use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class WebAuthnRegistrationRequestValidationResponseTest method getter_test.
@Test
public void getter_test() {
CollectedClientData clientData = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_CREATE);
AttestationObject attestationObject = TestDataUtil.createAttestationObjectWithFIDOU2FAttestationStatement();
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensions = new AuthenticationExtensionsClientOutputs<>();
Set<AuthenticatorTransport> transports = new HashSet<>();
WebAuthnRegistrationRequestValidationResponse instance = new WebAuthnRegistrationRequestValidationResponse(clientData, attestationObject, clientExtensions, transports);
assertThat(instance.getCollectedClientData()).isEqualTo(clientData);
assertThat(instance.getAttestationObject()).isEqualTo(attestationObject);
assertThat(instance.getRegistrationExtensionsClientOutputs()).isEqualTo(clientExtensions);
assertThat(instance.getTransports()).isEqualTo(transports);
}
use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class WebAuthnRegistrationRequestValidatorTest method validate_test.
@Test
public void validate_test() {
WebAuthnRegistrationRequestValidator target = new WebAuthnRegistrationRequestValidator(webAuthnManager, serverPropertyProvider);
ServerProperty serverProperty = mock(ServerProperty.class);
when(serverPropertyProvider.provide(any())).thenReturn(serverProperty);
CollectedClientData collectedClientData = mock(CollectedClientData.class);
AttestationObject attestationObject = mock(AttestationObject.class);
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensionOutputs = new AuthenticationExtensionsClientOutputs<>();
when(webAuthnManager.validate(any(RegistrationRequest.class), any(RegistrationParameters.class))).thenReturn(new RegistrationData(attestationObject, null, collectedClientData, null, clientExtensionOutputs, null));
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.setScheme("https");
mockHttpServletRequest.setServerName("example.com");
mockHttpServletRequest.setServerPort(443);
String clientDataBase64 = "clientDataBase64";
String attestationObjectBase64 = "attestationObjectBase64";
Set<String> transports = Collections.emptySet();
String clientExtensionsJSON = "clientExtensionsJSON";
target.validate(mockHttpServletRequest, clientDataBase64, attestationObjectBase64, transports, clientExtensionsJSON);
ArgumentCaptor<RegistrationRequest> registrationRequestArgumentCaptor = ArgumentCaptor.forClass(RegistrationRequest.class);
ArgumentCaptor<RegistrationParameters> registrationParametersArgumentCaptor = ArgumentCaptor.forClass(RegistrationParameters.class);
verify(webAuthnManager).validate(registrationRequestArgumentCaptor.capture(), registrationParametersArgumentCaptor.capture());
RegistrationRequest registrationRequest = registrationRequestArgumentCaptor.getValue();
RegistrationParameters registrationParameters = registrationParametersArgumentCaptor.getValue();
assertThat(registrationRequest.getClientDataJSON()).isEqualTo(Base64UrlUtil.decode(clientDataBase64));
assertThat(registrationRequest.getAttestationObject()).isEqualTo(Base64UrlUtil.decode(attestationObjectBase64));
assertThat(registrationRequest.getClientExtensionsJSON()).isEqualTo(clientExtensionsJSON);
assertThat(registrationParameters.getServerProperty()).isEqualTo(serverProperty);
}
use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class Base64UrlStringToCollectedClientDataConverterTest method convert_test.
@Test
public void convert_test() {
CollectedClientData expected = TestDataUtil.createClientData(ClientDataType.WEBAUTHN_GET);
String source = new CollectedClientDataConverter(objectConverter).convertToBase64UrlString(expected);
CollectedClientData result = new Base64UrlStringToCollectedClientDataConverter(objectConverter).convert(source);
assertThat(result).isEqualTo(expected);
}
use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class FidoServerAttestationResultEndpointFilter method processRequest.
@Override
protected ServerResponse processRequest(HttpServletRequest request) {
InputStream inputStream;
try {
inputStream = request.getInputStream();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try {
ServerPublicKeyCredential<ServerAuthenticatorAttestationResponse> credential = this.objectConverter.getJsonConverter().readValue(inputStream, credentialTypeRef);
serverPublicKeyCredentialValidator.validate(credential);
ServerAuthenticatorAttestationResponse response = credential.getResponse();
CollectedClientData collectedClientData = collectedClientDataConverter.convert(response.getClientDataJSON());
AttestationObject attestationObject = attestationObjectConverter.convert(response.getAttestationObject());
Set<String> transports = Collections.emptySet();
webAuthnRegistrationRequestValidator.validate(request, response.getClientDataJSON(), response.getAttestationObject(), transports, credential.getClientExtensionResults());
String loginUsername = serverEndpointFilterUtil.decodeUsername(collectedClientData.getChallenge());
try {
userDetailsService.loadUserByUsername(loginUsername);
} catch (UsernameNotFoundException e) {
usernameNotFoundHandler.onUsernameNotFound(loginUsername);
}
UserDetails userDetails = userDetailsService.loadUserByUsername(loginUsername);
WebAuthnAuthenticatorImpl webAuthnAuthenticator = new WebAuthnAuthenticatorImpl("Authenticator", loginUsername, attestationObject.getAuthenticatorData().getAttestedCredentialData(), attestationObject.getAttestationStatement(), attestationObject.getAuthenticatorData().getSignCount());
webAuthnAuthenticatorManager.createAuthenticator(webAuthnAuthenticator);
return new AttestationResultSuccessResponse();
} catch (DataConversionException e) {
throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
}
}
use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j-spring-security by webauthn4j.
the class CollectedClientDataFormFormatter method parse.
@Override
public CollectedClientDataForm parse(String text, Locale locale) throws ParseException {
CollectedClientData collectedClientData = base64UrlStringToCollectedClientDataConverter.convert(text);
CollectedClientDataForm collectedClientDataForm = new CollectedClientDataForm();
collectedClientDataForm.setCollectedClientData(collectedClientData);
collectedClientDataForm.setClientDataBase64(text);
return collectedClientDataForm;
}
Aggregations