Example 1 with Attestation
use of com.yubico.webauthn.attestation.Attestation in project java-webauthn-server by Yubico.
the class WebAuthnServer method finishU2fRegistration.
public Either<List<String>, SuccessfulU2fRegistrationResult> finishU2fRegistration(String responseJson) throws ExecutionException {
logger.trace("finishU2fRegistration responseJson: {}", responseJson);
U2fRegistrationResponse response = null;
try {
response = jsonMapper.readValue(responseJson, U2fRegistrationResponse.class);
} catch (IOException e) {
logger.error("JSON error in finishU2fRegistration; responseJson: {}", responseJson, e);
return Either.left(Arrays.asList("Registration failed!", "Failed to decode response object.", e.getMessage()));
}
RegistrationRequest request = registerRequestStorage.getIfPresent(response.getRequestId());
registerRequestStorage.invalidate(response.getRequestId());
if (request == null) {
logger.debug("fail finishU2fRegistration responseJson: {}", responseJson);
return Either.left(Arrays.asList("Registration failed!", "No such registration in progress."));
} else {
try {
ExceptionUtil.assure(U2fVerifier.verify(rp.getAppId().get(), request, response), "Failed to verify signature.");
} catch (Exception e) {
logger.debug("Failed to verify U2F signature.", e);
return Either.left(Arrays.asList("Failed to verify signature.", e.getMessage()));
}
X509Certificate attestationCert = null;
try {
attestationCert = CertificateParser.parseDer(response.getCredential().getU2fResponse().getAttestationCertAndSignature().getBytes());
} catch (CertificateException e) {
logger.error("Failed to parse attestation certificate: {}", response.getCredential().getU2fResponse().getAttestationCertAndSignature(), e);
}
Optional<Attestation> attestation = metadataService.findMetadata(attestationCert);
final U2fRegistrationResult result = U2fRegistrationResult.builder().keyId(PublicKeyCredentialDescriptor.builder().id(response.getCredential().getU2fResponse().getKeyHandle()).build()).attestationTrusted(attestation.isPresent()).publicKeyCose(rawEcdaKeyToCose(response.getCredential().getU2fResponse().getPublicKey())).attestationMetadata(attestation).build();
return Either.right(new SuccessfulU2fRegistrationResult(request, response, addRegistration(request.getPublicKeyCredentialCreationOptions().getUser(), request.getCredentialNickname(), 0, result), result.isAttestationTrusted(), Optional.of(new AttestationCertInfo(response.getCredential().getU2fResponse().getAttestationCertAndSignature())), request.getUsername(), sessions.createSession(request.getPublicKeyCredentialCreationOptions().getUser().getId())));
}
}
Also used :
CertificateException(java.security.cert.CertificateException)
U2fRegistrationResult(demo.webauthn.data.U2fRegistrationResult)
IOException(java.io.IOException)
U2fRegistrationResponse(demo.webauthn.data.U2fRegistrationResponse)
RegistrationRequest(demo.webauthn.data.RegistrationRequest)
Attestation(com.yubico.webauthn.attestation.Attestation)
FidoMetadataDownloaderException(com.yubico.fido.metadata.FidoMetadataDownloaderException)
DigestException(java.security.DigestException)
InvalidAppIdException(com.yubico.webauthn.extension.appid.InvalidAppIdException)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Base64UrlException(com.yubico.webauthn.data.exception.Base64UrlException)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
FidoMetadataDownloaderException (com.yubico.fido.metadata.FidoMetadataDownloaderException)1
Attestation (com.yubico.webauthn.attestation.Attestation)1
Base64UrlException (com.yubico.webauthn.data.exception.Base64UrlException)1
AssertionFailedException (com.yubico.webauthn.exception.AssertionFailedException)1
RegistrationFailedException (com.yubico.webauthn.exception.RegistrationFailedException)1
InvalidAppIdException (com.yubico.webauthn.extension.appid.InvalidAppIdException)1
RegistrationRequest (demo.webauthn.data.RegistrationRequest)1
U2fRegistrationResponse (demo.webauthn.data.U2fRegistrationResponse)1
U2fRegistrationResult (demo.webauthn.data.U2fRegistrationResult)1
IOException (java.io.IOException)1
DigestException (java.security.DigestException)1
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
SignatureException (java.security.SignatureException)1
CertPathValidatorException (java.security.cert.CertPathValidatorException)1
CertificateException (java.security.cert.CertificateException)1
X509Certificate (java.security.cert.X509Certificate)1
ExecutionException (java.util.concurrent.ExecutionException)1
