Search in sources :

Example 1 with WebAuthnAuthenticatorImpl

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnAuthenticationProviderTest method authenticate_with_BadChallengeException_from_authenticationContextValidator_test.

/**
 * Verifies that validation fails if ValidationException is thrown from authenticationContextValidator
 */
@Test(expected = BadChallengeException.class)
public void authenticate_with_BadChallengeException_from_authenticationContextValidator_test() {
    // Given
    byte[] credentialId = new byte[32];
    WebAuthnAuthenticatorImpl authenticator = mock(WebAuthnAuthenticatorImpl.class, RETURNS_DEEP_STUBS);
    WebAuthnAuthenticator webAuthnAuthenticator = mock(WebAuthnAuthenticator.class);
    when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);
    when(webAuthnAuthenticator.getAttestedCredentialData()).thenReturn(mock(AttestedCredentialData.class));
    when(webAuthnAuthenticator.getAttestationStatement()).thenReturn(mock(AttestationStatement.class));
    doThrow(com.webauthn4j.validator.exception.BadChallengeException.class).when(webAuthnManager).validate((AuthenticationRequest) any(), any());
    // When
    WebAuthnAuthenticationRequest request = mock(WebAuthnAuthenticationRequest.class);
    WebAuthnAuthenticationParameters parameters = mock(WebAuthnAuthenticationParameters.class);
    when(request.getCredentialId()).thenReturn(credentialId);
    when(authenticatorService.loadAuthenticatorByCredentialId(credentialId)).thenReturn(webAuthnAuthenticator);
    when(parameters.getServerProperty()).thenReturn(mock(ServerProperty.class));
    Authentication token = new WebAuthnAssertionAuthenticationToken(request, parameters, null);
    authenticationProvider.authenticate(token);
}
Also used : WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData) ServerProperty(com.webauthn4j.server.ServerProperty) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) Authentication(org.springframework.security.core.Authentication) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) Test(org.junit.Test)

Example 2 with WebAuthnAuthenticatorImpl

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAttestationResultEndpointFilter method processRequest.

@Override
protected ServerResponse processRequest(HttpServletRequest request) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredential<ServerAuthenticatorAttestationResponse> credential = this.objectConverter.getJsonConverter().readValue(inputStream, credentialTypeRef);
        serverPublicKeyCredentialValidator.validate(credential);
        ServerAuthenticatorAttestationResponse response = credential.getResponse();
        CollectedClientData collectedClientData = collectedClientDataConverter.convert(response.getClientDataJSON());
        AttestationObject attestationObject = attestationObjectConverter.convert(response.getAttestationObject());
        Set<String> transports = Collections.emptySet();
        webAuthnRegistrationRequestValidator.validate(request, response.getClientDataJSON(), response.getAttestationObject(), transports, credential.getClientExtensionResults());
        String loginUsername = serverEndpointFilterUtil.decodeUsername(collectedClientData.getChallenge());
        try {
            userDetailsService.loadUserByUsername(loginUsername);
        } catch (UsernameNotFoundException e) {
            usernameNotFoundHandler.onUsernameNotFound(loginUsername);
        }
        UserDetails userDetails = userDetailsService.loadUserByUsername(loginUsername);
        WebAuthnAuthenticatorImpl webAuthnAuthenticator = new WebAuthnAuthenticatorImpl("Authenticator", loginUsername, attestationObject.getAuthenticatorData().getAttestedCredentialData(), attestationObject.getAttestationStatement(), attestationObject.getAuthenticatorData().getSignCount());
        webAuthnAuthenticatorManager.createAuthenticator(webAuthnAuthenticator);
        return new AttestationResultSuccessResponse();
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) InputStream(java.io.InputStream) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) CollectedClientData(com.webauthn4j.data.client.CollectedClientData) UserDetails(org.springframework.security.core.userdetails.UserDetails) AttestationObject(com.webauthn4j.data.attestation.AttestationObject) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Example 3 with WebAuthnAuthenticatorImpl

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnSampleController method create.

@PostMapping(value = "/signup")
public String create(HttpServletRequest request, @Valid @ModelAttribute("userForm") UserCreateForm userCreateForm, BindingResult result, Model model, RedirectAttributes redirectAttributes) {
    try {
        if (result.hasErrors()) {
            model.addAttribute("errorMessage", "Your input needs correction.");
            logger.debug("User input validation failed.");
            return VIEW_SIGNUP_SIGNUP;
        }
        WebAuthnRegistrationRequestValidationResponse registrationRequestValidationResponse;
        try {
            registrationRequestValidationResponse = registrationRequestValidator.validate(request, userCreateForm.getAuthenticator().getClientDataJSON(), userCreateForm.getAuthenticator().getAttestationObject(), userCreateForm.getAuthenticator().getTransports(), userCreateForm.getAuthenticator().getClientExtensions());
        } catch (WebAuthnException | WebAuthnAuthenticationException e) {
            model.addAttribute("errorMessage", "Authenticator registration request validation failed. Please try again.");
            logger.debug("WebAuthn registration request validation failed.", e);
            return VIEW_SIGNUP_SIGNUP;
        }
        String username = userCreateForm.getUsername();
        String password = passwordEncoder.encode(userCreateForm.getPassword());
        boolean singleFactorAuthenticationAllowed = userCreateForm.isSingleFactorAuthenticationAllowed();
        List<GrantedAuthority> authorities;
        if (singleFactorAuthenticationAllowed) {
            authorities = Collections.singletonList(new SimpleGrantedAuthority("SINGLE_FACTOR_AUTHN_ALLOWED"));
        } else {
            authorities = Collections.emptyList();
        }
        User user = new User(username, password, authorities);
        WebAuthnAuthenticator authenticator = new WebAuthnAuthenticatorImpl("authenticator", user.getUsername(), registrationRequestValidationResponse.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), registrationRequestValidationResponse.getAttestationObject().getAttestationStatement(), registrationRequestValidationResponse.getAttestationObject().getAuthenticatorData().getSignCount(), registrationRequestValidationResponse.getTransports(), registrationRequestValidationResponse.getRegistrationExtensionsClientOutputs(), registrationRequestValidationResponse.getAttestationObject().getAuthenticatorData().getExtensions());
        try {
            userDetailsManager.createUser(user);
            webAuthnAuthenticatorManager.createAuthenticator(authenticator);
        } catch (IllegalArgumentException ex) {
            model.addAttribute("errorMessage", "Registration failed. The user may already be registered.");
            logger.debug("Registration failed.", ex);
            return VIEW_SIGNUP_SIGNUP;
        }
    } catch (RuntimeException ex) {
        model.addAttribute("errorMessage", "Registration failed by unexpected error.");
        logger.debug("Registration failed.", ex);
        return VIEW_SIGNUP_SIGNUP;
    }
    redirectAttributes.addFlashAttribute("successMessage", "User registration finished.");
    return REDIRECT_LOGIN;
}
Also used : WebAuthnAuthenticationException(com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException) User(org.springframework.security.core.userdetails.User) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) WebAuthnRegistrationRequestValidationResponse(com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Aggregations

WebAuthnAuthenticatorImpl (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl)3 WebAuthnAuthenticator (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator)2 DataConversionException (com.webauthn4j.converter.exception.DataConversionException)1 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)1 AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)1 AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)1 CollectedClientData (com.webauthn4j.data.client.CollectedClientData)1 ServerProperty (com.webauthn4j.server.ServerProperty)1 WebAuthnRegistrationRequestValidationResponse (com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse)1 WebAuthnAuthenticationException (com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException)1 WebAuthnException (com.webauthn4j.util.exception.WebAuthnException)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 UncheckedIOException (java.io.UncheckedIOException)1 Test (org.junit.Test)1 Authentication (org.springframework.security.core.Authentication)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 User (org.springframework.security.core.userdetails.User)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1