com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier Java Examples
The following examples show how to use
com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: EC2COSEKey.java From webauthn4j with Apache License 2.0 | 6 votes |
/** * create from uncompressed ECC 256-bit key * * @param publicKey publicKey * @return {@link EC2COSEKey} */ public static EC2COSEKey createFromUncompressedECCKey(byte[] publicKey) { if (publicKey.length != 65) { throw new IllegalArgumentException("publicKey must be 65 bytes length"); } byte[] x = Arrays.copyOfRange(publicKey, 1, 1 + 32); byte[] y = Arrays.copyOfRange(publicKey, 1 + 32, 1 + 32 + 32); return new EC2COSEKey( null, COSEAlgorithmIdentifier.ES256, null, Curve.SECP256R1, x, y, null ); }
Example #2
Source File: PackedAttestationStatementValidator.java From webauthn4j with Apache License 2.0 | 6 votes |
@Override public AttestationType validate(RegistrationObject registrationObject) { if (!supports(registrationObject)) { throw new IllegalArgumentException("Specified format is not supported by " + this.getClass().getName()); } PackedAttestationStatement attestationStatement = (PackedAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement(); byte[] sig = attestationStatement.getSig(); COSEAlgorithmIdentifier alg = attestationStatement.getAlg(); byte[] attrToBeSigned = getAttToBeSigned(registrationObject); // If x5c is present, if (attestationStatement.getX5c() != null) { return validateX5c(registrationObject, attestationStatement, sig, alg, attrToBeSigned); } // If x5c is not present, self attestation is in use. else { return validateSelfAttestation(registrationObject, sig, alg, attrToBeSigned); } }
Example #3
Source File: PackedAttestationStatementValidator.java From webauthn4j with Apache License 2.0 | 6 votes |
private AttestationType validateX5c(RegistrationObject registrationObject, PackedAttestationStatement attestationStatement, byte[] sig, COSEAlgorithmIdentifier alg, byte[] attrToBeSigned) { if (attestationStatement.getX5c() == null || attestationStatement.getX5c().isEmpty()) { throw new BadAttestationStatementException("No attestation certificate is found in packed attestation statement."); } // Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash // using the attestation public key in x5c with the algorithm specified in alg. if (!verifySignature(attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getPublicKey(), alg, sig, attrToBeSigned)) { throw new BadSignatureException("`sig` in attestation statement is not valid signature over the concatenation of authenticatorData and clientDataHash."); } // Verify that x5c meets the requirements in ยง8.2.1 Packed attestation statement certificate requirements. attestationStatement.getX5c().getEndEntityAttestationCertificate().validate(); // If x5c contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) verify that // the value of this extension matches the aaguid in authenticatorData. X509Certificate attestationCertificate = attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate(); AAGUID aaguidInCertificate = extractAAGUIDFromAttestationCertificate(attestationCertificate); AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid(); if (aaguidInCertificate != AAGUID.NULL && !Objects.equals(aaguidInCertificate, aaguid)) { throw new BadAttestationStatementException("AAGUID in attestation certificate doesn't match the AAGUID in authenticatorData."); } // If successful, return attestation type BASIC and attestation trust path x5c. return AttestationType.BASIC; }
Example #4
Source File: PublicKeyCredentialCreationOptionsTest.java From webauthn4j with Apache License 2.0 | 6 votes |
@Test void equals_hashCode_test() { String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions instanceA = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); PublicKeyCredentialCreationOptions instanceB = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); assertAll( () -> assertThat(instanceA).isEqualTo(instanceB), () -> assertThat(instanceA).hasSameHashCodeAs(instanceB) ); }
Example #5
Source File: EC2COSEKey.java From webauthn4j with Apache License 2.0 | 6 votes |
/** * Constructor for key pair * * @param keyId keyId * @param algorithm algorithm * @param keyOps keyOps * @param curve curve * @param x x * @param y y * @param d d */ @SuppressWarnings("squid:S00107") @JsonCreator public EC2COSEKey( @JsonProperty("2") byte[] keyId, @JsonProperty("3") COSEAlgorithmIdentifier algorithm, @JsonProperty("4") List<COSEKeyOperation> keyOps, @JsonProperty("-1") Curve curve, @JsonProperty("-2") byte[] x, @JsonProperty("-3") byte[] y, @JsonProperty("-4") byte[] d) { super(keyId, algorithm, keyOps, null); this.curve = curve; this.x = x; this.y = y; this.d = d; }
Example #6
Source File: RSACOSEKey.java From webauthn4j with Apache License 2.0 | 6 votes |
/** * Constructor for key pair * * @param keyId keyId * @param algorithm algorithm * @param keyOps keyOps * @param n the RSA modulus n * @param e the RSA public exponent e * @param d the RSA private exponent d * @param p the prime factor p of n * @param q the prime factor q of n * @param dP dP is d mod (p - 1) * @param dQ dQ is d mod (q - 1) * @param qInv qInv is the CRT coefficient q^(-1) mod p */ @SuppressWarnings("squid:S00107") @JsonCreator public RSACOSEKey( @JsonProperty("2") byte[] keyId, @JsonProperty("3") COSEAlgorithmIdentifier algorithm, @JsonProperty("4") List<COSEKeyOperation> keyOps, @JsonProperty("-1") byte[] n, @JsonProperty("-2") byte[] e, @JsonProperty("-3") byte[] d, @JsonProperty("-4") byte[] p, @JsonProperty("-5") byte[] q, @JsonProperty("-6") byte[] dP, @JsonProperty("-7") byte[] dQ, @JsonProperty("-8") byte[] qInv ) { super(keyId, algorithm, keyOps, null); this.n = n; this.e = e; this.d = d; this.p = p; this.q = q; this.dP = dP; this.dQ = dQ; this.qInv = qInv; }
Example #7
Source File: PublicKeyCredentialParametersTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void getter_test() { PublicKeyCredentialParameters parameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); assertAll( () -> assertThat(parameters.getType()).isEqualTo(PublicKeyCredentialType.PUBLIC_KEY), () -> assertThat(parameters.getAlg()).isEqualTo(COSEAlgorithmIdentifier.ES256) ); }
Example #8
Source File: WebAuthnConfigurer.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
/** * Add PublicKeyCredParam * * @param type the {@link PublicKeyCredentialType} * @param alg the {@link COSEAlgorithmIdentifier} * @return the {@link PublicKeyCredParamsConfig} */ public PublicKeyCredParamsConfig addPublicKeyCredParams(PublicKeyCredentialType type, COSEAlgorithmIdentifier alg) { Assert.notNull(type, "type must not be null"); Assert.notNull(alg, "alg must not be null"); publicKeyCredentialParameters.add(new PublicKeyCredentialParameters(type, alg)); return this; }
Example #9
Source File: AndroidSafetyNetAttestationStatementValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_test() { String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(); AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>(); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, extensions ); PublicKeyCredential<AuthenticatorAttestationResponse, RegistrationExtensionClientOutput<?>> publicKeyCredential = clientPlatform.create(credentialCreationOptions); RegistrationObject registrationObject = TestDataUtil.createRegistrationObject(publicKeyCredential); target.validate(registrationObject); }
Example #10
Source File: DefaultSelfAttestationTrustworthinessValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_test_with_self_attestation_allowed_false() { DefaultSelfAttestationTrustworthinessValidator validator = new DefaultSelfAttestationTrustworthinessValidator(); validator.setSelfAttestationAllowed(false); PackedAttestationStatement attestationStatement = TestAttestationStatementUtil.createSelfPackedAttestationStatement(COSEAlgorithmIdentifier.ES256, new byte[32]); assertThrows(SelfAttestationProhibitedException.class, () -> validator.validate(attestationStatement) ); }
Example #11
Source File: DefaultSelfAttestationTrustworthinessValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_test() { DefaultSelfAttestationTrustworthinessValidator validator = new DefaultSelfAttestationTrustworthinessValidator(); PackedAttestationStatement attestationStatement = TestAttestationStatementUtil.createSelfPackedAttestationStatement(COSEAlgorithmIdentifier.ES256, new byte[32]); validator.validate(attestationStatement); }
Example #12
Source File: AndroidKeyAttestationStatementValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_null_x5c_test1() { RegistrationObject registrationObject = mock(RegistrationObject.class, RETURNS_DEEP_STUBS); when(registrationObject.getAttestationObject().getAttestationStatement()).thenReturn(new AndroidKeyAttestationStatement(COSEAlgorithmIdentifier.ES256, new byte[32], null)); assertThrows(BadAttestationStatementException.class, () -> target.validate(registrationObject) ); }
Example #13
Source File: PublicKeyCredentialParametersTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void equals_hashCode_test() { PublicKeyCredentialParameters instanceA = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialParameters instanceB = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); assertAll( () -> assertThat(instanceA).isEqualTo(instanceB), () -> assertThat(instanceA).hasSameHashCodeAs(instanceB) ); }
Example #14
Source File: PublicKeyCredentialTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void test() { String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(); AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>(); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions ); PublicKeyCredential<AuthenticatorAttestationResponse, RegistrationExtensionClientOutput<?>> credential = clientPlatform.create(credentialCreationOptions); assertAll( () -> assertThat(credential.getType()).isEqualTo(PublicKeyCredentialType.PUBLIC_KEY.getValue()), () -> assertThat(credential.getId()).isNotEmpty(), () -> assertThat(credential.getRawId()).isNotEmpty(), () -> assertThat(credential.getAuthenticatorResponse()).isInstanceOf(AuthenticatorAttestationResponse.class), () -> assertThat(credential.getClientExtensionResults()).isNotNull() ); }
Example #15
Source File: RSACOSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void create_with_alg_test(){ RSACOSEKey key; key = RSACOSEKey.create((RSAPrivateKey) RSAUtil.createKeyPair().getPrivate(), COSEAlgorithmIdentifier.RS256); assertThat(key.getAlgorithm()).isEqualTo(COSEAlgorithmIdentifier.RS256); key = RSACOSEKey.create((RSAPublicKey) RSAUtil.createKeyPair().getPublic(), COSEAlgorithmIdentifier.RS256); assertThat(key.getAlgorithm()).isEqualTo(COSEAlgorithmIdentifier.RS256); key = RSACOSEKey.create(RSAUtil.createKeyPair(), COSEAlgorithmIdentifier.RS256); assertThat(key.getAlgorithm()).isEqualTo(COSEAlgorithmIdentifier.RS256); }
Example #16
Source File: RSACOSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void hasPublicKey_test() { RSACOSEKey keyPair = RSACOSEKey.create(RSAUtil.createKeyPair(), COSEAlgorithmIdentifier.RS256); RSACOSEKey privateKey = RSACOSEKey.create((RSAPrivateKey) RSAUtil.createKeyPair().getPrivate(), COSEAlgorithmIdentifier.RS256); RSACOSEKey publicKey = RSACOSEKey.create((RSAPublicKey) RSAUtil.createKeyPair().getPublic(), COSEAlgorithmIdentifier.RS256); assertThat(keyPair.hasPublicKey()).isTrue(); assertThat(privateKey.hasPublicKey()).isFalse(); assertThat(publicKey.hasPublicKey()).isTrue(); }
Example #17
Source File: RSACOSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void hasPrivateKey_test(){ RSACOSEKey keyPair = RSACOSEKey.create(RSAUtil.createKeyPair(), COSEAlgorithmIdentifier.RS256); RSACOSEKey privateKey = RSACOSEKey.create((RSAPrivateKey) RSAUtil.createKeyPair().getPrivate(), COSEAlgorithmIdentifier.RS256); RSACOSEKey publicKey = RSACOSEKey.create((RSAPublicKey) RSAUtil.createKeyPair().getPublic(), COSEAlgorithmIdentifier.RS256); assertThat(keyPair.hasPrivateKey()).isTrue(); assertThat(privateKey.hasPrivateKey()).isTrue(); assertThat(publicKey.hasPrivateKey()).isFalse(); }
Example #18
Source File: EC2COSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
private EC2COSEKey createNullYKey() { EC2COSEKey original = TestDataUtil.createEC2COSEPublicKey(); return new EC2COSEKey( original.getKeyId(), COSEAlgorithmIdentifier.ES256, original.getKeyOps(), Curve.SECP256R1, original.getX(), null ); }
Example #19
Source File: ESSignatureAlgorithmTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void equals_test() { assertAll( () -> assertThat(COSEAlgorithmIdentifier.ES256).isEqualTo(COSEAlgorithmIdentifier.ES256), () -> assertThat(COSEAlgorithmIdentifier.ES384).isNotEqualTo(COSEAlgorithmIdentifier.ES512) ); }
Example #20
Source File: RSACOSEKey.java From webauthn4j with Apache License 2.0 | 5 votes |
public static RSACOSEKey create(KeyPair keyPair, COSEAlgorithmIdentifier alg) { if(keyPair != null && keyPair.getPrivate() instanceof RSAPrivateKey && keyPair.getPublic() instanceof RSAPublicKey){ RSAPublicKey rsaPublicKey = (RSAPublicKey)keyPair.getPublic(); RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)keyPair.getPrivate(); byte[] n = rsaPublicKey.getModulus().toByteArray(); byte[] e = rsaPublicKey.getPublicExponent().toByteArray(); byte[] d = rsaPrivateKey.getPrivateExponent().toByteArray(); return new RSACOSEKey(null, alg, null, n, e, d, null, null, null, null, null); } else { throw new IllegalArgumentException(); } }
Example #21
Source File: NullAttestationStatementValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_RegistrationRequest_with_fido_u2f_attestation_statement_test() { FIDOU2FAuthenticatorAdaptor fidou2FAuthenticatorAdaptor = new FIDOU2FAuthenticatorAdaptor(); ClientPlatform clientPlatform = new ClientPlatform(origin, fidou2FAuthenticatorAdaptor); String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED); AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>(); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "valid.site.example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.DIRECT, extensions ); AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(registrationRequest.getTransports()); ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null); RegistrationRequest webAuthnRegistrationRequest = new RegistrationRequest( registrationRequest.getAttestationObject(), registrationRequest.getClientDataJSON(), transports); RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, false); target.validate(webAuthnRegistrationRequest, registrationParameters); }
Example #22
Source File: EC2COSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
private EC2COSEKey createNullXKey() { EC2COSEKey original = TestDataUtil.createEC2COSEPublicKey(); return new EC2COSEKey( original.getKeyId(), COSEAlgorithmIdentifier.ES256, original.getKeyOps(), Curve.SECP256R1, null, original.getY() ); }
Example #23
Source File: FIDOU2FAuthenticatorAuthenticationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
private AttestationObject createAttestationObject(String rpId, Challenge challenge) { PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); AttestationObjectConverter attestationObjectConverter = new AttestationObjectConverter(objectConverter); return attestationObjectConverter.convert(registrationRequest.getAttestationObject()); }
Example #24
Source File: EC2COSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_with_invalid_curve_test() { EC2COSEKey original = TestDataUtil.createEC2COSEPublicKey(); EC2COSEKey target = new EC2COSEKey( null, COSEAlgorithmIdentifier.ES256, null, null, original.getX(), original.getY() ); assertThrows(ConstraintViolationException.class, target::validate ); }
Example #25
Source File: FIDOU2FAuthenticatorRegistrationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_with_bad_rpId_test() { String rpId = "example.com"; String badRpId = "example.net"; Challenge challenge = new DefaultChallenge(); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(badRpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports()); ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null); RegistrationRequest registrationRequest = new RegistrationRequest( authenticatorAttestationResponse.getAttestationObject(), authenticatorAttestationResponse.getClientDataJSON(), transports ); RegistrationParameters registrationParameters = new RegistrationParameters( serverProperty, false, true, Collections.emptyList() ); assertThrows(BadRpIdException.class, () -> target.validate(registrationRequest, registrationParameters) ); }
Example #26
Source File: FIDOU2FAuthenticatorRegistrationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_with_bad_origin_test() { String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); Origin badOrigin = new Origin("http://bad.origin.example.net"); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); clientPlatform.setOrigin(badOrigin); //bad origin AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports()); ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null); RegistrationRequest registrationRequest = new RegistrationRequest( authenticatorAttestationResponse.getAttestationObject(), authenticatorAttestationResponse.getClientDataJSON(), transports ); RegistrationParameters registrationParameters = new RegistrationParameters( serverProperty, false, true, Collections.emptyList() ); assertThrows(BadOriginException.class, () -> target.validate(registrationRequest, registrationParameters) ); }
Example #27
Source File: RSACOSEKey.java From webauthn4j with Apache License 2.0 | 5 votes |
/** * Constructor for public key * * @param keyId keyId * @param algorithm algorithm * @param keyOps keyOps * @param n n * @param e e */ @SuppressWarnings("squid:S00107") public RSACOSEKey( @JsonProperty("2") byte[] keyId, @JsonProperty("3") COSEAlgorithmIdentifier algorithm, @JsonProperty("4") List<COSEKeyOperation> keyOps, @JsonProperty("-1") byte[] n, @JsonProperty("-2") byte[] e) { super(keyId, algorithm, keyOps, null); this.n = n; this.e = e; }
Example #28
Source File: FIDOU2FAuthenticatorRegistrationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
@Test void validate_with_bad_challenge_test() { String rpId = "example.com"; Challenge challenge = new DefaultChallenge(); Challenge badChallenge = new DefaultChallenge(); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), badChallenge, Collections.singletonList(publicKeyCredentialParameters) ); AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports()); ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null); RegistrationRequest registrationRequest = new RegistrationRequest( authenticatorAttestationResponse.getAttestationObject(), authenticatorAttestationResponse.getClientDataJSON(), transports ); RegistrationParameters registrationParameters = new RegistrationParameters( serverProperty, false, true, Collections.emptyList() ); assertThrows(BadChallengeException.class, () -> target.validate(registrationRequest, registrationParameters) ); }
Example #29
Source File: CustomAuthenticationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
private AttestationObject createAttestationObject(String rpId, Challenge challenge) { PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), new PublicKeyCredentialUserEntity(), challenge, Collections.singletonList(publicKeyCredentialParameters) ); AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); AttestationObjectConverter attestationObjectConverter = new AttestationObjectConverter(objectConverter); return attestationObjectConverter.convert(registrationRequest.getAttestationObject()); }
Example #30
Source File: UserVerifyingAuthenticatorAuthenticationValidationTest.java From webauthn4j with Apache License 2.0 | 5 votes |
private AttestationObject createAttestationObject(String rpId, Challenge challenge) { AuthenticatorSelectionCriteria authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria( AuthenticatorAttachment.CROSS_PLATFORM, true, UserVerificationRequirement.REQUIRED); PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity(); AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>(); PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions( new PublicKeyCredentialRpEntity(rpId, "example.com"), publicKeyCredentialUserEntity, challenge, Collections.singletonList(publicKeyCredentialParameters), null, Collections.emptyList(), authenticatorSelectionCriteria, AttestationConveyancePreference.NONE, extensions ); AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse(); AttestationObjectConverter attestationObjectConverter = new AttestationObjectConverter(objectConverter); return attestationObjectConverter.convert(registrationRequest.getAttestationObject()); }