Search in sources :

Example 1 with WebAuthnAuthenticatorService

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnConfigurerUtil method getWebAuthnAuthenticatorServiceOrThrowException.

/**
 * Get {@link RpIdProvider} from SharedObject or ApplicationContext. if nothing hit, throw exception
 */
static <H extends HttpSecurityBuilder<H>> WebAuthnAuthenticatorService getWebAuthnAuthenticatorServiceOrThrowException(H http) {
    WebAuthnAuthenticatorService webAuthnAuthenticatorService = http.getSharedObject(WebAuthnAuthenticatorService.class);
    if (webAuthnAuthenticatorService != null) {
        return webAuthnAuthenticatorService;
    }
    ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class);
    // WebAuthnAuthenticatorService must be provided manually. If not, let it throw exception.
    return applicationContext.getBean(WebAuthnAuthenticatorService.class);
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService)

Example 2 with WebAuthnAuthenticatorService

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService in project webauthn4j-spring-security by webauthn4j.

the class AssertionOptionsProviderImplTest method getAssertionOptions_test.

@Test
public void getAssertionOptions_test() {
    Challenge challenge = new DefaultChallenge();
    byte[] credentialId = new byte[] { 0x01, 0x23, 0x45 };
    Set<AuthenticatorTransport> transports = Collections.singleton(AuthenticatorTransport.INTERNAL);
    RpIdProvider rpIdProvider = new RpIdProviderImpl();
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    WebAuthnAuthenticator authenticator = mock(WebAuthnAuthenticator.class, RETURNS_DEEP_STUBS);
    when(authenticator.getTransports()).thenReturn(transports);
    List<WebAuthnAuthenticator> authenticators = Collections.singletonList(authenticator);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    when(authenticatorService.loadAuthenticatorsByUserPrincipal(any())).thenReturn(authenticators);
    when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);
    when(challengeRepository.loadOrGenerateChallenge(mockRequest)).thenReturn(challenge);
    AssertionOptionsProviderImpl assertionOptionsProvider = new AssertionOptionsProviderImpl(rpIdProvider, authenticatorService, challengeRepository);
    assertionOptionsProvider.setRpId("example.com");
    assertionOptionsProvider.setAuthenticationTimeout(10000L);
    assertionOptionsProvider.setAuthenticationUserVerification(UserVerificationRequirement.REQUIRED);
    assertionOptionsProvider.setAuthenticationExtensions(new AuthenticationExtensionsClientInputs<>());
    AssertionOptions assertionOptions = assertionOptionsProvider.getAssertionOptions(mockRequest, new UsernamePasswordAuthenticationToken("username", null));
    assertThat(assertionOptions.getChallenge()).isEqualTo(challenge);
    assertThat(assertionOptions.getTimeout()).isEqualTo(10000L);
    assertThat(assertionOptions.getRpId()).isEqualTo("example.com");
    assertThat(assertionOptions.getAllowCredentials()).containsExactly(new PublicKeyCredentialDescriptor(PublicKeyCredentialType.PUBLIC_KEY, credentialId, transports));
    assertThat(assertionOptions.getUserVerification()).isEqualTo(UserVerificationRequirement.REQUIRED);
    assertThat(assertionOptions.getExtensions()).isEqualTo(new AuthenticationExtensionsClientInputs<>());
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Example 3 with WebAuthnAuthenticatorService

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService in project webauthn4j-spring-security by webauthn4j.

the class AttestationOptionsProviderImplTest method getter_setter_test.

@Test
public void getter_setter_test() {
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    AttestationOptionsProviderImpl optionsProvider = new AttestationOptionsProviderImpl(authenticatorService, challengeRepository);
    optionsProvider.setRpId("example.com");
    assertThat(optionsProvider.getRpId()).isEqualTo("example.com");
    optionsProvider.setRpName("example");
    assertThat(optionsProvider.getRpName()).isEqualTo("example");
    List<PublicKeyCredentialParameters> publicKeyCredParams = Lists.newArrayList();
    optionsProvider.setPubKeyCredParams(publicKeyCredParams);
    assertThat(optionsProvider.getPubKeyCredParams()).isEqualTo(publicKeyCredParams);
    optionsProvider.setRegistrationTimeout(10000L);
    assertThat(optionsProvider.getRegistrationTimeout()).isEqualTo(10000L);
    optionsProvider.setRegistrationExtensions(new AuthenticationExtensionsClientInputs<>());
    assertThat(optionsProvider.getRegistrationExtensions()).isEqualTo(new AuthenticationExtensionsClientInputs<>());
    RpIdProvider rpIdProvider = mock(RpIdProvider.class);
    optionsProvider.setRpIdProvider(rpIdProvider);
    assertThat(optionsProvider.getRpIdProvider()).isEqualTo(rpIdProvider);
    PublicKeyCredentialUserEntityProvider publicKeyCredentialUserEntityProvider = new AttestationOptionsProviderImpl.DefaultPublicKeyCredentialUserEntityProvider();
    optionsProvider.setPublicKeyCredentialUserEntityProvider(publicKeyCredentialUserEntityProvider);
    assertThat(optionsProvider.getPublicKeyCredentialUserEntityProvider()).isEqualTo(publicKeyCredentialUserEntityProvider);
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Example 4 with WebAuthnAuthenticatorService

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService in project webauthn4j-spring-security by webauthn4j.

the class AssertionOptionsProviderImplTest method getter_setter_test.

@Test
public void getter_setter_test() {
    RpIdProvider rpIdProvider = mock(RpIdProvider.class);
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    AssertionOptionsProviderImpl optionsProvider = new AssertionOptionsProviderImpl(null, authenticatorService, challengeRepository);
    optionsProvider.setRpId("example.com");
    assertThat(optionsProvider.getRpId()).isEqualTo("example.com");
    optionsProvider.setRpIdProvider(rpIdProvider);
    assertThat(optionsProvider.getRpIdProvider()).isEqualTo(rpIdProvider);
    optionsProvider.setAuthenticationTimeout(20000L);
    assertThat(optionsProvider.getAuthenticationTimeout()).isEqualTo(20000L);
    optionsProvider.setAuthenticationExtensions(new AuthenticationExtensionsClientInputs<>());
    assertThat(optionsProvider.getAuthenticationExtensions()).isEqualTo(new AuthenticationExtensionsClientInputs<>());
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Example 5 with WebAuthnAuthenticatorService

use of com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService in project webauthn4j-spring-security by webauthn4j.

the class AssertionOptionsProviderImplTest method getRpId_with_static_rpId.

@Test
public void getRpId_with_static_rpId() {
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    AssertionOptionsProviderImpl optionsProvider = new AssertionOptionsProviderImpl(authenticatorService, challengeRepository);
    optionsProvider.setRpId("example.com");
    MockHttpServletRequest request = new MockHttpServletRequest();
    assertThat(optionsProvider.getRpId(request)).isEqualTo("example.com");
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Aggregations

WebAuthnAuthenticatorService (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService)10 ChallengeRepository (com.webauthn4j.springframework.security.challenge.ChallengeRepository)9 Test (org.junit.Test)9 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 Challenge (com.webauthn4j.data.client.challenge.Challenge)5 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)5 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5 WebAuthnAuthenticator (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator)4 com.webauthn4j.data (com.webauthn4j.data)2 AuthenticationExtensionsClientInputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs)2 PrincipalNotFoundException (com.webauthn4j.springframework.security.exception.PrincipalNotFoundException)2 Collections (java.util.Collections)2 List (java.util.List)2 Set (java.util.Set)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 Mockito (org.mockito.Mockito)2 COSEAlgorithmIdentifier (com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier)1 Lists (org.assertj.core.util.Lists)1 ApplicationContext (org.springframework.context.ApplicationContext)1