Examples with AttestationObject com.webauthn4j.data.attestation.AttestationObject used on opensource projects

Search in sources :

Example 16 with AttestationObject

use of com.webauthn4j.data.attestation.AttestationObject in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_test_with_bad_clientData_type.

@Test
void validate_assertion_test_with_bad_clientData_type() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    // bad clientData type
    CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_CREATE, challenge);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions, collectedClientData);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(InconsistentClientDataTypeException.class, () -> target.validate(authenticationData, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 17 with AttestationObject

use of com.webauthn4j.data.attestation.AttestationObject in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_bad_rpId_test.

@Test
void validate_bad_rpId_test() {
    String rpId = "example.com";
    String anotherSiteRpId = "another.site.example.net";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, anotherSiteRpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(BadRpIdException.class, () -> target.validate(authenticationData, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 18 with AttestationObject

use of com.webauthn4j.data.attestation.AttestationObject in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_bad_challenge_test.

@Test
void validate_assertion_with_bad_challenge_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    Challenge badChallenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(// bad challenge
    badChallenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(BadChallengeException.class, () -> target.validate(authenticationData, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 19 with AttestationObject

use of com.webauthn4j.data.attestation.AttestationObject in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_userVerificationDiscouraged_option_test.

@Test
void validate_assertion_with_userVerificationDiscouraged_option_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(UserNotVerifiedException.class, () -> target.validate(authenticationData, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 20 with AttestationObject

use of com.webauthn4j.data.attestation.AttestationObject in project webauthn4j by webauthn4j.

the class DeviceCheckAttestationManager method parse.

@SuppressWarnings("java:S1130")
@NonNull
public DCAttestationData parse(@NonNull DCAttestationRequest dcAttestationRequest) throws DataConversionException {
    AssertUtil.notNull(dcAttestationRequest, "dcAttestationRequest must not be null");
    byte[] keyId = dcAttestationRequest.getKeyId();
    byte[] attestationObjectBytes = dcAttestationRequest.getAttestationObject();
    byte[] clientDataHash = dcAttestationRequest.getClientDataHash();
    AttestationObject attestationObject = attestationObjectBytes == null ? null : attestationObjectConverter.convert(attestationObjectBytes);
    return new DCAttestationData(keyId, attestationObject, attestationObjectBytes, clientDataHash);
}
Also used : AttestationObject(com.webauthn4j.data.attestation.AttestationObject) DCAttestationData(com.webauthn4j.appattest.data.DCAttestationData) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Aggregations

AttestationObject (com.webauthn4j.data.attestation.AttestationObject)73 Test (org.junit.jupiter.api.Test)48 ServerProperty (com.webauthn4j.server.ServerProperty)26 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)24 CollectedClientData (com.webauthn4j.data.client.CollectedClientData)23 Challenge (com.webauthn4j.data.client.challenge.Challenge)20 RegistrationExtensionClientOutput (com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput)20 Authenticator (com.webauthn4j.authenticator.Authenticator)19 AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)19 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)14 FIDOU2FAuthenticator (com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticator)9 DCRegistrationObject (com.webauthn4j.appattest.validator.DCRegistrationObject)8 CoreRegistrationObject (com.webauthn4j.validator.CoreRegistrationObject)8 RegistrationObject (com.webauthn4j.validator.RegistrationObject)8 AuthenticatorTransport (com.webauthn4j.data.AuthenticatorTransport)7 RegistrationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)7 Instant (java.time.Instant)7 Test (org.junit.Test)5 DCServerProperty (com.webauthn4j.appattest.server.DCServerProperty)4 AttestationObjectConverter (com.webauthn4j.converter.AttestationObjectConverter)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial