Example 1 with RegistrationResponse
use of com.yubico.data.RegistrationResponse in project cas by apereo.
the class WebAuthnControllerTests method verifyFinishRegistration.
@Test
public void verifyFinishRegistration() throws Exception {
val authn = RegisteredServiceTestUtils.getAuthentication();
val server = mock(WebAuthnServer.class);
val controller = new WebAuthnController(server);
val registrationRequest = new RegistrationRequest("casuser", Optional.empty(), ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), new PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder.MandatoryStages().rp(new RelyingPartyIdentity.RelyingPartyIdentityBuilder.MandatoryStages().id(RandomUtils.randomAlphabetic(8)).name(RandomUtils.randomAlphabetic(8)).build()).user(new UserIdentity.UserIdentityBuilder.MandatoryStages().name(RandomUtils.randomAlphabetic(8)).displayName(RandomUtils.randomAlphabetic(8)).id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).challenge(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).pubKeyCredParams(List.of()).build(), Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.left(List.of("Fails")));
var result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode());
val exampleAttestation = ByteArray.fromHex("a368617574684461746159012c49960de5880e8c687434170f6476605b8fe4aeb9a28632c7" + "995cf3ba831d976341000000000000000000000000000000000000000000a20008dce8bdc" + "3fc2c734a29a20ddb6509bceb721d7381859ab2548ae350fdb1962df68f1ebc08dbb5263c653b4" + "e855b45b7df85b4926ed4572f2af78da28028143d6a6de8c0afcc6c6fbb648ce0bac022ba0a2" + "303d2fced0d9772fcc0d32e281c8563082820e9bfd2e76241637ccbc36aebd85f398f6b6863d3d6755e3" + "98e05faf101e467c201219a83b2bf4269efc6e82f2c95dbfbc2a979ea2b78dea9b9fe467a2fa36361" + "6c6765455332353661785820c5df3292ce78ea68322b36073fd3b012a35cc9352cba7abd5ed2c287f6" + "112b5361795820a83b6a518319bee86dccd1c8d54b3acb4f590e2cf7d26616aad3e7aa49fc8b4c6366" + "6d74686669646f2d7532666761747453746d74a26378356381590136308201323081d9a0030201020" + "20500a5427a1d300a06082a8648ce3d0403023021311f301d0603550403131646697265666f782055" + "324620536f667420546f6b656e301e170d3137303833303134353130365a170d31373039303131343531" + "30365a3021311f301d0603550403131646697265666f782055324620536f667420546f6b656e30593013" + "06072a8648ce3d020106082a8648ce3d0301070342000409b9c8303e3a9f1cc0c4bb83c6d56a223699" + "137387ad27dd01ad9c8e0c80addce10e52e622197576f756e38d5965bf98d53ece5af4b0ec003ad08f932" + "bd84c1e300a06082a8648ce3d040302034800304502210083239a57e0fa99224b2c7989998cf833d5c1562" + "df38d285d46cab1d6cf46ae9e02204cfd5deb11de1fdafc4e899f8d03388164beaff2e4263a82210cc" + "c38906981236373696758463044022049c439848ec81672461cc0ea629f297cc7228450a6b0d0887" + "2ab969364ec6a6202200ea1acec627fd0e616d23da3e8bfa38a5527f2007cfe3fed63e5f3e2f7e25b11");
val tokenBindingStatus = TokenBindingStatus.PRESENT;
val tokenBindingId = ByteArray.fromBase64Url("IgqNmDkOp68Edjd8-uwxmh");
val challenge = ByteArray.fromBase64Url("HfpNmDkOp66Edjd5-uvwlg");
val clientJson = '{' + "\"authenticatorExtensions\":{\"boo\":\"far\"}," + "\"challenge\":\"" + challenge.getBase64Url() + "\"," + "\"origin\":\"localhost\"," + "\"tokenBinding\":{\"status\":\"" + tokenBindingStatus.getValue() + "\",\"id\":\"" + tokenBindingId.getBase64Url() + "\"}," + "\"type\":\"webauthn.get\"" + '}';
val response = AuthenticatorAttestationResponse.builder().attestationObject(exampleAttestation).clientDataJSON(new ByteArray(clientJson.getBytes(StandardCharsets.UTF_8))).build();
val publicKeyCredential = PublicKeyCredential.builder().id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).response(response).clientExtensionResults(ClientRegistrationExtensionOutputs.builder().build()).build();
val registrationResponse = new RegistrationResponse(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), (PublicKeyCredential) publicKeyCredential, Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.right(new WebAuthnServer.SuccessfulRegistrationResult(registrationRequest, registrationResponse, CredentialRegistration.builder().registrationTime(Instant.now(Clock.systemUTC())).credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url(authn.getPrincipal().getId())).userHandle(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name("casuser").displayName("CAS").id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).build(), true, ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)))));
result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.OK, result.getStatusCode());
}
Also used :
lombok.val(lombok.val)
PublicKeyCredentialCreationOptions(com.yubico.webauthn.data.PublicKeyCredentialCreationOptions)
RegistrationRequest(com.yubico.data.RegistrationRequest)
WebAuthnController(org.apereo.cas.webauthn.web.WebAuthnController)
ByteArray(com.yubico.webauthn.data.ByteArray)
RegistrationResponse(com.yubico.data.RegistrationResponse)
Test(org.junit.jupiter.api.Test)
Example 2 with RegistrationResponse
use of com.yubico.data.RegistrationResponse in project cas by apereo.
the class WebAuthnServer method finishRegistration.
public Either<List<String>, SuccessfulRegistrationResult> finishRegistration(final String responseJson) {
LOGGER.trace("finishRegistration responseJson: {}", responseJson);
RegistrationResponse response = null;
try {
response = jsonMapper.readValue(responseJson, RegistrationResponse.class);
} catch (final IOException e) {
LOGGER.error("JSON error in finishRegistration; responseJson: {}", responseJson, e);
return Either.left(Arrays.asList("Registration failed!", "Failed to decode response object.", e.getMessage()));
}
val request = registerRequestStorage.getIfPresent(response.getRequestId());
registerRequestStorage.invalidate(response.getRequestId());
if (request == null) {
LOGGER.debug("fail finishRegistration responseJson: {}", responseJson);
return Either.left(Arrays.asList("Registration failed!", "No such registration in progress."));
} else {
try {
val registration = rp.finishRegistration(FinishRegistrationOptions.builder().request(request.getPublicKeyCredentialCreationOptions()).response(response.getCredential()).build());
if (userStorage.userExists(request.getUsername())) {
var permissionGranted = false;
val isValidSession = request.getSessionToken().map(token -> sessions.isSessionForUser(request.getPublicKeyCredentialCreationOptions().getUser().getId(), token)).orElse(false);
LOGGER.debug("Session token: {}", request.getSessionToken());
LOGGER.debug("Valid session: {}", isValidSession);
if (isValidSession) {
permissionGranted = true;
LOGGER.info("Session token accepted for user {}", request.getPublicKeyCredentialCreationOptions().getUser().getId());
}
LOGGER.debug("permissionGranted: {}", permissionGranted);
if (!permissionGranted) {
throw new RegistrationFailedException(new IllegalArgumentException(String.format("User %s already exists", request.getUsername())));
}
}
return Either.right(new SuccessfulRegistrationResult(request, response, addRegistration(request.getPublicKeyCredentialCreationOptions().getUser(), request.getCredentialNickname(), registration), registration.isAttestationTrusted(), sessions.createSession(request.getPublicKeyCredentialCreationOptions().getUser().getId())));
} catch (final RegistrationFailedException e) {
LOGGER.debug("fail finishRegistration responseJson: {}", responseJson, e);
return Either.left(Arrays.asList("Registration failed", e.getMessage()));
} catch (final Exception e) {
LOGGER.error("fail finishRegistration responseJson: {}", responseJson, e);
return Either.left(Arrays.asList("Registration failed unexpectedly; this is likely a bug.", e.getMessage()));
}
}
}
Also used :
lombok.val(lombok.val)
X509Certificate(java.security.cert.X509Certificate)
RandomUtils(org.apereo.cas.util.RandomUtils)
Arrays(java.util.Arrays)
SortedSet(java.util.SortedSet)
AuthenticatorData(com.yubico.webauthn.data.AuthenticatorData)
CredentialRegistration(com.yubico.data.CredentialRegistration)
AuthenticatorSelectionCriteria(com.yubico.webauthn.data.AuthenticatorSelectionCriteria)
JacksonCodecs(com.yubico.internal.util.JacksonCodecs)
Either(com.yubico.util.Either)
FinishRegistrationOptions(com.yubico.webauthn.FinishRegistrationOptions)
SecureRandom(java.security.SecureRandom)
JsonSerializer(com.fasterxml.jackson.databind.JsonSerializer)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
StartAssertionOptions(com.yubico.webauthn.StartAssertionOptions)
AuthenticatorTransport(com.yubico.webauthn.data.AuthenticatorTransport)
AssertionResponse(com.yubico.data.AssertionResponse)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
NonNull(lombok.NonNull)
Collection(java.util.Collection)
RegistrationRequest(com.yubico.data.RegistrationRequest)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
ResidentKeyRequirement(com.yubico.webauthn.data.ResidentKeyRequirement)
CertificateParser(com.yubico.internal.util.CertificateParser)
AttestationMetadataSource(com.yubico.webauthn.attestation.AttestationMetadataSource)
Optional(java.util.Optional)
ByteArray(com.yubico.webauthn.data.ByteArray)
Setter(lombok.Setter)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
Attestation(com.yubico.webauthn.attestation.Attestation)
TreeSet(java.util.TreeSet)
Value(lombok.Value)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
StartRegistrationOptions(com.yubico.webauthn.StartRegistrationOptions)
FinishAssertionOptions(com.yubico.webauthn.FinishAssertionOptions)
JsonSerialize(com.fasterxml.jackson.databind.annotation.JsonSerialize)
RelyingParty(com.yubico.webauthn.RelyingParty)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
SerializerProvider(com.fasterxml.jackson.databind.SerializerProvider)
RegistrationResponse(com.yubico.data.RegistrationResponse)
RegisteredCredential(com.yubico.webauthn.RegisteredCredential)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
lombok.val(lombok.val)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Clock(java.time.Clock)
RegistrationResult(com.yubico.webauthn.RegistrationResult)
Cache(com.google.common.cache.Cache)
AllArgsConstructor(lombok.AllArgsConstructor)
Collections(java.util.Collections)
AssertionRequestWrapper(com.yubico.data.AssertionRequestWrapper)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
IOException(java.io.IOException)
RegistrationResponse(com.yubico.data.RegistrationResponse)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Aggregations
RegistrationRequest (com.yubico.data.RegistrationRequest)2
RegistrationResponse (com.yubico.data.RegistrationResponse)2
ByteArray (com.yubico.webauthn.data.ByteArray)2
JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)1
JsonNode (com.fasterxml.jackson.databind.JsonNode)1
JsonSerializer (com.fasterxml.jackson.databind.JsonSerializer)1
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
SerializerProvider (com.fasterxml.jackson.databind.SerializerProvider)1
JsonSerialize (com.fasterxml.jackson.databind.annotation.JsonSerialize)1
Cache (com.google.common.cache.Cache)1
AssertionRequestWrapper (com.yubico.data.AssertionRequestWrapper)1
AssertionResponse (com.yubico.data.AssertionResponse)1
CredentialRegistration (com.yubico.data.CredentialRegistration)1
CertificateParser (com.yubico.internal.util.CertificateParser)1
JacksonCodecs (com.yubico.internal.util.JacksonCodecs)1
Either (com.yubico.util.Either)1
FinishAssertionOptions (com.yubico.webauthn.FinishAssertionOptions)1
FinishRegistrationOptions (com.yubico.webauthn.FinishRegistrationOptions)1
RegisteredCredential (com.yubico.webauthn.RegisteredCredential)1
RegistrationResult (com.yubico.webauthn.RegistrationResult)1
