use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class FidoServerAssertionResultEndpointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
InputStream inputStream;
try {
inputStream = request.getInputStream();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try {
ServerPublicKeyCredential<ServerAuthenticatorAssertionResponse> credential = jsonConverter.readValue(inputStream, credentialTypeRef);
serverPublicKeyCredentialValidator.validate(credential);
ServerAuthenticatorAssertionResponse assertionResponse = credential.getResponse();
ServerProperty serverProperty = serverPropertyProvider.provide(request);
CollectedClientData collectedClientData = collectedClientDataConverter.convert(assertionResponse.getClientDataJSON());
UserVerificationRequirement userVerificationRequirement = serverEndpointFilterUtil.decodeUserVerification(collectedClientData.getChallenge());
WebAuthnAuthenticationRequest webAuthnAuthenticationRequest = new WebAuthnAuthenticationRequest(credential.getRawId() == null ? null : Base64UrlUtil.decode(credential.getRawId()), assertionResponse.getClientDataJSON() == null ? null : Base64UrlUtil.decode(assertionResponse.getClientDataJSON()), assertionResponse.getAuthenticatorData() == null ? null : Base64UrlUtil.decode(assertionResponse.getAuthenticatorData()), assertionResponse.getSignature() == null ? null : Base64UrlUtil.decode(assertionResponse.getSignature()), credential.getClientExtensionResults());
WebAuthnAuthenticationParameters webAuthnAuthenticationParameters = new WebAuthnAuthenticationParameters(serverProperty, userVerificationRequirement == UserVerificationRequirement.REQUIRED, false);
WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = new WebAuthnAssertionAuthenticationToken(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters, Collections.emptyList());
setDetails(request, webAuthnAssertionAuthenticationToken);
return this.getAuthenticationManager().authenticate(webAuthnAssertionAuthenticationToken);
} catch (DataConversionException e) {
throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
}
}
Aggregations