List of usage examples for com.amazonaws.services.cognitoidp.model InitiateAuthResult getChallengeParameters
public java.util.Map<String, String> getChallengeParameters()
The challenge parameters.
From source file:io.fineo.client.auth.cognito.CognitoUser.java
License:Open Source License
/** * This method starts the user authentication with user password verification. * Restarts authentication if the service cannot find a device-key. * * @param authenticationDetails REQUIRED: {@link AuthenticationDetails} contains user details * for authentication. * @param callback REQUIRED: {@link AuthenticationHandler} callback. * @param runInBackground REQUIRED: Boolean to indicate the current threading. * @return {@link Runnable} for the next step in user authentication. *//* ww w. j a v a 2 s . c om*/ private Runnable startWithUserSrpAuth(final AuthenticationDetails authenticationDetails, final AuthenticationHandler callback, final boolean runInBackground) { AuthenticationHelper authenticationHelper = new AuthenticationHelper(pool.getUserPoolId()); InitiateAuthRequest initiateAuthRequest = initiateUserSrpAuthRequest(authenticationDetails, authenticationHelper); try { InitiateAuthResult initiateAuthResult = cognitoIdentityProviderClient.initiateAuth(initiateAuthRequest); updateInternalUsername(initiateAuthResult.getChallengeParameters()); // verify that the password matches if (initiateAuthResult.getChallengeName().equals("PASSWORD_VERIFIER")) { if (authenticationDetails.getPassword() != null) { RespondToAuthChallengeRequest challengeRequest = userSrpAuthRequest(initiateAuthResult, authenticationDetails, authenticationHelper); return respondToChallenge(challengeRequest, callback, runInBackground); } } return handleChallenge(initiateAuthResult, callback, runInBackground); } catch (final ResourceNotFoundException rna) { final CognitoUser cognitoUser = this; if (rna.getMessage().contains("Device")) { return clearCache(cognitoUser, runInBackground, callback); } else { return new Runnable() { @Override public void run() { callback.onFailure(rna); } }; } } catch (final Exception e) { return new Runnable() { @Override public void run() { callback.onFailure(e); } }; } }
From source file:io.fineo.client.auth.cognito.CognitoUser.java
License:Open Source License
/** * Creates response for the second step of the SRP authentication. * * @param challenge REQUIRED: {@link InitiateAuthResult} contains next challenge. * @param authenticationDetails REQUIRED: {@link AuthenticationDetails} user authentication details. * @param authenticationHelper REQUIRED: Internal helper class for SRP calculations. * @return {@link RespondToAuthChallengeRequest}. *//* ww w . ja v a 2s . c om*/ private RespondToAuthChallengeRequest userSrpAuthRequest(InitiateAuthResult challenge, AuthenticationDetails authenticationDetails, AuthenticationHelper authenticationHelper) { this.usernameInternal = challenge.getChallengeParameters().get("USERNAME"); this.deviceKey = devices.getDeviceKey(usernameInternal, getUserPoolId()); secretHash = CognitoSecretHash.getSecretHash(usernameInternal, clientId, clientSecret); BigInteger B = new BigInteger(challenge.getChallengeParameters().get("SRP_B"), 16); if (B.mod(AuthenticationHelper.N).equals(BigInteger.ZERO)) { throw new CognitoInternalErrorException("SRP error, B cannot be zero"); } BigInteger salt = new BigInteger(challenge.getChallengeParameters().get("SALT"), 16); byte[] key = authenticationHelper.getPasswordAuthenticationKey(usernameInternal, authenticationDetails.getPassword(), B, salt); Date timestamp = new Date(); byte[] hmac; try { Mac mac = Mac.getInstance("HmacSHA256"); SecretKeySpec keySpec = new SecretKeySpec(key, "HmacSHA256"); mac.init(keySpec); mac.update(pool.getUserPoolId().split("_", 2)[1].getBytes(StringUtils.UTF8)); mac.update(usernameInternal.getBytes(StringUtils.UTF8)); byte[] secretBlock = Base64.decode(challenge.getChallengeParameters().get("SECRET_BLOCK")); mac.update(secretBlock); SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE MMM d HH:mm:ss z yyyy", Locale.US); simpleDateFormat.setTimeZone(new SimpleTimeZone(SimpleTimeZone.UTC_TIME, "UTC")); String dateString = simpleDateFormat.format(timestamp); byte[] dateBytes = dateString.getBytes(StringUtils.UTF8); hmac = mac.doFinal(dateBytes); } catch (Exception e) { throw new CognitoInternalErrorException("SRP error", e); } SimpleDateFormat formatTimestamp = new SimpleDateFormat("EEE MMM d HH:mm:ss z yyyy", Locale.US); formatTimestamp.setTimeZone(new SimpleTimeZone(SimpleTimeZone.UTC_TIME, "UTC")); Map<String, String> srpAuthResponses = new HashMap<String, String>(); srpAuthResponses.put("PASSWORD_CLAIM_SECRET_BLOCK", challenge.getChallengeParameters().get("SECRET_BLOCK")); srpAuthResponses.put("PASSWORD_CLAIM_SIGNATURE", new String(Base64.encode(hmac), StandardCharsets.UTF_8)); srpAuthResponses.put("TIMESTAMP", formatTimestamp.format(timestamp)); srpAuthResponses.put("USERNAME", usernameInternal); srpAuthResponses.put("USER_ID_FOR_SRP", usernameInternal); srpAuthResponses.put("DEVICE_KEY", deviceKey); srpAuthResponses.put("SECRET_HASH", secretHash); RespondToAuthChallengeRequest authChallengeRequest = new RespondToAuthChallengeRequest(); authChallengeRequest.setChallengeName(challenge.getChallengeName()); authChallengeRequest.setClientId(clientId); authChallengeRequest.setSession(challenge.getSession()); authChallengeRequest.setChallengeResponses(srpAuthResponses); return authChallengeRequest; }
From source file:io.fineo.client.auth.cognito.CognitoUser.java
License:Open Source License
/** * Determines the next step from the challenge. * This takes an object of type {@link InitiateAuthResult} as parameter and creates an object of type * {@link RespondToAuthChallengeResult} and calls {@code handleChallenge(RespondToAuthChallengeResult challenge, final AuthenticationHandler callback)} method. * * @param authResult REQUIRED: Result from the {@code initiateAuth(...)} method. * @param callback REQUIRED: Callback for type {@link AuthenticationHandler} * @param runInBackground REQUIRED: Boolean to indicate the current threading. * @return {@link Runnable} for the next step in user authentication. *//*from www . j a va 2 s . c om*/ private Runnable handleChallenge(final InitiateAuthResult authResult, final AuthenticationHandler callback, final boolean runInBackground) { try { RespondToAuthChallengeResult challenge = new RespondToAuthChallengeResult(); challenge.setChallengeName(authResult.getChallengeName()); challenge.setSession(authResult.getSession()); challenge.setAuthenticationResult(authResult.getAuthenticationResult()); challenge.setChallengeParameters(authResult.getChallengeParameters()); return handleChallenge(challenge, callback, runInBackground); } catch (final Exception e) { return new Runnable() { @Override public void run() { callback.onFailure(e); } }; } }