Example 1 with AssertionResponse
use of com.yubico.data.AssertionResponse in project cas by apereo.
the class WebAuthnControllerTests method verifyFinishAuthentication.
@Test
public void verifyFinishAuthentication() throws Exception {
val authn = RegisteredServiceTestUtils.getAuthentication();
val server = mock(WebAuthnServer.class);
val controller = new WebAuthnController(server);
when(server.finishAuthentication(any())).thenReturn(Either.left(List.of("fails")));
var result = controller.finishAuthentication("casuser");
assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode());
val registration = CredentialRegistration.builder().registrationTime(Instant.now(Clock.systemUTC())).credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url(authn.getPrincipal().getId())).userHandle(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name("casuser").displayName("CAS").id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).build();
val publicKeyRequest = PublicKeyCredentialRequestOptions.builder().challenge(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).rpId("localhost").timeout(100).build();
val assertionRequest = AssertionRequest.builder().publicKeyCredentialRequestOptions(publicKeyRequest).username("casuser").build();
val assertion = new AssertionRequestWrapper(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), assertionRequest);
val assertionJson = "{\"id\":\"ibE9wQddsF806g8uL9hDzgwLJipKhS9esD07Jmj0N98\"," + "\"response\":{\"authenticatorData\":\"SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAFOQ\"," + "\"clientDataJSON\":\"eyJjaGFsbGVuZ2UiOiJOM0xqSTJKNXlseVdlM0VENU9UNFhITFJxSHdtX0o0OF9EX2hvSk9GZjMwIiwib3JpZ2" + "luIjoiaHR0cHM6Ly9sb2NhbGhvc3QiLCJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwidG9rZW5CaW5kaW5nIjp7InN0YXR1cyI6InN1cHBvcnRlZCJ9LCJjbGllbnRFeHRlbnNpb25zIjp7fX0\"," + "\"signature\":\"-8AKZkFZSNUemUihJhsUp8LqXFHgVTjfCuKVvf1kbIkuwz5ClZK2u562C8rkUnIorxtzD7ujYh1z4FstXKyRDg\"}," + "\"clientExtensionResults\":{},\"type\":\"public-key\"}";
val publicKeyCredential = PublicKeyCredential.parseAssertionResponseJson(assertionJson);
val response = new AssertionResponse(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), publicKeyCredential);
val authnResult = new WebAuthnServer.SuccessfulAuthenticationResult(assertion, response, List.of(registration), "casuser", ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)));
when(server.finishAuthentication(any())).thenReturn(Either.right(authnResult));
result = controller.finishAuthentication("casuser");
assertEquals(HttpStatus.OK, result.getStatusCode());
}
Also used :
lombok.val(lombok.val)
AssertionRequestWrapper(com.yubico.data.AssertionRequestWrapper)
AssertionResponse(com.yubico.data.AssertionResponse)
WebAuthnController(org.apereo.cas.webauthn.web.WebAuthnController)
Test(org.junit.jupiter.api.Test)
Example 2 with AssertionResponse
use of com.yubico.data.AssertionResponse in project cas by apereo.
the class WebAuthnServer method finishAuthentication.
public Either<List<String>, SuccessfulAuthenticationResult> finishAuthentication(final String responseJson) {
final AssertionResponse response;
try {
response = jsonMapper.readValue(responseJson, AssertionResponse.class);
} catch (final IOException e) {
LOGGER.debug("Failed to decode response object", e);
return Either.left(Arrays.asList("Assertion failed!", "Failed to decode response object.", e.getMessage()));
}
val request = assertRequestStorage.getIfPresent(response.getRequestId());
assertRequestStorage.invalidate(response.getRequestId());
if (request == null) {
return Either.left(Arrays.asList("Assertion failed!", "No such assertion in progress."));
} else {
try {
val result = rp.finishAssertion(FinishAssertionOptions.builder().request(request.getRequest()).response(response.getCredential()).build());
if (result.isSuccess()) {
try {
userStorage.updateSignatureCount(result);
} catch (final Exception e) {
LOGGER.error("Failed to update signature count for user \"{}\", credential \"{}\"", result.getUsername(), response.getCredential().getId(), e);
}
return Either.right(new SuccessfulAuthenticationResult(request, response, userStorage.getRegistrationsByUsername(result.getUsername()), result.getUsername(), sessions.createSession(result.getUserHandle())));
} else {
return Either.left(Collections.singletonList("Assertion failed: Invalid assertion."));
}
} catch (final AssertionFailedException e) {
LOGGER.debug("Assertion failed", e);
return Either.left(Arrays.asList("Assertion failed!", e.getMessage()));
} catch (final Exception e) {
LOGGER.error("Assertion failed", e);
return Either.left(Arrays.asList("Assertion failed unexpectedly; this is likely a bug.", e.getMessage()));
}
}
}
Also used :
lombok.val(lombok.val)
IOException(java.io.IOException)
AssertionResponse(com.yubico.data.AssertionResponse)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Aggregations
AssertionResponse (com.yubico.data.AssertionResponse)2
lombok.val (lombok.val)2
AssertionRequestWrapper (com.yubico.data.AssertionRequestWrapper)1
AssertionFailedException (com.yubico.webauthn.exception.AssertionFailedException)1
RegistrationFailedException (com.yubico.webauthn.exception.RegistrationFailedException)1
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
ExecutionException (java.util.concurrent.ExecutionException)1
WebAuthnController (org.apereo.cas.webauthn.web.WebAuthnController)1
Test (org.junit.jupiter.api.Test)1
