Search in sources :

Example 1 with WebAuthnCredentialData

use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.

the class WebAuthnRegisterAndLoginTest method assertRegisteredCredentials.

private void assertRegisteredCredentials(String userId, String aaguid, String attestationStatementFormat) {
    List<CredentialRepresentation> credentials = getCredentials(userId);
    credentials.forEach(i -> {
        if (WebAuthnCredentialModel.TYPE_TWOFACTOR.equals(i.getType())) {
            try {
                WebAuthnCredentialData data = JsonSerialization.readValue(i.getCredentialData(), WebAuthnCredentialData.class);
                assertThat(data.getAaguid(), is(aaguid));
                assertThat(data.getAttestationStatementFormat(), is(attestationStatementFormat));
            } catch (IOException e) {
                Assert.fail();
            }
        }
    });
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) WebAuthnCredentialData(org.keycloak.models.credential.dto.WebAuthnCredentialData) IOException(java.io.IOException)

Example 2 with WebAuthnCredentialData

use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.

the class WebAuthnOtherSettingsTest method defaultValues.

@Test
public void defaultValues() {
    registerDefaultUser("webauthn");
    WaitUtils.waitForPageToLoad();
    appPage.assertCurrent();
    final String userId = Optional.ofNullable(userResource().toRepresentation()).map(UserRepresentation::getId).orElse(null);
    assertThat(userId, notNullValue());
    events.expectRequiredAction(EventType.CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, isPasswordless() ? WebAuthnPasswordlessRegisterFactory.PROVIDER_ID : WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, "webauthn").detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, ALL_ZERO_AAGUID).assertEvent();
    final String credentialType = getCredentialType();
    // Soft token in Firefox does not increment counter
    long credentialCount = isDriverFirefox(driver) ? 0 : 1L;
    getTestingClient().server(TEST_REALM_NAME).run(session -> {
        final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
        assertThat(dataWrapper, notNullValue());
        final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
        assertThat(data, notNullValue());
        assertThat(data.getCredentialId(), notNullValue());
        assertThat(data.getAaguid(), is(ALL_ZERO_AAGUID));
        assertThat(data.getAttestationStatement(), nullValue());
        assertThat(data.getCredentialPublicKey(), notNullValue());
        assertThat(data.getCounter(), is(credentialCount));
        assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
        final COSEKey pubKey = dataWrapper.getKey();
        assertThat(pubKey, notNullValue());
        assertThat(pubKey.getAlgorithm(), notNullValue());
        assertThat(pubKey.getAlgorithm().getValue(), is(COSEAlgorithmIdentifier.ES256.getValue()));
        assertThat(pubKey.getKeyType(), is(COSEKeyType.EC2));
        assertThat(pubKey.hasPublicKey(), is(true));
    });
}
Also used : WebAuthnDataWrapper(org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper) WebAuthnCredentialData(org.keycloak.models.credential.dto.WebAuthnCredentialData) COSEKey(com.webauthn4j.data.attestation.authenticator.COSEKey) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) AbstractWebAuthnVirtualTest(org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest) Test(org.junit.Test)

Example 3 with WebAuthnCredentialData

use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.

the class WebAuthnCredentialProvider method getCredentialInputFromCredentialModel.

/**
 * Convert WebAuthnCredentialModel, which was usually retrieved from DB, to the CredentialInput, which contains data in the webauthn4j specific format
 */
private WebAuthnCredentialModelInput getCredentialInputFromCredentialModel(CredentialModel credential) {
    WebAuthnCredentialModel webAuthnCredential = getCredentialFromModel(credential);
    WebAuthnCredentialData credData = webAuthnCredential.getWebAuthnCredentialData();
    WebAuthnCredentialModelInput auth = new WebAuthnCredentialModelInput(getType());
    byte[] credentialId = null;
    try {
        credentialId = Base64.decode(credData.getCredentialId());
    } catch (IOException ioe) {
    // NOP
    }
    AAGUID aaguid = new AAGUID(credData.getAaguid());
    COSEKey pubKey = credentialPublicKeyConverter.convertToEntityAttribute(credData.getCredentialPublicKey());
    AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
    auth.setAttestedCredentialData(attrCredData);
    long count = credData.getCounter();
    auth.setCount(count);
    auth.setCredentialDBId(credential.getId());
    auth.setAttestationStatementFormat(credData.getAttestationStatementFormat());
    return auth;
}
Also used : AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData) WebAuthnCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel) WebAuthnCredentialData(org.keycloak.models.credential.dto.WebAuthnCredentialData) COSEKey(com.webauthn4j.data.attestation.authenticator.COSEKey) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) IOException(java.io.IOException)

Example 4 with WebAuthnCredentialData

use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.

the class AttestationConveyanceRegisterTest method attestationDefaultValue.

@Test
public void attestationDefaultValue() {
    WebAuthnRealmData realmData = new WebAuthnRealmData(testRealm().toRepresentation(), isPasswordless());
    assertThat(realmData.getAttestationConveyancePreference(), is(DEFAULT_WEBAUTHN_POLICY_NOT_SPECIFIED));
    registerDefaultUser();
    displayErrorMessageIfPresent();
    final String credentialType = getCredentialType();
    getTestingClient().server(TEST_REALM_NAME).run(session -> {
        final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
        assertThat(dataWrapper, notNullValue());
        final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
        assertThat(data, notNullValue());
        assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
    });
}
Also used : WebAuthnDataWrapper(org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper) WebAuthnCredentialData(org.keycloak.models.credential.dto.WebAuthnCredentialData) WebAuthnRealmData(org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData) Test(org.junit.Test) AbstractWebAuthnVirtualTest(org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest)

Example 5 with WebAuthnCredentialData

use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.

the class AttestationConveyanceRegisterTest method assertAttestationConveyance.

protected void assertAttestationConveyance(boolean shouldSuccess, AttestationConveyancePreference attestation) {
    Credential credential = getDefaultResidentKeyCredential();
    getVirtualAuthManager().useAuthenticator(getDefaultAuthenticatorOptions().setHasResidentKey(true));
    getVirtualAuthManager().getCurrent().getAuthenticator().addCredential(credential);
    try (AbstractWebAuthnRealmUpdater updater = getWebAuthnRealmUpdater().setWebAuthnPolicyAttestationConveyancePreference(attestation.getValue()).update()) {
        WebAuthnRealmData realmData = new WebAuthnRealmData(testRealm().toRepresentation(), isPasswordless());
        assertThat(realmData.getAttestationConveyancePreference(), is(attestation.getValue()));
        registerDefaultUser(shouldSuccess);
        displayErrorMessageIfPresent();
        final boolean isErrorCurrent = webAuthnErrorPage.isCurrent();
        assertThat(isErrorCurrent, is(!shouldSuccess));
        final String credentialType = getCredentialType();
        getTestingClient().server(TEST_REALM_NAME).run(session -> {
            final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
            assertThat(dataWrapper, notNullValue());
            final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
            assertThat(data, notNullValue());
            assertThat(data.getAttestationStatementFormat(), is(attestation.getValue()));
        });
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
}
Also used : WebAuthnDataWrapper(org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper) Credential(org.openqa.selenium.virtualauthenticator.Credential) WebAuthnCredentialData(org.keycloak.models.credential.dto.WebAuthnCredentialData) AbstractWebAuthnRealmUpdater(org.keycloak.testsuite.webauthn.updaters.AbstractWebAuthnRealmUpdater) IOException(java.io.IOException) WebAuthnRealmData(org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData)

Aggregations

WebAuthnCredentialData (org.keycloak.models.credential.dto.WebAuthnCredentialData)8 IOException (java.io.IOException)5 WebAuthnDataWrapper (org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper)4 COSEKey (com.webauthn4j.data.attestation.authenticator.COSEKey)3 WebAuthnRealmData (org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData)3 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)2 Test (org.junit.Test)2 WebAuthnSecretData (org.keycloak.models.credential.dto.WebAuthnSecretData)2 AbstractWebAuthnVirtualTest (org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest)2 AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)1 AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)1 Closeable (java.io.Closeable)1 WebAuthnCredentialModel (org.keycloak.models.credential.WebAuthnCredentialModel)1 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)1 AbstractWebAuthnRealmUpdater (org.keycloak.testsuite.webauthn.updaters.AbstractWebAuthnRealmUpdater)1 Credential (org.openqa.selenium.virtualauthenticator.Credential)1