Search in sources :

Example 41 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j by webauthn4j.

the class TestDataUtil method createRegistrationObject.

public static RegistrationObject createRegistrationObject(Function<byte[], AttestationObject> attestationObjectProvider) {
    CollectedClientData collectedClientData = createClientData(ClientDataType.WEBAUTHN_CREATE);
    byte[] collectedClientDataBytes = collectedClientDataConverter.convertToBytes(collectedClientData);
    AttestationObject attestationObject = attestationObjectProvider.apply(collectedClientDataBytes);
    byte[] attestationObjectBytes = attestationObjectConverter.convertToBytes(attestationObject);
    Set<AuthenticatorTransport> transports = Collections.emptySet();
    AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> authenticationExtensionsClientOutputs = new AuthenticationExtensionsClientOutputs<>();
    return new RegistrationObject(attestationObject, attestationObjectBytes, collectedClientData, collectedClientDataBytes, authenticationExtensionsClientOutputs, transports, TestDataUtil.createServerProperty());
}
Also used : CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) CoreRegistrationObject(com.webauthn4j.validator.CoreRegistrationObject) DCRegistrationObject(com.webauthn4j.appattest.validator.DCRegistrationObject) RegistrationObject(com.webauthn4j.validator.RegistrationObject) AuthenticationExtensionsClientOutputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs) RegistrationExtensionClientOutput(com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput)

Example 42 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j by webauthn4j.

the class WebAuthnAuthenticationManager method parse.

@SuppressWarnings("squid:S1130")
@NonNull
public AuthenticationData parse(@NonNull AuthenticationRequest authenticationRequest) throws DataConversionException {
    AssertUtil.notNull(authenticationRequest, "authenticationRequest must not be null");
    byte[] credentialId = authenticationRequest.getCredentialId();
    byte[] signature = authenticationRequest.getSignature();
    byte[] userHandle = authenticationRequest.getUserHandle();
    byte[] clientDataBytes = authenticationRequest.getClientDataJSON();
    CollectedClientData collectedClientData = clientDataBytes == null ? null : collectedClientDataConverter.convert(clientDataBytes);
    byte[] authenticatorDataBytes = authenticationRequest.getAuthenticatorData();
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = authenticatorDataBytes == null ? null : authenticatorDataConverter.convert(authenticatorDataBytes);
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensions = authenticationRequest.getClientExtensionsJSON() == null ? null : authenticationExtensionsClientOutputsConverter.convert(authenticationRequest.getClientExtensionsJSON());
    return new AuthenticationData(credentialId, userHandle, authenticatorData, authenticatorDataBytes, collectedClientData, clientDataBytes, clientExtensions, signature);
}
Also used : CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) AuthenticationData(com.webauthn4j.data.AuthenticationData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 43 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j by webauthn4j.

the class OriginValidatorImplTest method multiple_origins_test.

@Test
void multiple_origins_test() {
    final Origin originA = new Origin("https://example.com:14443");
    final Origin originB = new Origin("http://localhost:9090");
    final Origin originC = new Origin("android:apk-key-hash:pNiP5iKyQ8JwgGOaKA1zGPUPJIS-0H1xKCQcfIoGLck");
    final Origin originD = new Origin("android:apk-key-hash-sha256:qSiQ5iKyQ8JwgGOaKA1zGPUPJIS-0H1xKCQcfIoGLck");
    final ServerProperty serverProperty = new ServerProperty(new HashSet<>(Arrays.asList(originA, originB, originC, originD)), "example.com", TestDataUtil.createChallenge(), null);
    final CollectedClientData collectedClientDataA = new CollectedClientData(ClientDataType.WEBAUTHN_CREATE, TestDataUtil.createChallenge(), originA, null);
    final CollectedClientData collectedClientDataB = new CollectedClientData(ClientDataType.WEBAUTHN_CREATE, TestDataUtil.createChallenge(), originB, null);
    final CollectedClientData collectedClientDataC = new CollectedClientData(ClientDataType.WEBAUTHN_GET, TestDataUtil.createChallenge(), originC, null);
    final CollectedClientData collectedClientDataD = new CollectedClientData(ClientDataType.WEBAUTHN_GET, TestDataUtil.createChallenge(), originD, null);
    target.validate(collectedClientDataA, serverProperty);
    target.validate(collectedClientDataB, serverProperty);
    target.validate(collectedClientDataC, serverProperty);
    target.validate(collectedClientDataD, serverProperty);
}
Also used : Origin(com.webauthn4j.data.client.Origin) ServerProperty(com.webauthn4j.server.ServerProperty) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 44 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j by webauthn4j.

the class OriginValidatorImplTest method test_with_not_equal_origins.

@SuppressWarnings("java:S5976")
@Test
void test_with_not_equal_origins() {
    Origin originA = new Origin("https://example.com:14443");
    Origin originB = new Origin("http://example.com");
    CollectedClientData collectedClientData = new CollectedClientData(ClientDataType.WEBAUTHN_CREATE, TestDataUtil.createChallenge(), originA, null);
    ServerProperty serverProperty = new ServerProperty(originB, "example.com", TestDataUtil.createChallenge(), null);
    assertThrows(BadOriginException.class, () -> target.validate(collectedClientData, serverProperty));
}
Also used : Origin(com.webauthn4j.data.client.Origin) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) ServerProperty(com.webauthn4j.server.ServerProperty) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 45 with CollectedClientData

use of com.webauthn4j.data.client.CollectedClientData in project webauthn4j by webauthn4j.

the class OriginValidatorImplTest method apk_key_hash_test_with_not_equal_origins.

@SuppressWarnings("java:S5976")
@Test
void apk_key_hash_test_with_not_equal_origins() {
    Origin originA = new Origin("android:apk-key-hash:aNiP5iKyQ8JwgGOaKA1zGPUPJIS-0H1xKCQcfIoGLck");
    Origin originB = new Origin("android:apk-key-hash:pNiP5iKyQ8JwgGOaKA1zGPUPJIS-0H1xKCQcfIoGLck");
    CollectedClientData collectedClientData = new CollectedClientData(ClientDataType.WEBAUTHN_CREATE, TestDataUtil.createChallenge(), originA, null);
    ServerProperty serverProperty = new ServerProperty(originB, "1.example.com", TestDataUtil.createChallenge(), null);
    assertThrows(BadOriginException.class, () -> target.validate(collectedClientData, serverProperty));
}
Also used : Origin(com.webauthn4j.data.client.Origin) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) ServerProperty(com.webauthn4j.server.ServerProperty) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

CollectedClientData (com.webauthn4j.data.client.CollectedClientData)56 Test (org.junit.jupiter.api.Test)33 ServerProperty (com.webauthn4j.server.ServerProperty)30 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)23 RegistrationExtensionClientOutput (com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput)19 Origin (com.webauthn4j.data.client.Origin)17 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)16 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)14 AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)11 Challenge (com.webauthn4j.data.client.challenge.Challenge)10 AuthenticatorTransport (com.webauthn4j.data.AuthenticatorTransport)8 RegistrationObject (com.webauthn4j.validator.RegistrationObject)8 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8 DCRegistrationObject (com.webauthn4j.appattest.validator.DCRegistrationObject)7 Authenticator (com.webauthn4j.authenticator.Authenticator)7 CollectedClientDataConverter (com.webauthn4j.converter.CollectedClientDataConverter)7 AuthenticationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput)7 CoreRegistrationObject (com.webauthn4j.validator.CoreRegistrationObject)7 Test (org.junit.Test)5 RegistrationData (com.webauthn4j.data.RegistrationData)4