com.webauthn4j.data.client.challenge.Challenge Java Examples

@Test
public void loadChallenge_test() {
    MockHttpSession session = new MockHttpSession();
    MockHttpServletRequest prevRequest = new MockHttpServletRequest();
    prevRequest.setSession(session);

    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setSession(session);
    String attrName = ".test-challenge";

    target.setSessionAttributeName(attrName);
    Challenge challenge = target.generateChallenge();
    target.saveChallenge(challenge, prevRequest);
    Challenge loadedChallenge = target.loadChallenge(request);

    assertThat(loadedChallenge).isEqualTo(challenge);
}
 

private WebAuthnCredentialModel getValidWebAuthnCredentialModel() {
    // mimic valid model created on Registration
    byte[] clientDataJSON = Base64.getUrlDecoder().decode("eyJjaGFsbGVuZ2UiOiJxOGJfc25BcFFCR0RTbEhLclVQWERBIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9");
    byte[] attestationObject = Base64.getUrlDecoder().decode("o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNl5cq57gFloyTRaRzspkmVtaFjseFuas8LzmCa9_M40tZHwnOxuDFLj__IQkmCi9bwtXfxGU8L3IbXoJf-R1v6lAQIDJiABIVggHRj3_pRuFc4STvzzqO3WgO9cnj7u9R4OogbtOc4qA5kiWCAniOpK656_61Qnmx4hkWffohlH4JDbuytCpCtf9jrruA");

    Origin origin = new Origin("http://localhost:8080");
    Challenge challenge = new DefaultChallenge("q8b_snApQBGDSlHKrUPXDA");
    ServerProperty serverProperty = new ServerProperty(origin, "localhost", challenge, null);

    WebAuthnRegistrationContext registrationContext = new WebAuthnRegistrationContext(clientDataJSON, attestationObject, serverProperty, false);
    WebAuthnRegistrationContextValidator webAuthnRegistrationContextValidator = WebAuthnRegistrationContextValidator.createNonStrictRegistrationContextValidator();
    WebAuthnRegistrationContextValidationResponse response = webAuthnRegistrationContextValidator.validate(registrationContext);

    WebAuthnCredentialModel credential = new WebAuthnCredentialModel();
    credential.setAttestedCredentialData(response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData());
    credential.setAttestationStatement(response.getAttestationObject().getAttestationStatement());
    credential.setCount(response.getAttestationObject().getAuthenticatorData().getSignCount());

    return credential;
}
 

@SuppressWarnings("squid:S00107")
@JsonCreator
public PublicKeyCredentialCreationOptions(
        @JsonProperty("rp") PublicKeyCredentialRpEntity rp,
        @JsonProperty("user") PublicKeyCredentialUserEntity user,
        @JsonProperty("challenge") Challenge challenge,
        @JsonProperty("pubKeyCredParams") List<PublicKeyCredentialParameters> pubKeyCredParams,
        @JsonProperty("timeout") Long timeout,
        @JsonProperty("excludeCredentials") List<PublicKeyCredentialDescriptor> excludeCredentials,
        @JsonProperty("authenticatorSelection") AuthenticatorSelectionCriteria authenticatorSelection,
        @JsonProperty("attestation") AttestationConveyancePreference attestation,
        @JsonProperty("extensions") AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions) {
    this.rp = rp;
    this.user = user;
    this.challenge = challenge;
    this.pubKeyCredParams = CollectionUtil.unmodifiableList(pubKeyCredParams);
    this.timeout = timeout;
    this.excludeCredentials = CollectionUtil.unmodifiableList(excludeCredentials);
    this.authenticatorSelection = authenticatorSelection;
    this.attestation = attestation;
    this.extensions = extensions;
}
 

@Test
void equals_hashCode_test() {
    String rpId = "example.com";
    Challenge challenge = new DefaultChallenge();

    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    PublicKeyCredentialCreationOptions instanceA = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );
    PublicKeyCredentialCreationOptions instanceB = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );

    assertAll(
            () -> assertThat(instanceA).isEqualTo(instanceB),
            () -> assertThat(instanceA).hasSameHashCodeAs(instanceB)
    );
}
 

@Test
public void provide_test() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setScheme("https");
    request.setServerName("origin.example.com");
    request.setServerPort(443);
    Challenge mockChallenge = new DefaultChallenge();
    when(challengeRepository.loadOrGenerateChallenge(request)).thenReturn(mockChallenge);
    when(optionsProvider.getEffectiveRpId(request)).thenReturn("rpid.example.com");

    ServerProperty serverProperty = target.provide(request);

    assertThat(serverProperty.getRpId()).isEqualTo("rpid.example.com");
    assertThat(serverProperty.getOrigin()).isEqualTo(new Origin("https://origin.example.com"));
    assertThat(serverProperty.getChallenge()).isEqualTo(mockChallenge);
}
 

@Test
void equals_hashCode_test() {
    // Server properties
    Origin origin = null /* set origin */;
    String rpId = null /* set rpId */;
    Challenge challenge = null /* set challenge */;
    byte[] tokenBindingId = null /* set tokenBindingId */;
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);

    // expectations
    boolean userVerificationRequired = true;

    RegistrationParameters instanceA =
            new RegistrationParameters(
                    serverProperty,
                    userVerificationRequired
            );
    RegistrationParameters instanceB =
            new RegistrationParameters(
                    serverProperty,
                    userVerificationRequired
            );

    assertThat(instanceA).isEqualTo(instanceB);
    assertThat(instanceA).hasSameHashCodeAs(instanceB);
}
 

@SuppressWarnings("squid:S00107")
public OptionsResponse(
        PublicKeyCredentialRpEntity relyingParty,
        WebAuthnPublicKeyCredentialUserEntity user,
        Challenge challenge,
        List<PublicKeyCredentialParameters> pubKeyCredParams,
        Long registrationTimeout,
        Long authenticationTimeout,
        List<WebAuthnPublicKeyCredentialDescriptor> credentials,
        AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> registrationExtensions,
        AuthenticationExtensionsClientInputs<AuthenticationExtensionClientInput<?>> authenticationExtensions,
        Parameters parameters) {
    super();

    this.relyingParty = relyingParty;
    this.user = user;
    this.challenge = challenge;
    this.pubKeyCredParams = CollectionUtil.unmodifiableList(pubKeyCredParams);
    this.registrationTimeout = registrationTimeout;
    this.authenticationTimeout = authenticationTimeout;
    this.credentials = CollectionUtil.unmodifiableList(credentials);
    this.registrationExtensions = registrationExtensions;
    this.authenticationExtensions = authenticationExtensions;
    this.parameters = parameters;
}
 

public AttestationOptions(
        PublicKeyCredentialRpEntity relyingParty,
        WebAuthnPublicKeyCredentialUserEntity user,
        Challenge challenge,
        List<PublicKeyCredentialParameters> pubKeyCredParams,
        Long registrationTimeout,
        List<String> credentials,
        AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> registrationExtensions) {
    this.relyingParty = relyingParty;
    this.user = user;
    this.challenge = challenge;
    this.pubKeyCredParams = CollectionUtil.unmodifiableList(pubKeyCredParams);
    this.registrationTimeout = registrationTimeout;
    this.credentials = CollectionUtil.unmodifiableList(credentials);
    this.registrationExtensions = registrationExtensions;
}
 

@Test
public void equals_hashCode_test() {
    Challenge challenge = new DefaultChallenge();
    Long authenticationTimeout = 1000L;
    String rpId = "localhost";
    List<String> credentialIds = Collections.singletonList("credentialId");
    AuthenticationExtensionsClientInputs<AuthenticationExtensionClientInput<?>> authenticationExtensionsClientInputs = new AuthenticationExtensionsClientInputs<>();
    Parameters parameters = new Parameters(
            "username",
            "password",
            "credentialId",
            "clientDataJSON",
            "authenticatorData",
            "signature",
            "clientExtensionsJSON");
    AssertionOptions instanceA = new AssertionOptions(challenge, authenticationTimeout, rpId, credentialIds, authenticationExtensionsClientInputs, parameters);
    AssertionOptions instanceB = new AssertionOptions(challenge, authenticationTimeout, rpId, credentialIds, authenticationExtensionsClientInputs, parameters);

    assertThat(instanceA).isEqualTo(instanceB);
    assertThat(instanceA).hasSameHashCodeAs(instanceB);
}
 

@Test
public void getAssertionOptions_with_challenge_test() {
    Challenge challenge = new DefaultChallenge();
    byte[] credentialId = new byte[]{0x01, 0x23, 0x45};
    WebAuthnUserDetailsService userDetailsService = mock(WebAuthnUserDetailsService.class);
    WebAuthnUserDetails userDetails = mock(WebAuthnUserDetails.class);
    Authenticator authenticator = mock(Authenticator.class, RETURNS_DEEP_STUBS);
    List<Authenticator> authenticators = Collections.singletonList(authenticator);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);

    MockHttpServletRequest mockRequest = new MockHttpServletRequest();

    when(userDetailsService.loadUserByUsername(any())).thenReturn(userDetails);
    doReturn(new byte[0]).when(userDetails).getUserHandle();
    doReturn(authenticators).when(userDetails).getAuthenticators();
    when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);

    OptionsProvider optionsProvider = new OptionsProviderImpl(userDetailsService, challengeRepository);
    optionsProvider.setRpId("example.com");
    optionsProvider.setRpName("rpName");

    AssertionOptions attestationOptions = optionsProvider.getAssertionOptions(mockRequest, "dummy", challenge);
    assertThat(attestationOptions.getRpId()).isEqualTo("example.com");
    assertThat(attestationOptions.getChallenge()).isEqualTo(challenge);
    assertThat(attestationOptions.getCredentials()).containsExactly(Base64UrlUtil.encodeToString(credentialId));

}
 

@SuppressWarnings("unused")
public WebAuthnJSONModule(ObjectConverter objectConverter) {
    super("WebAuthnJSONModule");

    this.addDeserializer(Challenge.class, new ChallengeDeserializer());
    this.addDeserializer(ExtensionClientInput.class, new ExtensionClientInputDeserializer());
    this.addDeserializer(RegistrationExtensionClientInput.class, new RegistrationExtensionClientInputDeserializer());
    this.addDeserializer(AuthenticationExtensionClientInput.class, new AuthenticationExtensionClientInputDeserializer());
    this.addDeserializer(ExtensionClientOutput.class, new ExtensionClientOutputDeserializer());
    this.addDeserializer(UnknownExtensionClientInput.class, new UnknownExtensionClientInputDeserializer());
    this.addDeserializer(UnknownExtensionClientOutput.class, new UnknownExtensionClientOutputDeserializer());
    this.addDeserializer(JWS.class, new JWSDeserializer(objectConverter));
    this.addDeserializer(X509Certificate.class, new X509CertificateDeserializer());

    this.addSerializer(new ChallengeSerializer());
    this.addSerializer(new JWSSerializer());
    this.addSerializer(new X509CertificateSerializer());

    // client extension inputs
    this.registerSubtypes(new NamedType(CredentialPropertiesExtensionClientInput.class, CredentialPropertiesExtensionClientInput.ID));
    this.registerSubtypes(new NamedType(FIDOAppIDExtensionClientInput.class, FIDOAppIDExtensionClientInput.ID));

    // client extension outputs
    this.registerSubtypes(new NamedType(CredentialPropertiesExtensionClientOutput.class, CredentialPropertiesExtensionClientOutput.ID));
    this.registerSubtypes(new NamedType(FIDOAppIDExtensionClientOutput.class, FIDOAppIDExtensionClientOutput.ID));

}
 

@Test
void equals_hashCode_test() {
    // Server properties
    Origin origin = null /* set origin */;
    String rpId = null /* set rpId */;
    Challenge challenge = null /* set challenge */;
    byte[] tokenBindingId = null /* set tokenBindingId */;
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);

    Authenticator authenticator = null;

    // expectations
    boolean userVerificationRequired = true;
    boolean userPresenceRequired = true;
    List<String> expectedExtensionIds = Collections.emptyList();

    AuthenticationParameters instanceA =
            new AuthenticationParameters(
                    serverProperty,
                    authenticator,
                    userVerificationRequired,
                    userPresenceRequired,
                    expectedExtensionIds
            );
    AuthenticationParameters instanceB =
            new AuthenticationParameters(
                    serverProperty,
                    authenticator,
                    userVerificationRequired,
                    userPresenceRequired,
                    expectedExtensionIds
            );

    assertThat(instanceA).isEqualTo(instanceB);
    assertThat(instanceA).hasSameHashCodeAs(instanceB);

}
 

@Test
void getter_test() {
    String rpId = "example.com";
    long timeout = 0;
    Challenge challenge = new DefaultChallenge();
    byte[] credentialId = new byte[32];
    List<PublicKeyCredentialDescriptor> allowCredentials = Collections.singletonList(
            new PublicKeyCredentialDescriptor(
                    PublicKeyCredentialType.PUBLIC_KEY,
                    credentialId,
                    CollectionUtil.unmodifiableSet(AuthenticatorTransport.USB, AuthenticatorTransport.NFC, AuthenticatorTransport.BLE)
            )
    );

    PublicKeyCredentialRequestOptions credentialRequestOptions = new PublicKeyCredentialRequestOptions(
            challenge,
            timeout,
            rpId,
            allowCredentials,
            UserVerificationRequirement.DISCOURAGED,
            null
    );

    assertAll(
            () -> assertThat(credentialRequestOptions.getChallenge()).isEqualTo(challenge),
            () -> assertThat(credentialRequestOptions.getTimeout()).isEqualTo(timeout),
            () -> assertThat(credentialRequestOptions.getRpId()).isEqualTo(rpId),
            () -> assertThat(credentialRequestOptions.getAllowCredentials()).isEqualTo(allowCredentials),
            () -> assertThat(credentialRequestOptions.getUserVerification()).isEqualTo(UserVerificationRequirement.DISCOURAGED),
            () -> assertThat(credentialRequestOptions.getExtensions()).isNull()
    );
}
 

@Test
void equals_hashCode_test() {
    Challenge challenge = TestDataUtil.createChallenge();
    CollectedClientData collectedClientDataA = TestDataUtil.createClientData(ClientDataType.GET, challenge);
    CollectedClientData collectedClientDataB = TestDataUtil.createClientData(ClientDataType.GET, challenge);
    assertAll(
            () -> assertThat(collectedClientDataA).isEqualTo(collectedClientDataB),
            () -> assertThat(collectedClientDataA).hasSameHashCodeAs(collectedClientDataB)
    );
}
 

/**
 * {@inheritDoc}
 */
public AttestationOptions getAttestationOptions(HttpServletRequest request, String username, Challenge challenge) {

    WebAuthnPublicKeyCredentialUserEntity user;
    Collection<? extends Authenticator> authenticators;

    try {
        WebAuthnUserDetails userDetails = userDetailsService.loadUserByUsername(username);
        authenticators = userDetails.getAuthenticators();
        String userHandle = Base64UrlUtil.encodeToString(userDetails.getUserHandle());
        user = new WebAuthnPublicKeyCredentialUserEntity(userHandle, username);
    } catch (UsernameNotFoundException e) {
        authenticators = Collections.emptyList();
        user = null;
    }

    List<String> credentials = new ArrayList<>();
    for (Authenticator authenticator : authenticators) {
        String credentialId = Base64UrlUtil.encodeToString(authenticator.getAttestedCredentialData().getCredentialId());
        credentials.add(credentialId);
    }

    PublicKeyCredentialRpEntity relyingParty = new PublicKeyCredentialRpEntity(getEffectiveRpId(request), rpName, rpIcon);
    if (challenge == null) {
        challenge = challengeRepository.loadOrGenerateChallenge(request);
    } else {
        challengeRepository.saveChallenge(challenge, request);
    }

    return new AttestationOptions(relyingParty, user, challenge, pubKeyCredParams, registrationTimeout,
            credentials, registrationExtensions);
}
 

@Test
void equals_hashCode_test() {
    Challenge challenge = new DefaultChallenge();
    ServerProperty serverPropertyA = TestDataUtil.createServerProperty(challenge);
    ServerProperty serverPropertyB = TestDataUtil.createServerProperty(challenge);

    assertAll(
            () -> assertThat(serverPropertyA).isEqualTo(serverPropertyB),
            () -> assertThat(serverPropertyA).hasSameHashCodeAs(serverPropertyB)
    );
}
 

@Test
void validate_with_bad_challenge_test() {
    String rpId = "example.com";
    Challenge challenge = new DefaultChallenge();
    Challenge badChallenge = new DefaultChallenge();

    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            badChallenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );

    AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();

    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    RegistrationRequest registrationRequest
            = new RegistrationRequest(
            authenticatorAttestationResponse.getAttestationObject(),
            authenticatorAttestationResponse.getClientDataJSON(),
            transports
    );
    RegistrationParameters registrationParameters
            = new RegistrationParameters(
            serverProperty,
            false,
            true,
            Collections.emptyList()
    );

    assertThrows(BadChallengeException.class,
            () -> target.validate(registrationRequest, registrationParameters)
    );
}
 

@Test
public void equals_hashCode_test() {
    PublicKeyCredentialRpEntity rpEntity = new PublicKeyCredentialRpEntity("rpId", "rpName", "rpIcon");
    WebAuthnPublicKeyCredentialUserEntity userEntity = new WebAuthnPublicKeyCredentialUserEntity(Base64UrlUtil.encodeToString("userHandle".getBytes()), "username");
    Challenge challenge = new DefaultChallenge();
    List<PublicKeyCredentialParameters> pubKeyCredParams = Collections.singletonList(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256));
    Long registrationTimeout = 1000L;
    List<String> credentialIds = Collections.singletonList("credentialId");
    AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> authenticationExtensionsClientInputs = new AuthenticationExtensionsClientInputs<>();
    AttestationOptions instanceA = new AttestationOptions(rpEntity, userEntity, challenge, pubKeyCredParams, registrationTimeout, credentialIds, authenticationExtensionsClientInputs);
    AttestationOptions instanceB = new AttestationOptions(rpEntity, userEntity, challenge, pubKeyCredParams, registrationTimeout, credentialIds, authenticationExtensionsClientInputs);

    assertThat(instanceA).isEqualTo(instanceB);
    assertThat(instanceA).hasSameHashCodeAs(instanceB);
}
 

@Test
public void getAttestationOptions_test() {
    Challenge challenge = new DefaultChallenge();
    byte[] credentialId = new byte[]{0x01, 0x23, 0x45};
    WebAuthnUserDetailsService userDetailsService = mock(WebAuthnUserDetailsService.class);
    WebAuthnUserDetails userDetails = mock(WebAuthnUserDetails.class);
    Authenticator authenticator = mock(Authenticator.class, RETURNS_DEEP_STUBS);
    List<Authenticator> authenticators = Collections.singletonList(authenticator);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);

    MockHttpServletRequest mockRequest = new MockHttpServletRequest();

    when(userDetailsService.loadUserByUsername(any())).thenReturn(userDetails);
    doReturn(new byte[0]).when(userDetails).getUserHandle();
    doReturn(authenticators).when(userDetails).getAuthenticators();
    when(authenticator.getAttestedCredentialData().getCredentialId()).thenReturn(credentialId);
    when(challengeRepository.loadOrGenerateChallenge(mockRequest)).thenReturn(challenge);

    OptionsProvider optionsProvider = new OptionsProviderImpl(userDetailsService, challengeRepository);
    optionsProvider.setRpId("example.com");
    optionsProvider.setRpName("rpName");
    optionsProvider.setRpIcon("data://dummy");

    AttestationOptions attestationOptions = optionsProvider.getAttestationOptions(mockRequest, "dummy", null);
    assertThat(attestationOptions.getRelyingParty().getId()).isEqualTo("example.com");
    assertThat(attestationOptions.getRelyingParty().getName()).isEqualTo("rpName");
    assertThat(attestationOptions.getRelyingParty().getIcon()).isEqualTo("data://dummy");
    assertThat(attestationOptions.getChallenge()).isEqualTo(challenge);
    assertThat(attestationOptions.getCredentials()).containsExactly(Base64UrlUtil.encodeToString(credentialId));

}
 

/**
 * {@inheritDoc}
 */
@Override
public Challenge deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
    String str = p.getValueAsString();
    try {
        return new DefaultChallenge(str);
    } catch (IllegalArgumentException e) {
        throw new InvalidFormatException(null, "value is out of range", str, DefaultChallenge.class);
    }
}
 

@Test
public void loadOrGenerateChallenge_test_without_previous_request() {
    MockHttpServletRequest request = new MockHttpServletRequest();

    Challenge loadedChallenge = target.loadOrGenerateChallenge(request);

    assertThat(loadedChallenge).isNotNull();
}
 

Challenge encodeUsername(Challenge challenge, String username) {
    UsernameEncodedChallengeEnvelope envelope = new UsernameEncodedChallengeEnvelope();
    envelope.setChallenge(challenge.getValue());
    envelope.setUsername(username);
    byte[] bytes = cborConverter.writeValueAsBytes(envelope);
    return new DefaultChallenge(bytes);
}
 

String decodeUsername(Challenge challenge) {
    try {
        UsernameEncodedChallengeEnvelope envelope = cborConverter.readValue(challenge.getValue(), UsernameEncodedChallengeEnvelope.class);
        return envelope.getUsername();
    } catch (RuntimeException e) {
        return null;
    }
}
 

Challenge encodeUserVerification(Challenge challenge, UserVerificationRequirement userVerification) {
    UserVerificationEncodedChallengeEnvelope envelope = new UserVerificationEncodedChallengeEnvelope();
    envelope.setChallenge(challenge.getValue());
    envelope.setUserVerification(userVerification);
    byte[] bytes = cborConverter.writeValueAsBytes(envelope);
    return new DefaultChallenge(bytes);
}
 

@Test
void validate_with_bad_rpId_test() {
    String rpId = "example.com";
    String badRpId = "example.net";
    Challenge challenge = new DefaultChallenge();
    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(badRpId, "example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters)
    );
    AuthenticatorAttestationResponse authenticatorAttestationResponse = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(authenticatorAttestationResponse.getTransports());
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    RegistrationRequest registrationRequest
            = new RegistrationRequest(
            authenticatorAttestationResponse.getAttestationObject(),
            authenticatorAttestationResponse.getClientDataJSON(),
            transports
    );
    RegistrationParameters registrationParameters
            = new RegistrationParameters(
            serverProperty,
            false,
            true,
            Collections.emptyList()
    );

    assertThrows(BadRpIdException.class,
            () -> target.validate(registrationRequest, registrationParameters)
    );
}
 

private AttestationObject createAttestationObject(String rpId, Challenge challenge) {
    AuthenticatorSelectionCriteria authenticatorSelectionCriteria =
            new AuthenticatorSelectionCriteria(
                    AuthenticatorAttachment.CROSS_PLATFORM,
                    true,
                    UserVerificationRequirement.REQUIRED);

    PublicKeyCredentialParameters publicKeyCredentialParameters = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);

    PublicKeyCredentialUserEntity publicKeyCredentialUserEntity = new PublicKeyCredentialUserEntity();

    AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>();
    PublicKeyCredentialCreationOptions credentialCreationOptions
            = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "example.com"),
            publicKeyCredentialUserEntity,
            challenge,
            Collections.singletonList(publicKeyCredentialParameters),
            null,
            Collections.emptyList(),
            authenticatorSelectionCriteria,
            AttestationConveyancePreference.NONE,
            extensions
    );

    AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    AttestationObjectConverter attestationObjectConverter = new AttestationObjectConverter(objectConverter);
    return attestationObjectConverter.convert(registrationRequest.getAttestationObject());
}
 

public static Challenge createChallenge() {
    UUID uuid = UUID.randomUUID();
    long hi = uuid.getMostSignificantBits();
    long lo = uuid.getLeastSignificantBits();
    byte[] challengeValue = ByteBuffer.allocate(16).putLong(hi).putLong(lo).array();
    return new DefaultChallenge(challengeValue);
}
 

private Challenge getChallenge(ITemplateContext context) {
    ApplicationContext applicationContext = SpringContextUtils.getApplicationContext(context);
    IWebContext webContext = (IWebContext) context;
    HttpServletRequest httpServletRequest = webContext.getRequest();
    ChallengeRepository challengeRepository = applicationContext.getBean(ChallengeRepository.class);
    Challenge challenge = challengeRepository.loadChallenge(httpServletRequest);
    if (challenge == null) {
        challenge = challengeRepository.generateChallenge();
        challengeRepository.saveChallenge(challenge, httpServletRequest);
    }
    return challenge;
}
 

public void athenticationValidationSample() {
    // Client properties
    byte[] credentialId = null /* set credentialId */;
    byte[] clientDataJSON = null /* set clientDataJSON */;
    byte[] authenticatorData = null /* set authenticatorData */;
    byte[] signature = null /* set signature */;

    // Server properties
    Origin origin = null /* set origin */;
    String rpId = null /* set rpId */;
    Challenge challenge = null /* set challenge */;
    byte[] tokenBindingId = null /* set tokenBindingId */;
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, tokenBindingId);
    Authenticator authenticator = load(credentialId); // please load authenticator object persisted in the registration process in your manner
    boolean userVerificationRequired = true;

    AuthenticationRequest authenticationRequest =
            new AuthenticationRequest(
                    credentialId,
                    authenticatorData,
                    clientDataJSON,
                    signature
            );
    AuthenticationParameters authenticationParameters =
            new AuthenticationParameters(
                    serverProperty,
                    authenticator,
                    userVerificationRequired
            );

    WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager();

    AuthenticationData response = webAuthnManager.validate(authenticationRequest, authenticationParameters);

    // please update the counter of the authenticator record
    updateCounter(
            response.getCredentialId(),
            response.getAuthenticatorData().getSignCount()
    );
}
 

@Test
void validate_RegistrationRequest_with_fido_u2f_attestation_statement_test() {
    FIDOU2FAuthenticatorAdaptor fidou2FAuthenticatorAdaptor = new FIDOU2FAuthenticatorAdaptor();
    ClientPlatform clientPlatform = new ClientPlatform(origin, fidou2FAuthenticatorAdaptor);
    String rpId = "example.com";
    Challenge challenge = new DefaultChallenge();
    PublicKeyCredentialParameters publicKeyCredentialParameters
            = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256);

    AuthenticatorSelectionCriteria authenticatorSelectionCriteria =
            new AuthenticatorSelectionCriteria(
                    AuthenticatorAttachment.CROSS_PLATFORM,
                    true,
                    UserVerificationRequirement.REQUIRED);

    AuthenticationExtensionsClientInputs<RegistrationExtensionClientInput<?>> extensions = new AuthenticationExtensionsClientInputs<>();
    PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(
            new PublicKeyCredentialRpEntity(rpId, "valid.site.example.com"),
            new PublicKeyCredentialUserEntity(),
            challenge,
            Collections.singletonList(publicKeyCredentialParameters),
            null,
            Collections.emptyList(),
            authenticatorSelectionCriteria,
            AttestationConveyancePreference.DIRECT,
            extensions
    );
    AuthenticatorAttestationResponse registrationRequest = clientPlatform.create(credentialCreationOptions).getAuthenticatorResponse();
    Set<String> transports = authenticatorTransportConverter.convertSetToStringSet(registrationRequest.getTransports());
    ServerProperty serverProperty = new ServerProperty(origin, rpId, challenge, null);
    RegistrationRequest webAuthnRegistrationRequest =
            new RegistrationRequest(
                    registrationRequest.getAttestationObject(),
                    registrationRequest.getClientDataJSON(),
                    transports);
    RegistrationParameters registrationParameters =
            new RegistrationParameters(serverProperty, false);
    target.validate(webAuthnRegistrationRequest, registrationParameters);
}