Example 6 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class ExtensionMatcher method matches.
@Override
public boolean matches(X509Certificate attestationCertificate, JsonNode parameters) {
String matchKey = parameters.get(EXTENSION_KEY).asText();
JsonNode matchValue = parameters.get(EXTENSION_VALUE);
byte[] extensionValue = attestationCertificate.getExtensionValue(matchKey);
if (extensionValue != null) {
if (matchValue == null) {
return true;
} else {
try {
final ASN1Primitive value = ASN1Primitive.fromByteArray(extensionValue);
if (matchValue.isObject()) {
if (matchTypedValue(matchKey, matchValue, value)) {
return true;
}
} else if (matchValue.isTextual()) {
if (matchStringValue(matchKey, matchValue, value))
return true;
}
} catch (IOException e) {
log.error("Failed to parse extension value as ASN1: {}", new ByteArray(extensionValue).getHex(), e);
}
}
}
return false;
}
Also used :
ByteArray(com.yubico.webauthn.data.ByteArray)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
IOException(java.io.IOException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
Example 7 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class SessionManager method createSession.
/**
* @return Create a new session for the given user, or return the existing one.
*/
public ByteArray createSession(@NonNull ByteArray userHandle) throws ExecutionException {
ByteArray sessionId = usersToSessionIds.get(userHandle, () -> generateRandom(32));
sessionIdsToUsers.put(sessionId, userHandle);
return sessionId;
}
Also used :
ByteArray(com.yubico.webauthn.data.ByteArray)
Example 8 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class U2fRawRegisterResponse method packBytesToSign.
private static ByteArray packBytesToSign(ByteArray appIdHash, ByteArray clientDataHash, ByteArray keyHandle, ByteArray userPublicKey) {
ByteArrayDataOutput encoded = ByteStreams.newDataOutput();
encoded.write(REGISTRATION_SIGNED_RESERVED_BYTE_VALUE);
encoded.write(appIdHash.getBytes());
encoded.write(clientDataHash.getBytes());
encoded.write(keyHandle.getBytes());
encoded.write(userPublicKey.getBytes());
return new ByteArray(encoded.toByteArray());
}
Also used :
ByteArrayDataOutput(com.google.common.io.ByteArrayDataOutput)
ByteArray(com.yubico.webauthn.data.ByteArray)
Example 9 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project cas by apereo.
the class WebAuthnControllerTests method verifyFinishRegistration.
@Test
public void verifyFinishRegistration() throws Exception {
val authn = RegisteredServiceTestUtils.getAuthentication();
val server = mock(WebAuthnServer.class);
val controller = new WebAuthnController(server);
val registrationRequest = new RegistrationRequest("casuser", Optional.empty(), ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), new PublicKeyCredentialCreationOptions.PublicKeyCredentialCreationOptionsBuilder.MandatoryStages().rp(new RelyingPartyIdentity.RelyingPartyIdentityBuilder.MandatoryStages().id(RandomUtils.randomAlphabetic(8)).name(RandomUtils.randomAlphabetic(8)).build()).user(new UserIdentity.UserIdentityBuilder.MandatoryStages().name(RandomUtils.randomAlphabetic(8)).displayName(RandomUtils.randomAlphabetic(8)).id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).challenge(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).pubKeyCredParams(List.of()).build(), Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.left(List.of("Fails")));
var result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode());
val exampleAttestation = ByteArray.fromHex("a368617574684461746159012c49960de5880e8c687434170f6476605b8fe4aeb9a28632c7" + "995cf3ba831d976341000000000000000000000000000000000000000000a20008dce8bdc" + "3fc2c734a29a20ddb6509bceb721d7381859ab2548ae350fdb1962df68f1ebc08dbb5263c653b4" + "e855b45b7df85b4926ed4572f2af78da28028143d6a6de8c0afcc6c6fbb648ce0bac022ba0a2" + "303d2fced0d9772fcc0d32e281c8563082820e9bfd2e76241637ccbc36aebd85f398f6b6863d3d6755e3" + "98e05faf101e467c201219a83b2bf4269efc6e82f2c95dbfbc2a979ea2b78dea9b9fe467a2fa36361" + "6c6765455332353661785820c5df3292ce78ea68322b36073fd3b012a35cc9352cba7abd5ed2c287f6" + "112b5361795820a83b6a518319bee86dccd1c8d54b3acb4f590e2cf7d26616aad3e7aa49fc8b4c6366" + "6d74686669646f2d7532666761747453746d74a26378356381590136308201323081d9a0030201020" + "20500a5427a1d300a06082a8648ce3d0403023021311f301d0603550403131646697265666f782055" + "324620536f667420546f6b656e301e170d3137303833303134353130365a170d31373039303131343531" + "30365a3021311f301d0603550403131646697265666f782055324620536f667420546f6b656e30593013" + "06072a8648ce3d020106082a8648ce3d0301070342000409b9c8303e3a9f1cc0c4bb83c6d56a223699" + "137387ad27dd01ad9c8e0c80addce10e52e622197576f756e38d5965bf98d53ece5af4b0ec003ad08f932" + "bd84c1e300a06082a8648ce3d040302034800304502210083239a57e0fa99224b2c7989998cf833d5c1562" + "df38d285d46cab1d6cf46ae9e02204cfd5deb11de1fdafc4e899f8d03388164beaff2e4263a82210cc" + "c38906981236373696758463044022049c439848ec81672461cc0ea629f297cc7228450a6b0d0887" + "2ab969364ec6a6202200ea1acec627fd0e616d23da3e8bfa38a5527f2007cfe3fed63e5f3e2f7e25b11");
val tokenBindingStatus = TokenBindingStatus.PRESENT;
val tokenBindingId = ByteArray.fromBase64Url("IgqNmDkOp68Edjd8-uwxmh");
val challenge = ByteArray.fromBase64Url("HfpNmDkOp66Edjd5-uvwlg");
val clientJson = '{' + "\"authenticatorExtensions\":{\"boo\":\"far\"}," + "\"challenge\":\"" + challenge.getBase64Url() + "\"," + "\"origin\":\"localhost\"," + "\"tokenBinding\":{\"status\":\"" + tokenBindingStatus.getValue() + "\",\"id\":\"" + tokenBindingId.getBase64Url() + "\"}," + "\"type\":\"webauthn.get\"" + '}';
val response = AuthenticatorAttestationResponse.builder().attestationObject(exampleAttestation).clientDataJSON(new ByteArray(clientJson.getBytes(StandardCharsets.UTF_8))).build();
val publicKeyCredential = PublicKeyCredential.builder().id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).response(response).clientExtensionResults(ClientRegistrationExtensionOutputs.builder().build()).build();
val registrationResponse = new RegistrationResponse(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)), (PublicKeyCredential) publicKeyCredential, Optional.of(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))));
when(server.finishRegistration(anyString())).thenReturn(Either.right(new WebAuthnServer.SuccessfulRegistrationResult(registrationRequest, registrationResponse, CredentialRegistration.builder().registrationTime(Instant.now(Clock.systemUTC())).credential(RegisteredCredential.builder().credentialId(ByteArray.fromBase64Url(authn.getPrincipal().getId())).userHandle(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).publicKeyCose(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).userIdentity(UserIdentity.builder().name("casuser").displayName("CAS").id(ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8))).build()).build(), true, ByteArray.fromBase64Url(RandomUtils.randomAlphabetic(8)))));
result = controller.finishRegistration("registration-data");
assertEquals(HttpStatus.OK, result.getStatusCode());
}
Also used :
lombok.val(lombok.val)
PublicKeyCredentialCreationOptions(com.yubico.webauthn.data.PublicKeyCredentialCreationOptions)
RegistrationRequest(com.yubico.data.RegistrationRequest)
WebAuthnController(org.apereo.cas.webauthn.web.WebAuthnController)
ByteArray(com.yubico.webauthn.data.ByteArray)
RegistrationResponse(com.yubico.data.RegistrationResponse)
Test(org.junit.jupiter.api.Test)
Example 10 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project cas by apereo.
the class ExtensionMatcher method matchHex.
private boolean matchHex(String matchKey, JsonNode matchValue, ASN1Primitive value) {
final String matchValueString = matchValue.get(EXTENSION_VALUE_VALUE).textValue();
final ByteArray matchBytes;
try {
matchBytes = ByteArray.fromHex(matchValueString);
} catch (HexException e) {
throw new IllegalArgumentException(String.format("Bad hex value in extension %s: %s", matchKey, matchValueString));
}
final ASN1Primitive innerValue;
if (value instanceof DEROctetString) {
try {
innerValue = ASN1Primitive.fromByteArray(((DEROctetString) value).getOctets());
} catch (IOException e) {
LOGGER.debug("Failed to parse {} extension value as ASN1: {}", matchKey, value);
return false;
}
} else {
LOGGER.debug("Expected nested bit string value for extension {}, was: {}", matchKey, value);
return false;
}
if (innerValue instanceof DEROctetString) {
final ByteArray readBytes = new ByteArray(((DEROctetString) innerValue).getOctets());
return matchBytes.equals(readBytes);
} else {
LOGGER.debug("Expected nested bit string value for extension {}, was: {}", matchKey, value);
return false;
}
}
Also used :
ByteArray(com.yubico.webauthn.data.ByteArray)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
HexException(com.yubico.webauthn.data.exception.HexException)
IOException(java.io.IOException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Aggregations
ByteArray (com.yubico.webauthn.data.ByteArray)23
IOException (java.io.IOException)10
JsonNode (com.fasterxml.jackson.databind.JsonNode)7
X509Certificate (java.security.cert.X509Certificate)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
CertificateException (java.security.cert.CertificateException)6
List (java.util.List)5
Optional (java.util.Optional)5
CertificateParser (com.yubico.internal.util.CertificateParser)4
Base64UrlException (com.yubico.webauthn.data.exception.Base64UrlException)4
Collection (java.util.Collection)4
Collections (java.util.Collections)4
AllArgsConstructor (lombok.AllArgsConstructor)4
NonNull (lombok.NonNull)4
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
DigestException (java.security.DigestException)3
Slf4j (lombok.extern.slf4j.Slf4j)3
CoseException (COSE.CoseException)2
