com.webauthn4j.WebAuthnManager Java Examples

The following examples show how to use com.webauthn4j.WebAuthnManager. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebAuthnRegistrationRequestValidator.java    From webauthn4j-spring-security with Apache License 2.0 5 votes vote down vote up 
/**
 * Constructor
 *
 * @param webAuthnManager        validator for {@link WebAuthnManager}
 * @param serverPropertyProvider provider for {@link ServerProperty}
 */
public WebAuthnRegistrationRequestValidator(WebAuthnManager webAuthnManager, ServerPropertyProvider serverPropertyProvider) {

    Assert.notNull(webAuthnManager, "webAuthnManager must not be null");
    Assert.notNull(serverPropertyProvider, "serverPropertyProvider must not be null");

    this.webAuthnManager = webAuthnManager;
    this.serverPropertyProvider = serverPropertyProvider;
}
Example #2
Source File: WebAuthnAuthenticationProvider.java    From webauthn4j-spring-security with Apache License 2.0 5 votes vote down vote up 
public WebAuthnAuthenticationProvider(
        WebAuthnUserDetailsService userDetailsService,
        WebAuthnAuthenticatorService authenticatorService,
        WebAuthnManager webAuthnManager) {

    Assert.notNull(userDetailsService, "userDetailsService must not be null");
    Assert.notNull(authenticatorService, "authenticatorService must not be null");
    Assert.notNull(webAuthnManager, "webAuthnManager must not be null");

    this.userDetailsService = userDetailsService;
    this.authenticatorService = authenticatorService;
    this.webAuthnManager = webAuthnManager;
}
Example #3
Source File: FIDOU2FAuthenticatorRegistrationValidationTest.java    From webauthn4j with Apache License 2.0 5 votes vote down vote up 
@Test
void validate_with_bad_attestationStatement_test() {
    String rpId = "example.com";
    Challenge challenge = new DefaultChallenge();
    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );

    AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    RegistrationRequest registrationRequest
            = new RegistrationRequest(
            authenticatorAttestationResponse.getAttestationObject(),
            authenticatorAttestationResponse.getClientDataJSON(),
            transports
    );
    RegistrationParameters registrationParameters
            = new RegistrationParameters(
            serverProperty,
            false,
            true,
            Collections.emptyList()
    );
    WebAuthnManager target = new WebAuthnManager(
            Collections.singletonList(fidoU2FAttestationStatementValidator),
            new TrustAnchorCertPathTrustworthinessValidator(mock(TrustAnchorsResolver.class)),
            new DefaultSelfAttestationTrustworthinessValidator()
    );

    assertThrows(BadAttestationStatementException.class,
            () -> target.validate(registrationRequest, registrationParameters)
    );
}
Example #4
Source File: WebAuthnManagerSample.java    From webauthn4j with Apache License 2.0 5 votes vote down vote up 
public WebAuthnManagerSample() {
    // WebAuthnManager.createNonStrictWebAuthnManager() returns a WebAuthnManager instance
    // which doesn't validate an attestation statement. It is recommended configuration for most web application.
    // If you are building enterprise web application and need to validate the attestation statement, use the constructor of
    // WebAuthnManager and provide validators you like
    webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();
}
Example #5
Source File: WebAuthnRegistrationContextValidatorSample.java    From webauthn4j with Apache License 2.0 5 votes vote down vote up 
public void athenticationValidationSample() {
    // Client properties
    byte[] credentialId = null /* set credentialId */;
    byte[] clientDataJSON = null /* set clientDataJSON */;
    byte[] authenticatorData = null /* set authenticatorData */;
    byte[] signature = null /* set signature */;

    // Server properties
    Origin origin = null /* set origin */;
    String rpId = null /* set rpId */;
    Challenge challenge = null /* set challenge */;
    byte[] tokenBindingId = null /* set tokenBindingId */;
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
    Authenticator authenticator = load(credentialId); // please load authenticator object persisted in the registration process in your manner
    boolean userVerificationRequired = true;

    AuthenticationRequest authenticationRequest =
            new AuthenticationRequest(
                    credentialId,
                    authenticatorData,
                    clientDataJSON,
                    signature
            );
    AuthenticationParameters authenticationParameters =
            new AuthenticationParameters(
                    serverProperty,
                    authenticator,
                    userVerificationRequired
            );

    WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();

    AuthenticationData response = webAuthnManager.validate(authenticationRequest, authenticationParameters);

    // please update the counter of the authenticator record
    updateCounter(
            response.getCredentialId(),
            response.getAuthenticatorData().getSignCount()
    );
}
Example #6
Source File: WebAuthnAuthenticationProviderConfigurerSpringTest.java    From webauthn4j-spring-security with Apache License 2.0 4 votes vote down vote up 
@Override
public void configure(AuthenticationManagerBuilder builder) throws Exception {
    builder.apply(new WebAuthnAuthenticationProviderConfigurer<>(userDetailsService, authenticatorService, WebAuthnManager.createNonStrictWebAuthnManager()));
}
Example #7
Source File: WebSecurityBeanConfig.java    From webauthn4j-spring-security with Apache License 2.0 4 votes vote down vote up 
@Bean
public WebAuthnRegistrationRequestValidator webAuthnRegistrationRequestValidator(WebAuthnManager webAuthnManager, ServerPropertyProvider serverPropertyProvider) {
    return new WebAuthnRegistrationRequestValidator(webAuthnManager, serverPropertyProvider);
}
Example #8
Source File: WebSecurityBeanConfig.java    From webauthn4j-spring-security with Apache License 2.0 4 votes vote down vote up 
@Bean
public WebAuthnManager webAuthnManager(ObjectConverter objectConverter) {

    return WebAuthnManager.createNonStrictWebAuthnManager(objectConverter);
}
Example #9
Source File: WebSecurityBeanConfig.java    From webauthn4j-spring-security with Apache License 2.0 4 votes vote down vote up 
@Bean
public WebAuthnRegistrationRequestValidator webAuthnRegistrationRequestValidator(WebAuthnManager webAuthnManager, ServerPropertyProvider serverPropertyProvider) {
    return new WebAuthnRegistrationRequestValidator(webAuthnManager, serverPropertyProvider);
}
Example #10
Source File: WebAuthnRegistrationContextValidatorSample.java    From webauthn4j with Apache License 2.0 4 votes vote down vote up 
public void registrationValidationSample() {
    // Client properties
    byte[] clientDataJSON = null /* set clientDataJSON */;
    byte[] attestationObject = null /* set attestationObject */;
    Set<String> transports = null /* set transports */;

    // Server properties
    Origin origin = null /* set origin */;
    String rpId = null /* set rpId */;
    Challenge challenge = null /* set challenge */;
    byte[] tokenBindingId = null /* set tokenBindingId */;
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
    boolean userVerificationRequired = false;

    RegistrationRequest registrationRequest = new RegistrationRequest(
            clientDataJSON,
            attestationObject,
            transports
    );
    RegistrationParameters registrationParameters = new RegistrationParameters(
            serverProperty,
            userVerificationRequired
    );

    // WebAuthnManager.createNonStrictWebAuthnManager() returns a WebAuthnManager instance
    // which doesn't validate an attestation statement. It is recommended configuration for most web application.
    // If you are building enterprise web application and need to validate the attestation statement, use the constructor of
    // RegistrationContextValidator and provide validators you like
    WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();

    RegistrationData response = webAuthnManager.validate(registrationRequest, registrationParameters);

    // please persist Authenticator object, which will be used in the authentication process.
    Authenticator authenticator =
            new AuthenticatorImpl( // You may create your own Authenticator implementation to save friendly authenticator name
                    response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(),
                    response.getAttestationObject().getAttestationStatement(),
                    response.getAttestationObject().getAuthenticatorData().getSignCount()
            );
    save(authenticator); // please persist authenticator in your manner
}