Search in sources :

Example 16 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j by webauthn4j.

the class AuthenticatorDataConverter method convert.

/**
 * Converts from a byte array to {@link AuthenticatorData}.
 *
 * @param <T>    ExtensionAuthenticatorOutput
 * @param source the source byte array to convert
 * @return the converted object
 */
@NonNull
public <T extends ExtensionAuthenticatorOutput> AuthenticatorData<T> convert(@NonNull byte[] source) {
    try {
        ByteBuffer byteBuffer = ByteBuffer.wrap(source);
        byte[] rpIdHash = new byte[RPID_HASH_LENGTH];
        byteBuffer.get(rpIdHash, 0, RPID_HASH_LENGTH);
        byte flags = byteBuffer.get();
        long counter = UnsignedNumberUtil.getUnsignedInt(byteBuffer);
        AttestedCredentialData attestedCredentialData;
        AuthenticationExtensionsAuthenticatorOutputs<T> extensions;
        if (AuthenticatorData.checkFlagAT(flags)) {
            if (byteBuffer.hasRemaining()) {
                attestedCredentialData = attestedCredentialDataConverter.convert(byteBuffer);
            } else {
                // Apple App Attest API assertion has AT flag even though they don't have attestedCredentialData.
                attestedCredentialData = null;
            }
        } else {
            attestedCredentialData = null;
        }
        if (AuthenticatorData.checkFlagED(flags)) {
            extensions = convertToExtensions(byteBuffer);
        } else {
            extensions = new AuthenticationExtensionsAuthenticatorOutputs<>();
        }
        if (byteBuffer.hasRemaining()) {
            throw new DataConversionException("provided data does not have proper byte layout");
        }
        return new AuthenticatorData<>(rpIdHash, flags, counter, attestedCredentialData, extensions);
    } catch (IllegalArgumentException e) {
        throw new DataConversionException(e);
    } catch (BufferUnderflowException e) {
        throw new DataConversionException("provided data does not have proper byte layout", e);
    }
}
Also used : AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData) AuthenticatorData(com.webauthn4j.data.attestation.authenticator.AuthenticatorData) DataConversionException(com.webauthn4j.converter.exception.DataConversionException) ByteBuffer(java.nio.ByteBuffer) BufferUnderflowException(java.nio.BufferUnderflowException) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 17 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAssertionOptionsEndpointFilter method processRequest.

@Override
protected ServerResponse processRequest(HttpServletRequest request) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredentialGetOptionsRequest serverRequest = objectConverter.getJsonConverter().readValue(inputStream, ServerPublicKeyCredentialGetOptionsRequest.class);
        Challenge challenge = serverEndpointFilterUtil.encodeUserVerification(new DefaultChallenge(), serverRequest.getUserVerification());
        challengeRepository.saveChallenge(challenge, request);
        // TODO: UsernamePasswordAuthenticationToken should not be used here in this way
        AssertionOptions options = optionsProvider.getAssertionOptions(request, new UsernamePasswordAuthenticationToken(serverRequest.getUsername(), null, Collections.emptyList()));
        List<ServerPublicKeyCredentialDescriptor> credentials = options.getAllowCredentials().stream().map(credential -> new ServerPublicKeyCredentialDescriptor(credential.getType(), Base64UrlUtil.encodeToString(credential.getId()), credential.getTransports())).collect(Collectors.toList());
        AuthenticationExtensionsClientInputs<AuthenticationExtensionClientInput> authenticationExtensionsClientInputs;
        if (serverRequest.getExtensions() != null) {
            authenticationExtensionsClientInputs = serverRequest.getExtensions();
        } else {
            authenticationExtensionsClientInputs = options.getExtensions();
        }
        return new ServerPublicKeyCredentialGetOptionsResponse(Base64UrlUtil.encodeToString(options.getChallenge().getValue()), options.getTimeout(), options.getRpId(), credentials, serverRequest.getUserVerification(), authenticationExtensionsClientInputs);
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : AssertionOptionsProvider(com.webauthn4j.springframework.security.options.AssertionOptionsProvider) AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) IOException(java.io.IOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) AuthenticationExtensionClientInput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput) ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) Collectors(java.util.stream.Collectors) AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs) UncheckedIOException(java.io.UncheckedIOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) List(java.util.List) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Collections(java.util.Collections) Assert(org.springframework.util.Assert) InputStream(java.io.InputStream) InputStream(java.io.InputStream) AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) UncheckedIOException(java.io.UncheckedIOException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientInput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Example 18 with DataConversionException

use of com.webauthn4j.converter.exception.DataConversionException in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAssertionResultEndpointFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredential<ServerAuthenticatorAssertionResponse> credential = jsonConverter.readValue(inputStream, credentialTypeRef);
        serverPublicKeyCredentialValidator.validate(credential);
        ServerAuthenticatorAssertionResponse assertionResponse = credential.getResponse();
        ServerProperty serverProperty = serverPropertyProvider.provide(request);
        CollectedClientData collectedClientData = collectedClientDataConverter.convert(assertionResponse.getClientDataJSON());
        UserVerificationRequirement userVerificationRequirement = serverEndpointFilterUtil.decodeUserVerification(collectedClientData.getChallenge());
        WebAuthnAuthenticationRequest webAuthnAuthenticationRequest = new WebAuthnAuthenticationRequest(credential.getRawId() == null ? null : Base64UrlUtil.decode(credential.getRawId()), assertionResponse.getClientDataJSON() == null ? null : Base64UrlUtil.decode(assertionResponse.getClientDataJSON()), assertionResponse.getAuthenticatorData() == null ? null : Base64UrlUtil.decode(assertionResponse.getAuthenticatorData()), assertionResponse.getSignature() == null ? null : Base64UrlUtil.decode(assertionResponse.getSignature()), credential.getClientExtensionResults());
        WebAuthnAuthenticationParameters webAuthnAuthenticationParameters = new WebAuthnAuthenticationParameters(serverProperty, userVerificationRequirement == UserVerificationRequirement.REQUIRED, false);
        WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = new WebAuthnAssertionAuthenticationToken(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters, Collections.emptyList());
        setDetails(request, webAuthnAssertionAuthenticationToken);
        return this.getAuthenticationManager().authenticate(webAuthnAssertionAuthenticationToken);
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : WebAuthnAuthenticationRequest(com.webauthn4j.springframework.security.WebAuthnAuthenticationRequest) UserVerificationRequirement(com.webauthn4j.data.UserVerificationRequirement) ServerProperty(com.webauthn4j.server.ServerProperty) InputStream(java.io.InputStream) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) WebAuthnAssertionAuthenticationToken(com.webauthn4j.springframework.security.WebAuthnAssertionAuthenticationToken) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) WebAuthnAuthenticationParameters(com.webauthn4j.springframework.security.WebAuthnAuthenticationParameters) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Aggregations

DataConversionException (com.webauthn4j.converter.exception.DataConversionException)18 IOException (java.io.IOException)8 ValidationException (com.webauthn4j.validator.exception.ValidationException)6 UncheckedIOException (java.io.UncheckedIOException)6 ServerProperty (com.webauthn4j.server.ServerProperty)5 NonNull (org.checkerframework.checker.nullness.qual.NonNull)5 Challenge (com.webauthn4j.data.client.challenge.Challenge)4 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)4 InputStream (java.io.InputStream)4 Authenticator (com.webauthn4j.authenticator.Authenticator)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)3 Nullable (org.checkerframework.checker.nullness.qual.Nullable)3 WebAuthnUserData (com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData)2 WebAuthnManager (com.webauthn4j.WebAuthnManager)2 DCAppleDevice (com.webauthn4j.appattest.authenticator.DCAppleDevice)2 DCServerProperty (com.webauthn4j.appattest.server.DCServerProperty)2 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)2 AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 ObjectInputStream (java.io.ObjectInputStream)2