Example 1 with ResidentKeyRequirement
use of com.yubico.webauthn.data.ResidentKeyRequirement in project java-webauthn-server by Yubico.
the class WebAuthnServer method startRegistration.
public Either<String, RegistrationRequest> startRegistration(@NonNull String username, @NonNull String displayName, Optional<String> credentialNickname, ResidentKeyRequirement residentKeyRequirement, Optional<ByteArray> sessionToken) throws ExecutionException {
logger.trace("startRegistration username: {}, credentialNickname: {}", username, credentialNickname);
final Collection<CredentialRegistration> registrations = userStorage.getRegistrationsByUsername(username);
final Optional<UserIdentity> existingUser = registrations.stream().findAny().map(CredentialRegistration::getUserIdentity);
final boolean permissionGranted = existingUser.map(userIdentity -> sessions.isSessionForUser(userIdentity.getId(), sessionToken)).orElse(true);
if (permissionGranted) {
final UserIdentity registrationUserId = existingUser.orElseGet(() -> UserIdentity.builder().name(username).displayName(displayName).id(generateRandom(32)).build());
RegistrationRequest request = new RegistrationRequest(username, credentialNickname, generateRandom(32), rp.startRegistration(StartRegistrationOptions.builder().user(registrationUserId).authenticatorSelection(AuthenticatorSelectionCriteria.builder().residentKey(residentKeyRequirement).build()).build()), Optional.of(sessions.createSession(registrationUserId.getId())));
registerRequestStorage.put(request.getRequestId(), request);
return Either.right(request);
} else {
return Either.left("The username \"" + username + "\" is already registered.");
}
}
Also used :
AppId(com.yubico.webauthn.extension.appid.AppId)
X509Certificate(java.security.cert.X509Certificate)
Arrays(java.util.Arrays)
U2fRegistrationResult(demo.webauthn.data.U2fRegistrationResult)
SortedSet(java.util.SortedSet)
AuthenticatorData(com.yubico.webauthn.data.AuthenticatorData)
LoggerFactory(org.slf4j.LoggerFactory)
AuthenticatorSelectionCriteria(com.yubico.webauthn.data.AuthenticatorSelectionCriteria)
JacksonCodecs(com.yubico.internal.util.JacksonCodecs)
Either(com.yubico.util.Either)
FinishRegistrationOptions(com.yubico.webauthn.FinishRegistrationOptions)
COSEAlgorithmIdentifier(com.yubico.webauthn.data.COSEAlgorithmIdentifier)
SecureRandom(java.security.SecureRandom)
PublicKeyCredentialDescriptor(com.yubico.webauthn.data.PublicKeyCredentialDescriptor)
CredentialRegistration(demo.webauthn.data.CredentialRegistration)
RegistrationRequest(demo.webauthn.data.RegistrationRequest)
U2fRegistrationResponse(demo.webauthn.data.U2fRegistrationResponse)
Map(java.util.Map)
FidoMetadataDownloaderException(com.yubico.fido.metadata.FidoMetadataDownloaderException)
DigestException(java.security.DigestException)
JsonSerializer(com.fasterxml.jackson.databind.JsonSerializer)
InvalidAppIdException(com.yubico.webauthn.extension.appid.InvalidAppIdException)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
UnexpectedLegalHeader(com.yubico.fido.metadata.UnexpectedLegalHeader)
RelyingPartyIdentity(com.yubico.webauthn.data.RelyingPartyIdentity)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
StartAssertionOptions(com.yubico.webauthn.StartAssertionOptions)
AuthenticatorTransport(com.yubico.webauthn.data.AuthenticatorTransport)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
NonNull(lombok.NonNull)
SignatureException(java.security.SignatureException)
Collection(java.util.Collection)
Set(java.util.Set)
AssertionRequestWrapper(demo.webauthn.data.AssertionRequestWrapper)
List(java.util.List)
ResidentKeyRequirement(com.yubico.webauthn.data.ResidentKeyRequirement)
CertificateParser(com.yubico.internal.util.CertificateParser)
AssertionResponse(demo.webauthn.data.AssertionResponse)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Optional(java.util.Optional)
InvalidKeyException(java.security.InvalidKeyException)
CacheBuilder(com.google.common.cache.CacheBuilder)
ByteArray(com.yubico.webauthn.data.ByteArray)
AssertionResult(com.yubico.webauthn.AssertionResult)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
HashMap(java.util.HashMap)
Attestation(com.yubico.webauthn.attestation.Attestation)
Supplier(java.util.function.Supplier)
TreeSet(java.util.TreeSet)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
Value(lombok.Value)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
StartRegistrationOptions(com.yubico.webauthn.StartRegistrationOptions)
RegistrationResponse(demo.webauthn.data.RegistrationResponse)
FinishAssertionOptions(com.yubico.webauthn.FinishAssertionOptions)
JsonSerialize(com.fasterxml.jackson.databind.annotation.JsonSerialize)
RelyingParty(com.yubico.webauthn.RelyingParty)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
SerializerProvider(com.fasterxml.jackson.databind.SerializerProvider)
RegisteredCredential(com.yubico.webauthn.RegisteredCredential)
Logger(org.slf4j.Logger)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
CBORObject(com.upokecenter.cbor.CBORObject)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
U2fVerifier(com.yubico.webauthn.U2fVerifier)
ExecutionException(java.util.concurrent.ExecutionException)
TimeUnit(java.util.concurrent.TimeUnit)
ExceptionUtil(com.yubico.internal.util.ExceptionUtil)
Base64UrlException(com.yubico.webauthn.data.exception.Base64UrlException)
Clock(java.time.Clock)
RegistrationResult(com.yubico.webauthn.RegistrationResult)
AttestationConveyancePreference(com.yubico.webauthn.data.AttestationConveyancePreference)
Cache(com.google.common.cache.Cache)
AllArgsConstructor(lombok.AllArgsConstructor)
Collections(java.util.Collections)
YubicoJsonMetadataService(com.yubico.webauthn.attestation.YubicoJsonMetadataService)
CredentialRegistration(demo.webauthn.data.CredentialRegistration)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
RegistrationRequest(demo.webauthn.data.RegistrationRequest)
Example 2 with ResidentKeyRequirement
use of com.yubico.webauthn.data.ResidentKeyRequirement in project cas by apereo.
the class WebAuthnServer method startRegistration.
public Either<String, RegistrationRequest> startRegistration(@NonNull final String username, final Optional<String> displayName, final Optional<String> credentialNickname, final ResidentKeyRequirement residentKeyRequirement, final Optional<ByteArray> sessionToken) throws ExecutionException {
LOGGER.trace("startRegistration username: {}, credentialNickname: {}", username, credentialNickname);
var registrations = userStorage.getRegistrationsByUsername(username);
var existingUser = registrations.stream().findAny().map(CredentialRegistration::getUserIdentity);
val permissionGranted = existingUser.map(userIdentity -> sessions.isSessionForUser(userIdentity.getId(), sessionToken)).orElse(true);
if (permissionGranted) {
var registrationUserId = existingUser.orElseGet(() -> UserIdentity.builder().name(username).displayName(displayName.get()).id(generateRandom(32)).build());
val request = new RegistrationRequest(username, credentialNickname, generateRandom(32), rp.startRegistration(StartRegistrationOptions.builder().user(registrationUserId).authenticatorSelection(AuthenticatorSelectionCriteria.builder().residentKey(residentKeyRequirement).build()).build()), Optional.of(sessions.createSession(registrationUserId.getId())));
registerRequestStorage.put(request.getRequestId(), request);
return Either.right(request);
} else {
return Either.left("The username \"" + username + "\" is already registered.");
}
}
Also used :
lombok.val(lombok.val)
X509Certificate(java.security.cert.X509Certificate)
RandomUtils(org.apereo.cas.util.RandomUtils)
Arrays(java.util.Arrays)
SortedSet(java.util.SortedSet)
AuthenticatorData(com.yubico.webauthn.data.AuthenticatorData)
CredentialRegistration(com.yubico.data.CredentialRegistration)
AuthenticatorSelectionCriteria(com.yubico.webauthn.data.AuthenticatorSelectionCriteria)
JacksonCodecs(com.yubico.internal.util.JacksonCodecs)
Either(com.yubico.util.Either)
FinishRegistrationOptions(com.yubico.webauthn.FinishRegistrationOptions)
SecureRandom(java.security.SecureRandom)
JsonSerializer(com.fasterxml.jackson.databind.JsonSerializer)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
StartAssertionOptions(com.yubico.webauthn.StartAssertionOptions)
AuthenticatorTransport(com.yubico.webauthn.data.AuthenticatorTransport)
AssertionResponse(com.yubico.data.AssertionResponse)
RegistrationFailedException(com.yubico.webauthn.exception.RegistrationFailedException)
NonNull(lombok.NonNull)
Collection(java.util.Collection)
RegistrationRequest(com.yubico.data.RegistrationRequest)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
ResidentKeyRequirement(com.yubico.webauthn.data.ResidentKeyRequirement)
CertificateParser(com.yubico.internal.util.CertificateParser)
AttestationMetadataSource(com.yubico.webauthn.attestation.AttestationMetadataSource)
Optional(java.util.Optional)
ByteArray(com.yubico.webauthn.data.ByteArray)
Setter(lombok.Setter)
JsonGenerator(com.fasterxml.jackson.core.JsonGenerator)
Attestation(com.yubico.webauthn.attestation.Attestation)
TreeSet(java.util.TreeSet)
Value(lombok.Value)
AssertionFailedException(com.yubico.webauthn.exception.AssertionFailedException)
StartRegistrationOptions(com.yubico.webauthn.StartRegistrationOptions)
FinishAssertionOptions(com.yubico.webauthn.FinishAssertionOptions)
JsonSerialize(com.fasterxml.jackson.databind.annotation.JsonSerialize)
RelyingParty(com.yubico.webauthn.RelyingParty)
UserIdentity(com.yubico.webauthn.data.UserIdentity)
SerializerProvider(com.fasterxml.jackson.databind.SerializerProvider)
RegistrationResponse(com.yubico.data.RegistrationResponse)
RegisteredCredential(com.yubico.webauthn.RegisteredCredential)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
lombok.val(lombok.val)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
ExecutionException(java.util.concurrent.ExecutionException)
Clock(java.time.Clock)
RegistrationResult(com.yubico.webauthn.RegistrationResult)
Cache(com.google.common.cache.Cache)
AllArgsConstructor(lombok.AllArgsConstructor)
Collections(java.util.Collections)
AssertionRequestWrapper(com.yubico.data.AssertionRequestWrapper)
CredentialRegistration(com.yubico.data.CredentialRegistration)
RegistrationRequest(com.yubico.data.RegistrationRequest)
Aggregations
JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)2
JsonNode (com.fasterxml.jackson.databind.JsonNode)2
JsonSerializer (com.fasterxml.jackson.databind.JsonSerializer)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
SerializerProvider (com.fasterxml.jackson.databind.SerializerProvider)2
JsonSerialize (com.fasterxml.jackson.databind.annotation.JsonSerialize)2
Cache (com.google.common.cache.Cache)2
CertificateParser (com.yubico.internal.util.CertificateParser)2
JacksonCodecs (com.yubico.internal.util.JacksonCodecs)2
Either (com.yubico.util.Either)2
FinishAssertionOptions (com.yubico.webauthn.FinishAssertionOptions)2
FinishRegistrationOptions (com.yubico.webauthn.FinishRegistrationOptions)2
RegisteredCredential (com.yubico.webauthn.RegisteredCredential)2
RegistrationResult (com.yubico.webauthn.RegistrationResult)2
RelyingParty (com.yubico.webauthn.RelyingParty)2
StartAssertionOptions (com.yubico.webauthn.StartAssertionOptions)2
StartRegistrationOptions (com.yubico.webauthn.StartRegistrationOptions)2
Attestation (com.yubico.webauthn.attestation.Attestation)2
AuthenticatorData (com.yubico.webauthn.data.AuthenticatorData)2
AuthenticatorSelectionCriteria (com.yubico.webauthn.data.AuthenticatorSelectionCriteria)2
