Example 1 with OpenUnisonAuthenticator
use of com.tremolosecurity.proxy.auth.webauthn.OpenUnisonAuthenticator in project OpenUnison by TremoloSecurity.
the class WebAuthnRegistration method storeCredential.
private void storeCredential(HttpFilterRequest request) throws ParseException, IOException, ClassNotFoundException, ServletException, Exception {
byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
String requestString = new String(requestBytes, StandardCharsets.UTF_8);
JSONObject root = (JSONObject) new JSONParser().parse(requestString);
if (root.get("label") == null || ((String) root.get("label")).isEmpty()) {
throw new WebAuthnException("Label required");
}
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.getUrlDecoder().decode((String) root.get("serverProperty")));
ObjectInputStream ois = new ObjectInputStream(bais);
ServerProperty serverProperty = (ServerProperty) ois.readObject();
byte[] attestationObject = Base64.getUrlDecoder().decode((String) root.get("attestationObject"));
byte[] clientDataJSON = Base64.getUrlDecoder().decode((String) root.get("clientDataJSON"));
String clientExtensionJSON = (String) root.get("clientExtResults");
Set<String> transports = new HashSet<String>();
// expectations
boolean userVerificationRequired = false;
boolean userPresenceRequired = true;
RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON, clientExtensionJSON, transports);
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, userVerificationRequired, userPresenceRequired);
RegistrationData registrationData;
WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();
try {
registrationData = webAuthnManager.parse(registrationRequest);
} catch (DataConversionException e) {
// If you would like to handle WebAuthn data structure parse error, please catch DataConversionException
throw e;
}
try {
webAuthnManager.validate(registrationData, registrationParameters);
} catch (ValidationException e) {
// If you would like to handle WebAuthn data validation error, please catch ValidationException
throw e;
}
OpenUnisonAuthenticator authenticator = new OpenUnisonAuthenticator((String) root.get("label"), registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), registrationData.getAttestationObject().getAttestationStatement(), registrationData.getAttestationObject().getAuthenticatorData().getSignCount());
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
WebAuthnUserData webAuthnUserData = WebAuthnUtils.lookupWebAuthnUserData(userData, this.challengeStoreAttribute, this.encryptionKeyName);
if (webAuthnUserData == null) {
throw new Exception("No webauthn user data, should not happen");
}
for (OpenUnisonAuthenticator auth : webAuthnUserData.getAuthenticators()) {
if (auth.getLabel().equals(authenticator.getLabel())) {
throw new WebAuthnException("Label already exists, choose another label");
}
}
webAuthnUserData.getAuthenticators().add(authenticator);
WebAuthnUtils.storeWebAuthnUserData(webAuthnUserData, encryptionKeyName, userData, workflowName, uidAttributeName, challengeStoreAttribute);
}
Also used :
RegistrationData(com.webauthn4j.data.RegistrationData)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ServerProperty(com.webauthn4j.server.ServerProperty)
ValidationException(com.webauthn4j.validator.exception.ValidationException)
OpenUnisonAuthenticator(com.tremolosecurity.proxy.auth.webauthn.OpenUnisonAuthenticator)
WebAuthnUserData(com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData)
WebAuthnManager(com.webauthn4j.WebAuthnManager)
RegistrationRequest(com.webauthn4j.data.RegistrationRequest)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ValidationException(com.webauthn4j.validator.exception.ValidationException)
ServletException(javax.servlet.ServletException)
WebAuthnException(com.webauthn4j.util.exception.WebAuthnException)
DataConversionException(com.webauthn4j.converter.exception.DataConversionException)
ParseException(org.json.simple.parser.ParseException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
WebAuthnException(com.webauthn4j.util.exception.WebAuthnException)
JSONObject(org.json.simple.JSONObject)
ByteArrayInputStream(java.io.ByteArrayInputStream)
JSONParser(org.json.simple.parser.JSONParser)
RegistrationParameters(com.webauthn4j.data.RegistrationParameters)
DataConversionException(com.webauthn4j.converter.exception.DataConversionException)
ObjectInputStream(java.io.ObjectInputStream)
HashSet(java.util.HashSet)
Aggregations
AuthController (com.tremolosecurity.proxy.auth.AuthController)1
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1
OpenUnisonAuthenticator (com.tremolosecurity.proxy.auth.webauthn.OpenUnisonAuthenticator)1
WebAuthnUserData (com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData)1
WebAuthnManager (com.webauthn4j.WebAuthnManager)1
DataConversionException (com.webauthn4j.converter.exception.DataConversionException)1
RegistrationData (com.webauthn4j.data.RegistrationData)1
RegistrationParameters (com.webauthn4j.data.RegistrationParameters)1
RegistrationRequest (com.webauthn4j.data.RegistrationRequest)1
ServerProperty (com.webauthn4j.server.ServerProperty)1
WebAuthnException (com.webauthn4j.util.exception.WebAuthnException)1
ValidationException (com.webauthn4j.validator.exception.ValidationException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
ObjectInputStream (java.io.ObjectInputStream)1
MalformedURLException (java.net.MalformedURLException)1
HashSet (java.util.HashSet)1
ServletException (javax.servlet.ServletException)1
JSONObject (org.json.simple.JSONObject)1
JSONParser (org.json.simple.parser.JSONParser)1
