use of com.webauthn4j.data.attestation.authenticator.AuthenticatorData in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorAdaptor method authenticate.
@Override
public CredentialRequestResponse authenticate(PublicKeyCredentialRequestOptions publicKeyCredentialRequestOptions, CollectedClientData collectedClientData, AuthenticationEmulationOption authenticationEmulationOption) {
byte[] collectedClientDataBytes = collectedClientDataConverter.convertToBytes(collectedClientData);
String rpId = publicKeyCredentialRequestOptions.getRpId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte control = 0x00;
byte[] challenge = MessageDigestUtil.createSHA256().digest(collectedClientDataBytes);
// noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
List<PublicKeyCredentialDescriptor> publicKeyCredentialDescriptors = publicKeyCredentialRequestOptions.getAllowCredentials();
PublicKeyCredentialDescriptor publicKeyCredentialDescriptor = publicKeyCredentialDescriptors.get(0);
// TODO: what to do if multiple publicKeyCredentialDescriptors are supplied
byte[] keyHandle = publicKeyCredentialDescriptor.getId();
AuthenticationRequest authenticationRequest = new AuthenticationRequest(control, challenge, applicationParameter, keyHandle);
AuthenticationResponse authenticationResponse = fidoU2FAuthenticator.authenticate(authenticationRequest, authenticationEmulationOption);
byte[] credentialId = publicKeyCredentialDescriptor.getId();
long counter = ByteBuffer.allocate(8).put(new byte[4]).put(authenticationResponse.getCounter()).getLong(0);
AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = new AuthenticatorData<>(rpIdHash, authenticationResponse.getUserPresence(), counter);
byte[] authenticatorDataBytes = authenticatorDataConverter.convert(authenticatorData);
byte[] signature = authenticationResponse.getSignature();
return new CredentialRequestResponse(credentialId, collectedClientDataBytes, authenticatorDataBytes, signature, null);
}
Aggregations