Example 1 with RegistrationRequest
use of com.yubico.data.RegistrationRequest in project cas by apereo.
the class WebAuthnControllerTests method verifyFinishRegistration.
@Test
public void verifyFinishRegistration() throws Exception {
val authn = RegisteredServiceTestUtils.getAuthentication();
val server = mock(WebAuthnServer.class);
val controller = new WebAuthnController(server);
val registrationRequest = new RegistrationRequest("casuser", Optional.empty(), ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), new PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder.MandatoryStages().rp(new RelyingPartyIdentity.RelyingPartyIdentityBuilder.MandatoryStages().id(RandomUtils.randomAlphabetic(8)).name(RandomUtils.randomAlphabetic(8)).build()).user(new UserIdentity.UserIdentityBuilder.MandatoryStages().name(RandomUtils.randomAlphabetic(8)).displayName(RandomUtils.randomAlphabetic(8)).id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).challenge(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).pubKeyCredParams(List.of()).build(), Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.left(List.of("Fails")));
var result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode());
val exampleAttestation = ByteArray.fromHex("a368617574684461746159012c49960de5880e8c687434170f6476605b8fe4aeb9a28632c7" + "995cf3ba831d976341000000000000000000000000000000000000000000a20008dce8bdc" + "3fc2c734a29a20ddb6509bceb721d7381859ab2548ae350fdb1962df68f1ebc08dbb5263c653b4" + "e855b45b7df85b4926ed4572f2af78da28028143d6a6de8c0afcc6c6fbb648ce0bac022ba0a2" + "303d2fced0d9772fcc0d32e281c8563082820e9bfd2e76241637ccbc36aebd85f398f6b6863d3d6755e3" + "98e05faf101e467c201219a83b2bf4269efc6e82f2c95dbfbc2a979ea2b78dea9b9fe467a2fa36361" + "6c6765455332353661785820c5df3292ce78ea68322b36073fd3b012a35cc9352cba7abd5ed2c287f6" + "112b5361795820a83b6a518319bee86dccd1c8d54b3acb4f590e2cf7d26616aad3e7aa49fc8b4c6366" + "6d74686669646f2d7532666761747453746d74a26378356381590136308201323081d9a0030201020" + "20500a5427a1d300a06082a8648ce3d0403023021311f301d0603550403131646697265666f782055" + "324620536f667420546f6b656e301e170d3137303833303134353130365a170d31373039303131343531" + "30365a3021311f301d0603550403131646697265666f782055324620536f667420546f6b656e30593013" + "06072a8648ce3d020106082a8648ce3d0301070342000409b9c8303e3a9f1cc0c4bb83c6d56a223699" + "137387ad27dd01ad9c8e0c80addce10e52e622197576f756e38d5965bf98d53ece5af4b0ec003ad08f932" + "bd84c1e300a06082a8648ce3d040302034800304502210083239a57e0fa99224b2c7989998cf833d5c1562" + "df38d285d46cab1d6cf46ae9e02204cfd5deb11de1fdafc4e899f8d03388164beaff2e4263a82210cc" + "c38906981236373696758463044022049c439848ec81672461cc0ea629f297cc7228450a6b0d0887" + "2ab969364ec6a6202200ea1acec627fd0e616d23da3e8bfa38a5527f2007cfe3fed63e5f3e2f7e25b11");
val tokenBindingStatus = TokenBindingStatus.PRESENT;
val tokenBindingId = ByteArray.fromBase64Url("IgqNmDkOp68Edjd8-uwxmh");
val challenge = ByteArray.fromBase64Url("HfpNmDkOp66Edjd5-uvwlg");
val clientJson = '{' + "\"authenticatorExtensions\":{\"boo\":\"far\"}," + "\"challenge\":\"" + challenge.getBase64Url() + "\"," + "\"origin\":\"localhost\"," + "\"tokenBinding\":{\"status\":\"" + tokenBindingStatus.getValue() + "\",\"id\":\"" + tokenBindingId.getBase64Url() + "\"}," + "\"type\":\"webauthn.get\"" + '}';
val response = AuthenticatorAttestationResponse.builder().attestationObject(exampleAttestation).clientDataJSON(new ByteArray(clientJson.getBytes(StandardCharsets.UTF_8))).build();
val publicKeyCredential = PublicKeyCredential.builder().id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).response(response).clientExtensionResults(ClientRegistrationExtensionOutputs.builder().build()).build();
val registrationResponse = new RegistrationResponse(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), (PublicKeyCredential) publicKeyCredential, Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.right(new WebAuthnServer.SuccessfulRegistrationResult(registrationRequest, registrationResponse, CredentialRegistration.builder().registrationTime(Instant.now(Clock.systemUTC())).credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url(authn.getPrincipal().getId())).userHandle(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name("casuser").displayName("CAS").id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).build(), true, ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)))));
result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.OK, result.getStatusCode());
}
Also used :
lombok.val(lombok.val)
PublicKeyCredentialCreationOptions(com.yubico.webauthn.data.PublicKeyCredentialCreationOptions)
RegistrationRequest(com.yubico.data.RegistrationRequest)
WebAuthnController(org.apereo.cas.webauthn.web.WebAuthnController)
ByteArray(com.yubico.webauthn.data.ByteArray)
RegistrationResponse(com.yubico.data.RegistrationResponse)
Test(org.junit.jupiter.api.Test)
Example 2 with RegistrationRequest
use of com.yubico.data.RegistrationRequest in project cas by apereo.
the class WebAuthnControllerTests method verifyStartRegistration.
@Test
public void verifyStartRegistration() throws Exception {
val server = mock(WebAuthnServer.class);
val controller = new WebAuthnController(server);
val publicKeyCredential = PublicKeyCredentialCreationOptions.builder().rp(new RelyingPartyIdentity.RelyingPartyIdentityBuilder.MandatoryStages().id(RandomUtils.randomAlphabetic(8)).name(RandomUtils.randomAlphabetic(8)).build()).user(new UserIdentity.UserIdentityBuilder.MandatoryStages().name(RandomUtils.randomAlphabetic(8)).displayName(RandomUtils.randomAlphabetic(8)).id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).challenge(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).pubKeyCredParams(List.of()).build();
val registrationRequest = new RegistrationRequest("casuser", Optional.empty(), ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), publicKeyCredential, Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.startRegistration(anyString(), any(), any(), any(ResidentKeyRequirement.class), any())).thenReturn(Either.right(registrationRequest));
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
var result = controller.startRegistration("casuser", "displayName", "nickName", false, "sessionToken", request, response);
assertEquals(HttpStatus.OK, result.getStatusCode());
when(server.startRegistration(anyString(), any(), any(), any(ResidentKeyRequirement.class), any())).thenReturn(Either.left("failed"));
result = controller.startRegistration("casuser", "displayName", "nickName", false, "sessionToken", request, response);
assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode());
}
Also used :
lombok.val(lombok.val)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
ResidentKeyRequirement(com.yubico.webauthn.data.ResidentKeyRequirement)
RelyingPartyIdentity(com.yubico.webauthn.data.RelyingPartyIdentity)
RegistrationRequest(com.yubico.data.RegistrationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
WebAuthnController(org.apereo.cas.webauthn.web.WebAuthnController)
Test(org.junit.jupiter.api.Test)
Example 3 with RegistrationRequest
use of com.yubico.data.RegistrationRequest in project cas by apereo.
the class WebAuthnServer method startRegistration.
public Either<String, RegistrationRequest> startRegistration(@NonNull final String username, final Optional<String> displayName, final Optional<String> credentialNickname, final ResidentKeyRequirement residentKeyRequirement, final Optional<ByteArray> sessionToken) throws ExecutionException {
LOGGER.trace("startRegistration username: {}, credentialNickname: {}", username, credentialNickname);
var registrations = userStorage.getRegistrationsByUsername(username);
var existingUser = registrations.stream().findAny().map(CredentialRegistration::getUserIdentity);
val permissionGranted = existingUser.map(userIdentity -> sessions.isSessionForUser(userIdentity.getId(), sessionToken)).orElse(true);
if (permissionGranted) {
var registrationUserId = existingUser.orElseGet(() -> UserIdentity.builder().name(username).displayName(displayName.get()).id(generateRandom(32)).build());
val request = new RegistrationRequest(username, credentialNickname, generateRandom(32), rp.startRegistration(StartRegistrationOptions.builder().user(registrationUserId).authenticatorSelection(AuthenticatorSelectionCriteria.builder().residentKey(residentKeyRequirement).build()).build()), Optional.of(sessions.createSession(registrationUserId.getId())));
registerRequestStorage.put(request.getRequestId(), request);
return Either.right(request);
} else {
return Either.left("The username \"" + username + "\" is already registered.");
}
}
Also used :
lombok.val(lombok.val)
X509Certificate(java.security.cert.X509Certificate)
RandomUtils(org.apereo.cas.util.RandomUtils)
Arrays(java.util.Arrays)
SortedSet(java.util.SortedSet)
AuthenticatorData(com.yubico.webauthn.data.AuthenticatorData)
CredentialRegistration(com.yubico.data.CredentialRegistration)
AuthenticatorSelectionCriteria(com.yubico.webauthn.data.AuthenticatorSelectionCriteria)
JacksonCodecs(com.yubico.internal.util.JacksonCodecs)
Either(com.yubico.util.Either)
FinishRegistrationOptions(com.yubico.webauthn.FinishRegistrationOptions)
SecureRandom(java.security.SecureRandom)
JsonSerializer(com.fasterxml.jackson.databind.JsonSerializer)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
StartAssertionOptions(com.yubico.webauthn.StartAssertionOptions)
AuthenticatorTransport(com.yubico.webauthn.data.AuthenticatorTransport)
AssertionResponse(com.yubico.data.AssertionResponse)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
NonNull(lombok.NonNull)
Collection(java.util.Collection)
RegistrationRequest(com.yubico.data.RegistrationRequest)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
ResidentKeyRequirement(com.yubico.webauthn.data.ResidentKeyRequirement)
CertificateParser(com.yubico.internal.util.CertificateParser)
AttestationMetadataSource(com.yubico.webauthn.attestation.AttestationMetadataSource)
Optional(java.util.Optional)
ByteArray(com.yubico.webauthn.data.ByteArray)
Setter(lombok.Setter)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
Attestation(com.yubico.webauthn.attestation.Attestation)
TreeSet(java.util.TreeSet)
Value(lombok.Value)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
StartRegistrationOptions(com.yubico.webauthn.StartRegistrationOptions)
FinishAssertionOptions(com.yubico.webauthn.FinishAssertionOptions)
JsonSerialize(com.fasterxml.jackson.databind.annotation.JsonSerialize)
RelyingParty(com.yubico.webauthn.RelyingParty)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
SerializerProvider(com.fasterxml.jackson.databind.SerializerProvider)
RegistrationResponse(com.yubico.data.RegistrationResponse)
RegisteredCredential(com.yubico.webauthn.RegisteredCredential)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
lombok.val(lombok.val)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Clock(java.time.Clock)
RegistrationResult(com.yubico.webauthn.RegistrationResult)
Cache(com.google.common.cache.Cache)
AllArgsConstructor(lombok.AllArgsConstructor)
Collections(java.util.Collections)
AssertionRequestWrapper(com.yubico.data.AssertionRequestWrapper)
CredentialRegistration(com.yubico.data.CredentialRegistration)
RegistrationRequest(com.yubico.data.RegistrationRequest)
Aggregations
RegistrationRequest (com.yubico.data.RegistrationRequest)3
RegistrationResponse (com.yubico.data.RegistrationResponse)2
ByteArray (com.yubico.webauthn.data.ByteArray)2
ResidentKeyRequirement (com.yubico.webauthn.data.ResidentKeyRequirement)2
UserIdentity (com.yubico.webauthn.data.UserIdentity)2
lombok.val (lombok.val)2
WebAuthnController (org.apereo.cas.webauthn.web.WebAuthnController)2
Test (org.junit.jupiter.api.Test)2
JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
JsonSerializer (com.fasterxml.jackson.databind.JsonSerializer)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
SerializerProvider (com.fasterxml.jackson.databind.SerializerProvider)1
JsonSerialize (com.fasterxml.jackson.databind.annotation.JsonSerialize)1
Cache (com.google.common.cache.Cache)1
AssertionRequestWrapper (com.yubico.data.AssertionRequestWrapper)1
AssertionResponse (com.yubico.data.AssertionResponse)1
CredentialRegistration (com.yubico.data.CredentialRegistration)1
CertificateParser (com.yubico.internal.util.CertificateParser)1
JacksonCodecs (com.yubico.internal.util.JacksonCodecs)1
