Search in sources :

Example 1 with RegistrationParameters

use of com.webauthn4j.data.RegistrationParameters in project keycloak by keycloak.

the class WebAuthnRegister method processAction.

@Override
public void processAction(RequiredActionContext context) {
    MultivaluedMap<String, String> params = context.getHttpRequest().getDecodedFormParameters();
    String isSetRetry = params.getFirst(WebAuthnConstants.IS_SET_RETRY);
    if (isSetRetry != null && !isSetRetry.isEmpty()) {
        requiredActionChallenge(context);
        return;
    }
    context.getEvent().detail(Details.CREDENTIAL_TYPE, getCredentialType());
    // receive error from navigator.credentials.create()
    String errorMsgFromWebAuthnApi = params.getFirst(WebAuthnConstants.ERROR);
    if (errorMsgFromWebAuthnApi != null && !errorMsgFromWebAuthnApi.isEmpty()) {
        setErrorResponse(context, WEBAUTHN_ERROR_REGISTER_VERIFICATION, errorMsgFromWebAuthnApi);
        return;
    }
    WebAuthnPolicy policy = getWebAuthnPolicy(context);
    String rpId = policy.getRpId();
    if (rpId == null || rpId.isEmpty())
        rpId = context.getUriInfo().getBaseUri().getHost();
    String label = params.getFirst(WebAuthnConstants.AUTHENTICATOR_LABEL);
    byte[] clientDataJSON = Base64.getUrlDecoder().decode(params.getFirst(WebAuthnConstants.CLIENT_DATA_JSON));
    byte[] attestationObject = Base64.getUrlDecoder().decode(params.getFirst(WebAuthnConstants.ATTESTATION_OBJECT));
    String publicKeyCredentialId = params.getFirst(WebAuthnConstants.PUBLIC_KEY_CREDENTIAL_ID);
    Origin origin = new Origin(UriUtils.getOrigin(context.getUriInfo().getBaseUri()));
    Challenge challenge = new DefaultChallenge(context.getAuthenticationSession().getAuthNote(WebAuthnConstants.AUTH_CHALLENGE_NOTE));
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    // check User Verification by considering a malicious user might modify the result of calling WebAuthn API
    boolean isUserVerificationRequired = policy.getUserVerificationRequirement().equals(WebAuthnConstants.OPTION_REQUIRED);
    final String transportsParam = params.getFirst(WebAuthnConstants.TRANSPORTS);
    RegistrationRequest registrationRequest;
    if (StringUtil.isNotBlank(transportsParam)) {
        final Set<String> transports = new HashSet<>(Arrays.asList(transportsParam.split(",")));
        registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON, transports);
    } else {
        registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON);
    }
    RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, isUserVerificationRequired);
    WebAuthnRegistrationManager webAuthnRegistrationManager = createWebAuthnRegistrationManager();
    try {
        // parse
        RegistrationData registrationData = webAuthnRegistrationManager.parse(registrationRequest);
        // validate
        webAuthnRegistrationManager.validate(registrationData, registrationParameters);
        showInfoAfterWebAuthnApiCreate(registrationData);
        checkAcceptedAuthenticator(registrationData, policy);
        WebAuthnCredentialModelInput credential = new WebAuthnCredentialModelInput(getCredentialType());
        credential.setAttestedCredentialData(registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData());
        credential.setCount(registrationData.getAttestationObject().getAuthenticatorData().getSignCount());
        credential.setAttestationStatementFormat(registrationData.getAttestationObject().getFormat());
        credential.setTransports(registrationData.getTransports());
        // Save new webAuthn credential
        WebAuthnCredentialProvider webAuthnCredProvider = (WebAuthnCredentialProvider) this.session.getProvider(CredentialProvider.class, getCredentialProviderId());
        WebAuthnCredentialModel newCredentialModel = webAuthnCredProvider.getCredentialModelFromCredentialInput(credential, label);
        webAuthnCredProvider.createCredential(context.getRealm(), context.getUser(), newCredentialModel);
        String aaguid = newCredentialModel.getWebAuthnCredentialData().getAaguid();
        logger.debugv("WebAuthn credential registration success for user {0}. credentialType = {1}, publicKeyCredentialId = {2}, publicKeyCredentialLabel = {3}, publicKeyCredentialAAGUID = {4}", context.getUser().getUsername(), getCredentialType(), publicKeyCredentialId, label, aaguid);
        webAuthnCredProvider.dumpCredentialModel(newCredentialModel, credential);
        context.getEvent().detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, publicKeyCredentialId).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, label).detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, aaguid);
        context.success();
    } catch (WebAuthnException wae) {
        if (logger.isDebugEnabled())
            logger.debug(wae.getMessage(), wae);
        setErrorResponse(context, WEBAUTHN_ERROR_REGISTRATION, wae.getMessage());
        return;
    } catch (Exception e) {
        if (logger.isDebugEnabled())
            logger.debug(e.getMessage(), e);
        setErrorResponse(context, WEBAUTHN_ERROR_REGISTRATION, e.getMessage());
        return;
    }
}
Also used : Origin(com.webauthn4j.data.client.Origin) RegistrationData(com.webauthn4j.data.RegistrationData) ServerProperty(com.webauthn4j.server.ServerProperty) WebAuthnCredentialModelInput(org.keycloak.credential.WebAuthnCredentialModelInput) WebAuthnCredentialProvider(org.keycloak.credential.WebAuthnCredentialProvider) RegistrationRequest(com.webauthn4j.data.RegistrationRequest) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) WebAuthnPolicy(org.keycloak.models.WebAuthnPolicy) WebAuthnRegistrationManager(com.webauthn4j.WebAuthnRegistrationManager) WebAuthnCredentialProvider(org.keycloak.credential.WebAuthnCredentialProvider) CredentialProvider(org.keycloak.credential.CredentialProvider) RegistrationParameters(com.webauthn4j.data.RegistrationParameters) HashSet(java.util.HashSet)

Aggregations

WebAuthnRegistrationManager (com.webauthn4j.WebAuthnRegistrationManager)1 RegistrationData (com.webauthn4j.data.RegistrationData)1 RegistrationParameters (com.webauthn4j.data.RegistrationParameters)1 RegistrationRequest (com.webauthn4j.data.RegistrationRequest)1 Origin (com.webauthn4j.data.client.Origin)1 Challenge (com.webauthn4j.data.client.challenge.Challenge)1 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1 ServerProperty (com.webauthn4j.server.ServerProperty)1 WebAuthnException (com.webauthn4j.util.exception.WebAuthnException)1 HashSet (java.util.HashSet)1 CredentialProvider (org.keycloak.credential.CredentialProvider)1 WebAuthnCredentialModelInput (org.keycloak.credential.WebAuthnCredentialModelInput)1 WebAuthnCredentialProvider (org.keycloak.credential.WebAuthnCredentialProvider)1 WebAuthnPolicy (org.keycloak.models.WebAuthnPolicy)1 WebAuthnCredentialModel (org.keycloak.models.credential.WebAuthnCredentialModel)1