com.webauthn4j.validator.attestation.trustworthiness.certpath.TrustAnchorCertPathTrustworthinessValidator Java Examples

The following examples show how to use com.webauthn4j.validator.attestation.trustworthiness.certpath.TrustAnchorCertPathTrustworthinessValidator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebAuthnRegistrationManagerTest.java    From webauthn4j with Apache License 2.0 6 votes vote down vote up
@Test
void constructor_test() {
    NoneAttestationStatementValidator noneAttestationStatementValidator = new NoneAttestationStatementValidator();
    PackedAttestationStatementValidator packedAttestationStatementValidator = new PackedAttestationStatementValidator();
    FIDOU2FAttestationStatementValidator fidoU2FAttestationStatementValidator = new FIDOU2FAttestationStatementValidator();
    AndroidKeyAttestationStatementValidator androidKeyAttestationStatementValidator = new AndroidKeyAttestationStatementValidator();
    TrustAnchorsResolver trustAnchorsResolver = TestAttestationUtil.createTrustAnchorProviderWith3tierTestRootCACertificate();
    WebAuthnRegistrationManager webAuthnRegistrationManager = new WebAuthnRegistrationManager(
            Arrays.asList(
                    noneAttestationStatementValidator,
                    packedAttestationStatementValidator,
                    fidoU2FAttestationStatementValidator,
                    androidKeyAttestationStatementValidator),
            new TrustAnchorCertPathTrustworthinessValidator(trustAnchorsResolver),
            new DefaultSelfAttestationTrustworthinessValidator()
    );
    assertThat(webAuthnRegistrationManager).isNotNull();
}
 
Example #2
Source File: WebAuthnManagerTest.java    From webauthn4j with Apache License 2.0 6 votes vote down vote up
@Test
void constructor_test() {
    NoneAttestationStatementValidator noneAttestationStatementValidator = new NoneAttestationStatementValidator();
    PackedAttestationStatementValidator packedAttestationStatementValidator = new PackedAttestationStatementValidator();
    FIDOU2FAttestationStatementValidator fidoU2FAttestationStatementValidator = new FIDOU2FAttestationStatementValidator();
    AndroidKeyAttestationStatementValidator androidKeyAttestationStatementValidator = new AndroidKeyAttestationStatementValidator();
    TrustAnchorsResolver trustAnchorsResolver = TestAttestationUtil.createTrustAnchorProviderWith3tierTestRootCACertificate();
    WebAuthnManager webAuthnManager = new WebAuthnManager(
            Arrays.asList(
                    noneAttestationStatementValidator,
                    packedAttestationStatementValidator,
                    fidoU2FAttestationStatementValidator,
                    androidKeyAttestationStatementValidator),
            new TrustAnchorCertPathTrustworthinessValidator(trustAnchorsResolver),
            new DefaultSelfAttestationTrustworthinessValidator()
    );
    assertThat(webAuthnManager).isNotNull();
}
 
Example #3
Source File: FIDOU2FAuthenticatorRegistrationValidationTest.java    From webauthn4j with Apache License 2.0 5 votes vote down vote up
@Test
void validate_with_bad_attestationStatement_test() {
    String rpId = "example.com";
    Challenge challenge = new DefaultChallenge();
    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );

    AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    RegistrationRequest registrationRequest
            = new RegistrationRequest(
            authenticatorAttestationResponse.getAttestationObject(),
            authenticatorAttestationResponse.getClientDataJSON(),
            transports
    );
    RegistrationParameters registrationParameters
            = new RegistrationParameters(
            serverProperty,
            false,
            true,
            Collections.emptyList()
    );
    WebAuthnManager target = new WebAuthnManager(
            Collections.singletonList(fidoU2FAttestationStatementValidator),
            new TrustAnchorCertPathTrustworthinessValidator(mock(TrustAnchorsResolver.class)),
            new DefaultSelfAttestationTrustworthinessValidator()
    );

    assertThrows(BadAttestationStatementException.class,
            () -> target.validate(registrationRequest, registrationParameters)
    );
}
 
Example #4
Source File: WebAuthnRegisterFactory.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
public RequiredActionProvider create(KeycloakSession session) {
    WebAuthnRegister webAuthnRegister = null;
    TruststoreProvider truststoreProvider = session.getProvider(TruststoreProvider.class);
    if (truststoreProvider == null || truststoreProvider.getTruststore() == null) {
        webAuthnRegister = createProvider(session, new NullCertPathTrustworthinessValidator());
    } else {
        KeyStoreTrustAnchorsProvider trustAnchorsProvider = new KeyStoreTrustAnchorsProvider();
        trustAnchorsProvider.setKeyStore(truststoreProvider.getTruststore());
        TrustAnchorsResolverImpl resolverImpl = new TrustAnchorsResolverImpl(trustAnchorsProvider);
        TrustAnchorCertPathTrustworthinessValidator trustValidator = new TrustAnchorCertPathTrustworthinessValidator(resolverImpl);
        webAuthnRegister = createProvider(session, trustValidator);
    }
    return webAuthnRegister;
}
 
Example #5
Source File: WebSecurityBeanConfig.java    From webauthn4j-spring-security with Apache License 2.0 4 votes vote down vote up
@Bean
public CertPathTrustworthinessValidator certPathTrustworthinessValidator(TrustAnchorsResolver trustAnchorsResolver) {
    TrustAnchorCertPathTrustworthinessValidator trustAnchorCertPathTrustworthinessValidator = new TrustAnchorCertPathTrustworthinessValidator(trustAnchorsResolver);
    trustAnchorCertPathTrustworthinessValidator.setFullChainProhibited(true);
    return trustAnchorCertPathTrustworthinessValidator;
}