Example 1 with AttestationOptions
use of com.webauthn4j.springframework.security.options.AttestationOptions in project webauthn4j-spring-security by webauthn4j.
the class AttestationOptionsEndpointFilterTest method doFilter_test.
@Test
public void doFilter_test() throws IOException, ServletException {
AttestationOptionsProvider optionsProvider = mock(AttestationOptionsProvider.class);
AttestationOptions attestationOptions = new AttestationOptions(null, null, null, null, null, Collections.emptyList(), null, null, null);
when(optionsProvider.getAttestationOptions(any(), any())).thenReturn(attestationOptions);
AttestationOptionsEndpointFilter optionsEndpointFilter = new AttestationOptionsEndpointFilter(optionsProvider, objectConverter);
AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
optionsEndpointFilter.setTrustResolver(trustResolver);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(AttestationOptionsEndpointFilter.FILTER_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain();
optionsEndpointFilter.doFilter(request, response, filterChain);
assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
Also used :
AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AttestationOptionsProvider(com.webauthn4j.springframework.security.options.AttestationOptionsProvider)
AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 2 with AttestationOptions
use of com.webauthn4j.springframework.security.options.AttestationOptions in project webauthn4j-spring-security by webauthn4j.
the class FidoServerAttestationOptionsEndpointFilter method processRequest.
@Override
protected ServerResponse processRequest(HttpServletRequest request) {
InputStream inputStream;
try {
inputStream = request.getInputStream();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try {
ServerPublicKeyCredentialCreationOptionsRequest serverRequest = objectConverter.getJsonConverter().readValue(inputStream, ServerPublicKeyCredentialCreationOptionsRequest.class);
String username = serverRequest.getUsername();
String displayName = serverRequest.getDisplayName();
Challenge challenge = serverEndpointFilterUtil.encodeUsername(new DefaultChallenge(), username);
challengeRepository.saveChallenge(challenge, request);
// TODO: UsernamePasswordAuthenticationToken should not be used here in this way
AttestationOptions attestationOptions = optionsProvider.getAttestationOptions(request, new UsernamePasswordAuthenticationToken(username, null, Collections.emptyList()));
String userHandle;
if (attestationOptions.getUser() == null) {
userHandle = Base64UrlUtil.encodeToString(generateUserHandle());
} else {
userHandle = Base64UrlUtil.encodeToString(attestationOptions.getUser().getId());
}
ServerPublicKeyCredentialUserEntity user = new ServerPublicKeyCredentialUserEntity(userHandle, username, displayName);
List<ServerPublicKeyCredentialDescriptor> credentials = attestationOptions.getExcludeCredentials().stream().map(credential -> new ServerPublicKeyCredentialDescriptor(credential.getType(), Base64UrlUtil.encodeToString(credential.getId()), credential.getTransports())).collect(Collectors.toList());
AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput> authenticationExtensionsClientInputs;
if (serverRequest.getExtensions() != null) {
authenticationExtensionsClientInputs = serverRequest.getExtensions();
} else {
authenticationExtensionsClientInputs = attestationOptions.getExtensions();
}
return new ServerPublicKeyCredentialCreationOptionsResponse(attestationOptions.getRp(), user, Base64UrlUtil.encodeToString(attestationOptions.getChallenge().getValue()), attestationOptions.getPubKeyCredParams(), attestationOptions.getTimeout(), credentials, serverRequest.getAuthenticatorSelection(), serverRequest.getAttestation(), authenticationExtensionsClientInputs);
} catch (DataConversionException e) {
throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
}
}
Also used :
AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions)
IOException(java.io.IOException)
Challenge(com.webauthn4j.data.client.challenge.Challenge)
UUID(java.util.UUID)
ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository)
Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil)
Collectors(java.util.stream.Collectors)
ByteBuffer(java.nio.ByteBuffer)
AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs)
AttestationOptionsProvider(com.webauthn4j.springframework.security.options.AttestationOptionsProvider)
UncheckedIOException(java.io.UncheckedIOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
List(java.util.List)
ObjectConverter(com.webauthn4j.converter.util.ObjectConverter)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)
RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput)
DataConversionException(com.webauthn4j.converter.exception.DataConversionException)
Collections(java.util.Collections)
Assert(org.springframework.util.Assert)
InputStream(java.io.InputStream)
InputStream(java.io.InputStream)
AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions)
UncheckedIOException(java.io.UncheckedIOException)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
Challenge(com.webauthn4j.data.client.challenge.Challenge)
DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)
DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge)
RegistrationExtensionClientInput(com.webauthn4j.data.extension.client.RegistrationExtensionClientInput)
DataConversionException(com.webauthn4j.converter.exception.DataConversionException)
Example 3 with AttestationOptions
use of com.webauthn4j.springframework.security.options.AttestationOptions in project webauthn4j-spring-security by webauthn4j.
the class AttestationOptionsEndpointFilter method doFilter.
// ~ Methods
// ========================================================================================================
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
if (!processFilter(fi.getRequest())) {
chain.doFilter(request, response);
return;
}
try {
AttestationOptions attestationOptions = attestationOptionsProvider.getAttestationOptions(fi.getRequest(), getAuthentication());
writeResponse(fi.getResponse(), attestationOptions);
} catch (RuntimeException e) {
logger.debug(e);
writeErrorResponse(fi.getResponse(), e);
}
}
Also used :
AttestationOptions(com.webauthn4j.springframework.security.options.AttestationOptions)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Aggregations
AttestationOptions (com.webauthn4j.springframework.security.options.AttestationOptions)3
AttestationOptionsProvider (com.webauthn4j.springframework.security.options.AttestationOptionsProvider)2
DataConversionException (com.webauthn4j.converter.exception.DataConversionException)1
ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)1
Challenge (com.webauthn4j.data.client.challenge.Challenge)1
DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1
AuthenticationExtensionsClientInputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs)1
RegistrationExtensionClientInput (com.webauthn4j.data.extension.client.RegistrationExtensionClientInput)1
ChallengeRepository (com.webauthn4j.springframework.security.challenge.ChallengeRepository)1
Base64UrlUtil (com.webauthn4j.util.Base64UrlUtil)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
UncheckedIOException (java.io.UncheckedIOException)1
ByteBuffer (java.nio.ByteBuffer)1
Collections (java.util.Collections)1
List (java.util.List)1
UUID (java.util.UUID)1
Collectors (java.util.stream.Collectors)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
Test (org.junit.Test)1
