Example 1 with WebAuthnAssertionAuthenticationToken
use of com.webauthn4j.springframework.security.WebAuthnAssertionAuthenticationToken in project webauthn4j-spring-security by webauthn4j.
the class FidoServerAssertionResultEndpointFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) {
InputStream inputStream;
try {
inputStream = request.getInputStream();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try {
ServerPublicKeyCredential<ServerAuthenticatorAssertionResponse> credential = jsonConverter.readValue(inputStream, credentialTypeRef);
serverPublicKeyCredentialValidator.validate(credential);
ServerAuthenticatorAssertionResponse assertionResponse = credential.getResponse();
ServerProperty serverProperty = serverPropertyProvider.provide(request);
CollectedClientData collectedClientData = collectedClientDataConverter.convert(assertionResponse.getClientDataJSON());
UserVerificationRequirement userVerificationRequirement = serverEndpointFilterUtil.decodeUserVerification(collectedClientData.getChallenge());
WebAuthnAuthenticationRequest webAuthnAuthenticationRequest = new WebAuthnAuthenticationRequest(credential.getRawId() == null ? null : Base64UrlUtil.decode(credential.getRawId()), assertionResponse.getClientDataJSON() == null ? null : Base64UrlUtil.decode(assertionResponse.getClientDataJSON()), assertionResponse.getAuthenticatorData() == null ? null : Base64UrlUtil.decode(assertionResponse.getAuthenticatorData()), assertionResponse.getSignature() == null ? null : Base64UrlUtil.decode(assertionResponse.getSignature()), credential.getClientExtensionResults());
WebAuthnAuthenticationParameters webAuthnAuthenticationParameters = new WebAuthnAuthenticationParameters(serverProperty, userVerificationRequirement == UserVerificationRequirement.REQUIRED, false);
WebAuthnAssertionAuthenticationToken webAuthnAssertionAuthenticationToken = new WebAuthnAssertionAuthenticationToken(webAuthnAuthenticationRequest, webAuthnAuthenticationParameters, Collections.emptyList());
setDetails(request, webAuthnAssertionAuthenticationToken);
return this.getAuthenticationManager().authenticate(webAuthnAssertionAuthenticationToken);
} catch (DataConversionException e) {
throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
}
}
Also used :
WebAuthnAuthenticationRequest(com.webauthn4j.springframework.security.WebAuthnAuthenticationRequest)
UserVerificationRequirement(com.webauthn4j.data.UserVerificationRequirement)
ServerProperty(com.webauthn4j.server.ServerProperty)
InputStream(java.io.InputStream)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
WebAuthnAssertionAuthenticationToken(com.webauthn4j.springframework.security.WebAuthnAssertionAuthenticationToken)
CollectedClientData(com.webauthn4j.data.client.CollectedClientData)
WebAuthnAuthenticationParameters(com.webauthn4j.springframework.security.WebAuthnAuthenticationParameters)
DataConversionException(com.webauthn4j.converter.exception.DataConversionException)
Aggregations
DataConversionException (com.webauthn4j.converter.exception.DataConversionException)1
UserVerificationRequirement (com.webauthn4j.data.UserVerificationRequirement)1
CollectedClientData (com.webauthn4j.data.client.CollectedClientData)1
ServerProperty (com.webauthn4j.server.ServerProperty)1
WebAuthnAssertionAuthenticationToken (com.webauthn4j.springframework.security.WebAuthnAssertionAuthenticationToken)1
WebAuthnAuthenticationParameters (com.webauthn4j.springframework.security.WebAuthnAuthenticationParameters)1
WebAuthnAuthenticationRequest (com.webauthn4j.springframework.security.WebAuthnAuthenticationRequest)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
UncheckedIOException (java.io.UncheckedIOException)1
