use of com.webauthn4j.data.extension.client.RegistrationExtensionClientInput in project OpenUnison by TremoloSecurity.
the class WebAuthnRegistration method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getMethod().equalsIgnoreCase("GET")) {
if (request.getRequestURI().endsWith("/credentialCreateOptions")) {
ObjectConverter oc = new ObjectConverter();
String rpId = getRpId(request.getServletRequest());
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
WebAuthnUserData webAuthnUserData = WebAuthnUtils.lookupWebAuthnUserData(userData, challengeStoreAttribute, encryptionKeyName);
if (webAuthnUserData == null) {
// no data yet, let's create
webAuthnUserData = new WebAuthnUserData(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
WebAuthnUtils.storeWebAuthnUserData(webAuthnUserData, this.encryptionKeyName, userData, this.workflowName, this.uidAttributeName, this.challengeStoreAttribute);
}
Challenge challenge = new DefaultChallenge();
CborConverter cbor = oc.getCborConverter();
String b64UrlChallenge = Base64UrlUtil.encodeToString(challenge.getValue());
AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(authenticatorAttachment, requireResisentKey, userVerificationRequirement);
PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
String b64UrlId = Base64.getUrlEncoder().encodeToString(webAuthnUserData.getId());
ServerProperty serverProperty = new ServerProperty(new Origin(request.getRequestURL().toString()), rpId, challenge, webAuthnUserData.getId());
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream out = null;
byte[] yourBytes = null;
try {
out = new ObjectOutputStream(bos);
out.writeObject(serverProperty);
out.flush();
yourBytes = bos.toByteArray();
} finally {
try {
bos.close();
} catch (IOException ex) {
// ignore close exception
}
}
request.getSession().setAttribute("tremolo.io/webauthn/serverProperty", serverProperty);
PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(webAuthnUserData.getId(), webAuthnUserData.getDisplayName(), webAuthnUserData.getDisplayName());
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, rpId), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions);
ObjectMapper mapper = new ObjectMapper();
// mapper.writeValueAsString(credentialCreationOptions);
String publecCredentialCreationOptionsJson = oc.getJsonConverter().writeValueAsString(credentialCreationOptions);
JSONObject root = (JSONObject) new JSONParser().parse(publecCredentialCreationOptionsJson);
root.put("challenge", b64UrlChallenge);
((JSONObject) root.get("user")).put("id", b64UrlId);
JSONObject publicKeyRoot = new JSONObject();
publicKeyRoot.put("publicKey", root);
publicKeyRoot.put("serverProperty", Base64.getUrlEncoder().encodeToString(yourBytes));
response.getWriter().println(publicKeyRoot.toString());
} else {
StringBuilder createCredentialURL = new StringBuilder(request.getRequestURL().toString());
createCredentialURL.append("/credentialCreateOptions");
request.setAttribute("tremolo.io/webauthn/challengeurl", createCredentialURL.toString());
createCredentialURL = new StringBuilder(request.getRequestURL().toString());
createCredentialURL.append("/finishregistration");
request.setAttribute("tremolo.io/webauthn/finishregistration", createCredentialURL.toString());
request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
}
} else if (request.getMethod().equalsIgnoreCase("POST")) {
try {
storeCredential(request);
} catch (WebAuthnException e) {
JSONObject resp = new JSONObject();
resp.put("error", e.getMessage());
response.sendError(500);
response.getWriter().println(resp.toString());
} catch (Throwable t) {
JSONObject resp = new JSONObject();
logger.error("Could not store credential", t);
resp.put("error", "There was an error, please contanct your system administrator");
response.sendError(500);
response.getWriter().println(resp.toString());
}
}
}
use of com.webauthn4j.data.extension.client.RegistrationExtensionClientInput in project webauthn4j by webauthn4j.
the class PublicKeyCredentialCreationOptionsTest method getter_test.
@Test
void getter_test() {
String rpId = "example.com";
PublicKeyCredentialRpEntity rp = new PublicKeyCredentialRpEntity(rpId, "valid.site.example.com");
PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(new byte[32], "username", "displayName");
Challenge challenge = new DefaultChallenge();
PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
List<PublicKeyCredentialParameters> pubKeyCredParams = Collections.singletonList(publicKeyCredentialParameters);
long timeout = 10000;
List<PublicKeyCredentialDescriptor> excludeCredentials = Collections.emptyList();
AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
AttestationConveyancePreference attestation = AttestationConveyancePreference.DIRECT;
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(rp, user, challenge, pubKeyCredParams, timeout, excludeCredentials, authenticatorSelectionCriteria, attestation, extensions);
assertAll(() -> assertThat(credentialCreationOptions.getRp()).isEqualTo(rp), () -> assertThat(credentialCreationOptions.getUser()).isEqualTo(user), () -> assertThat(credentialCreationOptions.getChallenge()).isEqualTo(challenge), () -> assertThat(credentialCreationOptions.getPubKeyCredParams()).isEqualTo(pubKeyCredParams), () -> assertThat(credentialCreationOptions.getTimeout()).isEqualTo(timeout), () -> assertThat(credentialCreationOptions.getExcludeCredentials()).isEqualTo(excludeCredentials), () -> assertThat(credentialCreationOptions.getAuthenticatorSelection()).isEqualTo(authenticatorSelectionCriteria), () -> assertThat(credentialCreationOptions.getAttestation()).isEqualTo(attestation), () -> assertThat(credentialCreationOptions.getExtensions()).isEqualTo(extensions));
}
use of com.webauthn4j.data.extension.client.RegistrationExtensionClientInput in project webauthn4j by webauthn4j.
the class AndroidSafetyNetAttestationStatementValidatorTest method validate_test.
@Test
void validate_test() {
String rpId = "example.com";
Challenge challenge = new DefaultChallenge();
AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(new byte[32], "username", "displayName");
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, "example.com"), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, extensions);
PublicKeyCredential<AuthenticatorAttestationResponse, RegistrationExtensionClientOutput> publicKeyCredential = clientPlatform.create(credentialCreationOptions);
RegistrationObject registrationObject = TestDataUtil.createRegistrationObject(publicKeyCredential);
target.validate(registrationObject);
}
use of com.webauthn4j.data.extension.client.RegistrationExtensionClientInput in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorRegistrationValidationTest method validate_with_direct_attestation_conveyance_preference_test.
@Test
void validate_with_direct_attestation_conveyance_preference_test() {
String rpId = "example.com";
Challenge challenge = new DefaultChallenge();
PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(new byte[32], "username", "displayName"), challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, extensions);
PublicKeyCredential<AuthenticatorAttestationResponse, RegistrationExtensionClientOutput> credential = clientPlatform.create(credentialCreationOptions);
AuthenticatorAttestationResponse authenticatorAttestationResponse = credential.getAuthenticatorResponse();
Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput> clientExtensionResults = credential.getClientExtensionResults();
String clientExtensionJSON = authenticationExtensionsClientOutputsConverter.convertToString(clientExtensionResults);
ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
RegistrationRequest registrationRequest = new RegistrationRequest(authenticatorAttestationResponse.getAttestationObject(), authenticatorAttestationResponse.getClientDataJSON(), clientExtensionJSON, transports);
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, null, false, true);
RegistrationData response = target.validate(registrationRequest, registrationParameters);
assertAll(() -> assertThat(response.getCollectedClientData()).isNotNull(), () -> assertThat(response.getAttestationObject()).isNotNull(), () -> assertThat(response.getClientExtensions()).isNotNull());
}
use of com.webauthn4j.data.extension.client.RegistrationExtensionClientInput in project webauthn4j by webauthn4j.
the class UserVerifyingAuthenticatorAuthenticationValidationTest method createAttestationObject.
private AttestationObject createAttestationObject(String rpId, Challenge challenge) {
AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED);
PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(new byte[32], "username", "displayName");
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> extensions = new AuthenticationExtensionsClientInputs<>();
PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(rpId, "example.com"), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions);
AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
AttestationObjectConverter attestationObjectConverter = new AttestationObjectConverter(objectConverter);
return attestationObjectConverter.convert(registrationRequest.getAttestationObject());
}
Aggregations