use of com.tremolosecurity.proxy.auth.webauthn.OpenUnisonAuthenticator in project OpenUnison by TremoloSecurity.
the class WebAuthnRegistration method storeCredential.
private void storeCredential(HttpFilterRequest request) throws ParseException, IOException, ClassNotFoundException, ServletException, Exception {
byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
String requestString = new String(requestBytes, StandardCharsets.UTF_8);
JSONObject root = (JSONObject) new JSONParser().parse(requestString);
if (root.get("label") == null || ((String) root.get("label")).isEmpty()) {
throw new WebAuthnException("Label required");
}
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.getUrlDecoder().decode((String) root.get("serverProperty")));
ObjectInputStream ois = new ObjectInputStream(bais);
ServerProperty serverProperty = (ServerProperty) ois.readObject();
byte[] attestationObject = Base64.getUrlDecoder().decode((String) root.get("attestationObject"));
byte[] clientDataJSON = Base64.getUrlDecoder().decode((String) root.get("clientDataJSON"));
String clientExtensionJSON = (String) root.get("clientExtResults");
Set<String> transports = new HashSet<String>();
// expectations
boolean userVerificationRequired = false;
boolean userPresenceRequired = true;
RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON, clientExtensionJSON, transports);
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, userVerificationRequired, userPresenceRequired);
RegistrationData registrationData;
WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();
try {
registrationData = webAuthnManager.parse(registrationRequest);
} catch (DataConversionException e) {
// If you would like to handle WebAuthn data structure parse error, please catch DataConversionException
throw e;
}
try {
webAuthnManager.validate(registrationData, registrationParameters);
} catch (ValidationException e) {
// If you would like to handle WebAuthn data validation error, please catch ValidationException
throw e;
}
OpenUnisonAuthenticator authenticator = new OpenUnisonAuthenticator((String) root.get("label"), registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), registrationData.getAttestationObject().getAttestationStatement(), registrationData.getAttestationObject().getAuthenticatorData().getSignCount());
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
WebAuthnUserData webAuthnUserData = WebAuthnUtils.lookupWebAuthnUserData(userData, this.challengeStoreAttribute, this.encryptionKeyName);
if (webAuthnUserData == null) {
throw new Exception("No webauthn user data, should not happen");
}
for (OpenUnisonAuthenticator auth : webAuthnUserData.getAuthenticators()) {
if (auth.getLabel().equals(authenticator.getLabel())) {
throw new WebAuthnException("Label already exists, choose another label");
}
}
webAuthnUserData.getAuthenticators().add(authenticator);
WebAuthnUtils.storeWebAuthnUserData(webAuthnUserData, encryptionKeyName, userData, workflowName, uidAttributeName, challengeStoreAttribute);
}
Aggregations