Search in sources :

Example 26 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnRegistrationRequestValidationResponseTest method getter_test.

@Test
public void getter_test() {
    CollectedClientData clientData = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_CREATE);
    AttestationObject attestationObject = TestDataUtil.createAttestationObjectWithFIDOU2FAttestationStatement();
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensions = new AuthenticationExtensionsClientOutputs<>();
    Set<AuthenticatorTransport> transports = new HashSet<>();
    WebAuthnRegistrationRequestValidationResponse instance = new WebAuthnRegistrationRequestValidationResponse(clientData, attestationObject, clientExtensions, transports);
    assertThat(instance.getCollectedClientData()).isEqualTo(clientData);
    assertThat(instance.getAttestationObject()).isEqualTo(attestationObject);
    assertThat(instance.getRegistrationExtensionsClientOutputs()).isEqualTo(clientExtensions);
    assertThat(instance.getTransports()).isEqualTo(transports);
}
Also used : CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) AuthenticationExtensionsClientOutputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs) RegistrationExtensionClientOutput(com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput) AuthenticatorTransport(com.webauthn4j.data.AuthenticatorTransport) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 27 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnRegistrationRequestValidatorTest method validate_test.

@Test
public void validate_test() {
    WebAuthnRegistrationRequestValidator target = new WebAuthnRegistrationRequestValidator(webAuthnManager, serverPropertyProvider);
    ServerProperty serverProperty = mock(ServerProperty.class);
    when(serverPropertyProvider.provide(any())).thenReturn(serverProperty);
    CollectedClientData collectedClientData = mock(CollectedClientData.class);
    AttestationObject attestationObject = mock(AttestationObject.class);
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensionOutputs = new AuthenticationExtensionsClientOutputs<>();
    when(webAuthnManager.validate(any(RegistrationRequest.class), any(RegistrationParameters.class))).thenReturn(new RegistrationData(attestationObject, null, collectedClientData, null, clientExtensionOutputs, null));
    MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
    mockHttpServletRequest.setScheme("https");
    mockHttpServletRequest.setServerName("example.com");
    mockHttpServletRequest.setServerPort(443);
    String clientDataBase64 = "clientDataBase64";
    String attestationObjectBase64 = "attestationObjectBase64";
    Set<String> transports = Collections.emptySet();
    String clientExtensionsJSON = "clientExtensionsJSON";
    target.validate(mockHttpServletRequest, clientDataBase64, attestationObjectBase64, transports, clientExtensionsJSON);
    ArgumentCaptor<RegistrationRequest> registrationRequestArgumentCaptor = ArgumentCaptor.forClass(RegistrationRequest.class);
    ArgumentCaptor<RegistrationParameters> registrationParametersArgumentCaptor = ArgumentCaptor.forClass(RegistrationParameters.class);
    verify(webAuthnManager).validate(registrationRequestArgumentCaptor.capture(), registrationParametersArgumentCaptor.capture());
    RegistrationRequest registrationRequest = registrationRequestArgumentCaptor.getValue();
    RegistrationParameters registrationParameters = registrationParametersArgumentCaptor.getValue();
    assertThat(registrationRequest.getClientDataJSON()).isEqualTo(Base64UrlUtil.decode(clientDataBase64));
    assertThat(registrationRequest.getAttestationObject()).isEqualTo(Base64UrlUtil.decode(attestationObjectBase64));
    assertThat(registrationRequest.getClientExtensionsJSON()).isEqualTo(clientExtensionsJSON);
    assertThat(registrationParameters.getServerProperty()).isEqualTo(serverProperty);
}
Also used : RegistrationData(com.webauthn4j.data.RegistrationData) ServerProperty(com.webauthn4j.server.ServerProperty) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RegistrationExtensionClientOutput(com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput) RegistrationRequest(com.webauthn4j.data.RegistrationRequest) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) AuthenticationExtensionsClientOutputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs) RegistrationParameters(com.webauthn4j.data.RegistrationParameters) Test(org.junit.Test)

Example 28 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class Base64UrlStringToCollectedClientDataConverterTest method convert_test.

@Test
public void convert_test() {
    CollectedClientData expected = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_GET);
    String source = new CollectedClientDataConverter(objectConverter).convertToBase64UrlString(expected);
    CollectedClientData result = new Base64UrlStringToCollectedClientDataConverter(objectConverter).convert(source);
    assertThat(result).isEqualTo(expected);
}
Also used : CollectedClientData(com.webauthn4j.data.client.CollectedClientData) CollectedClientDataConverter(com.webauthn4j.converter.CollectedClientDataConverter) Test(org.junit.Test)

Example 29 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAttestationResultEndpointFilter method processRequest.

@Override
protected ServerResponse processRequest(HttpServletRequest request) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredential<ServerAuthenticatorAttestationResponse> credential = this.objectConverter.getJsonConverter().readValue(inputStream, credentialTypeRef);
        serverPublicKeyCredentialValidator.validate(credential);
        ServerAuthenticatorAttestationResponse response = credential.getResponse();
        CollectedClientData collectedClientData = collectedClientDataConverter.convert(response.getClientDataJSON());
        AttestationObject attestationObject = attestationObjectConverter.convert(response.getAttestationObject());
        Set<String> transports = Collections.emptySet();
        webAuthnRegistrationRequestValidator.validate(request, response.getClientDataJSON(), response.getAttestationObject(), transports, credential.getClientExtensionResults());
        String loginUsername = serverEndpointFilterUtil.decodeUsername(collectedClientData.getChallenge());
        try {
            userDetailsService.loadUserByUsername(loginUsername);
        } catch (UsernameNotFoundException e) {
            usernameNotFoundHandler.onUsernameNotFound(loginUsername);
        }
        UserDetails userDetails = userDetailsService.loadUserByUsername(loginUsername);
        WebAuthnAuthenticatorImpl webAuthnAuthenticator = new WebAuthnAuthenticatorImpl("Authenticator", loginUsername, attestationObject.getAuthenticatorData().getAttestedCredentialData(), attestationObject.getAttestationStatement(), attestationObject.getAuthenticatorData().getSignCount());
        webAuthnAuthenticatorManager.createAuthenticator(webAuthnAuthenticator);
        return new AttestationResultSuccessResponse();
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) InputStream(java.io.InputStream) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) UserDetails(org.springframework.security.core.userdetails.UserDetails) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Example 30 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.

the class CollectedClientDataFormFormatter method parse.

@Override
public CollectedClientDataForm parse(String text, Locale locale) throws ParseException {
    CollectedClientData collectedClientData = base64UrlStringToCollectedClientDataConverter.convert(text);
    CollectedClientDataForm collectedClientDataForm = new CollectedClientDataForm();
    collectedClientDataForm.setCollectedClientData(collectedClientData);
    collectedClientDataForm.setClientDataBase64(text);
    return collectedClientDataForm;
}
Also used : CollectedClientData(com.webauthn4j.data.client.CollectedClientData) CollectedClientDataForm(com.webauthn4j.springframework.security.webauthn.sample.app.api.CollectedClientDataForm)

Aggregations

CollectedClientData (com.webauthn4j.data.client.CollectedClientData)56 Test (org.junit.jupiter.api.Test)33 ServerProperty (com.webauthn4j.server.ServerProperty)30 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)23 RegistrationExtensionClientOutput (com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput)19 Origin (com.webauthn4j.data.client.Origin)17 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)16 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)14 AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)11 Challenge (com.webauthn4j.data.client.challenge.Challenge)10 AuthenticatorTransport (com.webauthn4j.data.AuthenticatorTransport)8 RegistrationObject (com.webauthn4j.validator.RegistrationObject)8 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8 DCRegistrationObject (com.webauthn4j.appattest.validator.DCRegistrationObject)7 Authenticator (com.webauthn4j.authenticator.Authenticator)7 CollectedClientDataConverter (com.webauthn4j.converter.CollectedClientDataConverter)7 AuthenticationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput)7 CoreRegistrationObject (com.webauthn4j.validator.CoreRegistrationObject)7 Test (org.junit.Test)5 RegistrationData (com.webauthn4j.data.RegistrationData)4