use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method assertRegisteredCredentials.
private void assertRegisteredCredentials(String userId, String aaguid, String attestationStatementFormat) {
List<CredentialRepresentation> credentials = getCredentials(userId);
credentials.forEach(i -> {
if (WebAuthnCredentialModel.TYPE_TWOFACTOR.equals(i.getType())) {
try {
WebAuthnCredentialData data = JsonSerialization.readValue(i.getCredentialData(), WebAuthnCredentialData.class);
assertThat(data.getAaguid(), is(aaguid));
assertThat(data.getAttestationStatementFormat(), is(attestationStatementFormat));
} catch (IOException e) {
Assert.fail();
}
}
});
}
use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.
the class WebAuthnOtherSettingsTest method defaultValues.
@Test
public void defaultValues() {
registerDefaultUser("webauthn");
WaitUtils.waitForPageToLoad();
appPage.assertCurrent();
final String userId = Optional.ofNullable(userResource().toRepresentation()).map(UserRepresentation::getId).orElse(null);
assertThat(userId, notNullValue());
events.expectRequiredAction(EventType.CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, isPasswordless() ? WebAuthnPasswordlessRegisterFactory.PROVIDER_ID : WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, "webauthn").detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, ALL_ZERO_AAGUID).assertEvent();
final String credentialType = getCredentialType();
// Soft token in Firefox does not increment counter
long credentialCount = isDriverFirefox(driver) ? 0 : 1L;
getTestingClient().server(TEST_REALM_NAME).run(session -> {
final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
assertThat(dataWrapper, notNullValue());
final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
assertThat(data, notNullValue());
assertThat(data.getCredentialId(), notNullValue());
assertThat(data.getAaguid(), is(ALL_ZERO_AAGUID));
assertThat(data.getAttestationStatement(), nullValue());
assertThat(data.getCredentialPublicKey(), notNullValue());
assertThat(data.getCounter(), is(credentialCount));
assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
final COSEKey pubKey = dataWrapper.getKey();
assertThat(pubKey, notNullValue());
assertThat(pubKey.getAlgorithm(), notNullValue());
assertThat(pubKey.getAlgorithm().getValue(), is(COSEAlgorithmIdentifier.ES256.getValue()));
assertThat(pubKey.getKeyType(), is(COSEKeyType.EC2));
assertThat(pubKey.hasPublicKey(), is(true));
});
}
use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.
the class WebAuthnCredentialProvider method getCredentialInputFromCredentialModel.
/**
* Convert WebAuthnCredentialModel, which was usually retrieved from DB, to the CredentialInput, which contains data in the webauthn4j specific format
*/
private WebAuthnCredentialModelInput getCredentialInputFromCredentialModel(CredentialModel credential) {
WebAuthnCredentialModel webAuthnCredential = getCredentialFromModel(credential);
WebAuthnCredentialData credData = webAuthnCredential.getWebAuthnCredentialData();
WebAuthnCredentialModelInput auth = new WebAuthnCredentialModelInput(getType());
byte[] credentialId = null;
try {
credentialId = Base64.decode(credData.getCredentialId());
} catch (IOException ioe) {
// NOP
}
AAGUID aaguid = new AAGUID(credData.getAaguid());
COSEKey pubKey = credentialPublicKeyConverter.convertToEntityAttribute(credData.getCredentialPublicKey());
AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
auth.setAttestedCredentialData(attrCredData);
long count = credData.getCounter();
auth.setCount(count);
auth.setCredentialDBId(credential.getId());
auth.setAttestationStatementFormat(credData.getAttestationStatementFormat());
return auth;
}
use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.
the class AttestationConveyanceRegisterTest method attestationDefaultValue.
@Test
public void attestationDefaultValue() {
WebAuthnRealmData realmData = new WebAuthnRealmData(testRealm().toRepresentation(), isPasswordless());
assertThat(realmData.getAttestationConveyancePreference(), is(DEFAULT_WEBAUTHN_POLICY_NOT_SPECIFIED));
registerDefaultUser();
displayErrorMessageIfPresent();
final String credentialType = getCredentialType();
getTestingClient().server(TEST_REALM_NAME).run(session -> {
final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
assertThat(dataWrapper, notNullValue());
final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
assertThat(data, notNullValue());
assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
});
}
use of org.keycloak.models.credential.dto.WebAuthnCredentialData in project keycloak by keycloak.
the class AttestationConveyanceRegisterTest method assertAttestationConveyance.
protected void assertAttestationConveyance(boolean shouldSuccess, AttestationConveyancePreference attestation) {
Credential credential = getDefaultResidentKeyCredential();
getVirtualAuthManager().useAuthenticator(getDefaultAuthenticatorOptions().setHasResidentKey(true));
getVirtualAuthManager().getCurrent().getAuthenticator().addCredential(credential);
try (AbstractWebAuthnRealmUpdater updater = getWebAuthnRealmUpdater().setWebAuthnPolicyAttestationConveyancePreference(attestation.getValue()).update()) {
WebAuthnRealmData realmData = new WebAuthnRealmData(testRealm().toRepresentation(), isPasswordless());
assertThat(realmData.getAttestationConveyancePreference(), is(attestation.getValue()));
registerDefaultUser(shouldSuccess);
displayErrorMessageIfPresent();
final boolean isErrorCurrent = webAuthnErrorPage.isCurrent();
assertThat(isErrorCurrent, is(!shouldSuccess));
final String credentialType = getCredentialType();
getTestingClient().server(TEST_REALM_NAME).run(session -> {
final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
assertThat(dataWrapper, notNullValue());
final WebAuthnCredentialData data = dataWrapper.getWebAuthnData();
assertThat(data, notNullValue());
assertThat(data.getAttestationStatementFormat(), is(attestation.getValue()));
});
} catch (IOException e) {
throw new RuntimeException(e);
}
}
Aggregations