Search in sources :

Example 6 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j by webauthn4j.

the class AttestationObjectConverter method convert.

// ~ Methods
// ================================================================================================
/**
 * Converts from a base64url {@link String} to {@link AttestationObject}.
 *
 * @param source the source byte array to convert
 * @return the converted object
 */
@Nullable
public AttestationObject convert(@NonNull String source) {
    try {
        AssertUtil.notNull(source, SOURCE_NULL_CHECK_MESSAGE);
        byte[] value = Base64UrlUtil.decode(source);
        return convert(value);
    } catch (IllegalArgumentException e) {
        throw new DataConversionException(e);
    }
}
Also used : DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Nullable(org.checkerframework.checker.nullness.qual.Nullable)

Example 7 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j by webauthn4j.

the class AuthenticatorDataConverter method convert.

// ~ Methods
// ================================================================================================
/**
 * Converts from a {@link AuthenticatorData} to byte[].
 *
 * @param source the source object to convert
 * @param <T>    extension type
 * @return the converted byte array
 */
@NonNull
public <T extends ExtensionAuthenticatorOutput> byte[] convert(@NonNull AuthenticatorData<T> source) {
    try {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] rpIdHash = source.getRpIdHash();
        byteArrayOutputStream.write(rpIdHash);
        byteArrayOutputStream.write(new byte[] { source.getFlags() });
        byteArrayOutputStream.write(UnsignedNumberUtil.toBytes(source.getSignCount()));
        if (source.getAttestedCredentialData() != null) {
            byteArrayOutputStream.write(attestedCredentialDataConverter.convert(source.getAttestedCredentialData()));
        }
        byteArrayOutputStream.write(convert(source.getExtensions()));
        return byteArrayOutputStream.toByteArray();
    } catch (IllegalArgumentException e) {
        throw new DataConversionException(e);
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
}
Also used : UncheckedIOException(java.io.UncheckedIOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) DataConversionException(com.webauthn4j.converter.exception.DataConversionException) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 8 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j by webauthn4j.

the class CollectedClientDataConverter method convert.

// ~ Methods
// ================================================================================================
/**
 * Converts from a base64url {@link String} to {@link CollectedClientData}.
 *
 * @param base64UrlString the source byte array to convert
 * @return the converted object
 */
@Nullable
public CollectedClientData convert(@NonNull String base64UrlString) {
    try {
        AssertUtil.notNull(base64UrlString, "base64UrlString must not be null");
        byte[] bytes = Base64UrlUtil.decode(base64UrlString);
        return convert(bytes);
    } catch (IllegalArgumentException e) {
        throw new DataConversionException(e);
    }
}
Also used : DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Nullable(org.checkerframework.checker.nullness.qual.Nullable)

Example 9 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j by webauthn4j.

the class CollectedClientDataConverter method convert.

/**
 * Converts from a byte array to {@link CollectedClientData}.
 *
 * @param source the source byte array to convert
 * @return the converted object
 */
@Nullable
public CollectedClientData convert(@NonNull byte[] source) {
    try {
        AssertUtil.notNull(source, "source must not be null");
        String jsonString = new String(source, StandardCharsets.UTF_8);
        return jsonConverter.readValue(jsonString, CollectedClientData.class);
    } catch (IllegalArgumentException e) {
        throw new DataConversionException(e);
    }
}
Also used : DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Nullable(org.checkerframework.checker.nullness.qual.Nullable)

Example 10 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAttestationOptionsEndpointFilter method processRequest.

@Override
protected ServerResponse processRequest(HttpServletRequest request) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredentialCreationOptionsRequest serverRequest = objectConverter.getJsonConverter().readValue(inputStream, ServerPublicKeyCredentialCreationOptionsRequest.class);
        String username = serverRequest.getUsername();
        String displayName = serverRequest.getDisplayName();
        Challenge challenge = serverEndpointFilterUtil.encodeUsername(new DefaultChallenge(), username);
        challengeRepository.saveChallenge(challenge, request);
        // TODO: UsernamePasswordAuthenticationToken should not be used here in this way
        AttestationOptions attestationOptions = optionsProvider.getAttestationOptions(request, new UsernamePasswordAuthenticationToken(username, null, Collections.emptyList()));
        String userHandle;
        if (attestationOptions.getUser() == null) {
            userHandle = Base64UrlUtil.encodeToString(generateUserHandle());
        } else {
            userHandle = Base64UrlUtil.encodeToString(attestationOptions.getUser().getId());
        }
        ServerPublicKeyCredentialUserEntity user = new ServerPublicKeyCredentialUserEntity(userHandle, username, displayName);
        List<ServerPublicKeyCredentialDescriptor> credentials = attestationOptions.getExcludeCredentials().stream().map(credential -> new ServerPublicKeyCredentialDescriptor(credential.getType(), Base64UrlUtil.encodeToString(credential.getId()), credential.getTransports())).collect(Collectors.toList());
        AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> authenticationExtensionsClientInputs;
        if (serverRequest.getExtensions() != null) {
            authenticationExtensionsClientInputs = serverRequest.getExtensions();
        } else {
            authenticationExtensionsClientInputs = attestationOptions.getExtensions();
        }
        return new ServerPublicKeyCredentialCreationOptionsResponse(attestationOptions.getRp(), user, Base64UrlUtil.encodeToString(attestationOptions.getChallenge().getValue()), attestationOptions.getPubKeyCredParams(), attestationOptions.getTimeout(), credentials, serverRequest.getAuthenticatorSelection(), serverRequest.getAttestation(), authenticationExtensionsClientInputs);
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions) IOException(java.io.IOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) UUID(java.util.UUID) ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) Collectors(java.util.stream.Collectors) ByteBuffer(java.nio.ByteBuffer) AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs) AttestationOptionsProvider(com.webauthn4j.springframework.security.options.AttestationOptionsProvider) UncheckedIOException(java.io.UncheckedIOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) List(java.util.List) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput) DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Collections(java.util.Collections) Assert(org.springframework.util.Assert) InputStream(java.io.InputStream) InputStream(java.io.InputStream) AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions) UncheckedIOException(java.io.UncheckedIOException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Aggregations

DataConversionException (com.webauthn4j.converter.exception.DataConversionException)18 IOException (java.io.IOException)8 ValidationException (com.webauthn4j.validator.exception.ValidationException)6 UncheckedIOException (java.io.UncheckedIOException)6 ServerProperty (com.webauthn4j.server.ServerProperty)5 NonNull (org.checkerframework.checker.nullness.qual.NonNull)5 Challenge (com.webauthn4j.data.client.challenge.Challenge)4 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)4 InputStream (java.io.InputStream)4 Authenticator (com.webauthn4j.authenticator.Authenticator)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 Nullable (org.checkerframework.checker.nullness.qual.Nullable)3 WebAuthnUserData (com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData)2 WebAuthnManager (com.webauthn4j.WebAuthnManager)2 DCAppleDevice (com.webauthn4j.appattest.authenticator.DCAppleDevice)2 DCServerProperty (com.webauthn4j.appattest.server.DCServerProperty)2 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)2 AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 ObjectInputStream (java.io.ObjectInputStream)2