use of com.google.u2f.server.data.SignSessionData in project OpenUnison by TremoloSecurity.
the class U2FServerUnison method getSignRequest.
@Override
public U2fSignRequest getSignRequest(String accountName, String appId) throws U2FException {
if (log.isDebugEnabled()) {
log.debug(">> getSignRequest " + accountName);
}
List<SecurityKeyData> securityKeyDataList = dataStore.getSecurityKeyData(accountName);
byte[] challenge = challengeGenerator.generateChallenge(accountName);
String challengeBase64 = Base64.encodeBase64URLSafeString(challenge);
ImmutableList.Builder<RegisteredKey> registeredKeys = ImmutableList.builder();
if (log.isDebugEnabled()) {
log.debug(" challenge: " + Hex.encodeHexString(challenge));
}
for (SecurityKeyData securityKeyData : securityKeyDataList) {
SignSessionData sessionData = new SignSessionData(accountName, appId, challenge, securityKeyData.getPublicKey());
String sessionId = dataStore.storeSessionData(sessionData);
byte[] keyHandle = securityKeyData.getKeyHandle();
List<Transports> transports = securityKeyData.getTransports();
if (log.isDebugEnabled()) {
log.debug("-- Output --");
log.debug(" sessionId: " + sessionId);
log.debug(" keyHandle: " + Hex.encodeHexString(keyHandle));
}
String keyHandleBase64 = Base64.encodeBase64URLSafeString(keyHandle);
if (log.isDebugEnabled()) {
log.debug("<< getRegisteredKey " + accountName);
}
registeredKeys.add(new RegisteredKey(U2FConsts.U2F_V2, keyHandleBase64, transports, appId, sessionId));
}
return new U2fSignRequest(challengeBase64, registeredKeys.build());
}
use of com.google.u2f.server.data.SignSessionData in project OpenUnison by TremoloSecurity.
the class U2FServerReferenceImpl method processSignResponse.
@Override
public SecurityKeyData processSignResponse(SignResponse signResponse) throws U2FException {
Log.info(">> processSignResponse");
String sessionId = signResponse.getSessionId();
String browserDataBase64 = signResponse.getClientData();
String rawSignDataBase64 = signResponse.getSignatureData();
SignSessionData sessionData = dataStore.getSignSessionData(sessionId);
if (sessionData == null) {
throw new U2FException("Unknown session_id");
}
String appId = sessionData.getAppId();
SecurityKeyData securityKeyData = null;
for (SecurityKeyData temp : dataStore.getSecurityKeyData(sessionData.getAccountName())) {
if (Arrays.equals(sessionData.getPublicKey(), temp.getPublicKey())) {
securityKeyData = temp;
break;
}
}
if (securityKeyData == null) {
throw new U2FException("No security keys registered for this user");
}
String browserData = new String(Base64.decodeBase64(browserDataBase64));
byte[] rawSignData = Base64.decodeBase64(rawSignDataBase64);
Log.info("-- Input --");
Log.info(" sessionId: " + sessionId);
Log.info(" publicKey: " + Hex.encodeHexString(securityKeyData.getPublicKey()));
Log.info(" challenge: " + Hex.encodeHexString(sessionData.getChallenge()));
Log.info(" accountName: " + sessionData.getAccountName());
Log.info(" browserData: " + browserData);
Log.info(" rawSignData: " + Hex.encodeHexString(rawSignData));
verifyBrowserData(new JsonParser().parse(browserData), "navigator.id.getAssertion", sessionData);
AuthenticateResponse authenticateResponse = RawMessageCodec.decodeAuthenticateResponse(rawSignData);
byte userPresence = authenticateResponse.getUserPresence();
int counter = authenticateResponse.getCounter();
byte[] signature = authenticateResponse.getSignature();
Log.info("-- Parsed rawSignData --");
Log.info(" userPresence: " + Integer.toHexString(userPresence & 0xFF));
Log.info(" counter: " + counter);
Log.info(" signature: " + Hex.encodeHexString(signature));
if ((userPresence & UserPresenceVerifier.USER_PRESENT_FLAG) == 0) {
throw new U2FException("User presence invalid during authentication");
}
if (counter <= securityKeyData.getCounter()) {
throw new U2FException("Counter value smaller than expected!");
}
byte[] appIdSha256 = crypto.computeSha256(appId.getBytes());
byte[] browserDataSha256 = crypto.computeSha256(browserData.getBytes());
byte[] signedBytes = RawMessageCodec.encodeAuthenticateSignedBytes(appIdSha256, userPresence, counter, browserDataSha256);
Log.info("Verifying signature of bytes " + Hex.encodeHexString(signedBytes));
if (!crypto.verifySignature(crypto.decodePublicKey(securityKeyData.getPublicKey()), signedBytes, signature)) {
throw new U2FException("Signature is invalid");
}
dataStore.updateSecurityKeyCounter(sessionData.getAccountName(), securityKeyData.getPublicKey(), counter);
Log.info("<< processSignResponse");
return securityKeyData;
}
use of com.google.u2f.server.data.SignSessionData in project OpenUnison by TremoloSecurity.
the class U2FServerReferenceImpl method getSignRequest.
@Override
public U2fSignRequest getSignRequest(String accountName, String appId) throws U2FException {
Log.info(">> getSignRequest " + accountName);
List<SecurityKeyData> securityKeyDataList = dataStore.getSecurityKeyData(accountName);
byte[] challenge = challengeGenerator.generateChallenge(accountName);
String challengeBase64 = Base64.encodeBase64URLSafeString(challenge);
ImmutableList.Builder<RegisteredKey> registeredKeys = ImmutableList.builder();
Log.info(" challenge: " + Hex.encodeHexString(challenge));
for (SecurityKeyData securityKeyData : securityKeyDataList) {
SignSessionData sessionData = new SignSessionData(accountName, appId, challenge, securityKeyData.getPublicKey());
String sessionId = dataStore.storeSessionData(sessionData);
byte[] keyHandle = securityKeyData.getKeyHandle();
List<Transports> transports = securityKeyData.getTransports();
Log.info("-- Output --");
Log.info(" sessionId: " + sessionId);
Log.info(" keyHandle: " + Hex.encodeHexString(keyHandle));
String keyHandleBase64 = Base64.encodeBase64URLSafeString(keyHandle);
Log.info("<< getRegisteredKey " + accountName);
registeredKeys.add(new RegisteredKey(U2FConsts.U2F_V2, keyHandleBase64, transports, appId, sessionId));
}
return new U2fSignRequest(challengeBase64, registeredKeys.build());
}
use of com.google.u2f.server.data.SignSessionData in project OpenUnison by TremoloSecurity.
the class U2FServerUnison method processSignResponse.
@Override
public SecurityKeyData processSignResponse(SignResponse signResponse) throws U2FException {
if (log.isDebugEnabled()) {
log.debug(">> processSignResponse");
}
String sessionId = signResponse.getSessionId();
String browserDataBase64 = signResponse.getClientData();
String rawSignDataBase64 = signResponse.getSignatureData();
SignSessionData sessionData = dataStore.getSignSessionData(sessionId);
if (sessionData == null) {
throw new U2FException("Unknown session_id");
}
String appId = sessionData.getAppId();
SecurityKeyData securityKeyData = null;
for (SecurityKeyData temp : dataStore.getSecurityKeyData(sessionData.getAccountName())) {
if (Arrays.equals(sessionData.getPublicKey(), temp.getPublicKey())) {
securityKeyData = temp;
break;
}
}
if (securityKeyData == null) {
throw new U2FException("No security keys registered for this user");
}
String browserData = new String(Base64.decodeBase64(browserDataBase64));
byte[] rawSignData = Base64.decodeBase64(rawSignDataBase64);
if (log.isDebugEnabled()) {
log.debug("-- Input --");
log.debug(" sessionId: " + sessionId);
log.debug(" publicKey: " + Hex.encodeHexString(securityKeyData.getPublicKey()));
log.debug(" challenge: " + Hex.encodeHexString(sessionData.getChallenge()));
log.debug(" accountName: " + sessionData.getAccountName());
log.debug(" browserData: " + browserData);
log.debug(" rawSignData: " + Hex.encodeHexString(rawSignData));
}
verifyBrowserData(new JsonParser().parse(browserData), "navigator.id.getAssertion", sessionData);
AuthenticateResponse authenticateResponse = RawMessageCodec.decodeAuthenticateResponse(rawSignData);
byte userPresence = authenticateResponse.getUserPresence();
int counter = authenticateResponse.getCounter();
byte[] signature = authenticateResponse.getSignature();
if (log.isDebugEnabled()) {
log.debug("-- Parsed rawSignData --");
log.debug(" userPresence: " + Integer.toHexString(userPresence & 0xFF));
log.debug(" counter: " + counter);
log.debug(" signature: " + Hex.encodeHexString(signature));
}
if ((userPresence & UserPresenceVerifier.USER_PRESENT_FLAG) == 0) {
throw new U2FException("User presence invalid during authentication");
}
if (counter <= securityKeyData.getCounter()) {
throw new U2FException("Counter value smaller than expected!");
}
byte[] appIdSha256 = crypto.computeSha256(appId.getBytes());
byte[] browserDataSha256 = crypto.computeSha256(browserData.getBytes());
byte[] signedBytes = RawMessageCodec.encodeAuthenticateSignedBytes(appIdSha256, userPresence, counter, browserDataSha256);
if (log.isDebugEnabled()) {
log.debug("Verifying signature of bytes " + Hex.encodeHexString(signedBytes));
}
if (!crypto.verifySignature(crypto.decodePublicKey(securityKeyData.getPublicKey()), signedBytes, signature)) {
throw new U2FException("Signature is invalid");
}
dataStore.updateSecurityKeyCounter(sessionData.getAccountName(), securityKeyData.getPublicKey(), counter);
if (log.isDebugEnabled()) {
log.debug("<< processSignResponse");
}
return securityKeyData;
}
Aggregations