Examples with COSEKey com.webauthn4j.data.attestation.authenticator.COSEKey used on opensource projects

Example 1 with COSEKey

use of com.webauthn4j.data.attestation.authenticator.COSEKey in project keycloak by keycloak.

the class WebAuthnCredentialModelInput method toString.

public String toString() {
    StringBuilder sb = new StringBuilder("Credential Type = " + credentialType + ",");
    if (credentialDBId != null)
        sb.append("Credential DB Id = ").append(credentialDBId).append(",");
    if (attestationStatement != null) {
        sb.append("Attestation Statement Format = ").append(attestationStatement.getFormat()).append(",");
    } else if (attestationStatementFormat != null) {
        sb.append("Attestation Statement Format = ").append(attestationStatementFormat).append(",");
    }
    if (attestedCredentialData != null) {
        sb.append("AAGUID = ").append(attestedCredentialData.getAaguid().toString()).append(",");
        sb.append("CREDENTIAL_ID = ").append(Base64.encodeBytes(attestedCredentialData.getCredentialId())).append(",");
        COSEKey credPubKey = attestedCredentialData.getCOSEKey();
        byte[] keyId = credPubKey.getKeyId();
        if (keyId != null)
            sb.append("CREDENTIAL_PUBLIC_KEY.key_id = ").append(Base64.encodeBytes(keyId)).append(",");
        sb.append("CREDENTIAL_PUBLIC_KEY.algorithm = ").append(String.valueOf(credPubKey.getAlgorithm().getValue())).append(",");
        sb.append("CREDENTIAL_PUBLIC_KEY.key_type = ").append(credPubKey.getKeyType().name()).append(",");
    }
    if (authenticationRequest != null) {
        // only set on Authentication
        sb.append("Credential Id = ").append(Base64.encodeBytes(authenticationRequest.getCredentialId())).append(",");
    }
    if (CollectionUtil.isNotEmpty(getTransports())) {
        final String transportsString = getTransports().stream().map(AuthenticatorTransport::getValue).collect(Collectors.joining(","));
        sb.append("Transports = [").append(transportsString).append("],");
    }
    if (sb.length() > 0)
        sb.deleteCharAt(sb.lastIndexOf(","));
    return sb.toString();
}

Example 2 with COSEKey

use of com.webauthn4j.data.attestation.authenticator.COSEKey in project keycloak by keycloak.

the class WebAuthnOtherSettingsTest method defaultValues.

@Test
public void defaultValues() {
    registerDefaultUser("webauthn");
    WaitUtils.waitForPageToLoad();
    appPage.assertCurrent();
    final String userId = Optional.ofNullable(userResource().toRepresentation()).map(UserRepresentation::getId).orElse(null);
    assertThat(userId, notNullValue());
    events.expectRequiredAction(EventType.CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, isPasswordless() ? WebAuthnPasswordlessRegisterFactory.PROVIDER_ID : WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, "webauthn").detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, ALL_ZERO_AAGUID).assertEvent();
    final String credentialType = getCredentialType();
    // Soft token in Firefox does not increment counter
    long credentialCount = isDriverFirefox(driver) ? 0 : 1L;
    getTestingClient().server(TEST_REALM_NAME).run(session -> {
        final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
        assertThat(dataWrapper, notNullValue());
        final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
        assertThat(data, notNullValue());
        assertThat(data.getCredentialId(), notNullValue());
        assertThat(data.getAaguid(), is(ALL_ZERO_AAGUID));
        assertThat(data.getAttestationStatement(), nullValue());
        assertThat(data.getCredentialPublicKey(), notNullValue());
        assertThat(data.getCounter(), is(credentialCount));
        assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
        final COSEKey pubKey = dataWrapper.getKey();
        assertThat(pubKey, notNullValue());
        assertThat(pubKey.getAlgorithm(), notNullValue());
        assertThat(pubKey.getAlgorithm().getValue(), is(COSEAlgorithmIdentifier.ES256.getValue()));
        assertThat(pubKey.getKeyType(), is(COSEKeyType.EC2));
        assertThat(pubKey.hasPublicKey(), is(true));
    });
}

Example 3 with COSEKey

use of com.webauthn4j.data.attestation.authenticator.COSEKey in project keycloak by keycloak.

the class WebAuthnCredentialProvider method getCredentialInputFromCredentialModel.

/**
 * Convert WebAuthnCredentialModel, which was usually retrieved from DB, to the CredentialInput, which contains data in the webauthn4j specific format
 */
private WebAuthnCredentialModelInput getCredentialInputFromCredentialModel(CredentialModel credential) {
    WebAuthnCredentialModel webAuthnCredential = getCredentialFromModel(credential);
    WebAuthnCredentialData credData = webAuthnCredential.getWebAuthnCredentialData();
    WebAuthnCredentialModelInput auth = new WebAuthnCredentialModelInput(getType());
    byte[] credentialId = null;
    try {
        credentialId = Base64.decode(credData.getCredentialId());
    } catch (IOException ioe) {
    // NOP
    }
    AAGUID aaguid = new AAGUID(credData.getAaguid());
    COSEKey pubKey = credentialPublicKeyConverter.convertToEntityAttribute(credData.getCredentialPublicKey());
    AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
    auth.setAttestedCredentialData(attrCredData);
    long count = credData.getCounter();
    auth.setCount(count);
    auth.setCredentialDBId(credential.getId());
    auth.setAttestationStatementFormat(credData.getAttestationStatementFormat());
    return auth;
}

Example 4 with COSEKey

use of com.webauthn4j.data.attestation.authenticator.COSEKey in project keycloak by keycloak.

the class PubKeySignRegisterTest method assertPublicKeyAlgorithms.

private void assertPublicKeyAlgorithms(boolean shouldSuccess, COSEAlgorithmIdentifier selectedAlgorithm, List<String> algorithms) {
    assertThat(algorithms, notNullValue());
    try (Closeable u = getWebAuthnRealmUpdater().setWebAuthnPolicySignatureAlgorithms(algorithms).update()) {
        if (!algorithms.isEmpty()) {
            WebAuthnRealmData realmData = new WebAuthnRealmData(testRealm().toRepresentation(), isPasswordless());
            assertThat(realmData.getSignatureAlgorithms(), is(algorithms));
        }
        registerDefaultUser(shouldSuccess);
        assertThat(webAuthnErrorPage.isCurrent(), is(!shouldSuccess));
        if (!shouldSuccess) {
            final String expectedMessage = getExpectedMessageByDriver("NotSupportedError: Operation is not supported", "The operation either timed out or was not allowed");
            assertThat(webAuthnErrorPage.getError(), containsString(expectedMessage));
            return;
        }
        final String credentialType = getCredentialType();
        getTestingClient().server(TEST_REALM_NAME).run(session -> {
            final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
            assertThat(dataWrapper, notNullValue());
            final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
            assertThat(data, notNullValue());
            final COSEKey pubKey = dataWrapper.getKey();
            assertThat(pubKey, notNullValue());
            assertThat(pubKey.getAlgorithm(), notNullValue());
            assertThat(pubKey.getAlgorithm().getValue(), is(selectedAlgorithm.getValue()));
            assertThat(pubKey.hasPublicKey(), is(true));
        });
    } catch (IOException e) {
        throw new RuntimeException(e.getCause());
    }
}