Search in sources :

Example 1 with AuthenticationExtensionAuthenticatorOutput

use of com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput in project webauthn4j by webauthn4j.

the class AuthenticationDataTest method getter_test.

@Test
void getter_test() {
    byte[] credentialId = new byte[32];
    byte[] userHandle = new byte[32];
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = null;
    byte[] authenticatorDataBytes = new byte[64];
    CollectedClientData collectedClientData = mock(CollectedClientData.class);
    byte[] collectedClientDataBytes = new byte[128];
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensions = null;
    byte[] signature = new byte[32];
    AuthenticationData instance = new AuthenticationData(credentialId, userHandle, authenticatorData, authenticatorDataBytes, collectedClientData, collectedClientDataBytes, clientExtensions, signature);
    assertThat(instance.getCredentialId()).isEqualTo(credentialId);
    assertThat(instance.getUserHandle()).isEqualTo(userHandle);
    assertThat(instance.getAuthenticatorData()).isEqualTo(authenticatorData);
    assertThat(instance.getAuthenticatorDataBytes()).isEqualTo(authenticatorDataBytes);
    assertThat(instance.getCollectedClientData()).isEqualTo(collectedClientData);
    assertThat(instance.getCollectedClientDataBytes()).isEqualTo(collectedClientDataBytes);
    assertThat(instance.getClientExtensions()).isEqualTo(clientExtensions);
    assertThat(instance.getSignature()).isEqualTo(signature);
}
Also used : AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) Test(org.junit.jupiter.api.Test)

Example 2 with AuthenticationExtensionAuthenticatorOutput

use of com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput in project webauthn4j by webauthn4j.

the class AuthenticationDataTest method equals_hashCode_test.

@Test
void equals_hashCode_test() {
    byte[] credentialId = new byte[32];
    byte[] userHandle = new byte[32];
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = null;
    byte[] authenticatorDataBytes = new byte[64];
    CollectedClientData collectedClientData = mock(CollectedClientData.class);
    byte[] collectedClientDataBytes = new byte[128];
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> authenticationExtensionsClientOutputs = null;
    byte[] signature = new byte[32];
    AuthenticationData instanceA = new AuthenticationData(credentialId, userHandle, authenticatorData, authenticatorDataBytes, collectedClientData, collectedClientDataBytes, authenticationExtensionsClientOutputs, signature);
    AuthenticationData instanceB = new AuthenticationData(credentialId, userHandle, authenticatorData, authenticatorDataBytes, collectedClientData, collectedClientDataBytes, authenticationExtensionsClientOutputs, signature);
    assertThat(instanceA).isEqualTo(instanceB).hasSameHashCodeAs(instanceB);
}
Also used : AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) Test(org.junit.jupiter.api.Test)

Example 3 with AuthenticationExtensionAuthenticatorOutput

use of com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput in project webauthn4j by webauthn4j.

the class DCAssertionDataValidator method createCoreAuthenticationObject.

@Override
@NonNull
protected CoreAuthenticationObject createCoreAuthenticationObject(@NonNull CoreAuthenticationData authenticationData, @NonNull CoreAuthenticationParameters authenticationParameters) {
    AssertUtil.notNull(authenticationData, "authenticationData must not be null");
    AssertUtil.notNull(authenticationData, "authenticationParameters must not be null");
    byte[] credentialId = authenticationData.getCredentialId();
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = authenticationData.getAuthenticatorData();
    byte[] authenticatorDataBytes = authenticationData.getAuthenticatorDataBytes();
    byte[] clientDataHash = authenticationData.getClientDataHash();
    CoreServerProperty serverProperty = authenticationParameters.getServerProperty();
    CoreAuthenticator authenticator = authenticationParameters.getAuthenticator();
    DCAppleDevice dcAppleDevice = new DCAppleDeviceImpl(authenticator.getAttestedCredentialData(), authenticator.getAttestationStatement(), authenticator.getCounter(), authenticator.getAuthenticatorExtensions());
    // noinspection ConstantConditions null check is already done in caller
    return new DCAuthenticationObject(credentialId, authenticatorData, authenticatorDataBytes, clientDataHash, serverProperty, dcAppleDevice);
}
Also used : CoreServerProperty(com.webauthn4j.server.CoreServerProperty) DCAppleDevice(com.webauthn4j.appattest.authenticator.DCAppleDevice) AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) DCAppleDeviceImpl(com.webauthn4j.appattest.authenticator.DCAppleDeviceImpl) CoreAuthenticator(com.webauthn4j.authenticator.CoreAuthenticator) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 4 with AuthenticationExtensionAuthenticatorOutput

use of com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput in project webauthn4j by webauthn4j.

the class WebAuthnModelAuthenticator method getAssertion.

public GetAssertionResponse getAssertion(GetAssertionRequest getAssertionRequest, AuthenticationEmulationOption authenticationEmulationOption) {
    byte flags = 0;
    // Check if all the supplied parameters are syntactically well-formed and of the correct length.
    // If not, return an error code equivalent to "UnknownError" and terminate the operation.
    // TODO
    // Let credentialOptions be a new empty set of public key credential sources.
    List<PublicKeyCredentialSource> credentialOptions = new ArrayList<>();
    // If allowCredentialDescriptorList was supplied, then for each descriptor of allowCredentialDescriptorList:
    List<PublicKeyCredentialDescriptor> allowCredentialDescriptorList = getAssertionRequest.getAllowCredentialDescriptorList();
    if (allowCredentialDescriptorList != null && !allowCredentialDescriptorList.isEmpty()) {
        for (PublicKeyCredentialDescriptor credentialDescriptor : getAssertionRequest.getAllowCredentialDescriptorList()) {
            // Let credSource be the result of looking up descriptor.id in this authenticator.
            PublicKeyCredentialSource credSource = lookup(credentialDescriptor.getId());
            if (credSource != null) {
                credentialOptions.add(credSource);
            }
        }
    } else // Otherwise (allowCredentialDescriptorList was not supplied),
    // for each key -> credSource of this authenticator’s credentials map, append credSource to credentialOptions.
    {
        for (Map.Entry<CredentialMapKey, PublicKeyCredentialSource> entry : credentialMap.entrySet()) {
            credentialOptions.add(entry.getValue());
        }
    }
    // Remove any items from credentialOptions whose rpId is not equal to rpId.
    credentialOptions = credentialOptions.stream().filter(item -> item.getRpId().equals(getAssertionRequest.getRpId())).collect(Collectors.toList());
    // If credentialOptions is now empty, return an error code equivalent to "NotAllowedError" and terminate the operation.
    if (credentialOptions.isEmpty()) {
        throw new NotAllowedException("No matching authenticator found");
    }
    // If requireUserVerification is true, the method of obtaining user consent MUST include user verification.
    if (getAssertionRequest.isRequireUserVerification()) {
        flags |= BIT_UV;
    }
    // If requireUserPresence is true, the method of obtaining user consent MUST include a test of user presence.
    if (getAssertionRequest.isRequireUserPresence()) {
        flags |= BIT_UP;
    }
    // If the user does not consent, return an error code equivalent to "NotAllowedError" and terminate the operation.
    // TODO
    PublicKeyCredentialSource selectedCredential = credentialOptions.get(0);
    // Let processedExtensions be the result of authenticator extension processing for each supported
    // extension identifier -> authenticator extension input in extensions.
    AuthenticationExtensionsAuthenticatorOutputs<AuthenticationExtensionAuthenticatorOutput> processedExtensions = new AuthenticationExtensionsAuthenticatorOutputs<>();
    if (!processedExtensions.getKeys().isEmpty()) {
        flags |= BIT_ED;
    }
    // Increment the RP ID-associated signature counter or the global signature counter value,
    // depending on which approach is implemented by the authenticator, by some positive value.
    countUp();
    // Let authenticatorData be the byte array specified in §6.1 Authenticator data including processedExtensions,
    // if any, as the extensions and excluding attestedCredentialData.
    byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(getAssertionRequest.getRpId().getBytes(StandardCharsets.UTF_8));
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorDataObject = new AuthenticatorData<>(rpIdHash, flags, counter, processedExtensions);
    byte[] authenticatorData = authenticatorDataConverter.convert(authenticatorDataObject);
    // Let signature be the assertion signature of the concatenation authenticatorData || hash using
    // the privateKey of selectedCredential as shown in Figure 2, below. A simple, undelimited concatenation is
    // safe to use here because the authenticator data describes its own length.
    // The hash of the serialized client data (which potentially has a variable length) is always the last element.
    byte[] clientDataHash = getAssertionRequest.getHash();
    byte[] signedData = ByteBuffer.allocate(authenticatorData.length + clientDataHash.length).put(authenticatorData).put(clientDataHash).array();
    byte[] signature = TestDataUtil.calculateSignature(selectedCredential.getPrivateKey().getPrivateKey(), signedData);
    // If any error occurred while generating the assertion signature,
    // return an error code equivalent to "UnknownError" and terminate the operation.
    // Return to the user agent:
    GetAssertionResponse getAssertionResponse = new GetAssertionResponse();
    getAssertionResponse.setCredentialId(selectedCredential.getId());
    getAssertionResponse.setAuthenticatorData(authenticatorData);
    getAssertionResponse.setSignature(signature);
    getAssertionResponse.setUserHandle(selectedCredential.getUserHandle());
    return getAssertionResponse;
}
Also used : PublicKeyCredentialDescriptor(com.webauthn4j.data.PublicKeyCredentialDescriptor) AuthenticationExtensionsAuthenticatorOutputs(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionsAuthenticatorOutputs) AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) AuthenticatorData(com.webauthn4j.data.attestation.authenticator.AuthenticatorData)

Example 5 with AuthenticationExtensionAuthenticatorOutput

use of com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput in project webauthn4j by webauthn4j.

the class DeviceCheckManagerTest method validate_assertion_test.

@Test
void validate_assertion_test() {
    DeviceCheckManager deviceCheckManager = DeviceCheckManager.createNonStrictDeviceCheckManager();
    byte[] keyId = Base64Util.decode("VnfqjSp0rWyyqNhrfh+9/IhLIvXuYTPAmJEVQwl4dko=");
    byte[] assertion = Base64Util.decode("omlzaWduYXR1cmVYRjBEAiB4zR/olM8j24vmT3fGVA1eykitnp/jpMG9sM6CNsF2lQIgVCK5x6m/jkocPmX6wuPqlJ8tzbvI9bQnd8XYebJ8XuBxYXV0aGVudGljYXRvckRhdGFYJTBgAsoFXgbFiKUuxqpUgvU2jgKvMIex6dMJ0EDK9dlaQAAAAAE=");
    byte[] challenge = "1234567890abcdefgh".getBytes();
    byte[] clientDataHash = MessageDigestUtil.createSHA256().digest(challenge);
    DCAssertionRequest dcAssertionRequest = new DCAssertionRequest(keyId, assertion, clientDataHash);
    DCServerProperty dcServerProperty = new DCServerProperty("8YE23NZS57.com.kayak.travel", new DefaultChallenge(challenge));
    byte[] attestationObjectBytes = Base64Util.decode("o2NmbXRvYXBwbGUtYXBwYXR0ZXN0Z2F0dFN0bXSiY3g1Y4JZAuQwggLgMIICZqADAgECAgYBdNZm2hAwCgYIKoZIzj0EAwIwTzEjMCEGA1UEAwwaQXBwbGUgQXBwIEF0dGVzdGF0aW9uIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwOTI3MjAyODE4WhcNMjAwOTMwMjAyODE4WjCBkTFJMEcGA1UEAwxANTY3N2VhOGQyYTc0YWQ2Y2IyYThkODZiN2UxZmJkZmM4ODRiMjJmNWVlNjEzM2MwOTg5MTE1NDMwOTc4NzY0YTEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVMXfBQ2n1hERgyf113lWGstIXHIbeiLJi+oIYyZj/aqNGPACJWSmRK/v5B67uZ2bZrNNSoRrwJyoNiwerRvmdo4HqMIHnMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMHUGCSqGSIb3Y2QIBQRoMGakAwIBCr+JMAMCAQG/iTEDAgEAv4kyAwIBAb+JMwMCAQG/iTQdBBs4WUUyM05aUzU3LmNvbS5rYXlhay50cmF2ZWylBgQEc2tzIL+JNgMCAQW/iTcDAgEAv4k5AwIBAL+JOgMCAQAwGwYJKoZIhvdjZAgHBA4wDL+KeAgEBjE0LjAuMTAzBgkqhkiG92NkCAIEJjAkoSIEIMmvmBS106CCCA0l+C2IhciYKtSnKp+1qGmv597EqyV9MAoGCCqGSM49BAMCA2gAMGUCMQC2xV2A+e9j96iphB6G3Vm53fzMw+lZ/LlgKAHvZy6K3gNCnyMev8/O79TwiHFxBqcCMDwneBrN7P2REtFVdPjdGFSqJQ1AS2VJtX31VRHZzY7FNRLqyTPqkuF9xnay6NWlY1kCRzCCAkMwggHIoAMCAQICEAm6xeG8QBrZ1FOVvDgaCFQwCgYIKoZIzj0EAwMwUjEmMCQGA1UEAwwdQXBwbGUgQXBwIEF0dGVzdGF0aW9uIFJvb3QgQ0ExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwMzE4MTgzOTU1WhcNMzAwMzEzMDAwMDAwWjBPMSMwIQYDVQQDDBpBcHBsZSBBcHAgQXR0ZXN0YXRpb24gQ0EgMTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABK5bN6B3TXmyNY9A59HyJibxwl/vF4At6rOCalmHT/jSrRUleJqiZgQZEki2PLlnBp6Y02O9XjcPv6COMp6Ac6mF53Ruo1mi9m8p2zKvRV4hFljVZ6+eJn6yYU3CGmbOmaNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBSskRBTM72+aEH/pwyp5frq5eWKoTAdBgNVHQ4EFgQUPuNdHAQZqcm0MfiEdNbh4Vdy45swDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2kAMGYCMQC7voiNc40FAs+8/WZtCVdQNbzWhyw/hDBJJint0fkU6HmZHJrota7406hUM/e2DQYCMQCrOO3QzIHtAKRSw7pE+ZNjZVP+zCl/LrTfn16+WkrKtplcS4IN+QQ4b3gHu1iUObdncmVjZWlwdFkO6jCABgkqhkiG9w0BBwKggDCAAgEBMQ8wDQYJYIZIAWUDBAIBBQAwgAYJKoZIhvcNAQcBoIAkgASCA+gxggQLMCMCAQICAQEEGzhZRTIzTlpTNTcuY29tLmtheWFrLnRyYXZlbDCCAu4CAQMCAQEEggLkMIIC4DCCAmagAwIBAgIGAXTWZtoQMAoGCCqGSM49BAMCME8xIzAhBgNVBAMMGkFwcGxlIEFwcCBBdHRlc3RhdGlvbiBDQSAxMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDkyNzIwMjgxOFoXDTIwMDkzMDIwMjgxOFowgZExSTBHBgNVBAMMQDU2NzdlYThkMmE3NGFkNmNiMmE4ZDg2YjdlMWZiZGZjODg0YjIyZjVlZTYxMzNjMDk4OTExNTQzMDk3ODc2NGExGjAYBgNVBAsMEUFBQSBDZXJ0aWZpY2F0aW9uMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElTF3wUNp9YREYMn9dd5VhrLSFxyG3oiyYvqCGMmY/2qjRjwAiVkpkSv7+Qeu7mdm2azTUqEa8CcqDYsHq0b5naOB6jCB5zAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIE8DB1BgkqhkiG92NkCAUEaDBmpAMCAQq/iTADAgEBv4kxAwIBAL+JMgMCAQG/iTMDAgEBv4k0HQQbOFlFMjNOWlM1Ny5jb20ua2F5YWsudHJhdmVspQYEBHNrcyC/iTYDAgEFv4k3AwIBAL+JOQMCAQC/iToDAgEAMBsGCSqGSIb3Y2QIBwQOMAy/ingIBAYxNC4wLjEwMwYJKoZIhvdjZAgCBCYwJKEiBCDJr5gUtdOggggNJfgtiIXImCrUpyqftahpr+fexKslfTAKBggqhkjOPQQDAgNoADBlAjEAtsVdgPnvY/eoqYQeht1Zud38zMPpWfy5YCgB72cuit4DQp8jHr/Pzu/U8IhxcQanAjA8J3gazez9kRLRVXT43RhUqiUNQEtlSbV99VUR2c2OxTUS6skz6pLhfcZ2sujVpWMwKAIBBAIBAQQgvdrOOJAgFiv8POwNggQqju68c8sP3Pm1C94DpHYynWYwYAIBBQIBAQRYK2VZNFNTbk9qZGlrK1hpM2lCUytTa0dWU0dNODZpSnlQU2FjK251MXVPeHdmb1RBS214OFNjdDNYckJqK3p2L3BPZFVKaHcyejdxNkg4R3pvL3pCbXc9PTAOAgEGAgEBBAZBVFRFU1QwEgIBBwIBAQQKcHJvZHVjdGlvbjAgAgEMAgEBBBgyMDIwLTA5LTI4VDIwOjI4OjE5BCcuOTQyWjAgAgEVAgEBBBgyMDIwLTEyLTI3VDIwOjI4OjE5Ljk0MloAAAAAAACggDCCA60wggNUoAMCAQICEFkzVq3lWYLPREI3rN9FG1MwCgYIKoZIzj0EAwIwfDEwMC4GA1UEAwwnQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgNSAtIEcxMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwNTE5MTc0NzMxWhcNMjEwNjE4MTc0NzMxWjBaMTYwNAYDVQQDDC1BcHBsaWNhdGlvbiBBdHRlc3RhdGlvbiBGcmF1ZCBSZWNlaXB0IFNpZ25pbmcxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf+kVNGzDinuYPJPR0ENf2KvaVnAE0yxYhmVRlXq0ePfLKvi6Rff6eOrGLEnk+c3AhLUDFPECM9qbdvpEKiu4cqOCAdgwggHUMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU2Rf+S2eQOEuS9NvO1VeAFAuPPckwQwYIKwYBBQUHAQEENzA1MDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFhaWNhNWcxMDEwggEcBgNVHSAEggETMIIBDzCCAQsGCSqGSIb3Y2QFATCB/TCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkwHQYDVR0OBBYEFGkexw9H7OON3XU3RPPp4VpsEFYlMA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkDA8EAgUAMAoGCCqGSM49BAMCA0cAMEQCICUYFlxeKZxZ9oU5rV3bmfY3PvYOzQhFqf13GtYkLSwiAiBdKpsqX6ujY4FljRhA969IC9droZTYNCCH9NaTW7UbrjCCAvkwggJ/oAMCAQICEFb7g9Qr/43DN5kjtVqubr0wCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTkwMzIyMTc1MzMzWhcNMzQwMzIyMDAwMDAwWjB8MTAwLgYDVQQDDCdBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSA1IC0gRzExJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJLOY719hrGrKAo7HOGv+wSUgJGs9jHfpssoNW9ES+Eh5VfdEo2NuoJ8lb5J+r4zyq7NBBnxL0Ml+vS+s8uDfrqjgfcwgfQwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS7sN6hWDOImqSKmd6+veuv2sskqzBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVyb290Y2FnMzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZXJvb3RjYWczLmNybDAdBgNVHQ4EFgQU2Rf+S2eQOEuS9NvO1VeAFAuPPckwDgYDVR0PAQH/BAQDAgEGMBAGCiqGSIb3Y2QGAgMEAgUAMAoGCCqGSM49BAMDA2gAMGUCMQCNb6afoeDk7FtOc4qSfz14U5iP9NofWB7DdUr+OKhMKoMaGqoNpmRt4bmT6NFVTO0CMGc7LLTh6DcHd8vV7HaoGjpVOz81asjF5pKw4WG+gElp5F8rqWzhEQKqzGHZOLdzSjCCAkMwggHJoAMCAQICCC3F/IjSxUuVMAoGCCqGSM49BAMDMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MDQzMDE4MTkwNloXDTM5MDQzMDE4MTkwNlowZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASY6S89QHKk7ZMicoETHN0QlfHFo05x3BQW2Q7lpgUqd2R7X04407scRLV/9R+2MmJdyemEW08wTxFaAP1YWAyl9Q8sTQdHE3Xal5eXbzFc7SudeyA72LlU2V6ZpDpRCjGjQjBAMB0GA1UdDgQWBBS7sN6hWDOImqSKmd6+veuv2sskqzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjEAg+nBxBZeGl00GNnt7/RsDgBGS7jfskYRxQ/95nqMoaZrzsID1Jz1k8Z0uGrfqiMVAjBtZooQytQN1E/NjUM+tIpjpTNu423aF7dkH8hTJvmIYnQ5Cxdby1GoDOgYA+eisigAADGCAZYwggGSAgEBMIGQMHwxMDAuBgNVBAMMJ0FwcGxlIEFwcGxpY2F0aW9uIEludGVncmF0aW9uIENBIDUgLSBHMTEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAhBZM1at5VmCz0RCN6zfRRtTMA0GCWCGSAFlAwQCAQUAoIGVMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIwMDkyODIwMjgyMFowKgYJKoZIhvcNAQk0MR0wGzANBglghkgBZQMEAgEFAKEKBggqhkjOPQQDAjAvBgkqhkiG9w0BCQQxIgQgyxRZaHevu9mf1wZLftRoPcHNW4p0ILAjKWeQNRnuH54wCgYIKoZIzj0EAwIERzBFAiEAhOOiqKJXPxbi9vfzFCtQLqrdl1CTytgw/WgyYGzzygcCIG7IIKLbIp//Y9cv2eKQXaWAhOvhWO8wkyKfyGlFsprWAAAAAAAAaGF1dGhEYXRhWKQwYALKBV4GxYilLsaqVIL1No4CrzCHsenTCdBAyvXZWkAAAAAAYXBwYXR0ZXN0AAAAAAAAAAAgVnfqjSp0rWyyqNhrfh+9/IhLIvXuYTPAmJEVQwl4dkqlAQIDJiABIVgglTF3wUNp9YREYMn9dd5VhrLSFxyG3oiyYvqCGMmY/2oiWCCjRjwAiVkpkSv7+Qeu7mdm2azTUqEa8CcqDYsHq0b5nQ==");
    byte[] authenticatorDataBytes = attestationObjectConverter.extractAuthenticatorData(attestationObjectBytes);
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticatorData = authenticatorDataConverter.convert(authenticatorDataBytes);
    byte[] attestedCredentialDataBytes = authenticatorDataConverter.extractAttestedCredentialData(authenticatorDataBytes);
    AttestedCredentialData attestedCredentialData = attestedCredentialDataConverter.convert(attestedCredentialDataBytes);
    byte[] attestationStatementBytes = attestationObjectConverter.extractAttestationStatement(attestationObjectBytes);
    AppleAppAttestAttestationStatement attestationStatement = objectConverter.getCborConverter().readValue(attestationStatementBytes, AppleAppAttestAttestationStatement.class);
    long counter = authenticatorData.getSignCount();
    DCAppleDevice dcAppleDevice = new DCAppleDeviceImpl(attestedCredentialData, attestationStatement, counter, new AuthenticationExtensionsAuthenticatorOutputs<>());
    DCAssertionParameters dcAssertionParameters = new DCAssertionParameters(dcServerProperty, dcAppleDevice);
    deviceCheckManager.validate(dcAssertionRequest, dcAssertionParameters);
}
Also used : DCAppleDevice(com.webauthn4j.appattest.authenticator.DCAppleDevice) DCServerProperty(com.webauthn4j.appattest.server.DCServerProperty) AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) DCAppleDeviceImpl(com.webauthn4j.appattest.authenticator.DCAppleDeviceImpl) AppleAppAttestAttestationStatement(com.webauthn4j.appattest.data.attestation.statement.AppleAppAttestAttestationStatement) Test(org.junit.jupiter.api.Test)

Aggregations

AuthenticationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput)15 AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)8 CollectedClientData (com.webauthn4j.data.client.CollectedClientData)7 Test (org.junit.jupiter.api.Test)7 Authenticator (com.webauthn4j.authenticator.Authenticator)4 ServerProperty (com.webauthn4j.server.ServerProperty)4 NonNull (org.checkerframework.checker.nullness.qual.NonNull)4 CoreAuthenticator (com.webauthn4j.authenticator.CoreAuthenticator)3 CoreServerProperty (com.webauthn4j.server.CoreServerProperty)3 DCAppleDevice (com.webauthn4j.appattest.authenticator.DCAppleDevice)2 DCAppleDeviceImpl (com.webauthn4j.appattest.authenticator.DCAppleDeviceImpl)2 AuthenticatorDataConverter (com.webauthn4j.converter.AuthenticatorDataConverter)2 CollectedClientDataConverter (com.webauthn4j.converter.CollectedClientDataConverter)2 PublicKeyCredentialDescriptor (com.webauthn4j.data.PublicKeyCredentialDescriptor)2 AuthenticatorData (com.webauthn4j.data.attestation.authenticator.AuthenticatorData)2 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)2 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)2 DCAssertion (com.webauthn4j.appattest.data.DCAssertion)1 DCAssertionData (com.webauthn4j.appattest.data.DCAssertionData)1 AppleAppAttestAttestationStatement (com.webauthn4j.appattest.data.attestation.statement.AppleAppAttestAttestationStatement)1