Search in sources :

Example 56 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAssertionResultEndpointFilter method attemptAuthentication.

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredential<ServerAuthenticatorAssertionResponse> credential = jsonConverter.readValue(inputStream, credentialTypeRef);
        serverPublicKeyCredentialValidator.validate(credential);
        ServerAuthenticatorAssertionResponse assertionResponse = credential.getResponse();
        ServerProperty serverProperty = serverPropertyProvider.provide(request);
        CollectedClientData collectedClientData = collectedClientDataConverter.convert(assertionResponse.getClientDataJSON());
        UserVerificationRequirement userVerificationRequirement = serverEndpointFilterUtil.decodeUserVerification(collectedClientData.getChallenge());
        WebAuthnAuthenticationRequest webAuthnAuthenticationRequest = new WebAuthnAuthenticationRequest(credential.getRawId() == null ? null : Base64UrlUtil.decode(credential.getRawId()), assertionResponse.getClientDataJSON() == null ? null : Base64UrlUtil.decode(assertionResponse.getClientDataJSON()), assertionResponse.getAuthenticatorData() == null ? null : Base64UrlUtil.decode(assertionResponse.getAuthenticatorData()), assertionResponse.getSignature() == null ? null : Base64UrlUtil.decode(assertionResponse.getSignature()), credential.getClientExtensionResults());
        WebAuthnAuthenticationParameters webAuthnAuthenticationParameters = new WebAuthnAuthenticationParameters(serverProperty, userVerificationRequirement == UserVerificationRequirement.REQUIRED, false);
        WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = new WebAuthnAssertionAuthenticationToken(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters, Collections.emptyList());
        setDetails(request, webAuthnAssertionAuthenticationToken);
        return this.getAuthenticationManager().authenticate(webAuthnAssertionAuthenticationToken);
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : WebAuthnAuthenticationRequest(com.webauthn4j.springframework.security.WebAuthnAuthenticationRequest) UserVerificationRequirement(com.webauthn4j.data.UserVerificationRequirement) ServerProperty(com.webauthn4j.server.ServerProperty) InputStream(java.io.InputStream) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) WebAuthnAssertionAuthenticationToken(com.webauthn4j.springframework.security.WebAuthnAssertionAuthenticationToken) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) WebAuthnAuthenticationParameters(com.webauthn4j.springframework.security.WebAuthnAuthenticationParameters) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Aggregations

CollectedClientData (com.webauthn4j.data.client.CollectedClientData)56 Test (org.junit.jupiter.api.Test)33 ServerProperty (com.webauthn4j.server.ServerProperty)30 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)23 RegistrationExtensionClientOutput (com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput)19 Origin (com.webauthn4j.data.client.Origin)17 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)16 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)14 AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)11 Challenge (com.webauthn4j.data.client.challenge.Challenge)10 AuthenticatorTransport (com.webauthn4j.data.AuthenticatorTransport)8 RegistrationObject (com.webauthn4j.validator.RegistrationObject)8 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8 DCRegistrationObject (com.webauthn4j.appattest.validator.DCRegistrationObject)7 Authenticator (com.webauthn4j.authenticator.Authenticator)7 CollectedClientDataConverter (com.webauthn4j.converter.CollectedClientDataConverter)7 AuthenticationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput)7 CoreRegistrationObject (com.webauthn4j.validator.CoreRegistrationObject)7 Test (org.junit.Test)5 RegistrationData (com.webauthn4j.data.RegistrationData)4