Search in sources :

Example 6 with WebAuthnAuthenticator

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator in project webauthn4j-spring-security by webauthn4j.

the class AttestationOptionsProviderImplTest method getAttestationOptions_test.

@Test
public void getAttestationOptions_test() {
    Challenge challenge = new DefaultChallenge();
    byte[] credentialId = new byte[] { 0x01, 0x23, 0x45 };
    Set<AuthenticatorTransport> transports = Collections.singleton(AuthenticatorTransport.INTERNAL);
    RpIdProviderImpl rpIdProvider = new RpIdProviderImpl();
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    WebAuthnAuthenticator authenticator = mock(WebAuthnAuthenticator.class, RETURNS_DEEP_STUBS);
    when(authenticator.getTransports()).thenReturn(transports);
    List<WebAuthnAuthenticator> authenticators = Collections.singletonList(authenticator);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    mockRequest.setServerName("example.com");
    when(authenticatorService.loadAuthenticatorsByUserPrincipal(any())).thenReturn(authenticators);
    when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);
    when(challengeRepository.loadOrGenerateChallenge(mockRequest)).thenReturn(challenge);
    AttestationOptionsProviderImpl optionsProvider = new AttestationOptionsProviderImpl(rpIdProvider, authenticatorService, challengeRepository);
    optionsProvider.setRpName("rpName");
    optionsProvider.setPubKeyCredParams(Collections.singletonList(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256)));
    optionsProvider.setRegistrationTimeout(10000L);
    optionsProvider.setRegistrationExtensions(new AuthenticationExtensionsClientInputs<>());
    AttestationOptions attestationOptions = optionsProvider.getAttestationOptions(mockRequest, new UsernamePasswordAuthenticationToken("username", null));
    assertThat(attestationOptions.getRp().getId()).isEqualTo("example.com");
    assertThat(attestationOptions.getRp().getName()).isEqualTo("rpName");
    assertThat(attestationOptions.getUser()).isEqualTo(new PublicKeyCredentialUserEntity("username".getBytes(), "username", "username"));
    assertThat(attestationOptions.getChallenge()).isEqualTo(challenge);
    assertThat(attestationOptions.getPubKeyCredParams()).isEqualTo(Collections.singletonList(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256)));
    assertThat(attestationOptions.getTimeout()).isEqualTo(10000L);
    assertThat(attestationOptions.getExcludeCredentials()).containsExactly(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, credentialId, transports));
    assertThat(attestationOptions.getExtensions()).isEqualTo(new AuthenticationExtensionsClientInputs<>());
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Example 7 with WebAuthnAuthenticator

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnSampleController method getCredentialIds.

private List<String> getCredentialIds() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    Object principal = authentication.getPrincipal();
    if (principal == null || authenticationTrustResolver.isAnonymous(authentication)) {
        return Collections.emptyList();
    } else {
        try {
            List<WebAuthnAuthenticator> webAuthnAuthenticators = webAuthnAuthenticatorManager.loadAuthenticatorsByUserPrincipal(principal);
            return webAuthnAuthenticators.stream().map(webAuthnAuthenticator -> Base64UrlUtil.encodeToString(webAuthnAuthenticator.getAttestedCredentialData().getCredentialId())).collect(Collectors.toList());
        } catch (PrincipalNotFoundException e) {
            return Collections.emptyList();
        }
    }
}
Also used : WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) Autowired(org.springframework.beans.factory.annotation.Autowired) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) User(org.springframework.security.core.userdetails.User) BindingResult(org.springframework.validation.BindingResult) Challenge(com.webauthn4j.data.client.challenge.Challenge) WebAuthnRegistrationRequestValidator(com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidator) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) Controller(org.springframework.stereotype.Controller) ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) WebAuthnAuthenticationException(com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException) Valid(javax.validation.Valid) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) Model(org.springframework.ui.Model) HttpServletRequest(javax.servlet.http.HttpServletRequest) ModelAttribute(org.springframework.web.bind.annotation.ModelAttribute) UUIDUtil(com.webauthn4j.util.UUIDUtil) GetMapping(org.springframework.web.bind.annotation.GetMapping) WebAuthnRegistrationRequestValidationResponse(com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) RedirectAttributes(org.springframework.web.servlet.mvc.support.RedirectAttributes) PostMapping(org.springframework.web.bind.annotation.PostMapping) UserDetailsManager(org.springframework.security.provisioning.UserDetailsManager) UUID(java.util.UUID) WebAuthnAuthenticatorManager(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorManager) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) List(java.util.List) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) Authentication(org.springframework.security.core.Authentication) PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException)

Example 8 with WebAuthnAuthenticator

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnAuthenticationProvider method authenticate.

// ~ Methods
// ========================================================================================================
/**
 * {@inheritDoc}
 */
@Override
public Authentication authenticate(Authentication authentication) {
    if (!supports(authentication.getClass())) {
        throw new IllegalArgumentException("Only WebAuthnAssertionAuthenticationToken is supported, " + authentication.getClass() + " was attempted");
    }
    WebAuthnAssertionAuthenticationToken authenticationToken = (WebAuthnAssertionAuthenticationToken) authentication;
    WebAuthnAuthenticationRequest credentials = authenticationToken.getCredentials();
    if (credentials == null) {
        logger.debug("Authentication failed: no credentials provided");
        throw new BadCredentialsException(messages.getMessage("WebAuthnAuthenticationProvider.badCredentials", "Bad credentials"));
    }
    byte[] credentialId = credentials.getCredentialId();
    WebAuthnAuthenticator webAuthnAuthenticator = retrieveAuthenticator(credentialId);
    doAuthenticate(authenticationToken, webAuthnAuthenticator);
    authenticatorService.updateCounter(credentialId, webAuthnAuthenticator.getCounter());
    return createSuccessAuthentication(authenticationToken, webAuthnAuthenticator);
}
Also used : WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)

Aggregations

WebAuthnAuthenticator (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator)8 Test (org.junit.Test)5 Challenge (com.webauthn4j.data.client.challenge.Challenge)3 WebAuthnAuthenticatorImpl (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl)3 ChallengeRepository (com.webauthn4j.springframework.security.challenge.ChallengeRepository)3 Authentication (org.springframework.security.core.Authentication)3 GrantedAuthority (org.springframework.security.core.GrantedAuthority)3 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)3 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)2 ServerProperty (com.webauthn4j.server.ServerProperty)2 WebAuthnRegistrationRequestValidationResponse (com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse)2 WebAuthnAuthenticatorService (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService)2 WebAuthnAuthenticationException (com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException)2 WebAuthnException (com.webauthn4j.util.exception.WebAuthnException)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)2 User (org.springframework.security.core.userdetails.User)2 AuthenticationParameters (com.webauthn4j.data.AuthenticationParameters)1 AuthenticationRequest (com.webauthn4j.data.AuthenticationRequest)1 AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)1