Package net.shibboleth.idp.plugin.authn.duo.impl

Class DuoSupport

java.lang.Object

net.shibboleth.idp.plugin.authn.duo.impl.DuoSupport

@ThreadSafe
public final class DuoSupport
extends Object

Helper methods for Duo 2FA.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	DuoSupport()	Private Constructor.

Method Summary

Modifier and Type	Method	Description
(package private) static String	extractKeyFromState(String state)	Extract the key component from the state.
(package private) static String	extractNonceFromState(String state)	Extract the nonce component from the state.
(package private) static String	generateNonce(Integer length)	Generates a random identifier to be used as a nonce.
(package private) static String	generateState(String nonce, String key)	Generate a state parameter from a nonce component and an execution key component.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DuoSupport

private DuoSupport()

Private Constructor.

Method Detail

generateNonce

@Nonnull
static String generateNonce(@Nonnull
                            Integer length)

Generates a random identifier to be used as a nonce.

Parameters:

length - the length of the parameter, minimum allowed is 22.

Returns:

the randomly generated nonce value.

generateState

@Nonnull
static String generateState(@Nonnull
                            String nonce,
                            @Nonnull
                            String key)

Generate a state parameter from a nonce component and an execution key component.

The nonce is separated from the key by a dot e.g. <nonce>.<keyHex>.

The nonce is assumed to be already encoded in its transmission format e.g. Hex. The key is hex encoded before it is combined with the nonce. The result is assumed URL encoded e.g. inside the allowed set of URI characters or, no character in the state is from the URI reserved set.

Parameters:

nonce - the nonce component.

key - the key component. The key is hex encoded before it is added to the generated state.

Returns:

the combined state component.

extractKeyFromState

@Nonnull
static String extractKeyFromState(@Nonnull
                                  String state)
                           throws DuoException

Extract the key component from the state. The key is hex encoded and separated from the nonce value by a dot.

Parameters:

state - the state which contains both the nonce and the key dot separated.

Returns:

the key extracted from the state and hex decoded.

Throws:

DuoException - if the key component can not be found, or hex decoding fails.

extractNonceFromState

@Nonnull
static String extractNonceFromState(@Nonnull
                                    String state)
                             throws DuoException

Extract the nonce component from the state. The nonce is separated from the key by a dot, and is assumed to be the first value of the pair.

Parameters:

state - the state which contains both the nonce and the key dot separated.

Returns:

the nonce extracted from the state.

Throws:

DuoException - if the nonce component can not be found.