use of org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse in project oxAuth by GluuFederation.
the class RawAuthenticationServiceTest method testSecureClickRawAuthenticationResponse.
@Test
public void testSecureClickRawAuthenticationResponse() {
String secureClickResponseHex = "01010000 001a3044 0220652a 4248527f 805a6203 a903e820 20d9d871 3966614b f41b93c9 02c83a9f c56f0220 230283f9 8305f889 d379278b 5fde2e2f d3e68182 08dfff75 3e218b74 a6e56306";
byte[] secureClickResponseBytes = Hex.decode(secureClickResponseHex);
// Base64 URL encode to allow consume by API
String u2fResponseBase64 = Base64Util.base64urlencode(secureClickResponseBytes);
RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(u2fResponseBase64);
assertNotNull(rawAuthenticateResponse);
}
use of org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse in project oxAuth by GluuFederation.
the class RawAuthenticationServiceUnitTest method checkClientDataSignatureVerification.
@Test
public void checkClientDataSignatureVerification() throws DecoderException, SignatureException {
SecurityProviderUtility.installBCProvider();
String clientDataHex = "65794a30655841694f694a7559585a705a32463062334975615751755a32563051584e7a5a584a306157397549697769593268686247786c626d646c496a6f694f5659354c56685652475a724e6c64305a453147624459314e3235504e6e4e4756465656635538785157567661465254574842315254647559794973496d39796157647062694936496d68306448427a4f6c7776584339686247786f5957356b637a517a4c6d64736458557562334a6e584339705a47567564476c30655677765958563061474e765a47557561485274496e30";
byte[] clientData = Hex.decodeHex(clientDataHex);
String authResponseDataHex = "415141414141677752674968414c4f4f62544e55506677772d643669776c6a6132636f714134473561374f4156534e744b4462513034717341694541684a734542745072494a49766436636e595351454842415549723644395839794e70636c6166544c797749";
byte[] authResponseData = Hex.decodeHex(authResponseDataHex);
String publicKeyHex = "04e9a52ef1136d1eee973c700bd86e1dd314dc04373d47f1219d1f8c286c9f30311fdbb158eaceac60e3a7a0298c94269878c5ec6853004182e126cdb72254edc2";
byte[] publicKey = Hex.decodeHex(publicKeyHex);
ClientData clientDataObj = new ClientData(new String(clientData));
RawAuthenticateResponse rawAuthenticateResponse = new RawAuthenticationService().parseRawAuthenticateResponse(new String(authResponseData));
SignatureVerification signatureVerification = new SHA256withECDSASignatureVerification();
String appId = "https://allhands43.gluu.org/identity/authcode.htm";
byte[] signedBytes = packBytesToSign(signatureVerification.hash(appId), rawAuthenticateResponse.getUserPresence(), rawAuthenticateResponse.getCounter(), signatureVerification.hash(clientDataObj.getRawClientData()));
boolean isValid = signatureVerification.checkSignature(signatureVerification.decodePublicKey(publicKey), signedBytes, rawAuthenticateResponse.getSignature());
assertTrue(isValid);
}
use of org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse in project oxAuth by GluuFederation.
the class AuthenticationService method finishAuthentication.
public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage requestMessage, AuthenticateResponse response, String userInum, Set<String> facets) throws BadInputException, DeviceCompromisedException {
List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, requestMessage.getAppId());
final AuthenticateRequest request = getAuthenticateRequest(requestMessage, response);
DeviceRegistration usedDeviceRegistration = null;
for (DeviceRegistration deviceRegistration : deviceRegistrations) {
if (StringHelper.equals(request.getKeyHandle(), deviceRegistration.getKeyHandle())) {
usedDeviceRegistration = deviceRegistration;
break;
}
}
if (usedDeviceRegistration == null) {
throw new BadInputException("Failed to find DeviceRegistration for the given AuthenticateRequest");
}
if (usedDeviceRegistration.isCompromised()) {
throw new DeviceCompromisedException(usedDeviceRegistration, "The device is marked as possibly compromised, and cannot be authenticated");
}
ClientData clientData = response.getClientData();
log.debug("Client data HEX '{}'", Hex.encodeHexString(response.getClientDataRaw().getBytes()));
log.debug("Signature data HEX '{}'", Hex.encodeHexString(response.getSignatureData().getBytes()));
clientDataValidationService.checkContent(clientData, RawAuthenticationService.SUPPORTED_AUTHENTICATE_TYPES, request.getChallenge(), facets);
RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(response.getSignatureData());
rawAuthenticationService.checkSignature(request.getAppId(), clientData, rawAuthenticateResponse, Base64Util.base64urldecode(usedDeviceRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
rawAuthenticateResponse.checkUserPresence();
log.debug("Counter in finish authentication request'{}', countr in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
usedDeviceRegistration.setLastAccessTime(new Date());
deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
DeviceRegistrationResult.Status status = DeviceRegistrationResult.Status.APPROVED;
boolean approved = StringHelper.equals(RawAuthenticationService.AUTHENTICATE_GET_TYPE, clientData.getTyp());
if (!approved) {
status = DeviceRegistrationResult.Status.CANCELED;
log.debug("Authentication request with keyHandle '{}' was canceled", response.getKeyHandle());
}
return new DeviceRegistrationResult(usedDeviceRegistration, status);
}
Aggregations