com.webauthn4j.util.Base64UrlUtil Java Examples
The following examples show how to use
com.webauthn4j.util.Base64UrlUtil.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TokenBindingValidator.java From webauthn4j with Apache License 2.0 | 6 votes |
|
public void validate(TokenBinding clientDataTokenBinding, byte[] serverTokenBindingId) {
if (clientDataTokenBinding == null) {
// nop
} else {
byte[] clientDataTokenBindingId;
if (clientDataTokenBinding.getId() == null) {
clientDataTokenBindingId = null;
} else {
clientDataTokenBindingId = Base64UrlUtil.decode(clientDataTokenBinding.getId());
}
switch (clientDataTokenBinding.getStatus()) {
case NOT_SUPPORTED:
break;
case SUPPORTED:
break;
case PRESENT:
if (!Arrays.equals(clientDataTokenBindingId, serverTokenBindingId)) {
throw new TokenBindingException("TokenBinding id does not match");
}
}
}
}
Example #2
| Source File: TPMAuthenticator.java From webauthn4j with Apache License 2.0 | 6 votes |
|
private TPMTPublic createTPMTPublic(PublicKey credentialPublicKey) {
TPMIAlgPublic type = null;
TPMIAlgHash nameAlg = TPMIAlgHash.TPM_ALG_SHA256;
TPMAObject objectAttributes = new TPMAObject(394354);
byte[] authPolicy = Base64UrlUtil.decode("nf_L82w4OuaZ-5ho3G3LidcVOIS-KAOSLBJBWL-tIq4");
TPMUPublicId unique = null;
TPMUPublicParms parameters = null;
if (credentialPublicKey instanceof ECPublicKey) {
ECPublicKey ecPublicKey = (ECPublicKey) credentialPublicKey;
EllipticCurve curve = ecPublicKey.getParams().getCurve();
parameters = new TPMSECCParms(
new byte[2],
new byte[2],
TPMEccCurve.create(curve),
new byte[2]
);
type = TPMIAlgPublic.TPM_ALG_ECDSA;
ECPoint ecPoint = ecPublicKey.getW();
byte[] x = ecPoint.getAffineX().toByteArray();
byte[] y = ecPoint.getAffineY().toByteArray();
unique = new ECCUnique(x, y);
}
return new TPMTPublic(type, nameAlg, objectAttributes, authPolicy, parameters, unique);
}
Example #3
| Source File: TPMAuthenticator.java From webauthn4j with Apache License 2.0 | 6 votes |
|
private TPMSAttest createTPMSAttest(AttestationStatementRequest attestationStatementRequest, COSEAlgorithmIdentifier alg, TPMTPublic pubArea) {
TPMGenerated magic = TPMGenerated.TPM_GENERATED_VALUE;
TPMISTAttest type = TPMISTAttest.TPM_ST_ATTEST_CERTIFY;
byte[] qualifiedSigner = Base64UrlUtil.decode("AAu8WfTf2aakLcO4Zq_y3w0Zgmu_AUtnqwrW67F2MGuABw");
String messageDigestJcaName;
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.create(alg);
messageDigestJcaName = signatureAlgorithm.getMessageDigestJcaName();
} catch (IllegalArgumentException e) {
throw new WebAuthnModelException("alg is not signature algorithm", e);
}
byte[] extraData = MessageDigestUtil.createMessageDigest(messageDigestJcaName).digest(attestationStatementRequest.getSignedData());
BigInteger clock = BigInteger.valueOf(7270451399L);
long resetCount = 1749088739L;
long restartCount = 3639844613L;
TPMSClockInfo clockInfo = new TPMSClockInfo(clock, resetCount, restartCount, true);
BigInteger firmwareVersion = new BigInteger("12241000001210926099");
byte[] nameDigest = MessageDigestUtil.createSHA256().digest(pubArea.getBytes());
TPMTHA name = new TPMTHA(TPMIAlgHash.TPM_ALG_SHA256, nameDigest);
byte[] qualifiedNameDigest = Base64UrlUtil.decode("AVI0eQ_AAZjNvrhUEMK2q4wxuwIFOnHIDF0Qljhf47Q");
TPMTHA qualifiedName = new TPMTHA(TPMIAlgHash.TPM_ALG_SHA256, qualifiedNameDigest);
TPMUAttest attested = new TPMSCertifyInfo(name, qualifiedName);
return new TPMSAttest(magic, type, qualifiedSigner, extraData, clockInfo, firmwareVersion, attested);
}
Example #4
| Source File: AuthenticatorDataConverterTest.java From webauthn4j with Apache License 2.0 | 6 votes |
|
@Test
void convert_test() {
//Given
//noinspection SpellCheckingInspection
String input = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAABRQ";
//When
AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> result = new AuthenticatorDataConverter(objectConverter).convert(Base64UrlUtil.decode(input));
//Then
assertThat(result.getRpIdHash()).isNotNull();
assertThat(result.getRpIdHash()).hasSize(32);
assertThat(result.getFlags()).isEqualTo(BIT_UP);
assertThat(result.getSignCount()).isEqualTo(325);
assertThat(result.getAttestedCredentialData()).isNull();
assertThat(result.getExtensions()).isEmpty();
}
Example #5
| Source File: PackedAttestationStatementValidatorTest.java From webauthn4j with Apache License 2.0 | 6 votes |
|
private void validate(byte[] clientDataBytes, AttestationObject attestationObject) {
byte[] attestationObjectBytes = new AttestationObjectConverter(objectConverter).convertToBytes(attestationObject);
Origin origin = new Origin(originUrl);
Challenge challenge = (Challenge) () -> Base64UrlUtil.decode(challengeString);
CollectedClientData collectedClientData = new CollectedClientDataConverter(objectConverter).convert(clientDataBytes);
Set<AuthenticatorTransport> transports = Collections.emptySet();
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput<?>> authenticationExtensionsClientOutputs = new AuthenticationExtensionsClientOutputs<>();
RegistrationObject registrationObject = new RegistrationObject(
attestationObject,
attestationObjectBytes,
collectedClientData,
clientDataBytes,
authenticationExtensionsClientOutputs,
transports,
new ServerProperty(origin, rpId, challenge, tokenBindingId)
);
validator.validate(registrationObject);
}
Example #6
| Source File: AttestationObjectDeserializerTest.java From webauthn4j with Apache License 2.0 | 6 votes |
|
@Test
void test() {
ObjectConverter objectConverter = new ObjectConverter();
CborConverter cborConverter = objectConverter.getCborConverter();
//Given
//noinspection SpellCheckingInspection
String input = "v2hhdXRoRGF0YVi6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBAAAAAQAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv2ExYTJhMvZhMyZhNPZhNfZiLTEBYi0yWCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGItM1ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhMQL_Z2F0dFN0bXS_Y3g1Y4FZAsswggLHMIIBr6ADAgECAhAg92PAQYOxBTfb6FBqIlDyMA0GCSqGSIb3DQEBCwUAMEoxEjAQBgNVBAoMCVNoYXJwTGFiLjE0MDIGA1UEAwwrc3ByaW5nLXNlY3VyaXR5LXdlYmF1dGhuIDJ0aWVyIHRlc3Qgcm9vdCBDQTAgFw0xODA1MjAwNzA5NTVaGA8yMTE4MDQyNjA3MDk1NVowfTELMAkGA1UEBhMCSlAxEjAQBgNVBAoMCVNoYXJwTGFiLjEgMB4GA1UECwwXQXR0ZXN0YXRpb24gQ2VydGlmaWNhdGUxODA2BgNVBAMML3dlYmF1dGhuNGogdGVzdCAydGllciBhdXRoZW50aWNhdG9yIGF0dGVzdGF0aW9uMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYOdbrImOAgjZN3Xb8unfHHhJDINdIykolt-ypGxcrop4KwbujX2zvoRGZvdoQ9mu-rwjAZt4H3SMsSxPvB8z8KM_MD0wDAYDVR0TAQH_BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFNDrzrNaaa7sdMR9uzsvO8OohdjhMA0GCSqGSIb3DQEBCwUAA4IBAQCtHcryqNSHDyszLtIByc5AzPam37vl0AVchb0qOxLFbmdUu4Nhzk-87YdA_VZuvVLInsIGaCwkP3rdqGAFY1HllglMnmWIoG2sKjmT3vpJydlDODaha9F_fVG7cq2i5Zx2KMTeUtuTkNdZDjocUUHXYVShgNnggoUWkVeLBG1ckzK1tAkbUwyChWMv4PDmIUBNv6DwkYI9oBSCSAJHpUzyxzMvCRbAFAICwPl3g-SQEUeiNlnzJuGXHnHxu-DB6JD2b0hPeYD6XxWPuI0Pq1G_6hGQmsNv3SF2ye2y_HOKnw3L-fzRHl5ksOdVZbpy9xXzTdIBUpvTmFuwcBo4HwRMY3NpZ1ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD_Y2ZtdGhmaWRvLXUyZv8";
//When
AttestationObject result = cborConverter.readValue(Base64UrlUtil.decode(input), AttestationObject.class);
//Then
assertAll(
() -> assertThat(result).isNotNull(),
() -> assertThat(result.getAuthenticatorData()).isNotNull(),
() -> assertThat(result.getFormat()).isEqualTo("fido-u2f"),
() -> assertThat(result.getAttestationStatement()).isNotNull(),
() -> assertThat(result.getAttestationStatement()).isInstanceOf(FIDOU2FAttestationStatement.class)
);
}
Example #7
| Source File: AuthenticatorDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void extractSignCount_test() {
//Given
//noinspection SpellCheckingInspection
String input = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAARlUOS1SqR0CfmpUat2wTATEAIHEiziyGohCFUc_hJJZGdtSu9ThnEb74K6NZC3U-KbwgpQECAyYgASFYICw4xPmHIvquDRz2KUzyyQlZFhZMbi-mc_YylL1o55jPIlggGQI5ESYAOfR8QM6quTQSoyhjZET806A3yOoCUe2AWJE";
//When
long signCount = new AuthenticatorDataConverter(objectConverter).extractSignCount(Base64UrlUtil.decode(input));
assertThat(signCount).isEqualTo(70);
}
Example #8
| Source File: WebAuthnRegistrationRequestValidatorTest.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
@Test
public void validate_test() {
WebAuthnRegistrationRequestValidator target = new WebAuthnRegistrationRequestValidator(
webAuthnManager, serverPropertyProvider
);
ServerProperty serverProperty = mock(ServerProperty.class);
when(serverPropertyProvider.provide(any())).thenReturn(serverProperty);
CollectedClientData collectedClientData = mock(CollectedClientData.class);
AttestationObject attestationObject = mock(AttestationObject.class);
AuthenticationExtensionsClientOutputs<RegistrationExtensionClientOutput<?>> clientExtensionOutputs = new AuthenticationExtensionsClientOutputs<>();
when(webAuthnManager.validate(any(RegistrationRequest.class), any(RegistrationParameters.class))).thenReturn(
new RegistrationData(attestationObject, null, collectedClientData, null, clientExtensionOutputs, null));
MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
mockHttpServletRequest.setScheme("https");
mockHttpServletRequest.setServerName("example.com");
mockHttpServletRequest.setServerPort(443);
String clientDataBase64 = "clientDataBase64";
String attestationObjectBase64 = "attestationObjectBase64";
Set<String> transports = Collections.emptySet();
String clientExtensionsJSON = "clientExtensionsJSON";
target.validate(mockHttpServletRequest, clientDataBase64, attestationObjectBase64, transports, clientExtensionsJSON);
ArgumentCaptor<RegistrationRequest> registrationRequestArgumentCaptor = ArgumentCaptor.forClass(RegistrationRequest.class);
ArgumentCaptor<RegistrationParameters> registrationParametersArgumentCaptor = ArgumentCaptor.forClass(RegistrationParameters.class);
verify(webAuthnManager).validate(registrationRequestArgumentCaptor.capture(), registrationParametersArgumentCaptor.capture());
RegistrationRequest registrationRequest = registrationRequestArgumentCaptor.getValue();
RegistrationParameters registrationParameters = registrationParametersArgumentCaptor.getValue();
assertThat(registrationRequest.getClientDataJSON()).isEqualTo(Base64UrlUtil.decode(clientDataBase64));
assertThat(registrationRequest.getAttestationObject()).isEqualTo(Base64UrlUtil.decode(attestationObjectBase64));
assertThat(registrationRequest.getClientExtensionsJSON()).isEqualTo(clientExtensionsJSON);
assertThat(registrationParameters.getServerProperty()).isEqualTo(serverProperty);
assertThat(registrationParameters.getExpectedExtensionIds()).isEqualTo(target.getExpectedRegistrationExtensionIds());
}
Example #9
| Source File: WithMockWebAuthnUserSecurityContextFactory.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
/**
* Create a {@link SecurityContext} given an Annotation.
*
* @param user the {@link WithMockWebAuthnUser} to create the {@link SecurityContext}
* from. Cannot be null.
* @return the {@link SecurityContext} to use. Cannot be null.
*/
@Override
public SecurityContext createSecurityContext(WithMockWebAuthnUser user) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
List<AuthorityEntity> authorities = Arrays.stream(user.authorities()).map((name) -> new AuthorityEntity(null, name)).collect(Collectors.toList());
List<GroupEntity> groups = Arrays.stream(user.groups()).map(GroupEntity::new).collect(Collectors.toList());
List<AuthenticatorEntity> authenticatorEntities =
Arrays.stream(user.authenticators())
.map((name) -> {
AuthenticatorEntity authenticatorEntity = new AuthenticatorEntity();
authenticatorEntity.setName(name);
return authenticatorEntity;
})
.collect(Collectors.toList());
UserEntity principal = new UserEntity();
principal.setId(user.id());
principal.setUserHandle(Base64UrlUtil.decode(user.userHandleBase64Url()));
principal.setFirstName(user.firstName());
principal.setLastName(user.lastName());
principal.setEmailAddress(user.emailAddress());
principal.setGroups(groups);
principal.setAuthorities(authorities);
principal.setAuthenticators(authenticatorEntities);
principal.setLocked(user.locked());
principal.setSingleFactorAuthenticationAllowed(user.singleFactorAuthenticationAllowed());
WebAuthnAuthenticationRequest request = mock(WebAuthnAuthenticationRequest.class);
Authentication auth =
new WebAuthnAuthenticationToken(principal, request, principal.getAuthorities());
context.setAuthentication(auth);
return context;
}
Example #10
| Source File: CollectedClientDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void convert_deserialization_test() {
//noinspection SpellCheckingInspection
String clientDataJson = "{\"challenge\":\"tk31UH1ETGGTPj33OhOMzw\",\"origin\":\"http://localhost:8080\",\"tokenBinding\":{\"status\":\"not-supported\"},\"type\":\"webauthn.get\"}";
String clientDataBase64UrlString = Base64UrlUtil.encodeToString(clientDataJson.getBytes(StandardCharsets.UTF_8));
CollectedClientData collectedClientData = target.convert(clientDataBase64UrlString);
assertAll(
() -> assertThat(collectedClientData.getType()).isEqualTo(ClientDataType.GET),
() -> assertThat(collectedClientData.getChallenge()).isEqualTo(new DefaultChallenge("tk31UH1ETGGTPj33OhOMzw")),
() -> assertThat(collectedClientData.getOrigin()).isEqualTo(new Origin("http://localhost:8080"))
);
}
Example #11
| Source File: OptionsProviderImpl.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
public AttestationOptions getAttestationOptions(HttpServletRequest request, String username, Challenge challenge) {
WebAuthnPublicKeyCredentialUserEntity user;
Collection<? extends Authenticator> authenticators;
try {
WebAuthnUserDetails userDetails = userDetailsService.loadUserByUsername(username);
authenticators = userDetails.getAuthenticators();
String userHandle = Base64UrlUtil.encodeToString(userDetails.getUserHandle());
user = new WebAuthnPublicKeyCredentialUserEntity(userHandle, username);
} catch (UsernameNotFoundException e) {
authenticators = Collections.emptyList();
user = null;
}
List<String> credentials = new ArrayList<>();
for (Authenticator authenticator : authenticators) {
String credentialId = Base64UrlUtil.encodeToString(authenticator.getAttestedCredentialData().getCredentialId());
credentials.add(credentialId);
}
PublicKeyCredentialRpEntity relyingParty = new PublicKeyCredentialRpEntity(getEffectiveRpId(request), rpName, rpIcon);
if (challenge == null) {
challenge = challengeRepository.loadOrGenerateChallenge(request);
} else {
challengeRepository.saveChallenge(challenge, request);
}
return new AttestationOptions(relyingParty, user, challenge, pubKeyCredParams, registrationTimeout,
credentials, registrationExtensions);
}
Example #12
| Source File: OptionsProviderImpl.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
public AssertionOptions getAssertionOptions(HttpServletRequest request, String username, Challenge challenge) {
Collection<? extends Authenticator> authenticators;
try {
WebAuthnUserDetails userDetails = userDetailsService.loadUserByUsername(username);
authenticators = userDetails.getAuthenticators();
} catch (UsernameNotFoundException e) {
authenticators = Collections.emptyList();
}
String effectiveRpId = getEffectiveRpId(request);
List<String> credentials = new ArrayList<>();
for (Authenticator authenticator : authenticators) {
String credentialId = Base64UrlUtil.encodeToString(authenticator.getAttestedCredentialData().getCredentialId());
credentials.add(credentialId);
}
if (challenge == null) {
challenge = challengeRepository.loadOrGenerateChallenge(request);
} else {
challengeRepository.saveChallenge(challenge, request);
}
Parameters parameters
= new Parameters(usernameParameter, passwordParameter,
credentialIdParameter, clientDataJSONParameter, authenticatorDataParameter, signatureParameter, clientExtensionsJSONParameter);
return new AssertionOptions(challenge, authenticationTimeout, effectiveRpId, credentials, authenticationExtensions, parameters);
}
Example #13
| Source File: EC2COSEKeyTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void createFromUncompressedECCKey_test() {
byte[] bytes = Base64UrlUtil.decode("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
EC2COSEKey key = EC2COSEKey.createFromUncompressedECCKey(bytes);
assertThat(key.getX()).isEqualTo(Base64UrlUtil.decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
assertThat(key.getX()).isEqualTo(Base64UrlUtil.decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"));
}
Example #14
| Source File: MetadataItemsProviderTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void fetchMetadataStatement() {
HttpClient httpClient = mock(HttpClient.class);
when(httpClient.fetch(any())).thenReturn("ewogICAgImFhZ3VpZCI6ICI4MTMwM2MxYS0yNWNmLTRmNDMtYmUwNC0wNDYwZGY1YjZjNjgiLAogICAgImFsdGVybmF0aXZlRGVzY3JpcHRpb25zIjogewogICAgICAgICJydS1SVSI6ICLQktC40YDRgtGD0LDQu9GM0L3Ri9C5IFNlY3AyNTZSMSBDVEFQMiDQsNGD0YLQtdC90YLQuNGE0LjQutCw0YLQvtGAINC00LvRjyDRgtC10YHRgtC40YDQvtCy0LDQvdC40LUg0YHQtdGA0LLQtdGA0L7QsiDQvdCwINGB0L7QvtGC0LLQtdGC0YHQstC40LUg0YHQv9C10YbQuNGE0LjQutCw0YbQuNC4IEZJRE8yIDgxMzAzYzFhLTI1Y2YtNGY0My1iZTA0LTA0NjBkZjViNmM2OCIKICAgIH0sCiAgICAiYXNzZXJ0aW9uU2NoZW1lIjogIkZJRE9WMiIsCiAgICAiYXR0YWNobWVudEhpbnQiOiAyLAogICAgImF0dGVzdGF0aW9uUm9vdENlcnRpZmljYXRlcyI6IFsKICAgICAgICAiTUlJRndEQ0NBNmdDQ1FDTm0xdTU2b1J3WFRBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFWU1CWUdBMVVFQXd3UFJrbEVUeklnVkVWVFZDQlNUMDlVTVRFd0x3WUpLb1pJaHZjTkFRa0JGaUpqYjI1bWIzSnRZVzVqWlMxMGIyOXNjMEJtYVdSdllXeHNhV0Z1WTJVdWIzSm5NUll3RkFZRFZRUUtEQTFHU1VSUElFRnNiR2xoYm1ObE1Rd3dDZ1lEVlFRTERBTkRWMGN4Q3pBSkJnTlZCQVlUQWxWVE1Rc3dDUVlEVlFRSURBSk5XVEVTTUJBR0ExVUVCd3dKVjJGclpXWnBaV3hrTUI0WERURTRNRE14TmpFME16VXlOMW9YRFRRMU1EZ3dNVEUwTXpVeU4xb3dnYUV4R0RBV0JnTlZCQU1NRDBaSlJFOHlJRlJGVTFRZ1VrOVBWREV4TUM4R0NTcUdTSWIzRFFFSkFSWWlZMjl1Wm05eWJXRnVZMlV0ZEc5dmJITkFabWxrYjJGc2JHbGhibU5sTG05eVp6RVdNQlFHQTFVRUNnd05Sa2xFVHlCQmJHeHBZVzVqWlRFTU1Bb0dBMVVFQ3d3RFExZEhNUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0F3Q1RWa3hFakFRQmdOVkJBY01DVmRoYTJWbWFXVnNaRENDQWlJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFMMTFVNXlBSVZMTXJMM3hTOHU4eXNNU2RPa0Rlb1RPK1JjQXkrdVhYcDZrNFNDK2pPeTM3Z0lDRXRZSStNS1FWMUVNZU1NZjNyTTF1ZVpBTzNpUEZhME5FZGkvb1E3bnBuR2pCTkk4d016RDhGZk5lNnJXdHprRGFIcHNaVy8vL013V0RwR3lKUitYeWpjcTZVNHZTOWJTNnpaN2pzbHcwT2N6eDRVc1lnT3NJVVhTU0JhR09yUmJ4Si9KQzVnbkRZRVl2dE5NK1BEUGN6TE5LQXloZHZCWldOV0hyN01aMFA1VGVKUWNYc0FvU2hSWDJZOFU4ZlJOSm03U2VpRktEUDBObi9RS3hPU3Q3ekdQNHh0OW5NYXNFMXEyWlRkYXIyK1cxM0NSejM3UkkwWldwcS8rWXF1b0ViWjdVajdObUJUY3FoYjI2MG5tREVSMkZwd3dZd1BTYXJrOTJJWmJhbW96QjhkN09FSTFqSmdzcmpKaEthbjBFbVJhV1ZCcEhUNHhZS2RFdTdyMDlTMEpoS3lVKzUyV0RtbVZRVE1wWUxybTRYbDdoUnh5UHlCWWthbHJvenNHbVBzOHZsaE5xM1ZzVmJ5QlNNU3BFbVVhZUFhN0xMRTkvVmgwYWdKTFZGSGgxZWhZS0pwekhubW1CWFVxeDBGejNhZm1EbTFOWDBzcjNPLzZ4SXgxVlNUVmlUM0tOeEJZcFZIMXFqSEFUTHp1eGNXbW0rNzVmY0pNaVBZUFNNWFZtUmIzUTFsOTFBTTRCQmVXaGxQM0ZiYzdnRHkwcitzN20wc0dTNlBUMkoyckdvZzJyVXhuSit6Q00xMU03RGVPMFhNMm5ueTR1UllQUGs5dzJFWHpmdnRkdmllWVUvNVJCNFJEbTVUR3hIaEdYVlpVZ2FjNUFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUZ0MlhHZDNrNUdwYk8xRVVtM3U2MHpUMWZFNnU2cE9zY3AxNTZrNVZuc0hnYUhSSGRJQVBOTGVMTm1SN3k1T25yWGJoMTNDckd3VTFxODRqakpYcHYrdjE0eFVDYzVpMDF5b3BGVFFGTHI0QTdOSHAybk5ZZk5oaElWU0ZBZ1c0M0VmbEpmbGJMRWVsQ0p6eExsV2I1Qm9Ec1plZU5tRVFzWElNMW1KMjZSM3IwZHpzSEJiMHV5KzhMTlIxZ2RWcWRqaEM4Qkx5M2doNCtCV3VpZHlaTnQwN0x2ZURzU0ZXNXJjajV3UnJTeDloWFBJeVZwalFTbGpOdlk3TVZUb3VxSnpOQUFRTXNUS2tYUGtUWGxkQ29wOVFvOVVQa0hSUm0wbDdMTHRkYU9vWHJjdDBZbW9jZjh6eGY5YkZOaXc5ZjRXUllRTTZzTWh6dDgrcy9vRGlsbzRRaGNVZ2VKRWlFUEVTaTZ5bllUVjYyU0hBNGVNdW5VSjVkbENhUm5GaVI5RFRJbUZhNUlSemllMzI2L25XL1NQQ2FLYy95ckZJaWhNTWpKb1NBUGhwVGIvSzZ5SE9VRzhyK0tpUXV0N056cUdWMzAxcFE5dTYyZEdMNU9pMVZYbUNGbEUycmFtWnMxNUJOT1V5QW8yQ0JiUkpnM2pLY2R1LzhRQzZvampEdlE4NjMrN0xQdG43NHdKQzVScFVKc1MwR2hRV2dxNXBBWE8zd0E2MVVvYnhpNk1rT3BDQzB6Qld4L2Q0Q3FwUzRqNGhGZ3hXQlRYWDQ4aWhQdStoSXhJRi9BeGJxdFB2cUxNRXhXL3haSVRuNkFycFd5UTllNFNVVnIzbjNGMzNhcDFYZER5WjB2d0ZjbTE4SlFBdHN2WFQ2cUNMcldPWG5IVWdmbi8rVml1IgogICAgXSwKICAgICJhdHRlc3RhdGlvblR5cGVzIjogWwogICAgICAgIDE1ODc5LAogICAgICAgIDE1ODgwCiAgICBdLAogICAgImF1dGhlbnRpY2F0aW9uQWxnb3JpdGhtIjogMSwKICAgICJhdXRoZW50aWNhdG9yVmVyc2lvbiI6IDIsCiAgICAiY3J5cHRvU3RyZW5ndGgiOiAxMjgsCiAgICAiZGVzY3JpcHRpb24iOiAiVmlydHVhbCBTZWNwMjU2UjEgRklETzIgQ29uZm9ybWFuY2UgVGVzdGluZyBDVEFQMiBBdXRoZW50aWNhdG9yIDgxMzAzYzFhLTI1Y2YtNGY0My1iZTA0LTA0NjBkZjViNmM2OCIsCiAgICAiaWNvbiI6ICJkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUNBQUFBQWdDQUlBQUFEOEdPMmpBQUFBQ1hCSVdYTUFBQzRqQUFBdUl3RjRwVDkyQUFBS1QybERRMUJRYUc5MGIzTm9iM0FnU1VORElIQnliMlpwYkdVQUFIamFuVk5uVkZQcEZqMzMzdlJDUzRpQWxFdHZVaFVJSUZKQ2k0QVVrU1lxSVFrUVNvZ2hvZGtWVWNFUlJVVUVHOGlnaUFPT2pvQ01GVkVzRElvSzJBZmtJYUtPZzZPSWlzcjc0WHVqYTlhODkrYk4vclhYUHVlczg1Mnp6d2ZBQ0F5V1NETlJOWUFNcVVJZUVlQ0R4OFRHNGVRdVFJRUtKSEFBRUFpelpDRnovU01CQVBoK1BEd3JJc0FIdmdBQmVOTUxDQURBVFp2QU1CeUgvdy9xUXBsY0FZQ0VBY0Iwa1RoTENJQVVBRUI2amtLbUFFQkdBWUNkbUNaVEFLQUVBR0RMWTJMakFGQXRBR0FuZitiVEFJQ2QrSmw3QVFCYmxDRVZBYUNSQUNBVFpZaEVBR2c3QUt6UFZvcEZBRmd3QUJSbVM4UTVBTmd0QURCSlYyWklBTEMzQU1ET0VBdXlBQWdNQURCUmlJVXBBQVI3QUdESUl5TjRBSVNaQUJSRzhsYzg4U3V1RU9jcUFBQjRtYkk4dVNRNVJZRmJDQzF4QjFkWExoNG96a2tYS3hRMllRSmhta0F1d25tWkdUS0JOQS9nODh3QUFLQ1JGUkhnZy9QOWVNNE9yczdPTm82MkRsOHQ2cjhHL3lKaVl1UCs1YytyY0VBQUFPRjBmdEgrTEMrekdvQTdCb0J0L3FJbDdnUm9YZ3VnZGZlTFpySVBRTFVBb09uYVYvTncrSDQ4UEVXaGtMbloyZVhrNU5oS3hFSmJZY3BYZmY1bndsL0FWLzFzK1g0OC9QZjE0TDdpSklFeVhZRkhCUGpnd3N6MFRLVWN6NUlKaEdMYzVvOUgvTGNMLy93ZDB5TEVTV0s1V0NvVTQxRVNjWTVFbW96ek1xVWlpVUtTS2NVbDB2OWs0dDhzK3dNKzN6VUFzR28rQVh1UkxhaGRZd1AyU3ljUVdIVEE0dmNBQVBLN2I4SFVLQWdEZ0dpRDRjOTMvKzgvL1VlZ0pRQ0Faa21TY1FBQVhrUWtMbFRLc3ovSENBQUFSS0NCS3JCQkcvVEJHQ3pBQmh6QkJkekJDL3hnTm9SQ0pNVENRaEJDQ21TQUhISmdLYXlDUWlpR3piQWRLbUF2MUVBZE5NQlJhSWFUY0E0dXdsVzREajF3RC9waENKN0JLTHlCQ1FSQnlBZ1RZU0hhaUFGaWlsZ2pqZ2dYbVlYNEljRklCQktMSkNESmlCUlJJa3VSTlVneFVvcFVJRlZJSGZJOWNnSTVoMXhHdXBFN3lBQXlndnlHdkVjeGxJR3lVVDNVRExWRHVhZzNHb1JHb2d2UVpIUXhtbzhXb0p2UWNyUWFQWXcyb2VmUXEyZ1AybzgrUThjd3dPZ1lCelBFYkRBdXhzTkNzVGdzQ1pOank3RWlyQXlyeGhxd1Zxd0R1NG4xWTgreGR3UVNnVVhBQ1RZRWQwSWdZUjVCU0ZoTVdFN1lTS2dnSENRMEVkb0pOd2tEaEZIQ0p5S1RxRXUwSnJvUitjUVlZakl4aDFoSUxDUFdFbzhUTHhCN2lFUEVOeVFTaVVNeUo3bVFBa214cEZUU0V0SkcwbTVTSStrc3FaczBTQm9qazhuYVpHdXlCem1VTENBcnlJWGtuZVRENURQa0crUWg4bHNLbldKQWNhVDRVK0lvVXNwcVNobmxFT1UwNVFabG1ESkJWYU9hVXQyb29WUVJOWTlhUXEyaHRsS3ZVWWVvRXpSMW1qbk5neFpKUzZXdG9wWFRHbWdYYVBkcHIraDB1aEhkbFI1T2w5Qlgwc3ZwUitpWDZBUDBkd3dOaGhXRHg0aG5LQm1iR0FjWVp4bDNHSytZVEtZWjA0c1p4MVF3TnpIcm1PZVpENWx2VlZncXRpcDhGWkhLQ3BWS2xTYVZHeW92VkttcXBxcmVxZ3RWODFYTFZJK3BYbE45cmtaVk0xUGpxUW5VbHF0VnFwMVE2MU1iVTJlcE82aUhxbWVvYjFRL3BINVovWWtHV2NOTXcwOURwRkdnc1YvanZNWWdDMk1aczNnc0lXc05xNFoxZ1RYRUpySE4yWHgyS3J1WS9SMjdpejJxcWFFNVF6TktNMWV6VXZPVVpqOEg0NWh4K0p4MFRnbm5LS2VYODM2SzNoVHZLZUlwRzZZMFRMa3haVnhycXBhWGxsaXJTS3RScTBmcnZUYXU3YWVkcHIxRnUxbjdnUTVCeDBvblhDZEhaNC9PQlozblU5bFQzYWNLcHhaTlBUcjFyaTZxYTZVYm9idEVkNzl1cCs2WW5yNWVnSjVNYjZmZWViM24raHg5TC8xVS9XMzZwL1ZIREZnR3N3d2tCdHNNemhnOHhUVnhiendkTDhmYjhWRkRYY05BUTZWaGxXR1g0WVNSdWRFOG85VkdqVVlQakduR1hPTWs0MjNHYmNhakpnWW1JU1pMVGVwTjdwcFNUYm1tS2FZN1REdE14ODNNemFMTjFwazFtejB4MXpMbm0rZWIxNXZmdDJCYWVGb3N0cWkydUdWSnN1UmFwbG51dHJ4dWhWbzVXYVZZVlZwZHMwYXRuYTBsMXJ1dHU2Y1JwN2xPazA2cm50Wm53N0R4dHNtMnFiY1pzT1hZQnR1dXRtMjJmV0ZuWWhkbnQ4V3V3KzZUdlpOOXVuMk4vVDBIRFlmWkRxc2RXaDErYzdSeUZEcFdPdDZhenB6dVAzM0Y5SmJwTDJkWXp4RFAyRFBqdGhQTEtjUnBuVk9iMDBkbkYyZTVjNFB6aUl1SlM0TExMcGMrTHBzYnh0M0l2ZVJLZFBWeFhlRjYwdldkbTdPYnd1Mm8yNi91TnU1cDdvZmNuOHcwbnltZVdUTnowTVBJUStCUjVkRS9DNStWTUd2ZnJINVBRMCtCWjdYbkl5OWpMNUZYcmRld3Q2VjNxdmRoN3hjKzlqNXluK00rNHp3MzNqTGVXVi9NTjhDM3lMZkxUOE52bmwrRjMwTi9JLzlrLzNyLzBRQ25nQ1VCWndPSmdVR0JXd0w3K0hwOEliK09QenJiWmZheTJlMUJqS0M1UVJWQmo0S3RndVhCclNGb3lPeVFyU0gzNTVqT2tjNXBEb1ZRZnVqVzBBZGg1bUdMdzM0TUo0V0hoVmVHUDQ1d2lGZ2EwVEdYTlhmUjNFTnozMFQ2UkpaRTNwdG5NVTg1cnkxS05TbytxaTVxUE5vM3VqUzZQOFl1WmxuTTFWaWRXRWxzU3h3NUxpcXVObTVzdnQvODdmT0g0cDNpQytON0Y1Z3Z5RjF3ZWFIT3d2U0ZweGFwTGhJc09wWkFUSWhPT0pUd1FSQXFxQmFNSmZJVGR5V09Dbm5DSGNKbklpL1JOdEdJMkVOY0toNU84a2dxVFhxUzdKRzhOWGtreFRPbExPVzVoQ2Vwa0x4TURVemRtenFlRnBwMklHMHlQVHE5TVlPU2taQnhRcW9oVFpPMlorcG41bVoyeTZ4bGhiTCt4VzZMdHk4ZWxRZkphN09RckFWWkxRcTJRcWJvVkZvbzF5b0hzbWRsVjJhL3pZbktPWmFybml2TjdjeXp5dHVRTjV6dm4vL3RFc0lTNFpLMnBZWkxWeTBkV09hOXJHbzVzanh4ZWRzSzR4VUZLNFpXQnF3OHVJcTJLbTNWVDZ2dFY1ZXVmcjBtZWsxcmdWN0J5b0xCdFFGcjZ3dFZDdVdGZmV2YzErMWRUMWd2V2QrMVlmcUduUnMrRlltS3JoVGJGNWNWZjlnbzNIamxHNGR2eXIrWjNKUzBxYXZFdVdUUFp0Sm02ZWJlTFo1YkRwYXFsK2FYRG00TjJkcTBEZDlXdE8zMTlrWGJMNWZOS051N2c3WkR1YU8vUExpOFphZkp6czA3UDFTa1ZQUlUrbFEyN3RMZHRXSFgrRzdSN2h0N3ZQWTA3TlhiVzd6My9UN0p2dHRWQVZWTjFXYlZaZnRKKzdQM1A2NkpxdW40bHZ0dFhhMU9iWEh0eHdQU0EvMEhJdzYyMTduVTFSM1NQVlJTajlZcjYwY094eCsrL3AzdmR5ME5OZzFWalp6RzRpTndSSG5rNmZjSjMvY2VEVHJhZG94N3JPRUgweDkySFdjZEwycENtdkthUnB0VG12dGJZbHU2VDh3KzBkYnEzbnI4UjlzZkQ1dzBQRmw1U3ZOVXlXbmE2WUxUazJmeXo0eWRsWjE5Zmk3NTNHRGJvclo3NTJQTzMyb1BiKys2RUhUaDBrWC9pK2M3dkR2T1hQSzRkUEt5MitVVFY3aFhtcTg2WDIzcWRPbzgvcFBUVDhlN25MdWFycmxjYTdudWVyMjFlMmIzNlJ1ZU44N2Q5TDE1OFJiLzF0V2VPVDNkdmZONmIvZkY5L1hmRnQxK2NpZjl6c3U3MlhjbjdxMjhUN3hmOUVEdFFkbEQzWWZWUDF2KzNOanYzSDlxd0hlZzg5SGNSL2NHaFlQUC9wSDFqdzlEQlkrWmo4dUdEWWJybmpnK09UbmlQM0w5NmZ5blE4OWt6eWFlRi82aS9zdXVGeFl2ZnZqVjY5Zk8wWmpSb1pmeWw1Ty9iWHlsL2VyQTZ4bXYyOGJDeGg2K3lYZ3pNVjcwVnZ2dHdYZmNkeDN2bzk4UFQrUjhJSDhvLzJqNXNmVlQwS2Y3a3htVGsvOEVBNWp6L0dNekxkc0FBQUFnWTBoU1RRQUFlaVVBQUlDREFBRDUvd0FBZ09rQUFIVXdBQURxWUFBQU9wZ0FBQmR2a2wvRlJnQUFBdGhKUkVGVWVOcnNsdDlMazFFWXg3L3ZOdGUwdlhPazd5UzdxeVdCWXZuaklrdEdVMHZEQ3drdFY0S1hwdjN3Qi80QkJpSWEvUUMxd2prVlV4TnNVdXV1emQxazZpQkxDeElGemNEWE9UWndZOHIyc3IxcnA0dVhadW9nZ3J5SmZTOGVlTDZjNTN3NDUrRTVISW9RZ29PVUNBZXNHQ0FHaUFFQXlYNkxaZG4xOVhXR1lkUnE5VDhna04xcWEyMFZEbFZaY1pVUVlwdVpLUzB0SFRjYTl5d3o2SHVycTZzL3pzNlNQMmtYd0dJMkF6aktxSFE2M2Z0M2s0U1Fwb1lHQU1XRlJYdktMbW9MQUF3T0RQd2RvTGRIRDJCa2FPaDM4NDNKNUhLNTlwVFYxZHdFOEdwOGZQK09TNHRMNXJmbUg2R1FrTzcwb0x1emMyand1U29wMmRCck9DeW5rNUtPOVBYM1oyWmtNQ2twcXl2ZkdJWUJjTCs5dzJxZEtDb3FDZ1FDQUhpZUYyb2ZQM3hrTXIxVzBJcmF1bHB0UVlIUDd3TkY3ZTJCTmw4RElPMzRDUUFOZCt1N3U3b0FTRUFCcUt1cEpZUlU2YTREb0dYeHFhb1VwWndXQTlhSkNVSkk0UVV0Z0ZQcWt3blNRd0Q2OVByb1Z4UU1CdHZiMmlpS2V0RFJ3Zk44S0JUaU9PN1prNmNBK25vTkxNc0N5TW84emZuOUhNZmxuTWtDc0xTNE9EMDFEVUIzOVJvaHhPbDB5aE1TNGlpUjNXNlBiTHN6QjNGeGNiUkNRUWhSSkNaS0pCS3hXQ3lUeWVSeUdvQlVLdjB5L3htQVRsY3BpNCtYeVdRYWpRYUF6K2VibXB3RVVGNVJEa0NsVWhWcUMzZ1NucCtiaXo0SG5OOFB3Ty8zUjV4QWdNdk56azVta2tXVUNNRHE2bmZCZHpnMkJEQ3RVQUJ3T2wyL2ZJZEFpZzRJQm9PUktJam5lUVZOYjNtM2lpK1hpRUhwK3d6cEdlbHV0L3VsMFFnZ0VBaVVYU203ZGVmMnZaYVd0TFMwaFlXdkgrWSs1Wi9OeThuTmpmNVVTQ1NTU0l3NDRYRFk0ZGhRS3BYRHc4TmlpcXB2YkJ3ZGVWRjFvd29BdTdhV21uck0wS1BmM3Q2K1ZGTGMxTng4UHUvYzZOaVlTQ1NLUHNrZXQyZDVlZG5qOFVRY3I5ZHJYN2U3M1p0Q3lySnJWcXMxSEE0VFFwWlhWcnhlcitDN045MFdpOFZtcyswZkN5cjJxNGdCWW9EL0FQQnpBSTZWTnFHUVBVcW5BQUFBQUVsRlRrU3VRbUNDIiwKICAgICJpc1NlY29uZEZhY3Rvck9ubHkiOiBmYWxzZSwKICAgICJrZXlQcm90ZWN0aW9uIjogMTAsCiAgICAibWF0Y2hlclByb3RlY3Rpb24iOiA0LAogICAgIm9wZXJhdGluZ0VudiI6ICJTZWN1cmUgRWxlbWVudCAoU0UpIiwKICAgICJwcm90b2NvbEZhbWlseSI6ICJmaWRvMiIsCiAgICAicHVibGljS2V5QWxnQW5kRW5jb2RpbmciOiAyNjAsCiAgICAidGNEaXNwbGF5IjogMCwKICAgICJ1cHYiOiBbCiAgICAgICAgewogICAgICAgICAgICAibWFqb3IiOiAxLAogICAgICAgICAgICAibWlub3IiOiAwCiAgICAgICAgfQogICAgXSwKICAgICJ1c2VyVmVyaWZpY2F0aW9uRGV0YWlscyI6IFsKICAgICAgICBbCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICJ1c2VyVmVyaWZpY2F0aW9uIjogMQogICAgICAgICAgICB9CiAgICAgICAgXQogICAgXQp9");
FidoMdsMetadataItemsProvider target = new FidoMdsMetadataItemsProvider(objectConverter, httpClient);
target.fetchMetadataStatement("dummy", Base64UrlUtil.decode("Sl1MsjaaSHLy2fy6AkhADanzZ6FBA89plTu8rrOAzlc"));
}
Example #15
| Source File: JsonConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void writeValueAsBytes_test() {
ConverterTestDto converterTestDto = new ConverterTestDto();
converterTestDto.setValue("dummy");
byte[] bytes = jsonConverter.writeValueAsBytes(converterTestDto);
assertThat(Base64UrlUtil.encodeToString(bytes)).isEqualTo("eyJ2YWx1ZSI6ImR1bW15In0");
}
Example #16
| Source File: WebAuthnProcessingFilterTest.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
@Test
public void attemptAuthentication_test_with_credential() {
String credentialId = "AAhdofeLeQWG6Y6gwwytZKNCDFB1WaIgqDsOwVYR5UavKQhAti4ic9_Dz-_CQEPpN0To6hiDRSCvmFHXaG6HK5yvvhm4DJRVJXzSvZiq5NefbXSYIr2uUaKbsoBe1lulhNdL9dRt6Dkkp38uq02YIR5CDaoxD-HQgMsS667aWlhHVKE884Sq0d1VVgGTDb1ds-Py_H7CDqk9SDErb8-XtQ9L";
String clientDataJSON = "eyJjaGFsbGVuZ2UiOiJGT3JHWklmSFJfeURaSklydTVPdXBBIiwiaGFzaEFsZyI6IlMyNTYiLCJvcmlnaW4iOiJsb2NhbGhvc3QifQ";
String authenticatorData = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAABaQ";
String signature = "MEUCIGBYMUVg2KkMG7V7UEsGxUeKVaO8x587JyVoZkk6FmsgAiEA5XRKxlYe2Vpwn-JYEJhcEVJ3-0nYFG-JfheOk4rA3dc";
String clientExtensionsJSON = "";
ServerProperty serverProperty = mock(ServerProperty.class);
//Given
mockHttpServletRequest.setMethod("POST");
mockHttpServletRequest.setServerName("example.com");
mockHttpServletRequest.setParameter("credentialId", credentialId);
mockHttpServletRequest.setParameter("clientDataJSON", clientDataJSON);
mockHttpServletRequest.setParameter("authenticatorData", authenticatorData);
mockHttpServletRequest.setParameter("signature", signature);
mockHttpServletRequest.setParameter("clientExtensionsJSON", clientExtensionsJSON);
when(authenticationManager.authenticate(captor.capture())).thenReturn(null);
when(serverPropertyProvider.provide(any())).thenReturn(serverProperty);
//When
target.attemptAuthentication(mockHttpServletRequest, mockHttpServletResponse);
//Then
WebAuthnAssertionAuthenticationToken authenticationToken = (WebAuthnAssertionAuthenticationToken) captor.getValue();
verify(serverPropertyProvider).provide(mockHttpServletRequest);
assertThat(authenticationToken.getPrincipal()).isNull();
assertThat(authenticationToken.getCredentials()).isInstanceOf(WebAuthnAuthenticationRequest.class);
assertThat(authenticationToken.getCredentials().getCredentialId()).isEqualTo(Base64UrlUtil.decode(credentialId));
assertThat(authenticationToken.getCredentials().getClientDataJSON()).isEqualTo(Base64UrlUtil.decode(clientDataJSON));
assertThat(authenticationToken.getCredentials().getAuthenticatorData()).isEqualTo(Base64UrlUtil.decode(authenticatorData));
assertThat(authenticationToken.getCredentials().getSignature()).isEqualTo(Base64UrlUtil.decode(signature));
assertThat(authenticationToken.getCredentials().getClientExtensionsJSON()).isEqualTo(clientExtensionsJSON);
assertThat(authenticationToken.getCredentials().getServerProperty()).isEqualTo(serverProperty);
}
Example #17
| Source File: WebAuthnProcessingFilterTest.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
@Test
public void attemptAuthentication_test_with_get_method() {
String credentialId = "AAhdofeLeQWG6Y6gwwytZKNCDFB1WaIgqDsOwVYR5UavKQhAti4ic9_Dz-_CQEPpN0To6hiDRSCvmFHXaG6HK5yvvhm4DJRVJXzSvZiq5NefbXSYIr2uUaKbsoBe1lulhNdL9dRt6Dkkp38uq02YIR5CDaoxD-HQgMsS667aWlhHVKE884Sq0d1VVgGTDb1ds-Py_H7CDqk9SDErb8-XtQ9L";
String clientDataJSON = "eyJjaGFsbGVuZ2UiOiJGT3JHWklmSFJfeURaSklydTVPdXBBIiwiaGFzaEFsZyI6IlMyNTYiLCJvcmlnaW4iOiJsb2NhbGhvc3QifQ";
String authenticatorData = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAABaQ";
String signature = "MEUCIGBYMUVg2KkMG7V7UEsGxUeKVaO8x587JyVoZkk6FmsgAiEA5XRKxlYe2Vpwn-JYEJhcEVJ3-0nYFG-JfheOk4rA3dc";
String clientExtensionsJSON = "";
ServerProperty serverProperty = mock(ServerProperty.class);
//Given
target.setPostOnly(false);
mockHttpServletRequest.setMethod("GET");
mockHttpServletRequest.setServerName("example.com");
mockHttpServletRequest.setParameter("credentialId", credentialId);
mockHttpServletRequest.setParameter("clientDataJSON", clientDataJSON);
mockHttpServletRequest.setParameter("authenticatorData", authenticatorData);
mockHttpServletRequest.setParameter("signature", signature);
mockHttpServletRequest.setParameter("clientExtensionsJSON", clientExtensionsJSON);
when(authenticationManager.authenticate(captor.capture())).thenReturn(null);
when(serverPropertyProvider.provide(any())).thenReturn(serverProperty);
//When
target.attemptAuthentication(mockHttpServletRequest, mockHttpServletResponse);
//Then
WebAuthnAssertionAuthenticationToken authenticationToken = (WebAuthnAssertionAuthenticationToken) captor.getValue();
verify(serverPropertyProvider).provide(mockHttpServletRequest);
assertThat(authenticationToken.getPrincipal()).isNull();
assertThat(authenticationToken.getCredentials()).isInstanceOf(WebAuthnAuthenticationRequest.class);
assertThat(authenticationToken.getCredentials().getCredentialId()).isEqualTo(Base64UrlUtil.decode(credentialId));
assertThat(authenticationToken.getCredentials().getClientDataJSON()).isEqualTo(Base64UrlUtil.decode(clientDataJSON));
assertThat(authenticationToken.getCredentials().getAuthenticatorData()).isEqualTo(Base64UrlUtil.decode(authenticatorData));
assertThat(authenticationToken.getCredentials().getSignature()).isEqualTo(Base64UrlUtil.decode(signature));
assertThat(authenticationToken.getCredentials().getClientExtensionsJSON()).isEqualTo(clientExtensionsJSON);
assertThat(authenticationToken.getCredentials().getServerProperty()).isEqualTo(serverProperty);
}
Example #18
| Source File: OptionsProviderImplTest.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
@Test
public void getAssertionOptions_with_challenge_test() {
Challenge challenge = new DefaultChallenge();
byte[] credentialId = new byte[]{0x01, 0x23, 0x45};
WebAuthnUserDetailsService userDetailsService = mock(WebAuthnUserDetailsService.class);
WebAuthnUserDetails userDetails = mock(WebAuthnUserDetails.class);
Authenticator authenticator = mock(Authenticator.class, RETURNS_DEEP_STUBS);
List<Authenticator> authenticators = Collections.singletonList(authenticator);
ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
MockHttpServletRequest mockRequest = new MockHttpServletRequest();
when(userDetailsService.loadUserByUsername(any())).thenReturn(userDetails);
doReturn(new byte[0]).when(userDetails).getUserHandle();
doReturn(authenticators).when(userDetails).getAuthenticators();
when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);
OptionsProvider optionsProvider = new OptionsProviderImpl(userDetailsService, challengeRepository);
optionsProvider.setRpId("example.com");
optionsProvider.setRpName("rpName");
AssertionOptions attestationOptions = optionsProvider.getAssertionOptions(mockRequest, "dummy", challenge);
assertThat(attestationOptions.getRpId()).isEqualTo("example.com");
assertThat(attestationOptions.getChallenge()).isEqualTo(challenge);
assertThat(attestationOptions.getCredentials()).containsExactly(Base64UrlUtil.encodeToString(credentialId));
}
Example #19
| Source File: AuthenticatorDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void extractAttestedCredentialData_test() {
//Given
//noinspection SpellCheckingInspection
String input = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAARlUOS1SqR0CfmpUat2wTATEAIHEiziyGohCFUc_hJJZGdtSu9ThnEb74K6NZC3U-KbwgpQECAyYgASFYICw4xPmHIvquDRz2KUzyyQlZFhZMbi-mc_YylL1o55jPIlggGQI5ESYAOfR8QM6quTQSoyhjZET806A3yOoCUe2AWJE";
//When
byte[] result = new AuthenticatorDataConverter(objectConverter).extractAttestedCredentialData(Base64UrlUtil.decode(input));
assertThat(result).isEqualTo(Base64UrlUtil.decode("VQ5LVKpHQJ-alRq3bBMBMQAgcSLOLIaiEIVRz-EklkZ21K71OGcRvvgro1kLdT4pvCClAQIDJiABIVggLDjE-Yci-q4NHPYpTPLJCVkWFkxuL6Zz9jKUvWjnmM8iWCAZAjkRJgA59HxAzqq5NBKjKGNkRPzToDfI6gJR7YBYkQ"));
}
Example #20
| Source File: AuthenticatorDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void deserialize_data_with_surplus_bytes_test() {
//noinspection SpellCheckingInspection
String input = "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAABRQ";
byte[] data = Base64UrlUtil.decode(input);
byte[] bytes = Arrays.copyOf(data, data.length + 1);
AuthenticatorDataConverter authenticatorDataConverter = new AuthenticatorDataConverter(objectConverter);
//When
assertThrows(DataConversionException.class,
() -> authenticatorDataConverter.convert(bytes)
);
}
Example #21
| Source File: AuthenticatorDataConverterTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void convert_too_short_data_test() {
//Given
//noinspection SpellCheckingInspection
byte[] input = Base64UrlUtil.decode("SZYN5YgOjGh0NBcP");
AuthenticatorDataConverter authenticatorDataConverter = new AuthenticatorDataConverter(objectConverter);
//When
assertThrows(DataConversionException.class,
() -> authenticatorDataConverter.convert(input)
);
}
Example #22
| Source File: TokenBindingTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void constructor_test() {
TokenBinding tokenBindingA = new TokenBinding(TokenBindingStatus.SUPPORTED, Base64UrlUtil.encodeToString(new byte[]{0x01, 0x23, 0x45}));
TokenBinding tokenBindingB = new TokenBinding(TokenBindingStatus.SUPPORTED, new byte[]{0x01, 0x23, 0x45});
assertThat(tokenBindingA).isEqualTo(tokenBindingB);
}
Example #23
| Source File: WebAuthnRegistrationRequestValidator.java From webauthn4j-spring-security with Apache License 2.0 | 5 votes |
|
RegistrationRequest createRegistrationRequest(String clientDataBase64,
String attestationObjectBase64,
Set<String> transports,
String clientExtensionsJSON) {
byte[] clientDataBytes = Base64UrlUtil.decode(clientDataBase64);
byte[] attestationObjectBytes = Base64UrlUtil.decode(attestationObjectBase64);
return new RegistrationRequest(
attestationObjectBytes,
clientDataBytes,
clientExtensionsJSON,
transports
);
}
Example #24
| Source File: TokenBinding.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public TokenBinding(TokenBindingStatus status, byte[] id) {
this.status = status;
if (id == null) {
this.id = null;
} else {
this.id = Base64UrlUtil.encodeToString(id);
}
}
Example #25
| Source File: JWSFactory.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public <T extends Serializable> JWS<T> parse(String value, Class<T> payloadType) {
String[] data = value.split("\\.");
if (data.length != 3) {
throw new IllegalArgumentException("JWS value is not divided by two period.");
}
String headerString = data[0];
String payloadString = data[1];
String signatureString = data[2];
JWSHeader header = jsonConverter.readValue(new String(Base64UrlUtil.decode(headerString)), JWSHeader.class);
T payload = jsonConverter.readValue(new String(Base64UrlUtil.decode(payloadString)), payloadType);
byte[] signature = Base64UrlUtil.decode(signatureString);
return new JWS<>(header, headerString, payload, payloadString, signature);
}
Example #26
| Source File: CollectedClientDataConverter.java From webauthn4j with Apache License 2.0 | 5 votes |
|
/**
* Converts from a base64url {@link String} to {@link CollectedClientData}.
*
* @param base64UrlString the source byte array to convert
* @return the converted object
*/
public CollectedClientData convert(String base64UrlString) {
if (base64UrlString == null) {
return null;
}
byte[] bytes = Base64UrlUtil.decode(base64UrlString);
return convert(bytes);
}
Example #27
| Source File: JWSFactory.java From webauthn4j with Apache License 2.0 | 5 votes |
|
public <T extends Serializable> JWS<T> create(JWSHeader header, T payload, PrivateKey privateKey) {
String headerString = Base64UrlUtil.encodeToString(jsonConverter.writeValueAsString(header).getBytes(StandardCharsets.UTF_8));
String payloadString = Base64UrlUtil.encodeToString(jsonConverter.writeValueAsString(payload).getBytes(StandardCharsets.UTF_8));
String signedData = headerString + "." + payloadString;
Signature signatureObj = SignatureUtil.createSignature(header.getAlg().getJcaName());
try {
signatureObj.initSign(privateKey);
signatureObj.update(signedData.getBytes());
byte[] derSignature = signatureObj.sign();
byte[] jwsSignature = JWSSignatureUtil.convertDerSignatureToJwsSignature(derSignature);
return new JWS<>(header, headerString, payload, payloadString, jwsSignature);
} catch (InvalidKeyException | SignatureException e) {
throw new IllegalArgumentException(e);
}
}
Example #28
| Source File: AttestationObjectConverter.java From webauthn4j with Apache License 2.0 | 5 votes |
|
/**
* Converts from a base64url {@link String} to {@link AttestationObject}.
*
* @param source the source byte array to convert
* @return the converted object
*/
public AttestationObject convert(String source) {
if (source == null) {
return null;
}
byte[] value = Base64UrlUtil.decode(source);
return convert(value);
}
Example #29
| Source File: PackedAttestationStatementValidatorTest.java From webauthn4j with Apache License 2.0 | 5 votes |
|
@Test
void validate_with_yubikey_fido2_data_test() {
byte[] attestationObjectBytes = Base64UrlUtil.decode("o2NmbXRmcGFja2VkaGF1dGhEYXRhWJRJlg3liA6MaHQ0Fw9kdmBbj-SuuaKGMseZXPO6gx2XY0UAAAADbUS6m_bsLkm5MAyP6SDLcwAQpt-LSNKw2Ni2n3k1ltLMrqUBAgMmIAEhWCA6CWZ7k4UFMb5kynCGxmRhRVTvppyLpwBKmZ1m96qSjiJYID1KElygcTfTMT5RRoU0oAbBoZEfjHUZytXNemDDkuZpZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgTqgNTx1zMoc4L1Eb_dOgyqtouZBVfrQscgsGrgE4lRICICLuRuy1T05B1kv86XzP0dnN0-DzRcU1t9tS0FTktASBY3g1Y4FZAsEwggK9MIIBpaADAgECAgQq52JjMA0GCSqGSIb3DQEBCwUAMC4xLDAqBgNVBAMTI1l1YmljbyBVMkYgUm9vdCBDQSBTZXJpYWwgNDU3MjAwNjMxMCAXDTE0MDgwMTAwMDAwMFoYDzIwNTAwOTA0MDAwMDAwWjBuMQswCQYDVQQGEwJTRTESMBAGA1UECgwJWXViaWNvIEFCMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMScwJQYDVQQDDB5ZdWJpY28gVTJGIEVFIFNlcmlhbCA3MTk4MDcwNzUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQqA4ZeYEPZnhH_EKolVFeEvwmvjmseOzIXKSFvVRIajNkQ05ndx2i9_kp7x-PavGLm0kaf9Wdbj_qJDMp0hp4_o2wwajAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuMTATBgsrBgEEAYLlHAIBAQQEAwIEMDAhBgsrBgEEAYLlHAEBBAQSBBBtRLqb9uwuSbkwDI_pIMtzMAwGA1UdEwEB_wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHJX0Dzcw-EVaYSQ1vgO-VtTByNz2eZHMmMrEdzcd4rsa9WSbQfhe5xUMHiN4y9OR7RYdv-MVSICm-k4eHlXIzHnJ3AWgopxGznHT9bBJYvR5NnlZtVweQNH2lI1wD8P_kCxQo4FxukXmeR1VHFpAe64i7BXiTWIrYiq0w1xTy8vrDbVTbrXEJxbAnqwyrjPNU7xAIoJCGyghpavDPzbwYOY_N8CMWwmIsle5iK90cAKR4nkocy3SaNUul8nYEIwvv-uBua_AvvAFbzRUd811wqYqOQtykSI_PBxBCGI3-odX3S36niLKvnFFKm6uU_nOJzaGVGQsrEwfb-RGOGpKfg=");
byte[] clientDataBytes = Base64UrlUtil.decode("ew0KCSJ0eXBlIiA6ICJ3ZWJhdXRobi5jcmVhdGUiLA0KCSJjaGFsbGVuZ2UiIDogIno5LWxDWmFQUlBtMGFReDlLMnE4a3ciLA0KCSJvcmlnaW4iIDogImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCIsDQoJInRva2VuQmluZGluZyIgOiANCgl7DQoJCSJzdGF0dXMiIDogInN1cHBvcnRlZCINCgl9DQp9");
AttestationObject attestationObject = new AttestationObjectConverter(objectConverter).convert(attestationObjectBytes);
validate(clientDataBytes, attestationObject);
}
Example #30
| Source File: FidoMdsMetadataItemsProvider.java From webauthn4j with Apache License 2.0 | 5 votes |
|
MetadataStatement fetchMetadataStatement(String uri, byte[] expectedHash) {
String uriWithToken = appendToken(uri, token);
String metadataStatementBase64url = httpClient.fetch(uriWithToken);
String metadataStatementStr = new String(Base64UrlUtil.decode(metadataStatementBase64url));
byte[] hash = MessageDigestUtil.createSHA256().digest(metadataStatementBase64url.getBytes(StandardCharsets.UTF_8));
if (!Arrays.equals(hash, expectedHash)) {
throw new MDSException("Hash of metadataStatement doesn't match");
}
MetadataStatement metadataStatement = jsonConverter.readValue(metadataStatementStr, MetadataStatement.class);
metadataStatementValidator.validate(metadataStatement);
return metadataStatement;
}
