com.webauthn4j.data.attestation.statement.AttestationStatement Java Examples
The following examples show how to use
com.webauthn4j.data.attestation.statement.AttestationStatement.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: WebAuthnCredentialProvider.java From keycloak-webauthn-authenticator with Apache License 2.0 | 6 votes |
|
private void dumpWebAuthnCredentialModel(WebAuthnCredentialModel auth) {
logger.debugv(" Context Credential Info::");
String id = auth.getAuthenticatorId();
AttestationStatement attrStatement = auth.getAttestationStatement();
AttestedCredentialData attrCredData = auth.getAttestedCredentialData();
WebAuthnAuthenticationContext context = auth.getAuthenticationContext();
if (id != null)
logger.debugv(" Authenticator Id = {0}", id);
if (attrStatement != null)
logger.debugv(" Attestation Statement Format = {0}", attrStatement.getFormat());
if (attrCredData != null) {
CredentialPublicKey credPubKey = attrCredData.getCredentialPublicKey();
byte[] keyId = credPubKey.getKeyId();
logger.debugv(" AAGUID = {0}", attrCredData.getAaguid().toString());
logger.debugv(" CREDENTIAL_ID = {0}", Base64.encodeBytes(attrCredData.getCredentialId()));
if (keyId != null)
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_id = {0}", Base64.encodeBytes(keyId));
logger.debugv(" CREDENTIAL_PUBLIC_KEY.algorithm = {0}", credPubKey.getAlgorithm().name());
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_type = {0}", credPubKey.getKeyType().name());
}
if (context != null) {
// only set on Authentication
logger.debugv(" Credential Id = {0}", Base64.encodeBytes(context.getCredentialId()));
}
}
Example #2
| Source File: AuthenticatorImplTest.java From webauthn4j with Apache License 2.0 | 6 votes |
|
@Test
void getter_setter_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
AuthenticatorImpl authenticator = new AuthenticatorImpl(null, null, 0);
HashMap<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions = new HashMap<>();
HashMap<String, RegistrationExtensionClientOutput<?>> clientExtensions = new HashMap<>();
Set<AuthenticatorTransport> transports = Collections.singleton(AuthenticatorTransport.USB);
authenticator.setAttestedCredentialData(attestedCredentialData);
authenticator.setAttestationStatement(attestationStatement);
authenticator.setTransports(transports);
authenticator.setCounter(1);
authenticator.setAuthenticatorExtensions(authenticatorExtensions);
authenticator.setClientExtensions(clientExtensions);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getTransports()).isEqualTo(transports),
() -> assertThat(authenticator.getCounter()).isEqualTo(1),
() -> assertThat(authenticator.getAuthenticatorExtensions()).isEqualTo(authenticatorExtensions),
() -> assertThat(authenticator.getClientExtensions()).isEqualTo(clientExtensions)
);
}
Example #3
| Source File: FidoMdsMetadataValidator.java From webauthn4j with Apache License 2.0 | 6 votes |
|
@Override
public void validate(RegistrationObject registrationObject) {
AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
List<AttestationType> attestationTypes = metadataItems.stream()
.flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
boolean isSurrogate = !attestationTypes.isEmpty() &&
attestationTypes.stream().allMatch(type -> type.equals(AttestationType.BASIC_SURROGATE));
if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
if (certificateBaseAttestationStatement.getX5c() != null) {
throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
}
}
for (MetadataItem metadataItem : metadataItems) {
doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
}
}
Example #4
| Source File: WebAuthnRegister.java From keycloak with Apache License 2.0 | 5 votes |
|
private void showInfoAfterWebAuthnApiCreate(RegistrationData response) {
AttestedCredentialData attestedCredentialData = response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData();
AttestationStatement attestationStatement = response.getAttestationObject().getAttestationStatement();
logger.debugv("createad key's algorithm = {0}", String.valueOf(attestedCredentialData.getCOSEKey().getAlgorithm().getValue()));
logger.debugv("aaguid = {0}", attestedCredentialData.getAaguid().toString());
logger.debugv("attestation format = {0}", attestationStatement.getFormat());
}
Example #5
| Source File: AndroidKeyAuthenticator.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Override
public AttestationStatement createAttestationStatement(AttestationStatementRequest attestationStatementRequest, RegistrationEmulationOption registrationEmulationOption) {
byte[] signature;
if (registrationEmulationOption.isSignatureOverrideEnabled()) {
signature = registrationEmulationOption.getSignature();
} else {
signature = TestDataUtil.calculateSignature(attestationStatementRequest.getCredentialKeyPair().getPrivate(), attestationStatementRequest.getSignedData());
}
AttestationOption attestationOption = registrationEmulationOption.getAttestationOption() == null ? new AndroidKeyAttestationOption() : registrationEmulationOption.getAttestationOption();
X509Certificate attestationCertificate =
getAttestationCertificate(attestationStatementRequest, attestationOption);
AttestationCertificatePath attestationCertificates = new AttestationCertificatePath(attestationCertificate, this.getCACertificatePath());
return new AndroidKeyAttestationStatement(COSEAlgorithmIdentifier.ES256, signature, attestationCertificates);
}
Example #6
| Source File: AndroidSafetyNetAuthenticator.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Override
public AttestationStatement createAttestationStatement(
AttestationStatementRequest attestationStatementRequest,
RegistrationEmulationOption registrationEmulationOption) {
AttestationOption attestationOption = registrationEmulationOption.getAttestationOption() == null ? new AndroidSafetyNetAttestationOption() : registrationEmulationOption.getAttestationOption();
X509Certificate attestationCertificate = getAttestationCertificate(attestationStatementRequest, attestationOption);
AttestationCertificatePath attestationCertificatePath = new AttestationCertificatePath(attestationCertificate, this.getCACertificatePath());
JWSHeader jwsHeader = new JWSHeader(JWAIdentifier.ES256, attestationCertificatePath);
String nonce = Base64Util.encodeToString(MessageDigestUtil.createSHA256().digest(attestationStatementRequest.getSignedData()));
long timestampMs = Instant.now().toEpochMilli();
String apkPackageName = "com.android.keystore.androidkeystoredemo";
String[] apkCertificateDigestSha256 = new String[]{"bsb4/WQdaaOWYCd/j9OJiQpg7b0iwFgAc/zzA1tCfwE="};
String apkDigestSha256 = "dM/LUHSI9SkQhZHHpQWRnzJ3MvvB2ANSauqYAAbS2Jg=";
boolean ctsProfileMatch = true;
boolean basicIntegrity = true;
String advice = null;
Response response = new Response(nonce, timestampMs, apkPackageName, apkCertificateDigestSha256, apkDigestSha256, ctsProfileMatch, basicIntegrity, advice);
String ver = "12685023";
JWS<Response> jws = getJwsFactory().create(jwsHeader, response, this.getAttestationKeyPair().getPrivate());
if (registrationEmulationOption.isSignatureOverrideEnabled()) {
jws = getJwsFactory().create(jws.getHeader(), jws.getPayload(), registrationEmulationOption.getSignature());
}
return new AndroidSafetyNetAttestationStatement(ver, jws);
}
Example #7
| Source File: PackedAuthenticator.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Override
public AttestationStatement createAttestationStatement(AttestationStatementRequest attestationStatementRequest, RegistrationEmulationOption registrationEmulationOption) {
byte[] signature;
if (registrationEmulationOption.isSignatureOverrideEnabled()) {
signature = registrationEmulationOption.getSignature();
} else {
signature = TestDataUtil.calculateSignature(this.getAttestationKeyPair().getPrivate(), attestationStatementRequest.getSignedData());
}
AttestationOption attestationOption = registrationEmulationOption.getAttestationOption() == null ? new PackedAttestationOption() : registrationEmulationOption.getAttestationOption();
X509Certificate attestationCertificate = getAttestationCertificate(attestationStatementRequest, attestationOption);
AttestationCertificatePath attestationCertificatePath = new AttestationCertificatePath(attestationCertificate, this.getCACertificatePath());
return new PackedAttestationStatement(COSEAlgorithmIdentifier.ES256, signature, attestationCertificatePath);
}
Example #8
| Source File: AttestationStatementDeserializerTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void test() {
AttestationStatement source = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
byte[] data = cborConverter.writeValueAsBytes(source);
AttestationStatement obj = cborConverter.readValue(data, FIDOU2FAttestationStatement.class);
assertAll(
() -> assertThat(obj).isInstanceOf(FIDOU2FAttestationStatement.class),
() -> assertThat(obj).isEqualTo(source)
);
}
Example #9
| Source File: AuthenticatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public TestAuthenticator(
@JsonProperty("attestedCredentialData") AttestedCredentialData attestedCredentialData,
@JsonProperty("attestationStatement") AttestationStatement attestationStatement,
@JsonProperty("counter") long counter,
@JsonProperty("transports") Set<AuthenticatorTransport> transports,
@JsonProperty("clientExtensions") Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
@JsonProperty("authenticatorExtensions") Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
Example #10
| Source File: AuthenticatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@JsonTypeInfo(
use = JsonTypeInfo.Id.NAME,
include = JsonTypeInfo.As.EXTERNAL_PROPERTY,
property = "format"
)
@Override
public AttestationStatement getAttestationStatement() {
return attestationStatement;
}
Example #11
| Source File: AuthenticatorImplTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void constructor_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
Authenticator authenticator = TestDataUtil.createAuthenticator(attestedCredentialData, attestationStatement);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getCounter()).isEqualTo(1)
);
}
Example #12
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports,
Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
Example #13
| Source File: FIDOU2FAuthenticatorAdaptor.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Override
public CredentialCreationResponse register(
PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions,
CollectedClientData collectedClientData,
RegistrationEmulationOption registrationEmulationOption,
AttestationOption attestationOption
) {
String rpId = publicKeyCredentialCreationOptions.getRp().getId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte[] challengeParameter = MessageDigestUtil.createSHA256().digest(collectedClientDataConverter.convertToBytes(collectedClientData));
//noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
RegistrationRequest registrationRequest = new RegistrationRequest(challengeParameter, applicationParameter);
RegistrationResponse registrationResponse = fidoU2FAuthenticator.register(registrationRequest, registrationEmulationOption);
AttestationStatement attestationStatement = new FIDOU2FAttestationStatement(
new AttestationCertificatePath(Collections.singletonList(registrationResponse.getAttestationCertificate())),
registrationResponse.getSignature()
);
EC2COSEKey ec2CredentialPublicKey = EC2COSEKey.createFromUncompressedECCKey(registrationResponse.getUserPublicKey());
AAGUID aaguid = AAGUID.ZERO; // zero-filled 16bytes(128bits) array
AttestedCredentialData attestedCredentialData =
new AttestedCredentialData(aaguid, registrationResponse.getKeyHandle(), ec2CredentialPublicKey);
byte flag = BIT_AT | BIT_UP;
AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> authenticatorData = new AuthenticatorData<>(rpIdHash, flag, 0, attestedCredentialData);
AttestationObject attestationObject = new AttestationObject(authenticatorData, attestationStatement);
return new CredentialCreationResponse(attestationObject);
}
Example #14
| Source File: AttestationStatementConverterTest.java From keycloak-webauthn-authenticator with Apache License 2.0 | 5 votes |
|
@Test
public void test_converter() throws Exception {
AttestationStatementConverter converter = new AttestationStatementConverter();
String stringifiedStatement = converter.convertToDatabaseColumn(new NoneAttestationStatement());
AttestationStatement statement = converter.convertToEntityAttribute(stringifiedStatement);
Assert.assertEquals(stringifiedStatement, converter.convertToDatabaseColumn(statement));
}
Example #15
| Source File: WebAuthnCredentialProvider.java From keycloak-webauthn-authenticator with Apache License 2.0 | 5 votes |
|
private List<WebAuthnCredentialModel> getWebAuthnCredentialModelList(RealmModel realm, UserModel user) {
List<WebAuthnCredentialModel> auths = new ArrayList<>();
for (CredentialModel credential : session.userCredentialManager().getStoredCredentialsByType(realm, user, WebAuthnCredentialModel.WEBAUTHN_CREDENTIAL_TYPE)) {
WebAuthnCredentialModel auth = new WebAuthnCredentialModel();
MultivaluedHashMap<String, String> attributes = credential.getConfig();
AttestationStatementConverter attConv = new AttestationStatementConverter();
AttestationStatement attrStatement = attConv.convertToEntityAttribute(attributes.getFirst(ATTESTATION_STATEMENT));
auth.setAttestationStatement(attrStatement);
AAGUID aaguid = new AAGUID(attributes.getFirst(AAGUID));
byte[] credentialId = null;
try {
credentialId = Base64.decode(attributes.getFirst(CREDENTIAL_ID));
} catch (IOException ioe) {
// NOP
}
CredentialPublicKeyConverter credConv = new CredentialPublicKeyConverter();
CredentialPublicKey pubKey = credConv.convertToEntityAttribute(attributes.getFirst(CREDENTIAL_PUBLIC_KEY));
AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
auth.setAttestedCredentialData(attrCredData);
long count = Long.parseLong(credential.getValue());
auth.setCount(count);
auth.setAuthenticatorId(credential.getId());
auths.add(auth);
}
return auths;
}
Example #16
| Source File: TestDataUtil.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public static AttestationObject createAttestationObject(byte[] clientDataHash, PrivateKey attestationPrivateKey, Function<byte[], AttestationStatement> attestationStatementProvider) {
AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> authenticatorData = createAuthenticatorData();
byte[] authenticatorDataBytes = authenticatorDataConverter.convert(authenticatorData);
byte[] signedData = createSignedData(authenticatorDataBytes, clientDataHash);
byte[] signature = calculateSignature(attestationPrivateKey, signedData);
return new AttestationObject(authenticatorData, attestationStatementProvider.apply(signature));
}
Example #17
| Source File: AttestationObject.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@JsonCreator
public AttestationObject(
@JsonProperty("authData") AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> authenticatorData,
@JsonProperty("attStmt") AttestationStatement attestationStatement) {
this.authenticatorData = authenticatorData;
this.attestationStatement = attestationStatement;
}
Example #18
| Source File: AbstractStatementValidator.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public boolean supports(RegistrationObject registrationObject) {
AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
return this.parameterizedTypeClass.isAssignableFrom(attestationStatement.getClass());
}
Example #19
| Source File: AttestationObject.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AttestationStatement getAttestationStatement() {
return attestationStatement;
}
Example #20
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports) {
this(attestedCredentialData, attestationStatement, counter, transports, new HashMap<>(), new HashMap<>());
}
Example #21
| Source File: ClientPlatform.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public PublicKeyCredential<AuthenticatorAttestationResponse, RegistrationExtensionClientOutput<?>> create(
PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions,
RegistrationEmulationOption registrationEmulationOption,
AttestationOption attestationOption
) {
CollectedClientData collectedClientData;
if (registrationEmulationOption.isCollectedClientDataOverrideEnabled()) {
collectedClientData = registrationEmulationOption.getCollectedClientData();
} else {
collectedClientData = createCollectedClientData(ClientDataType.CREATE, publicKeyCredentialCreationOptions.getChallenge());
}
if (authenticatorAdaptor == null) {
throw new NoAuthenticatorSuccessException();
}
CredentialCreationResponse credentialCreationResponse =
authenticatorAdaptor.register(publicKeyCredentialCreationOptions, collectedClientData, registrationEmulationOption, attestationOption);
AttestationObject attestationObject = credentialCreationResponse.getAttestationObject();
AttestationStatement attestationStatement = credentialCreationResponse.getAttestationObject().getAttestationStatement();
AttestationConveyancePreference attestationConveyancePreference = publicKeyCredentialCreationOptions.getAttestation();
if (attestationConveyancePreference == null) {
attestationConveyancePreference = AttestationConveyancePreference.NONE;
}
switch (attestationConveyancePreference) {
case DIRECT:
// nop
break;
case INDIRECT:
throw new NotImplementedException();
case NONE:
attestationStatement = new NoneAttestationStatement();
break;
default:
throw new NotImplementedException();
}
attestationObject = new AttestationObject(attestationObject.getAuthenticatorData(), attestationStatement);
byte[] attestationObjectBytes = attestationObjectConverter.convertToBytes(attestationObject);
byte[] credentialId = credentialCreationResponse.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCredentialId();
byte[] collectedClientDataBytes = collectedClientDataConverter.convertToBytes(collectedClientData);
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput<?>> clientExtensions = processRegistrationExtensions(publicKeyCredentialCreationOptions.getExtensions());
return new PublicKeyCredential<>(
credentialId,
new AuthenticatorAttestationResponse(collectedClientDataBytes, attestationObjectBytes),
clientExtensions
);
}
Example #22
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter) {
this(attestedCredentialData, attestationStatement, counter, Collections.emptySet());
}
Example #23
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
@Override
public AttestationStatement getAttestationStatement() {
return attestationStatement;
}
Example #24
| Source File: AuthenticatorImpl.java From webauthn4j with Apache License 2.0 | 4 votes |
|
public void setAttestationStatement(AttestationStatement attestationStatement) {
this.attestationStatement = attestationStatement;
}
Example #25
| Source File: AttestationStatementConverter.java From keycloak with Apache License 2.0 | 4 votes |
|
public String convertToDatabaseColumn(AttestationStatement attribute) {
AttestationStatementSerializationContainer container = new AttestationStatementSerializationContainer(attribute);
return Base64Url.encode(cborConverter.writeValueAsBytes(container));
}
Example #26
| Source File: AttestationStatementConverter.java From keycloak with Apache License 2.0 | 4 votes |
|
public AttestationStatement convertToEntityAttribute(String dbData) {
byte[] data = Base64Url.decode(dbData);
AttestationStatementSerializationContainer container = cborConverter.readValue(data, AttestationStatementSerializationContainer.class);
return container.getAttestationStatement();
}
Example #27
| Source File: WebAuthnCredentialModelInput.java From keycloak with Apache License 2.0 | 4 votes |
|
public AttestationStatement getAttestationStatement() {
return attestationStatement;
}
Example #28
| Source File: WebAuthnCredentialModelInput.java From keycloak with Apache License 2.0 | 4 votes |
|
public void setAttestationStatement(AttestationStatement attestationStatement) {
this.attestationStatement = attestationStatement;
}
Example #29
| Source File: AttestationStatementSerializationContainer.java From keycloak with Apache License 2.0 | 4 votes |
|
@JsonCreator
public AttestationStatementSerializationContainer(@JsonProperty("attStmt") AttestationStatement attestationStatement) {
this.attestationStatement = attestationStatement;
}
Example #30
| Source File: AttestationStatementSerializationContainer.java From keycloak with Apache License 2.0 | 4 votes |
|
public AttestationStatement getAttestationStatement() {
return attestationStatement;
}
