com.webauthn4j.data.attestation.authenticator.AttestedCredentialData Java Examples
The following examples show how to use
com.webauthn4j.data.attestation.authenticator.AttestedCredentialData.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: BeanAssertUtil.java From webauthn4j with Apache License 2.0 | 6 votes |
|
public static void validate(AttestedCredentialData attestedCredentialData) {
if (attestedCredentialData == null) {
throw new ConstraintViolationException("attestedCredentialData must not be null");
}
AAGUID aaguid = attestedCredentialData.getAaguid();
if (aaguid == null) {
throw new ConstraintViolationException("aaguid must not be null");
}
if (attestedCredentialData.getCredentialId() == null) {
throw new ConstraintViolationException("credentialId must not be null");
}
COSEKey coseKey = attestedCredentialData.getCOSEKey();
validate(coseKey);
}
Example #2
| Source File: WebAuthnCredentialProvider.java From keycloak-webauthn-authenticator with Apache License 2.0 | 6 votes |
|
private void dumpWebAuthnCredentialModel(WebAuthnCredentialModel auth) {
logger.debugv(" Context Credential Info::");
String id = auth.getAuthenticatorId();
AttestationStatement attrStatement = auth.getAttestationStatement();
AttestedCredentialData attrCredData = auth.getAttestedCredentialData();
WebAuthnAuthenticationContext context = auth.getAuthenticationContext();
if (id != null)
logger.debugv(" Authenticator Id = {0}", id);
if (attrStatement != null)
logger.debugv(" Attestation Statement Format = {0}", attrStatement.getFormat());
if (attrCredData != null) {
CredentialPublicKey credPubKey = attrCredData.getCredentialPublicKey();
byte[] keyId = credPubKey.getKeyId();
logger.debugv(" AAGUID = {0}", attrCredData.getAaguid().toString());
logger.debugv(" CREDENTIAL_ID = {0}", Base64.encodeBytes(attrCredData.getCredentialId()));
if (keyId != null)
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_id = {0}", Base64.encodeBytes(keyId));
logger.debugv(" CREDENTIAL_PUBLIC_KEY.algorithm = {0}", credPubKey.getAlgorithm().name());
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_type = {0}", credPubKey.getKeyType().name());
}
if (context != null) {
// only set on Authentication
logger.debugv(" Credential Id = {0}", Base64.encodeBytes(context.getCredentialId()));
}
}
Example #3
| Source File: BeanAssertUtil.java From webauthn4j with Apache License 2.0 | 6 votes |
|
public static <T extends ExtensionAuthenticatorOutput<?>> void validate(AuthenticatorData<T> authenticatorData) {
if (authenticatorData == null) {
throw new ConstraintViolationException("authenticatorData must not be null");
}
// attestedCredentialData may be null
AttestedCredentialData attestedCredentialData = authenticatorData.getAttestedCredentialData();
if (attestedCredentialData != null) {
validate(attestedCredentialData);
}
byte[] rpIdHash = authenticatorData.getRpIdHash();
if (rpIdHash == null) {
throw new ConstraintViolationException("rpIdHash must not be null");
}
if (rpIdHash.length != 32) {
throw new ConstraintViolationException("rpIdHash must be 32 bytes length");
}
long signCount = authenticatorData.getSignCount();
if (signCount < 0 || signCount > UnsignedNumberUtil.UNSIGNED_INT_MAX) {
throw new ConstraintViolationException("signCount must be unsigned int");
}
AuthenticationExtensionsAuthenticatorOutputs<T> extensions = authenticatorData.getExtensions();
validateAuthenticatorExtensionsOutputs(extensions);
}
Example #4
| Source File: AuthenticatorImplTest.java From webauthn4j with Apache License 2.0 | 6 votes |
|
@Test
void getter_setter_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
AuthenticatorImpl authenticator = new AuthenticatorImpl(null, null, 0);
HashMap<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions = new HashMap<>();
HashMap<String, RegistrationExtensionClientOutput<?>> clientExtensions = new HashMap<>();
Set<AuthenticatorTransport> transports = Collections.singleton(AuthenticatorTransport.USB);
authenticator.setAttestedCredentialData(attestedCredentialData);
authenticator.setAttestationStatement(attestationStatement);
authenticator.setTransports(transports);
authenticator.setCounter(1);
authenticator.setAuthenticatorExtensions(authenticatorExtensions);
authenticator.setClientExtensions(clientExtensions);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getTransports()).isEqualTo(transports),
() -> assertThat(authenticator.getCounter()).isEqualTo(1),
() -> assertThat(authenticator.getAuthenticatorExtensions()).isEqualTo(authenticatorExtensions),
() -> assertThat(authenticator.getClientExtensions()).isEqualTo(clientExtensions)
);
}
Example #5
| Source File: AttestedCredentialDataConverter.java From webauthn4j with Apache License 2.0 | 6 votes |
|
public AttestedCredentialData convert(ByteBuffer attestedCredentialData) {
byte[] aaguidBytes = new byte[AAGUID_LENGTH];
attestedCredentialData.get(aaguidBytes, 0, AAGUID_LENGTH);
AAGUID aaguid = new AAGUID(aaguidBytes);
int length = UnsignedNumberUtil.getUnsignedShort(attestedCredentialData);
byte[] credentialId = new byte[length];
attestedCredentialData.get(credentialId, 0, length);
byte[] remaining = new byte[attestedCredentialData.remaining()];
attestedCredentialData.get(remaining);
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(remaining);
COSEKeyEnvelope coseKeyEnvelope = convertToCredentialPublicKey(byteArrayInputStream);
COSEKey coseKey = coseKeyEnvelope.getCOSEKey();
AttestedCredentialData result = new AttestedCredentialData(aaguid, credentialId, coseKey);
int extensionsBufferLength = remaining.length - coseKeyEnvelope.getLength();
attestedCredentialData.position(attestedCredentialData.position() - extensionsBufferLength);
return result;
}
Example #6
| Source File: AttestedCredentialDataConverter.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public byte[] convert(AttestedCredentialData attestationData) {
try {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
byteArrayOutputStream.write(attestationData.getAaguid().getBytes());
byteArrayOutputStream.write(UnsignedNumberUtil.toBytes(attestationData.getCredentialId().length));
byteArrayOutputStream.write(attestationData.getCredentialId());
byteArrayOutputStream.write(convert(attestationData.getCOSEKey()));
return byteArrayOutputStream.toByteArray();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Example #7
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports,
Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
Example #8
| Source File: AttestedCredentialDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void convert_test() {
//Given
//noinspection SpellCheckingInspection
String input = "VQ5LVKpHQJ-alRq3bBMBMQAgcSLOLIaiEIVRz-EklkZ21K71OGcRvvgro1kLdT4pvCClAQIDJiABIVggLDjE-Yci-q4NHPYpTPLJCVkWFkxuL6Zz9jKUvWjnmM8iWCAZAjkRJgA59HxAzqq5NBKjKGNkRPzToDfI6gJR7YBYkQ";
//When
AttestedCredentialData attestedCredentialData = target.convert(Base64UrlUtil.decode(input));
assertThat(attestedCredentialData.getAaguid().getBytes()).isEqualTo(Base64UrlUtil.decode("VQ5LVKpHQJ-alRq3bBMBMQ"));
assertThat(attestedCredentialData.getCredentialId()).isEqualTo(Base64UrlUtil.decode("cSLOLIaiEIVRz-EklkZ21K71OGcRvvgro1kLdT4pvCA"));
}
Example #9
| Source File: AuthenticatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public TestAuthenticator(
@JsonProperty("attestedCredentialData") AttestedCredentialData attestedCredentialData,
@JsonProperty("attestationStatement") AttestationStatement attestationStatement,
@JsonProperty("counter") long counter,
@JsonProperty("transports") Set<AuthenticatorTransport> transports,
@JsonProperty("clientExtensions") Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
@JsonProperty("authenticatorExtensions") Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
Example #10
| Source File: AuthenticatorDataConverter.java From webauthn4j with Apache License 2.0 | 5 votes |
|
/**
* Converts from a byte array to {@link AuthenticatorData}.
*
* @param <T> ExtensionAuthenticatorOutput
* @param source the source byte array to convert
* @return the converted object
*/
public <T extends ExtensionAuthenticatorOutput<?>> AuthenticatorData<T> convert(byte[] source) {
try {
ByteBuffer byteBuffer = ByteBuffer.wrap(source);
byte[] rpIdHash = new byte[RPID_HASH_LENGTH];
byteBuffer.get(rpIdHash, 0, RPID_HASH_LENGTH);
byte flags = byteBuffer.get();
long counter = UnsignedNumberUtil.getUnsignedInt(byteBuffer);
AttestedCredentialData attestationData;
AuthenticationExtensionsAuthenticatorOutputs<T> extensions;
if (AuthenticatorData.checkFlagAT(flags)) {
attestationData = attestedCredentialDataConverter.convert(byteBuffer);
} else {
attestationData = null;
}
if (AuthenticatorData.checkFlagED(flags)) {
extensions = convertToExtensions(byteBuffer);
} else {
extensions = new AuthenticationExtensionsAuthenticatorOutputs<>();
}
if (byteBuffer.hasRemaining()) {
throw new DataConversionException("provided data does not have proper byte layout");
}
return new AuthenticatorData<>(rpIdHash, flags, counter, attestationData, extensions);
} catch (BufferUnderflowException e) {
throw new DataConversionException("provided data does not have proper byte layout", e);
}
}
Example #11
| Source File: FIDOU2FAuthenticatorAdaptor.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Override
public CredentialCreationResponse register(
PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions,
CollectedClientData collectedClientData,
RegistrationEmulationOption registrationEmulationOption,
AttestationOption attestationOption
) {
String rpId = publicKeyCredentialCreationOptions.getRp().getId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte[] challengeParameter = MessageDigestUtil.createSHA256().digest(collectedClientDataConverter.convertToBytes(collectedClientData));
//noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
RegistrationRequest registrationRequest = new RegistrationRequest(challengeParameter, applicationParameter);
RegistrationResponse registrationResponse = fidoU2FAuthenticator.register(registrationRequest, registrationEmulationOption);
AttestationStatement attestationStatement = new FIDOU2FAttestationStatement(
new AttestationCertificatePath(Collections.singletonList(registrationResponse.getAttestationCertificate())),
registrationResponse.getSignature()
);
EC2COSEKey ec2CredentialPublicKey = EC2COSEKey.createFromUncompressedECCKey(registrationResponse.getUserPublicKey());
AAGUID aaguid = AAGUID.ZERO; // zero-filled 16bytes(128bits) array
AttestedCredentialData attestedCredentialData =
new AttestedCredentialData(aaguid, registrationResponse.getKeyHandle(), ec2CredentialPublicKey);
byte flag = BIT_AT | BIT_UP;
AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> authenticatorData = new AuthenticatorData<>(rpIdHash, flag, 0, attestedCredentialData);
AttestationObject attestationObject = new AttestationObject(authenticatorData, attestationStatement);
return new CredentialCreationResponse(attestationObject);
}
Example #12
| Source File: AuthenticatorImplTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void constructor_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
Authenticator authenticator = TestDataUtil.createAuthenticator(attestedCredentialData, attestationStatement);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getCounter()).isEqualTo(1)
);
}
Example #13
| Source File: WebAuthnRegister.java From keycloak with Apache License 2.0 | 5 votes |
|
private void showInfoAfterWebAuthnApiCreate(RegistrationData response) {
AttestedCredentialData attestedCredentialData = response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData();
AttestationStatement attestationStatement = response.getAttestationObject().getAttestationStatement();
logger.debugv("createad key's algorithm = {0}", String.valueOf(attestedCredentialData.getCOSEKey().getAlgorithm().getValue()));
logger.debugv("aaguid = {0}", attestedCredentialData.getAaguid().toString());
logger.debugv("attestation format = {0}", attestationStatement.getFormat());
}
Example #14
| Source File: WebAuthnCredentialProvider.java From keycloak-webauthn-authenticator with Apache License 2.0 | 5 votes |
|
private List<WebAuthnCredentialModel> getWebAuthnCredentialModelList(RealmModel realm, UserModel user) {
List<WebAuthnCredentialModel> auths = new ArrayList<>();
for (CredentialModel credential : session.userCredentialManager().getStoredCredentialsByType(realm, user, WebAuthnCredentialModel.WEBAUTHN_CREDENTIAL_TYPE)) {
WebAuthnCredentialModel auth = new WebAuthnCredentialModel();
MultivaluedHashMap<String, String> attributes = credential.getConfig();
AttestationStatementConverter attConv = new AttestationStatementConverter();
AttestationStatement attrStatement = attConv.convertToEntityAttribute(attributes.getFirst(ATTESTATION_STATEMENT));
auth.setAttestationStatement(attrStatement);
AAGUID aaguid = new AAGUID(attributes.getFirst(AAGUID));
byte[] credentialId = null;
try {
credentialId = Base64.decode(attributes.getFirst(CREDENTIAL_ID));
} catch (IOException ioe) {
// NOP
}
CredentialPublicKeyConverter credConv = new CredentialPublicKeyConverter();
CredentialPublicKey pubKey = credConv.convertToEntityAttribute(attributes.getFirst(CREDENTIAL_PUBLIC_KEY));
AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
auth.setAttestedCredentialData(attrCredData);
long count = Long.parseLong(credential.getValue());
auth.setCount(count);
auth.setAuthenticatorId(credential.getId());
auths.add(auth);
}
return auths;
}
Example #15
| Source File: WebAuthnCredentialModel.java From keycloak-webauthn-authenticator with Apache License 2.0 | 4 votes |
|
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
Example #16
| Source File: AuthenticatorTest.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
Example #17
| Source File: AuthenticationDataValidatorTest.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Test
void validateAuthenticatorData_with_non_null_AttestedCredentialData(@Mock AuthenticatorData<AuthenticationExtensionAuthenticatorOutput<?>> authenticatorData) {
AttestedCredentialData attestedCredentialData = mock(AttestedCredentialData.class);
when(authenticatorData.getAttestedCredentialData()).thenReturn(attestedCredentialData);
assertThatThrownBy(() -> target.validateAuthenticatorData(authenticatorData)).isInstanceOf(ConstraintViolationException.class);
}
Example #18
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
Example #19
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
Example #20
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter) {
this(attestedCredentialData, attestationStatement, counter, Collections.emptySet());
}
Example #21
| Source File: WebAuthnCredentialModelInput.java From keycloak with Apache License 2.0 | 4 votes |
|
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
Example #22
| Source File: WebAuthnCredentialModelInput.java From keycloak with Apache License 2.0 | 4 votes |
|
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
Example #23
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports) {
this(attestedCredentialData, attestationStatement, counter, transports, new HashMap<>(), new HashMap<>());
}
Example #24
| Source File: AttestedCredentialDataSerializer.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public void serialize(AttestedCredentialData value, JsonGenerator gen, SerializerProvider provider) throws IOException {
gen.writeBinary(attestedCredentialDataConverter.convert(value));
}
Example #25
| Source File: AttestedCredentialDataSerializer.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AttestedCredentialDataSerializer(ObjectConverter objectConverter) {
super(AttestedCredentialData.class);
attestedCredentialDataConverter = new AttestedCredentialDataConverter(objectConverter);
}
Example #26
| Source File: WebAuthnCBORModule.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public WebAuthnCBORModule(ObjectConverter objectConverter) {
super("WebAuthnCBORModule");
this.addDeserializer(AAGUID.class, new AAGUIDDeserializer());
this.addDeserializer(AttestedCredentialData.class, new AttestedCredentialDataDeserializer(objectConverter));
this.addDeserializer(AuthenticationExtensionsAuthenticatorOutputsEnvelope.class, new AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer());
this.addDeserializer(CertPath.class, new CertPathDeserializer());
this.addDeserializer(Challenge.class, new ChallengeDeserializer());
this.addDeserializer(COSEKeyEnvelope.class, new COSEKeyEnvelopeDeserializer());
this.addDeserializer(AuthenticatorData.class, new AuthenticatorDataDeserializer(objectConverter));
this.addDeserializer(ExtensionAuthenticatorOutput.class, new ExtensionAuthenticatorOutputDeserializer());
this.addDeserializer(UnknownExtensionAuthenticatorOutput.class, new UnknownExtensionAuthenticatorOutputDeserializer());
this.addDeserializer(TPMSAttest.class, new TPMSAttestDeserializer());
this.addDeserializer(TPMTPublic.class, new TPMTPublicDeserializer());
this.addDeserializer(X509Certificate.class, new X509CertificateDeserializer());
this.addDeserializer(JWS.class, new JWSDeserializer(objectConverter));
this.addSerializer(new AAGUIDSerializer());
this.addSerializer(new AttestedCredentialDataSerializer(objectConverter));
this.addSerializer(new AuthenticatorDataSerializer(objectConverter));
this.addSerializer(new CertPathSerializer());
this.addSerializer(new ChallengeSerializer());
this.addSerializer(new EC2COSEKeySerializer());
this.addSerializer(new JWSSerializer());
this.addSerializer(new OriginSerializer());
this.addSerializer(new RSACOSEKeySerializer());
this.addSerializer(new TPMSAttestSerializer());
this.addSerializer(new TPMTPublicSerializer());
this.addSerializer(new X509CertificateSerializer());
// attestation statements
this.registerSubtypes(new NamedType(FIDOU2FAttestationStatement.class, FIDOU2FAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(PackedAttestationStatement.class, PackedAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(AndroidKeyAttestationStatement.class, AndroidKeyAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(AndroidSafetyNetAttestationStatement.class, AndroidSafetyNetAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(TPMAttestationStatement.class, TPMAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(NoneAttestationStatement.class, NoneAttestationStatement.FORMAT));
// authenticator extension outputs
}
Example #27
| Source File: AttestedCredentialDataDeserializer.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public AttestedCredentialData deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
byte[] value = p.getBinaryValue();
return attestedCredentialDataConverter.convert(value);
}
Example #28
| Source File: AttestedCredentialDataDeserializer.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AttestedCredentialDataDeserializer(ObjectConverter objectConverter) {
super(AttestedCredentialData.class);
attestedCredentialDataConverter = new AttestedCredentialDataConverter(objectConverter);
}
Example #29
| Source File: AttestedCredentialDataConverter.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AttestedCredentialData convert(byte[] attestedCredentialData) {
return convert(ByteBuffer.wrap(attestedCredentialData));
}
Example #30
| Source File: AuthenticatorEntity.java From webauthn4j-spring-security with Apache License 2.0 | 4 votes |
|
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
