Examples with CollectedClientDataConverter com.webauthn4j.converter.CollectedClientDataConverter used on opensource projects

Example 1 with CollectedClientDataConverter

use of com.webauthn4j.converter.CollectedClientDataConverter in project webauthn4j by webauthn4j.

the class PackedAttestationStatementValidatorTest method validate.

private void validate(byte[] clientDataBytes, AttestationObject attestationObject) {
    byte[] attestationObjectBytes = new AttestationObjectConverter(objectConverter).convertToBytes(attestationObject);
    Origin origin = new Origin(originUrl);
    Challenge challenge = (Challenge) () -> Base64UrlUtil.decode(challengeString);
    CollectedClientData collectedClientData = new CollectedClientDataConverter(objectConverter).convert(clientDataBytes);
    Set<AuthenticatorTransport> transports = Collections.emptySet();
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> authenticationExtensionsClientOutputs = new AuthenticationExtensionsClientOutputs<>();
    RegistrationObject registrationObject = new RegistrationObject(attestationObject, attestationObjectBytes, collectedClientData, clientDataBytes, authenticationExtensionsClientOutputs, transports, new ServerProperty(origin, rpId, challenge, tokenBindingId));
    target.validate(registrationObject);
}

Example 2 with CollectedClientDataConverter

use of com.webauthn4j.converter.CollectedClientDataConverter in project webauthn4j-spring-security by webauthn4j.

the class Base64UrlStringToCollectedClientDataConverterTest method convert_test.

@Test
public void convert_test() {
    CollectedClientData expected = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_GET);
    String source = new CollectedClientDataConverter(objectConverter).convertToBase64UrlString(expected);
    CollectedClientData result = new Base64UrlStringToCollectedClientDataConverter(objectConverter).convert(source);
    assertThat(result).isEqualTo(expected);
}

Example 3 with CollectedClientDataConverter

use of com.webauthn4j.converter.CollectedClientDataConverter in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorRegistrationValidationTest method validate_malicious_client_data_test.

@Test
void validate_malicious_client_data_test() {
    Origin phishingSiteOrigin = new Origin("http://phishing.site.example.com");
    Origin validSiteOrigin = new Origin("http://valid.site.example.com");
    Origin phishingSiteClaimingOrigin = new Origin("http://valid.site.example.com");
    // client platform loads phishing site
    ClientPlatform clientPlatform = new ClientPlatform(phishingSiteOrigin, new FIDOU2FAuthenticatorAdaptor());
    String rpId = "valid.site.example.com";
    Challenge challenge = new DefaultChallenge();
    PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
    AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, "valid.site.example.com"), new PublicKeyCredentialUserEntity(new byte[32], "username", "displayName"), challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, extensions);
    AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    CollectedClientData maliciousClientData = new CollectedClientData(ClientDataType.WEBAUTHN_CREATE, challenge, phishingSiteClaimingOrigin, null);
    byte[] maliciousClientDataBytes = new CollectedClientDataConverter(objectConverter).convertToBytes(maliciousClientData);
    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
    ServerProperty serverProperty = new ServerProperty(validSiteOrigin, rpId, challenge, null);
    RegistrationRequest registrationRequest = new RegistrationRequest(authenticatorAttestationResponse.getAttestationObject(), maliciousClientDataBytes, transports);
    RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, null, false, true);
    assertThrows(BadSignatureException.class, () -> target.validate(registrationRequest, registrationParameters));
}

Example 4 with CollectedClientDataConverter

use of com.webauthn4j.converter.CollectedClientDataConverter in project webauthn4j by webauthn4j.

the class RegistrationObjectTest method equals_hashCode_test.

@Test
void equals_hashCode_test() {
    CollectedClientData clientData = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_CREATE);
    byte[] clientDataBytes = new CollectedClientDataConverter(objectConverter).convertToBytes(clientData);
    AttestationObject attestationObject = TestDataUtil.createAttestationObjectWithFIDOU2FAttestationStatement();
    byte[] attestationObjectBytes = new AttestationObjectConverter(objectConverter).convertToBytes(attestationObject);
    Set<AuthenticatorTransport> transports = Collections.emptySet();
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensions = new AuthenticationExtensionsClientOutputs<>();
    ServerProperty serverProperty = TestDataUtil.createServerProperty();
    Instant timestamp = Instant.now();
    RegistrationObject instanceA = new RegistrationObject(attestationObject, attestationObjectBytes, clientData, clientDataBytes, clientExtensions, transports, serverProperty, timestamp);
    RegistrationObject instanceB = new RegistrationObject(attestationObject, attestationObjectBytes, clientData, clientDataBytes, clientExtensions, transports, serverProperty, timestamp);
    assertAll(() -> assertThat(instanceA).isEqualTo(instanceB), () -> assertThat(instanceA).hasSameHashCodeAs(instanceB));
}

Example 5 with CollectedClientDataConverter

use of com.webauthn4j.converter.CollectedClientDataConverter in project webauthn4j by webauthn4j.

the class RegistrationObjectTest method getter_test.

@Test
void getter_test() {
    CollectedClientData clientData = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_CREATE);
    byte[] clientDataBytes = new CollectedClientDataConverter(objectConverter).convertToBytes(clientData);
    AttestationObject attestationObject = TestDataUtil.createAttestationObjectWithFIDOU2FAttestationStatement();
    byte[] attestationObjectBytes = new AttestationObjectConverter(objectConverter).convertToBytes(attestationObject);
    AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = TestDataUtil.createAuthenticatorData();
    byte[] authenticatorDataBytes = new AuthenticatorDataConverter(objectConverter).convert(authenticatorData);
    Set<AuthenticatorTransport> transports = Collections.emptySet();
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensions = new AuthenticationExtensionsClientOutputs<>();
    ServerProperty serverProperty = TestDataUtil.createServerProperty();
    Instant timestamp = Instant.now();
    RegistrationObject registrationObject = new RegistrationObject(attestationObject, attestationObjectBytes, clientData, clientDataBytes, clientExtensions, transports, serverProperty, timestamp);
    assertAll(() -> assertThat(registrationObject.getCollectedClientData()).isEqualTo(clientData), () -> assertThat(registrationObject.getCollectedClientDataBytes()).isEqualTo(clientDataBytes), () -> assertThat(registrationObject.getAttestationObject()).isEqualTo(attestationObject), () -> assertThat(registrationObject.getAttestationObjectBytes()).isEqualTo(attestationObjectBytes), () -> assertThat(registrationObject.getAuthenticatorDataBytes()).isEqualTo(authenticatorDataBytes), () -> assertThat(registrationObject.getTransports()).isEqualTo(transports), () -> assertThat(registrationObject.getClientExtensions()).isEqualTo(clientExtensions), () -> assertThat(registrationObject.getServerProperty()).isEqualTo(serverProperty), () -> assertThat(registrationObject.getTimestamp()).isEqualTo(timestamp));
}