Search in sources :

Example 1 with ObjectConverter

use of com.webauthn4j.converter.util.ObjectConverter in project OpenUnison by TremoloSecurity.

the class WebAuthnRegistration method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    if (request.getMethod().equalsIgnoreCase("GET")) {
        if (request.getRequestURI().endsWith("/credentialCreateOptions")) {
            ObjectConverter oc = new ObjectConverter();
            String rpId = getRpId(request.getServletRequest());
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            WebAuthnUserData webAuthnUserData = WebAuthnUtils.lookupWebAuthnUserData(userData, challengeStoreAttribute, encryptionKeyName);
            if (webAuthnUserData == null) {
                // no data yet, let's create
                webAuthnUserData = new WebAuthnUserData(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
                WebAuthnUtils.storeWebAuthnUserData(webAuthnUserData, this.encryptionKeyName, userData, this.workflowName, this.uidAttributeName, this.challengeStoreAttribute);
            }
            Challenge challenge = new DefaultChallenge();
            CborConverter cbor = oc.getCborConverter();
            String b64UrlChallenge = Base64UrlUtil.encodeToString(challenge.getValue());
            AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(authenticatorAttachment, requireResisentKey, userVerificationRequirement);
            PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
            String b64UrlId = Base64.getUrlEncoder().encodeToString(webAuthnUserData.getId());
            ServerProperty serverProperty = new ServerProperty(new Origin(request.getRequestURL().toString()), rpId, challenge, webAuthnUserData.getId());
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            ObjectOutputStream out = null;
            byte[] yourBytes = null;
            try {
                out = new ObjectOutputStream(bos);
                out.writeObject(serverProperty);
                out.flush();
                yourBytes = bos.toByteArray();
            } finally {
                try {
                    bos.close();
                } catch (IOException ex) {
                // ignore close exception
                }
            }
            request.getSession().setAttribute("tremolo.io/webauthn/serverProperty", serverProperty);
            PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(webAuthnUserData.getId(), webAuthnUserData.getDisplayName(), webAuthnUserData.getDisplayName());
            AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
            PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, rpId), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions);
            ObjectMapper mapper = new ObjectMapper();
            // mapper.writeValueAsString(credentialCreationOptions);
            String publecCredentialCreationOptionsJson = oc.getJsonConverter().writeValueAsString(credentialCreationOptions);
            JSONObject root = (JSONObject) new JSONParser().parse(publecCredentialCreationOptionsJson);
            root.put("challenge", b64UrlChallenge);
            ((JSONObject) root.get("user")).put("id", b64UrlId);
            JSONObject publicKeyRoot = new JSONObject();
            publicKeyRoot.put("publicKey", root);
            publicKeyRoot.put("serverProperty", Base64.getUrlEncoder().encodeToString(yourBytes));
            response.getWriter().println(publicKeyRoot.toString());
        } else {
            StringBuilder createCredentialURL = new StringBuilder(request.getRequestURL().toString());
            createCredentialURL.append("/credentialCreateOptions");
            request.setAttribute("tremolo.io/webauthn/challengeurl", createCredentialURL.toString());
            createCredentialURL = new StringBuilder(request.getRequestURL().toString());
            createCredentialURL.append("/finishregistration");
            request.setAttribute("tremolo.io/webauthn/finishregistration", createCredentialURL.toString());
            request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
        }
    } else if (request.getMethod().equalsIgnoreCase("POST")) {
        try {
            storeCredential(request);
        } catch (WebAuthnException e) {
            JSONObject resp = new JSONObject();
            resp.put("error", e.getMessage());
            response.sendError(500);
            response.getWriter().println(resp.toString());
        } catch (Throwable t) {
            JSONObject resp = new JSONObject();
            logger.error("Could not store credential", t);
            resp.put("error", "There was an error, please contanct your system administrator");
            response.sendError(500);
            response.getWriter().println(resp.toString());
        }
    }
}
Also used : Origin(com.webauthn4j.data.client.Origin) PublicKeyCredentialCreationOptions(com.webauthn4j.data.PublicKeyCredentialCreationOptions) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) ObjectOutputStream(java.io.ObjectOutputStream) PublicKeyCredentialUserEntity(com.webauthn4j.data.PublicKeyCredentialUserEntity) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) CborConverter(com.webauthn4j.converter.util.CborConverter) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ServerProperty(com.webauthn4j.server.ServerProperty) PublicKeyCredentialRpEntity(com.webauthn4j.data.PublicKeyCredentialRpEntity) WebAuthnUserData(com.tremolosecurity.proxy.auth.webauthn.WebAuthnUserData) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) JSONObject(org.json.simple.JSONObject) PublicKeyCredentialParameters(com.webauthn4j.data.PublicKeyCredentialParameters) AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs) RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput) AuthenticatorSelectionCriteria(com.webauthn4j.data.AuthenticatorSelectionCriteria) JSONParser(org.json.simple.parser.JSONParser)

Example 2 with ObjectConverter

use of com.webauthn4j.converter.util.ObjectConverter in project webauthn4j by webauthn4j.

the class SignatureAlgorithmTest method override_serialized_value_by_adding_custom_serializer_test.

@Test
void override_serialized_value_by_adding_custom_serializer_test() {
    ObjectMapper jsonMapper = new ObjectMapper();
    SimpleModule simpleModule = new SimpleModule();
    simpleModule.addSerializer(new CustomSignatureAlgorithmSerializer());
    jsonMapper.registerModule(simpleModule);
    ObjectMapper cborMapper = new ObjectMapper(new CBORFactory());
    ObjectConverter objectConverter = new ObjectConverter(jsonMapper, cborMapper);
    String string = objectConverter.getJsonConverter().writeValueAsString(new TestDto(SignatureAlgorithm.ES256));
    assertThat(string).isEqualTo("{\"alg\":-7}");
}
Also used : CBORFactory(com.fasterxml.jackson.dataformat.cbor.CBORFactory) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SimpleModule(com.fasterxml.jackson.databind.module.SimpleModule) Test(org.junit.jupiter.api.Test)

Example 3 with ObjectConverter

use of com.webauthn4j.converter.util.ObjectConverter in project webauthn4j by webauthn4j.

the class CachingMetadataBLOBProviderTest method createMetadataBLOB.

private MetadataBLOB createMetadataBLOB(LocalDate nextUpdate) {
    JWSFactory factory = new JWSFactory(new ObjectConverter());
    JWSHeader header = new JWSHeader(JWAIdentifier.ES256, null);
    MetadataBLOBPayload payload = new MetadataBLOBPayload("", 0, nextUpdate, Collections.emptyList());
    JWS<MetadataBLOBPayload> jws = factory.create(header, payload, new byte[32]);
    return new MetadataBLOB(jws);
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) MetadataBLOB(com.webauthn4j.metadata.data.MetadataBLOB) JWSFactory(com.webauthn4j.data.jws.JWSFactory) JWSHeader(com.webauthn4j.data.jws.JWSHeader) MetadataBLOBPayload(com.webauthn4j.metadata.data.MetadataBLOBPayload)

Example 4 with ObjectConverter

use of com.webauthn4j.converter.util.ObjectConverter in project webauthn4j by webauthn4j.

the class FidoMDS3MetadataBLOBProviderTest method test.

@Test
void test() {
    X509Certificate rootCertificate = CertificateUtil.generateX509Certificate(Base64Util.decode("MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G" + "A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp" + "Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4" + "MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG" + "A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI" + "hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8" + "RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT" + "gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm" + "KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd" + "QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ" + "XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw" + "DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o" + "LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU" + "RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp" + "jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK" + "6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX" + "mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs" + "Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH" + "WD9f"));
    FidoMDS3MetadataBLOBProvider target = new FidoMDS3MetadataBLOBProvider(new ObjectConverter(), rootCertificate);
    MetadataBLOB metadataBLOB = target.provide();
    assertThat(metadataBLOB).isNotNull();
}
Also used : ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) MetadataBLOB(com.webauthn4j.metadata.data.MetadataBLOB) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.jupiter.api.Test)

Example 5 with ObjectConverter

use of com.webauthn4j.converter.util.ObjectConverter in project webauthn4j by webauthn4j.

the class MetadataStatementsBasedTrustAnchorRepositoryTest method find_by_attestationCertificateKeyIdentifier_test.

@Test
public void find_by_attestationCertificateKeyIdentifier_test() {
    Path jsonFilePath = new File("src/test/resources/com/webauthn4j/metadata/JsonMetadataItem_u2f.json").toPath();
    MetadataStatementsBasedTrustAnchorRepository repository = new MetadataStatementsBasedTrustAnchorRepository(new ObjectConverter(), jsonFilePath);
    Set<TrustAnchor> trustAnchors = repository.find(HexUtil.decode("7c0903708b87115b0b422def3138c3c864e44573"));
    assertThat(trustAnchors).hasSize(1);
}
Also used : Path(java.nio.file.Path) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) TrustAnchor(java.security.cert.TrustAnchor) File(java.io.File) Test(org.junit.jupiter.api.Test)

Aggregations

ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)28 Test (org.junit.jupiter.api.Test)12 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)11 CBORFactory (com.fasterxml.jackson.dataformat.cbor.CBORFactory)10 DeviceCheckCBORModule (com.webauthn4j.appattest.converter.jackson.DeviceCheckCBORModule)5 CborConverter (com.webauthn4j.converter.util.CborConverter)5 File (java.io.File)5 Path (java.nio.file.Path)5 Test (org.junit.Test)5 AttestationObjectConverter (com.webauthn4j.converter.AttestationObjectConverter)3 MetadataBLOB (com.webauthn4j.metadata.data.MetadataBLOB)3 IOException (java.io.IOException)3 Resource (org.springframework.core.io.Resource)3 JsonConverter (com.webauthn4j.converter.util.JsonConverter)2 PublicKeyCredentialUserEntity (com.webauthn4j.data.PublicKeyCredentialUserEntity)2 LocalFileMetadataBLOBProvider (com.webauthn4j.metadata.LocalFileMetadataBLOBProvider)2 WebAuthnMetadataJSONModule (com.webauthn4j.metadata.converter.jackson.WebAuthnMetadataJSONModule)2 WebAuthn4JSpringSecurityJSONModule (com.webauthn4j.springframework.security.converter.jackson.WebAuthn4JSpringSecurityJSONModule)2 UncheckedIOException (java.io.UncheckedIOException)2 TrustAnchor (java.security.cert.TrustAnchor)2