Examples with ClientData org.gluu.oxauth.model.fido.u2f.protocol.ClientData used on opensource projects

Search in sources :

Example 1 with ClientData

use of org.gluu.oxauth.model.fido.u2f.protocol.ClientData in project oxAuth by GluuFederation.

the class RawAuthenticationServiceUnitTest method checkClientDataSignatureVerification.

@Test
public void checkClientDataSignatureVerification() throws DecoderException, SignatureException {
    SecurityProviderUtility.installBCProvider();
    String clientDataHex = "65794a30655841694f694a7559585a705a32463062334975615751755a32563051584e7a5a584a306157397549697769593268686247786c626d646c496a6f694f5659354c56685652475a724e6c64305a453147624459314e3235504e6e4e4756465656635538785157567661465254574842315254647559794973496d39796157647062694936496d68306448427a4f6c7776584339686247786f5957356b637a517a4c6d64736458557562334a6e584339705a47567564476c30655677765958563061474e765a47557561485274496e30";
    byte[] clientData = Hex.decodeHex(clientDataHex);
    String authResponseDataHex = "415141414141677752674968414c4f4f62544e55506677772d643669776c6a6132636f714134473561374f4156534e744b4462513034717341694541684a734542745072494a49766436636e595351454842415549723644395839794e70636c6166544c797749";
    byte[] authResponseData = Hex.decodeHex(authResponseDataHex);
    String publicKeyHex = "04e9a52ef1136d1eee973c700bd86e1dd314dc04373d47f1219d1f8c286c9f30311fdbb158eaceac60e3a7a0298c94269878c5ec6853004182e126cdb72254edc2";
    byte[] publicKey = Hex.decodeHex(publicKeyHex);
    ClientData clientDataObj = new ClientData(new String(clientData));
    RawAuthenticateResponse rawAuthenticateResponse = new RawAuthenticationService().parseRawAuthenticateResponse(new String(authResponseData));
    SignatureVerification signatureVerification = new SHA256withECDSASignatureVerification();
    String appId = "https://allhands43.gluu.org/identity/authcode.htm";
    byte[] signedBytes = packBytesToSign(signatureVerification.hash(appId), rawAuthenticateResponse.getUserPresence(), rawAuthenticateResponse.getCounter(), signatureVerification.hash(clientDataObj.getRawClientData()));
    boolean isValid = signatureVerification.checkSignature(signatureVerification.decodePublicKey(publicKey), signedBytes, rawAuthenticateResponse.getSignature());
    assertTrue(isValid);
}
Also used : ClientData(org.gluu.oxauth.model.fido.u2f.protocol.ClientData) SignatureVerification(org.gluu.oxauth.crypto.signature.SignatureVerification) SHA256withECDSASignatureVerification(org.gluu.oxauth.crypto.signature.SHA256withECDSASignatureVerification) RawAuthenticateResponse(org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse) SHA256withECDSASignatureVerification(org.gluu.oxauth.crypto.signature.SHA256withECDSASignatureVerification) Test(org.testng.annotations.Test)

Example 2 with ClientData

use of org.gluu.oxauth.model.fido.u2f.protocol.ClientData in project oxAuth by GluuFederation.

the class AuthenticationService method finishAuthentication.

public DeviceRegistrationResult finishAuthentication(AuthenticateRequestMessage requestMessage, AuthenticateResponse response, String userInum, Set<String> facets) throws BadInputException, DeviceCompromisedException {
    List<DeviceRegistration> deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, requestMessage.getAppId());
    final AuthenticateRequest request = getAuthenticateRequest(requestMessage, response);
    DeviceRegistration usedDeviceRegistration = null;
    for (DeviceRegistration deviceRegistration : deviceRegistrations) {
        if (StringHelper.equals(request.getKeyHandle(), deviceRegistration.getKeyHandle())) {
            usedDeviceRegistration = deviceRegistration;
            break;
        }
    }
    if (usedDeviceRegistration == null) {
        throw new BadInputException("Failed to find DeviceRegistration for the given AuthenticateRequest");
    }
    if (usedDeviceRegistration.isCompromised()) {
        throw new DeviceCompromisedException(usedDeviceRegistration, "The device is marked as possibly compromised, and cannot be authenticated");
    }
    ClientData clientData = response.getClientData();
    log.debug("Client data HEX '{}'", Hex.encodeHexString(response.getClientDataRaw().getBytes()));
    log.debug("Signature data HEX '{}'", Hex.encodeHexString(response.getSignatureData().getBytes()));
    clientDataValidationService.checkContent(clientData, RawAuthenticationService.SUPPORTED_AUTHENTICATE_TYPES, request.getChallenge(), facets);
    RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(response.getSignatureData());
    rawAuthenticationService.checkSignature(request.getAppId(), clientData, rawAuthenticateResponse, Base64Util.base64urldecode(usedDeviceRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
    rawAuthenticateResponse.checkUserPresence();
    log.debug("Counter in finish authentication request'{}', countr in database '{}'", rawAuthenticateResponse.getCounter(), usedDeviceRegistration.getCounter());
    usedDeviceRegistration.checkAndUpdateCounter(rawAuthenticateResponse.getCounter());
    usedDeviceRegistration.setLastAccessTime(new Date());
    deviceRegistrationService.updateDeviceRegistration(userInum, usedDeviceRegistration);
    DeviceRegistrationResult.Status status = DeviceRegistrationResult.Status.APPROVED;
    boolean approved = StringHelper.equals(RawAuthenticationService.AUTHENTICATE_GET_TYPE, clientData.getTyp());
    if (!approved) {
        status = DeviceRegistrationResult.Status.CANCELED;
        log.debug("Authentication request with keyHandle '{}' was canceled", response.getKeyHandle());
    }
    return new DeviceRegistrationResult(usedDeviceRegistration, status);
}
Also used : AuthenticateRequest(org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest) BadInputException(org.gluu.oxauth.model.fido.u2f.exception.BadInputException) ClientData(org.gluu.oxauth.model.fido.u2f.protocol.ClientData) DeviceRegistration(org.gluu.oxauth.model.fido.u2f.DeviceRegistration) DeviceCompromisedException(org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException) DeviceRegistrationResult(org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult) RawAuthenticateResponse(org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse) Date(java.util.Date)

Aggregations

RawAuthenticateResponse (org.gluu.oxauth.model.fido.u2f.message.RawAuthenticateResponse)2 ClientData (org.gluu.oxauth.model.fido.u2f.protocol.ClientData)2 Date (java.util.Date)1 SHA256withECDSASignatureVerification (org.gluu.oxauth.crypto.signature.SHA256withECDSASignatureVerification)1 SignatureVerification (org.gluu.oxauth.crypto.signature.SignatureVerification)1 DeviceCompromisedException (org.gluu.oxauth.exception.fido.u2f.DeviceCompromisedException)1 DeviceRegistration (org.gluu.oxauth.model.fido.u2f.DeviceRegistration)1 DeviceRegistrationResult (org.gluu.oxauth.model.fido.u2f.DeviceRegistrationResult)1 BadInputException (org.gluu.oxauth.model.fido.u2f.exception.BadInputException)1 AuthenticateRequest (org.gluu.oxauth.model.fido.u2f.protocol.AuthenticateRequest)1 Test (org.testng.annotations.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial