Search in sources :

Example 16 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_invalid_tokenBinding_test.

@Test
void validate_assertion_with_invalid_tokenBinding_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    byte[] tokenBindingId = new byte[] { 0x01, 0x23, 0x45 };
    CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_GET, challenge, tokenBindingId);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions, collectedClientData);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    assertThrows(TokenBindingException.class, () -> target.validate(authenticationData, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 17 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class UserVerifyingAuthenticatorAuthenticationValidationTest method validate_assertion_with_tokenBinding_test.

@Test
void validate_assertion_with_tokenBinding_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    byte[] tokenBindingId = new byte[] { 0x01, 0x23, 0x45 };
    CollectedClientData collectedClientData = clientPlatform.createCollectedClientData(ClientDataType.WEBAUTHN_GET, challenge, tokenBindingId);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions, collectedClientData);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    AuthenticationExtensionsClientOutputs<AuthenticationExtensionClientOutput> clientExtensionResults = credential.getClientExtensionResults();
    String clientExtensionJSON = authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults);
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest webAuthnAuthenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticationRequest.getAuthenticatorData(), authenticationRequest.getClientDataJSON(), clientExtensionJSON, authenticationRequest.getSignature());
    List<byte[]> allowCredentials = null;
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, allowCredentials, true);
    AuthenticationData authenticationData = target.parse(webAuthnAuthenticationRequest);
    target.validate(authenticationData, authenticationParameters);
    assertAll(() -> assertThat(authenticationData.getCollectedClientData()).isNotNull(), () -> assertThat(authenticationData.getAuthenticatorData()).isNotNull(), () -> assertThat(authenticationData.getClientExtensions()).isNotNull());
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 18 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOAuthenticatorCoreAuthenticationValidationTest method validate_test.

@Test
void validate_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, null, UserVerificationRequirement.REQUIRED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticationRequest = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticatorData<AuthenticationExtensionAuthenticatorOutput> authenticationData = authenticatorDataConverter.convert(authenticationRequest.getAuthenticatorData());
    CoreAuthenticationData coreAuthenticationData = new CoreAuthenticationData(credential.getRawId(), authenticationData, authenticationRequest.getAuthenticatorData(), MessageDigestUtil.createSHA256().digest(authenticationRequest.getClientDataJSON()), authenticationRequest.getSignature());
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, null, true);
    target.validate(coreAuthenticationData, authenticationParameters);
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) Test(org.junit.jupiter.api.Test)

Example 19 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_with_UP_flag_off_test.

@Test
void validate_assertion_with_UP_flag_off_test() {
    FIDOU2FAuthenticatorAdaptor fidou2FAuthenticatorAdaptor = new FIDOU2FAuthenticatorAdaptor();
    fidou2FAuthenticatorAdaptor.getFIDOU2FAuthenticator().setFlags(FIDOU2FAuthenticator.FLAG_OFF);
    clientPlatform = new ClientPlatform(origin, fidou2FAuthenticatorAdaptor);
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), authenticatorAssertionResponse.getSignature());
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false, true);
    assertThrows(UserNotPresentException.class, () -> target.validate(authenticationRequest, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) ClientPlatform(com.webauthn4j.test.client.ClientPlatform) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) FIDOU2FAuthenticatorAdaptor(com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticatorAdaptor) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) FIDOU2FAuthenticator(com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticator) Test(org.junit.jupiter.api.Test)

Example 20 with AuthenticationExtensionClientOutput

use of com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput in project webauthn4j by webauthn4j.

the class FIDOU2FAuthenticatorAuthenticationValidationTest method validate_assertion_with_malicious_counter_test.

@Test
void validate_assertion_with_malicious_counter_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    // create
    AttestationObject attestationObject = createAttestationObject(rpId, challenge);
    byte[] credentialId = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // get
    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(challenge, timeout, rpId, Collections.singletonList(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId(), CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE))), UserVerificationRequirement.DISCOURAGED, null);
    PublicKeyCredential<AuthenticatorAssertionResponse, AuthenticationExtensionClientOutput> credential = clientPlatform.get(credentialRequestOptions);
    AuthenticatorAssertionResponse authenticatorAssertionResponse = credential.getAuthenticatorResponse();
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    Authenticator authenticator = TestDataUtil.createAuthenticator(attestationObject);
    // set expected minimum counter bigger than that of actual authenticator
    authenticator.setCounter(100);
    AuthenticationRequest authenticationRequest = new AuthenticationRequest(credential.getRawId(), authenticatorAssertionResponse.getAuthenticatorData(), authenticatorAssertionResponse.getClientDataJSON(), authenticatorAssertionResponse.getSignature());
    AuthenticationParameters authenticationParameters = new AuthenticationParameters(serverProperty, authenticator, Collections.singletonList(credentialId), false, true);
    assertThrows(MaliciousCounterValueException.class, () -> target.validate(authenticationRequest, authenticationParameters));
}
Also used : ServerProperty(com.webauthn4j.server.ServerProperty) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientOutput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) Authenticator(com.webauthn4j.authenticator.Authenticator) FIDOU2FAuthenticator(com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticator) Test(org.junit.jupiter.api.Test)

Aggregations

AuthenticationExtensionClientOutput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput)26 Test (org.junit.jupiter.api.Test)24 Authenticator (com.webauthn4j.authenticator.Authenticator)22 ServerProperty (com.webauthn4j.server.ServerProperty)22 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)19 Challenge (com.webauthn4j.data.client.challenge.Challenge)19 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)19 CollectedClientData (com.webauthn4j.data.client.CollectedClientData)11 FIDOU2FAuthenticator (com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticator)9 AuthenticationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.AuthenticationExtensionAuthenticatorOutput)8 AuthenticatorDataConverter (com.webauthn4j.converter.AuthenticatorDataConverter)2 CollectedClientDataConverter (com.webauthn4j.converter.CollectedClientDataConverter)2 Origin (com.webauthn4j.data.client.Origin)2 AuthenticationExtensionsClientOutputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientOutputs)2 AuthenticationData (com.webauthn4j.data.AuthenticationData)1 FIDOU2FAuthenticatorAdaptor (com.webauthn4j.test.authenticator.u2f.FIDOU2FAuthenticatorAdaptor)1 ClientPlatform (com.webauthn4j.test.client.ClientPlatform)1 NonNull (org.checkerframework.checker.nullness.qual.NonNull)1