Search in sources :

Example 1 with CborConverter

use of com.webauthn4j.converter.util.CborConverter in project OpenUnison by TremoloSecurity.

the class WebAuthnRegistration method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    if (request.getMethod().equalsIgnoreCase("GET")) {
        if (request.getRequestURI().endsWith("/credentialCreateOptions")) {
            ObjectConverter oc = new ObjectConverter();
            String rpId = getRpId(request.getServletRequest());
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            WebAuthnUserData webAuthnUserData = WebAuthnUtils.lookupWebAuthnUserData(userData, challengeStoreAttribute, encryptionKeyName);
            if (webAuthnUserData == null) {
                // no data yet, let's create
                webAuthnUserData = new WebAuthnUserData(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
                WebAuthnUtils.storeWebAuthnUserData(webAuthnUserData, this.encryptionKeyName, userData, this.workflowName, this.uidAttributeName, this.challengeStoreAttribute);
            }
            Challenge challenge = new DefaultChallenge();
            CborConverter cbor = oc.getCborConverter();
            String b64UrlChallenge = Base64UrlUtil.encodeToString(challenge.getValue());
            AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(authenticatorAttachment, requireResisentKey, userVerificationRequirement);
            PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
            String b64UrlId = Base64.getUrlEncoder().encodeToString(webAuthnUserData.getId());
            ServerProperty serverProperty = new ServerProperty(new Origin(request.getRequestURL().toString()), rpId, challenge, webAuthnUserData.getId());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            ObjectOutputStream out = null;
            byte[] yourBytes = null;
            try {
                out = new ObjectOutputStream(bos);
                out.writeObject(serverProperty);
                out.flush();
                yourBytes = bos.toByteArray();
            } finally {
                try {
                    bos.close();
                } catch (IOException ex) {
                // ignore close exception
                }
            }
            request.getSession().setAttribute("tremolo.io/webauthn/serverProperty", serverProperty);
            PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(webAuthnUserData.getId(), webAuthnUserData.getDisplayName(), webAuthnUserData.getDisplayName());
            AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
            PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, rpId), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions);
            ObjectMapper mapper = new ObjectMapper();
            // mapper.writeValueAsString(credentialCreationOptions);
            String publecCredentialCreationOptionsJson = oc.getJsonConverter().writeValueAsString(credentialCreationOptions);
            JSONObject root = (JSONObject) new JSONParser().parse(publecCredentialCreationOptionsJson);
            root.put("challenge", b64UrlChallenge);
            ((JSONObject) root.get("user")).put("id", b64UrlId);
            JSONObject publicKeyRoot = new JSONObject();
            publicKeyRoot.put("publicKey", root);
            publicKeyRoot.put("serverProperty", Base64.getUrlEncoder().encodeToString(yourBytes));
            response.getWriter().println(publicKeyRoot.toString());
        } else {
            StringBuilder createCredentialURL = new StringBuilder(request.getRequestURL().toString());
            createCredentialURL.append("/credentialCreateOptions");
            request.setAttribute("tremolo.io/webauthn/challengeurl", createCredentialURL.toString());
            createCredentialURL = new StringBuilder(request.getRequestURL().toString());
            createCredentialURL.append("/finishregistration");
            request.setAttribute("tremolo.io/webauthn/finishregistration", createCredentialURL.toString());
            request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
        }
    } else if (request.getMethod().equalsIgnoreCase("POST")) {
        try {
            storeCredential(request);
        } catch (WebAuthnException e) {
            JSONObject resp = new JSONObject();
            resp.put("error", e.getMessage());
            response.sendError(500);
            response.getWriter().println(resp.toString());
        } catch (Throwable t) {
            JSONObject resp = new JSONObject();
            logger.error("Could not store credential", t);
            resp.put("error", "There was an error, please contanct your system administrator");
            response.sendError(500);
            response.getWriter().println(resp.toString());
        }
    }
}
Also used : Origin(com.webauthn4j.data.client.Origin) PublicKeyCredentialCreationOptions(com.webauthn4j.data.PublicKeyCredentialCreationOptions) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) ObjectOutputStream(java.io.ObjectOutputStream) PublicKeyCredentialUserEntity(com.webauthn4j.data.PublicKeyCredentialUserEntity) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) CborConverter(com.webauthn4j.converter.util.CborConverter) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ServerProperty(com.webauthn4j.server.ServerProperty) PublicKeyCredentialRpEntity(com.webauthn4j.data.PublicKeyCredentialRpEntity) WebAuthnUserData(com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) JSONObject(org.json.simple.JSONObject) PublicKeyCredentialParameters(com.webauthn4j.data.PublicKeyCredentialParameters) AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs) RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput) AuthenticatorSelectionCriteria(com.webauthn4j.data.AuthenticatorSelectionCriteria) JSONParser(org.json.simple.parser.JSONParser)

Example 2 with CborConverter

use of com.webauthn4j.converter.util.CborConverter in project webauthn4j by webauthn4j.

the class X509CertificateDeserializerTest method deserialize_empty_byte_array_test.

@Test
void deserialize_empty_byte_array_test() {
    ObjectConverter objectConverter = new ObjectConverter();
    CborConverter cborConverter = objectConverter.getCborConverter();
    Map<String, byte[]> source = new HashMap<>();
    source.put("certificate", new byte[0]);
    byte[] input = cborConverter.writeValueAsBytes(source);
    X509CertificateDeserializerTestData result = cborConverter.readValue(input, X509CertificateDeserializerTestData.class);
    assertThat(result.getCertificate()).isNull();
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) HashMap(java.util.HashMap) CborConverter(com.webauthn4j.converter.util.CborConverter) Test(org.junit.jupiter.api.Test)

Example 3 with CborConverter

use of com.webauthn4j.converter.util.CborConverter in project webauthn4j by webauthn4j.

the class AuthenticatorTest method serialization_deserialization_test.

@Test
void serialization_deserialization_test() {
    ObjectConverter objectConverter = new ObjectConverter();
    CborConverter cborConverter = objectConverter.getCborConverter();
    TestAuthenticator original = new TestAuthenticator(TestDataUtil.createAttestedCredentialData(), TestAttestationStatementUtil.createFIDOU2FAttestationStatement(), 0, Collections.emptySet(), null, null);
    byte[] serialized = cborConverter.writeValueAsBytes(original);
    TestAuthenticator deserialized = cborConverter.readValue(serialized, TestAuthenticator.class);
    assertThat(deserialized).isEqualTo(original);
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) CborConverter(com.webauthn4j.converter.util.CborConverter) Test(org.junit.jupiter.api.Test)

Example 4 with CborConverter

use of com.webauthn4j.converter.util.CborConverter in project webauthn4j by webauthn4j.

the class AttestationObjectDeserializerTest method test.

@SuppressWarnings("ConstantConditions")
@Test
void test() {
    ObjectConverter objectConverter = new ObjectConverter();
    CborConverter cborConverter = objectConverter.getCborConverter();
    // Given
    // noinspection SpellCheckingInspection
    String input = "v2hhdXRoRGF0YVi6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBAAAAAQAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv2ExYTJhMvZhMyZhNPZhNfZiLTEBYi0yWCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGItM1ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhMQL_Z2F0dFN0bXS_Y3g1Y4FZAsswggLHMIIBr6ADAgECAhAg92PAQYOxBTfb6FBqIlDyMA0GCSqGSIb3DQEBCwUAMEoxEjAQBgNVBAoMCVNoYXJwTGFiLjE0MDIGA1UEAwwrc3ByaW5nLXNlY3VyaXR5LXdlYmF1dGhuIDJ0aWVyIHRlc3Qgcm9vdCBDQTAgFw0xODA1MjAwNzA5NTVaGA8yMTE4MDQyNjA3MDk1NVowfTELMAkGA1UEBhMCSlAxEjAQBgNVBAoMCVNoYXJwTGFiLjEgMB4GA1UECwwXQXR0ZXN0YXRpb24gQ2VydGlmaWNhdGUxODA2BgNVBAMML3dlYmF1dGhuNGogdGVzdCAydGllciBhdXRoZW50aWNhdG9yIGF0dGVzdGF0aW9uMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYOdbrImOAgjZN3Xb8unfHHhJDINdIykolt-ypGxcrop4KwbujX2zvoRGZvdoQ9mu-rwjAZt4H3SMsSxPvB8z8KM_MD0wDAYDVR0TAQH_BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFNDrzrNaaa7sdMR9uzsvO8OohdjhMA0GCSqGSIb3DQEBCwUAA4IBAQCtHcryqNSHDyszLtIByc5AzPam37vl0AVchb0qOxLFbmdUu4Nhzk-87YdA_VZuvVLInsIGaCwkP3rdqGAFY1HllglMnmWIoG2sKjmT3vpJydlDODaha9F_fVG7cq2i5Zx2KMTeUtuTkNdZDjocUUHXYVShgNnggoUWkVeLBG1ckzK1tAkbUwyChWMv4PDmIUBNv6DwkYI9oBSCSAJHpUzyxzMvCRbAFAICwPl3g-SQEUeiNlnzJuGXHnHxu-DB6JD2b0hPeYD6XxWPuI0Pq1G_6hGQmsNv3SF2ye2y_HOKnw3L-fzRHl5ksOdVZbpy9xXzTdIBUpvTmFuwcBo4HwRMY3NpZ1ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_Y2ZtdGhmaWRvLXUyZv8";
    // When
    AttestationObject result = cborConverter.readValue(Base64UrlUtil.decode(input), AttestationObject.class);
    // Then
    assertAll(() -> assertThat(result).isNotNull(), () -> assertThat(result.getAuthenticatorData()).isNotNull(), () -> assertThat(result.getFormat()).isEqualTo("fido-u2f"), () -> assertThat(result.getAttestationStatement()).isNotNull(), () -> assertThat(result.getAttestationStatement()).isInstanceOf(FIDOU2FAttestationStatement.class));
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement) CborConverter(com.webauthn4j.converter.util.CborConverter) Test(org.junit.jupiter.api.Test)

Example 5 with CborConverter

use of com.webauthn4j.converter.util.CborConverter in project webauthn4j by webauthn4j.

the class X509CertificateDeserializerTest method deserialize_test.

@Test
void deserialize_test() throws CertificateEncodingException {
    ObjectConverter objectConverter = new ObjectConverter();
    CborConverter cborConverter = objectConverter.getCborConverter();
    Map<String, byte[]> source = new HashMap<>();
    source.put("certificate", TestAttestationUtil.load2tierTestAuthenticatorAttestationCertificate().getEncoded());
    byte[] input = cborConverter.writeValueAsBytes(source);
    X509CertificateDeserializerTestData result = cborConverter.readValue(input, X509CertificateDeserializerTestData.class);
    assertThat(result.getCertificate()).isInstanceOf(X509Certificate.class);
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) HashMap(java.util.HashMap) CborConverter(com.webauthn4j.converter.util.CborConverter) Test(org.junit.jupiter.api.Test)

Aggregations

CborConverter (com.webauthn4j.converter.util.CborConverter)5 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)5 Test (org.junit.jupiter.api.Test)4 HashMap (java.util.HashMap)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 WebAuthnUserData (com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData)1 AuthenticatorSelectionCriteria (com.webauthn4j.data.AuthenticatorSelectionCriteria)1 PublicKeyCredentialCreationOptions (com.webauthn4j.data.PublicKeyCredentialCreationOptions)1 PublicKeyCredentialParameters (com.webauthn4j.data.PublicKeyCredentialParameters)1 PublicKeyCredentialRpEntity (com.webauthn4j.data.PublicKeyCredentialRpEntity)1 PublicKeyCredentialUserEntity (com.webauthn4j.data.PublicKeyCredentialUserEntity)1 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)1 FIDOU2FAttestationStatement (com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)1 Origin (com.webauthn4j.data.client.Origin)1 Challenge (com.webauthn4j.data.client.challenge.Challenge)1 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1 AuthenticationExtensionsClientInputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs)1 RegistrationExtensionClientInput (com.webauthn4j.data.extension.client.RegistrationExtensionClientInput)1