Examples with AuthenticationExtensionClientOutput com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput used on opensource projects

Example 6 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_userVerificationDiscouraged_option_test.

@Test
void validate_assertion_with_userVerificationDiscouraged_option_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(UserNotVerifiedException.class, () -> target.validate(authenticationData, authenticationParameters));
}

Example 7 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class CustomAuthenticationValidationTest method CustomAuthenticationValidator_test.

@Test
void CustomAuthenticationValidator_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensionResults = credential.getClientExtensionResults();
    String clientExtensionJSON = authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults);
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), clientExtensionJSON, authenticatorAssertionResponse.getSignature());
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, null, false, true);
    // You can add custom authentication validator
    target.getAuthenticationDataValidator().getCustomAuthenticationValidators().add(authenticationObject -> assertThat(authenticationObject).isNotNull());
    target.validate(authenticationRequest, authenticationParameters);
}

Example 8 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_test_with_bad_clientData_type.

@Test
void validate_assertion_test_with_bad_clientData_type() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    // bad clientData type
    CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_CREATE, challenge);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> publicKeyCredential = clientPlatform.get(credentialRequestOptions, collectedClientData);
    AuthenticatorAssertionResponse authenticationRequest = publicKeyCredential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(publicKeyCredential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    AuthenticationParameters webAuthnAuthenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false);
    assertThrows(InconsistentClientDataTypeException.class, () -> target.validate(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters));
}

Example 9 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_with_userVerificationRequired_option_test.

@Test
void validate_assertion_with_userVerificationRequired_option_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), authenticatorAssertionResponse.getSignature());
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), true);
    assertThrows(UserNotVerifiedException.class, () -> target.validate(authenticationRequest, authenticationParameters));
}

Example 10 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_test.

@Test
void validate_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensionResults = credential.getClientExtensionResults();
    String clientExtensionJSON = authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults);
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), clientExtensionJSON, authenticationRequest.getSignature());
    AuthenticationParameters webAuthnAuthenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false, true);
    AuthenticationData response = target.validate(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters);
    assertAll(() -> assertThat(response.getCollectedClientData()).isNotNull(), () -> assertThat(response.getAuthenticatorData()).isNotNull(), () -> assertThat(response.getClientExtensions()).isNotNull());
}