use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.
the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_invalid_tokenBinding_test.
@Test
void validate_assertion_with_invalid_tokenBinding_test() {
String rpId = "example.com";
long timeout = 0;
Challenge challenge = new DefaultChallenge();
// create
AttestationObject attestationObject = createAttestationObject(rpId, challenge);
// get
PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
byte[] tokenBindingId = new byte[] { 0x01, 0x23, 0x45 };
CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_GET, challenge, tokenBindingId);
PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions, collectedClientData);
AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
List<byte[]> allowCredentials = null;
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
assertThrows(TokenBindingException.class, () -> target.validate(authenticationData, authenticationParameters));
}
use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.
the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_tokenBinding_test.
@Test
void validate_assertion_with_tokenBinding_test() {
String rpId = "example.com";
long timeout = 0;
Challenge challenge = new DefaultChallenge();
// create
AttestationObject attestationObject = createAttestationObject(rpId, challenge);
// get
PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
byte[] tokenBindingId = new byte[] { 0x01, 0x23, 0x45 };
CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_GET, challenge, tokenBindingId);
PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions, collectedClientData);
AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensionResults = credential.getClientExtensionResults();
String clientExtensionJSON = authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults);
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), clientExtensionJSON, authenticationRequest.getSignature());
List<byte[]> allowCredentials = null;
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
target.validate(authenticationData, authenticationParameters);
assertAll(() -> assertThat(authenticationData.getCollectedClientData()).isNotNull(), () -> assertThat(authenticationData.getAuthenticatorData()).isNotNull(), () -> assertThat(authenticationData.getClientExtensions()).isNotNull());
}
use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.
the class FIDOAuthenticatorCoreAuthenticationValidationTest method validate_test.
@Test
void validate_test() {
String rpId = "example.com";
long timeout = 0;
Challenge challenge = new DefaultChallenge();
// create
AttestationObject attestationObject = createAttestationObject(rpId, challenge);
// get
PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticationData = authenticatorDataConverter.convert(authenticationRequest.getAuthenticatorData());
CoreAuthenticationData coreAuthenticationData = new CoreAuthenticationData(credential.getRawId(), authenticationData, authenticationRequest.getAuthenticatorData(), MessageDigestUtil.createSHA256().digest(authenticationRequest.getClientDataJSON()), authenticationRequest.getSignature());
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, null, true);
target.validate(coreAuthenticationData, authenticationParameters);
}
use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_with_UP_flag_off_test.
@Test
void validate_assertion_with_UP_flag_off_test() {
FIDOU2FAuthenticatorAdaptor fidou2FAuthenticatorAdaptor = new FIDOU2FAuthenticatorAdaptor();
fidou2FAuthenticatorAdaptor.getFIDOU2FAuthenticator().setFlags(FIDOU2FAuthenticator.FLAG_OFF);
clientPlatform = new ClientPlatform(origin, fidou2FAuthenticatorAdaptor);
String rpId = "example.com";
long timeout = 0;
Challenge challenge = new DefaultChallenge();
// create
AttestationObject attestationObject = createAttestationObject(rpId, challenge);
byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
// get
PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), authenticatorAssertionResponse.getSignature());
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false, true);
assertThrows(UserNotPresentException.class, () -> target.validate(authenticationRequest, authenticationParameters));
}
use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_with_malicious_counter_test.
@Test
void validate_assertion_with_malicious_counter_test() {
String rpId = "example.com";
long timeout = 0;
Challenge challenge = new DefaultChallenge();
// create
AttestationObject attestationObject = createAttestationObject(rpId, challenge);
byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
// get
PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
// set expected minimum counter bigger than that of actual authenticator
authenticator.setCounter(100);
AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), authenticatorAssertionResponse.getSignature());
AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false, true);
assertThrows(MaliciousCounterValueException.class, () -> target.validate(authenticationRequest, authenticationParameters));
}
Aggregations