com.github.dbadia.sqrl.server.data

Class SqrlAutoCloseablePersistence

java.lang.Object

com.github.dbadia.sqrl.server.data.SqrlAutoCloseablePersistence

All Implemented Interfaces:

SqrlPersistence, AutoCloseable

public class SqrlAutoCloseablePersistence
extends Object
implements SqrlPersistence, AutoCloseable

Decorator pattern wrapper for SqrlPersistence which, when auto-closed, will call SqrlPersistence.closeRollback() unless a close method was already called; Users must still call SqrlPersistence.closeCommit() during the happy path as the java try-with-resources semantics gives us no way of knowing if an exception was thrown or not

While it is an unfortunate tradeoff to have deviate from the standard try-with-resources pattern, this is the only way we can ensure rollback gets called when both checked and unchecked exceptions occur

Author:

Dave Badia

Constructor Summary

Constructors

Constructor and Description
SqrlAutoCloseablePersistence(SqrlPersistence sqrlPersistence)

Method Summary

Modifier and Type	Method and Description
void	cleanUpExpiredEntries() Delete any expired objects in the persistence store
void	close()
void	closeCommit() Commit all updates since this persistence object was created
void	closeRollback() Ignore all updates since this persistence object was created
void	createAndEnableSqrlIdentity(String sqrlIdk, Map<String,String> identityDataTable) Create a new SqrlIdentity and enable SQRL authentication
SqrlCorrelator	createCorrelator(String correlatorString, Date expiryTime) Create a new correlator instance in the persistence
void	deleteSqrlCorrelator(SqrlCorrelator sqrlCorrelator)
void	deleteSqrlIdentity(String sqrlIdk) Invoked when the user chooses to remove SQRL authentication for this site
boolean	doesSqrlIdentityExistByIdk(String sqrlIdk) Check persistence to see if a user exists with the given sqrlIdk
SqrlCorrelator	fetchSqrlCorrelator(String correlator) Fetch the correlator object for the given string value
SqrlCorrelator	fetchSqrlCorrelatorRequired(String correlator) Fetch the correlator object for the given string value, or throw an exception if it does not exist
Map<String,SqrlCorrelator>	fetchSqrlCorrelatorsDetached(Set<String> correlatorStringSet)
Map<String,SqrlAuthenticationStatus>	fetchSqrlCorrelatorStatusUpdates(Map<String,SqrlAuthenticationStatus> correlatorToCurrentStatusTable) Checks for correlators who's status has changed or is SqrlAuthenticationStatus.AUTH_COMPLETE.
Boolean	fetchSqrlFlagForIdentity(String sqrlIdk, SqrlFlag flagToFetch) Invoked to determine if SQRL auth is enabled for a user
SqrlIdentity	fetchSqrlIdentityByUserXref(String appUserXref) Fetch the sqrl identity for the the given app user cross reference id
String	fetchSqrlIdentityDataItem(String sqrlIdk, String toFetch) Request to the data store to retrieve user specific SQRL data that was previously stored via #userAuthenticatedViaSqrl(String, String, Map)
String	fetchTransientAuthData(String correlator, String transientNameServerParrot) Fetch a short lived name/value for a given correlator and name
boolean	hasTokenBeenUsed(String nutTokenString) Check persistence to see if this token has already been used
boolean	isClosed()
void	markTokenAsUsed(String nutTokenString, Date expiryTime) Mark the given token as used in persistence.
void	setSqrlFlagForIdentity(String sqrlIdk, SqrlFlag flagToSet, boolean valueToSet) Invoked when the user chooses to temporarily disable SQRL authentication for this site
void	storeSqrlDataForSqrlIdentity(String sqrlIdk, Map<String,String> dataToStore) Indicates that we have received user specific data from the SQRL client that needs to be stored for the user; NOTE this is often the first call made for a new SQRL identity, so if the identity does not currently exist, it must be created
void	updateIdkForSqrlIdentity(String previousSqrlIdk, String newSqrlIdk) The user has updated their SQRL ID but this application is still using the old one.
void	updateNativeUserXref(long sqrlIdentityId, String nativeUserXref) Called to assign a native user cross reference to the given SQRL identity object so when SQRL authentication takes place, the application knows which user has authenticated
void	userAuthenticatedViaSqrl(String sqrlIdk, String correlator) Indicates that a user was authenticated successfully via SQRL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SqrlAutoCloseablePersistence

public SqrlAutoCloseablePersistence(SqrlPersistence sqrlPersistence)

Method Detail

close

public void close()

Specified by:

close in interface AutoCloseable

createAndEnableSqrlIdentity

public void createAndEnableSqrlIdentity(String sqrlIdk,
                                        Map<String,String> identityDataTable)

Description copied from interface: SqrlPersistence

Create a new SqrlIdentity and enable SQRL authentication

Specified by:

createAndEnableSqrlIdentity in interface SqrlPersistence

Parameters:

sqrlIdk - the idk of the SQRL identity

identityDataTable - auth data for this SQRL identity

doesSqrlIdentityExistByIdk

public boolean doesSqrlIdentityExistByIdk(String sqrlIdk)

Description copied from interface: SqrlPersistence

Check persistence to see if a user exists with the given sqrlIdk

Specified by:

doesSqrlIdentityExistByIdk in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID to check for

Returns:

true if sqrlIdk exists, false otherwise

fetchSqrlIdentityByUserXref

public SqrlIdentity fetchSqrlIdentityByUserXref(String appUserXref)

Description copied from interface: SqrlPersistence

Fetch the sqrl identity for the the given app user cross reference id

Specified by:

fetchSqrlIdentityByUserXref in interface SqrlPersistence

Parameters:

appUserXref - the app user cross reference value to search by

Returns:

the SQRL identity for this app user

updateIdkForSqrlIdentity

public void updateIdkForSqrlIdentity(String previousSqrlIdk,
                                     String newSqrlIdk)

Description copied from interface: SqrlPersistence

The user has updated their SQRL ID but this application is still using the old one. The application must lookup the user by previousSqrlIdk, and replace that SQRL ID with nnewSqrlIdk

Specified by:

updateIdkForSqrlIdentity in interface SqrlPersistence

Parameters:

previousSqrlIdk - the old SQRL ID, which is present in persistence

newSqrlIdk - the new SQRL ID, which should replace previousSqrlIdk in persistence

deleteSqrlIdentity

public void deleteSqrlIdentity(String sqrlIdk)

Description copied from interface: SqrlPersistence

Invoked when the user chooses to remove SQRL authentication for this site

Specified by:

deleteSqrlIdentity in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which represents the user.

updateNativeUserXref

public void updateNativeUserXref(long sqrlIdentityId,
                                 String nativeUserXref)

Description copied from interface: SqrlPersistence

Called to assign a native user cross reference to the given SQRL identity object so when SQRL authentication takes place, the application knows which user has authenticated

Specified by:

updateNativeUserXref in interface SqrlPersistence

Parameters:

sqrlIdentityId - the SQRL identity to update

nativeUserXref - the applications native user id for this user

userAuthenticatedViaSqrl

public void userAuthenticatedViaSqrl(String sqrlIdk,
                                     String correlator)

Description copied from interface: SqrlPersistence

Indicates that a user was authenticated successfully via SQRL. The webapp must use the given parameters to:

• Find the users web session by using nutToken as a correlator
• Determine if the sqrlUserId is already associated with an account or not. If not, ask the user if the have an existing username/password. If not, enroll the user as new
• Follow the webapp flow as if the user logged in via username and password. That is, lookup customer data and display the relevant content

Specified by:

userAuthenticatedViaSqrl in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which the user authenticated with.

correlator - The correlator ID that was generated when the login page was presented and embedded in the sqrl url

fetchSqrlFlagForIdentity

public Boolean fetchSqrlFlagForIdentity(String sqrlIdk,
                                        SqrlFlag flagToFetch)

Description copied from interface: SqrlPersistence

Invoked to determine if SQRL auth is enabled for a user

Specified by:

fetchSqrlFlagForIdentity in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which represents the user.

Returns:

the auth state of the SQRL user or SqrlEaabledState#NOT_EXIST if there is none

setSqrlFlagForIdentity

public void setSqrlFlagForIdentity(String sqrlIdk,
                                   SqrlFlag flagToSet,
                                   boolean valueToSet)

Description copied from interface: SqrlPersistence

Invoked when the user chooses to temporarily disable SQRL authentication for this site

Specified by:

setSqrlFlagForIdentity in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which represents the user.

storeSqrlDataForSqrlIdentity

public void storeSqrlDataForSqrlIdentity(String sqrlIdk,
                                         Map<String,String> dataToStore)

Description copied from interface: SqrlPersistence

Indicates that we have received user specific data from the SQRL client that needs to be stored for the user; NOTE this is often the first call made for a new SQRL identity, so if the identity does not currently exist, it must be created

Specified by:

storeSqrlDataForSqrlIdentity in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which the user authenticated with.

dataToStore - SQRL related data that must be persisted for this user and be retreivable via SqrlPersistence.fetchSqrlIdentityDataItem(String, String)

fetchSqrlIdentityDataItem

public String fetchSqrlIdentityDataItem(String sqrlIdk,
                                        String toFetch)

Description copied from interface: SqrlPersistence

Request to the data store to retrieve user specific SQRL data that was previously stored via #userAuthenticatedViaSqrl(String, String, Map)

Specified by:

fetchSqrlIdentityDataItem in interface SqrlPersistence

Parameters:

sqrlIdk - the SQRL ID which the user authenticated with.

toFetch - The name of the SQRL data to be fetched. Was the key in the Map when

Returns:

the data or null if it does not exist

hasTokenBeenUsed

public boolean hasTokenBeenUsed(String nutTokenString)

Description copied from interface: SqrlPersistence

Check persistence to see if this token has already been used

Specified by:

hasTokenBeenUsed in interface SqrlPersistence

Parameters:

nutTokenString - the SqrlNutToken token in sqbase64 format as received from the client the token sent by the SQRL client in the request

Returns:

true if the token was already used, false if not

markTokenAsUsed

public void markTokenAsUsed(String nutTokenString,
                            Date expiryTime)

Description copied from interface: SqrlPersistence

Mark the given token as used in persistence. After this call, any subsequent calls to #hasTokenBeenUsed(SqrlNutToken) must return true for this token until expiryTime. Once the expiryTime has been reached, persistence cleanup can occur and this token can be deleted from persistence

Specified by:

markTokenAsUsed in interface SqrlPersistence

Parameters:

nutTokenString - the SqrlNutToken token in sqbase64 format as received from the client

expiryTime - the time at which this token can safely be deleted from persistence since it will fail timestamp validation

fetchTransientAuthData

public String fetchTransientAuthData(String correlator,
                                     String transientNameServerParrot)

Description copied from interface: SqrlPersistence

Fetch a short lived name/value for a given correlator and name

Specified by:

fetchTransientAuthData in interface SqrlPersistence

Parameters:

correlator - correlator to which this data belongs

Returns:

the value for the correlator and name or null if it does not exist

createCorrelator

public SqrlCorrelator createCorrelator(String correlatorString,
                                       Date expiryTime)

Description copied from interface: SqrlPersistence

Create a new correlator instance in the persistence

Specified by:

createCorrelator in interface SqrlPersistence

Parameters:

correlatorString - the correlator value string

expiryTime - the time at which this correlator expires

Returns:

fetchSqrlCorrelator

public SqrlCorrelator fetchSqrlCorrelator(String correlator)

Description copied from interface: SqrlPersistence

Fetch the correlator object for the given string value

Specified by:

fetchSqrlCorrelator in interface SqrlPersistence

Parameters:

correlator - the string value to search for

Returns:

the correlator object or null if it does not exist

fetchSqrlCorrelatorRequired

public SqrlCorrelator fetchSqrlCorrelatorRequired(String correlator)

Description copied from interface: SqrlPersistence

Fetch the correlator object for the given string value, or throw an exception if it does not exist

Specified by:

fetchSqrlCorrelatorRequired in interface SqrlPersistence

Parameters:

correlator - the string value to search for

Returns:

the non-null correlator object

closeCommit

public void closeCommit()

Description copied from interface: SqrlPersistence

Commit all updates since this persistence object was created

Specified by:

closeCommit in interface SqrlPersistence

closeRollback

public void closeRollback()

Description copied from interface: SqrlPersistence

Ignore all updates since this persistence object was created

Specified by:

closeRollback in interface SqrlPersistence

isClosed

public boolean isClosed()

Specified by:

isClosed in interface SqrlPersistence

Returns:

true if this persistence object has been closed

cleanUpExpiredEntries

public void cleanUpExpiredEntries()

Description copied from interface: SqrlPersistence

Delete any expired objects in the persistence store

Specified by:

cleanUpExpiredEntries in interface SqrlPersistence

fetchSqrlCorrelatorsDetached

public Map<String,SqrlCorrelator> fetchSqrlCorrelatorsDetached(Set<String> correlatorStringSet)

Specified by:

fetchSqrlCorrelatorsDetached in interface SqrlPersistence

fetchSqrlCorrelatorStatusUpdates

public Map<String,SqrlAuthenticationStatus> fetchSqrlCorrelatorStatusUpdates(Map<String,SqrlAuthenticationStatus> correlatorToCurrentStatusTable)

Description copied from interface: SqrlPersistence

Checks for correlators who's status has changed or is SqrlAuthenticationStatus.AUTH_COMPLETE. Complete state is always returned in case the client didn't get the update the first time it was sent

Specified by:

fetchSqrlCorrelatorStatusUpdates in interface SqrlPersistence

Parameters:

correlatorToCurrentStatusTable - table of string correlators and their current state as sent by the browser

Returns:

table of correlators and their updated (or complete) states

deleteSqrlCorrelator

public void deleteSqrlCorrelator(SqrlCorrelator sqrlCorrelator)

Specified by:

deleteSqrlCorrelator in interface SqrlPersistence