestedCredentialTypes": [
+  "enabledFidoAlgorithms": [
     "RS256",
     "ES256"
   ],
   "authenticatorCertsFolder": "/etc/gluu/conf/fido2/authenticator_cert",
-  "userAutoEnrollment": false,
+  "debugUserAutoEnrollment": false,
   "unfinishedRequestExpiration": 180,
   "mdsCertsFolder": "/etc/gluu/conf/fido2/mds/cert"
 }
diff --git a/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/ref_dynami_conf.json b/jans-config-api/plugins/fido2-plugin/src/test/resources/feature/fido2/ref_dynami_conf.json
@@ -20,11 +20,11 @@
       "mdsCertsFolder":"/etc/gluu/conf/fido2/mds/cert",
       "mdsTocsFolder":"/etc/gluu/conf/fido2/mds/toc",
       "checkU2fAttestations":false,
-      "userAutoEnrollment":false,
+      "debugUserAutoEnrollment":false,
       "unfinishedRequestExpiration":180,
       "authenticationHistoryExpiration":1296000,
       "serverMetadataFolder":"/etc/gluu/conf/fido2/server_metadata",
-      "requestedCredentialTypes":[
+      "enabledFidoAlgorithms":[
          "RS256",
          "ES256"
       ],

diff --git a/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AttestationMode.java b/jans-fido2/model/src/main/java/io/jans/fido2/model/conf/AttestationMode.java
@@ -0,0 +1,70 @@
+package io.jans.fido2.model.conf;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.jans.orm.annotation.AttributeEnum;
+import jakarta.xml.bind.annotation.XmlEnum;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @author Shekhar L. on 06/08/2024
+ */
+
+@XmlEnum(String.class)
+public enum AttestationMode implements AttributeEnum  {
+
+    DISABLED("disabled", "none"), MONITOR("monitor", "direct"), ENFORCED("enforced", "direct");
+
+    private String value;
+    private String displayName;
+
+    private AttestationMode(String value, String displayName) {
+        this.setValue(value);
+        this.setDisplayName(displayName);
+    }
+
+    private static final Map<String, AttestationMode> mapByValues = new HashMap<>();
+
+    static {
+        for (AttestationMode enumType : values()) {
+            mapByValues.put(enumType.getValue(), enumType);
+        }
+    }
+
+    @JsonCreator
+    public static AttestationMode forValues(String value) {
+        return getByValue(value);
+    }
+
+    public static AttestationMode getByValue(String value) {
+        return mapByValues.get(value);
+    }
+
+    @Override
+    public Enum<? extends AttributeEnum> resolveByValue(String value) {
+        return getByValue(value);
+    }
+
+
+    public String getValue() {
+        return value;
+    }
+
+    public void setValue(String value) {
+        this.value = value;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    @Override
+    public String toString() {
+        return value;
+    }
+}