Java源码示例:com.webauthn4j.data.attestation.authenticator.AttestedCredentialData
示例1
private void dumpWebAuthnCredentialModel(WebAuthnCredentialModel auth) {
logger.debugv(" Context Credential Info::");
String id = auth.getAuthenticatorId();
AttestationStatement attrStatement = auth.getAttestationStatement();
AttestedCredentialData attrCredData = auth.getAttestedCredentialData();
WebAuthnAuthenticationContext context = auth.getAuthenticationContext();
if (id != null)
logger.debugv(" Authenticator Id = {0}", id);
if (attrStatement != null)
logger.debugv(" Attestation Statement Format = {0}", attrStatement.getFormat());
if (attrCredData != null) {
CredentialPublicKey credPubKey = attrCredData.getCredentialPublicKey();
byte[] keyId = credPubKey.getKeyId();
logger.debugv(" AAGUID = {0}", attrCredData.getAaguid().toString());
logger.debugv(" CREDENTIAL_ID = {0}", Base64.encodeBytes(attrCredData.getCredentialId()));
if (keyId != null)
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_id = {0}", Base64.encodeBytes(keyId));
logger.debugv(" CREDENTIAL_PUBLIC_KEY.algorithm = {0}", credPubKey.getAlgorithm().name());
logger.debugv(" CREDENTIAL_PUBLIC_KEY.key_type = {0}", credPubKey.getKeyType().name());
}
if (context != null) {
// only set on Authentication
logger.debugv(" Credential Id = {0}", Base64.encodeBytes(context.getCredentialId()));
}
}
示例2
public AttestedCredentialData convert(ByteBuffer attestedCredentialData) {
byte[] aaguidBytes = new byte[AAGUID_LENGTH];
attestedCredentialData.get(aaguidBytes, 0, AAGUID_LENGTH);
AAGUID aaguid = new AAGUID(aaguidBytes);
int length = UnsignedNumberUtil.getUnsignedShort(attestedCredentialData);
byte[] credentialId = new byte[length];
attestedCredentialData.get(credentialId, 0, length);
byte[] remaining = new byte[attestedCredentialData.remaining()];
attestedCredentialData.get(remaining);
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(remaining);
COSEKeyEnvelope coseKeyEnvelope = convertToCredentialPublicKey(byteArrayInputStream);
COSEKey coseKey = coseKeyEnvelope.getCOSEKey();
AttestedCredentialData result = new AttestedCredentialData(aaguid, credentialId, coseKey);
int extensionsBufferLength = remaining.length - coseKeyEnvelope.getLength();
attestedCredentialData.position(attestedCredentialData.position() - extensionsBufferLength);
return result;
}
示例3
public static <T extends ExtensionAuthenticatorOutput<?>> void validate(AuthenticatorData<T> authenticatorData) {
if (authenticatorData == null) {
throw new ConstraintViolationException("authenticatorData must not be null");
}
// attestedCredentialData may be null
AttestedCredentialData attestedCredentialData = authenticatorData.getAttestedCredentialData();
if (attestedCredentialData != null) {
validate(attestedCredentialData);
}
byte[] rpIdHash = authenticatorData.getRpIdHash();
if (rpIdHash == null) {
throw new ConstraintViolationException("rpIdHash must not be null");
}
if (rpIdHash.length != 32) {
throw new ConstraintViolationException("rpIdHash must be 32 bytes length");
}
long signCount = authenticatorData.getSignCount();
if (signCount < 0 || signCount > UnsignedNumberUtil.UNSIGNED_INT_MAX) {
throw new ConstraintViolationException("signCount must be unsigned int");
}
AuthenticationExtensionsAuthenticatorOutputs<T> extensions = authenticatorData.getExtensions();
validateAuthenticatorExtensionsOutputs(extensions);
}
示例4
public static void validate(AttestedCredentialData attestedCredentialData) {
if (attestedCredentialData == null) {
throw new ConstraintViolationException("attestedCredentialData must not be null");
}
AAGUID aaguid = attestedCredentialData.getAaguid();
if (aaguid == null) {
throw new ConstraintViolationException("aaguid must not be null");
}
if (attestedCredentialData.getCredentialId() == null) {
throw new ConstraintViolationException("credentialId must not be null");
}
COSEKey coseKey = attestedCredentialData.getCOSEKey();
validate(coseKey);
}
示例5
@Test
void getter_setter_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
AuthenticatorImpl authenticator = new AuthenticatorImpl(null, null, 0);
HashMap<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions = new HashMap<>();
HashMap<String, RegistrationExtensionClientOutput<?>> clientExtensions = new HashMap<>();
Set<AuthenticatorTransport> transports = Collections.singleton(AuthenticatorTransport.USB);
authenticator.setAttestedCredentialData(attestedCredentialData);
authenticator.setAttestationStatement(attestationStatement);
authenticator.setTransports(transports);
authenticator.setCounter(1);
authenticator.setAuthenticatorExtensions(authenticatorExtensions);
authenticator.setClientExtensions(clientExtensions);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getTransports()).isEqualTo(transports),
() -> assertThat(authenticator.getCounter()).isEqualTo(1),
() -> assertThat(authenticator.getAuthenticatorExtensions()).isEqualTo(authenticatorExtensions),
() -> assertThat(authenticator.getClientExtensions()).isEqualTo(clientExtensions)
);
}
示例6
private List<WebAuthnCredentialModel> getWebAuthnCredentialModelList(RealmModel realm, UserModel user) {
List<WebAuthnCredentialModel> auths = new ArrayList<>();
for (CredentialModel credential : session.userCredentialManager().getStoredCredentialsByType(realm, user, WebAuthnCredentialModel.WEBAUTHN_CREDENTIAL_TYPE)) {
WebAuthnCredentialModel auth = new WebAuthnCredentialModel();
MultivaluedHashMap<String, String> attributes = credential.getConfig();
AttestationStatementConverter attConv = new AttestationStatementConverter();
AttestationStatement attrStatement = attConv.convertToEntityAttribute(attributes.getFirst(ATTESTATION_STATEMENT));
auth.setAttestationStatement(attrStatement);
AAGUID aaguid = new AAGUID(attributes.getFirst(AAGUID));
byte[] credentialId = null;
try {
credentialId = Base64.decode(attributes.getFirst(CREDENTIAL_ID));
} catch (IOException ioe) {
// NOP
}
CredentialPublicKeyConverter credConv = new CredentialPublicKeyConverter();
CredentialPublicKey pubKey = credConv.convertToEntityAttribute(attributes.getFirst(CREDENTIAL_PUBLIC_KEY));
AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);
auth.setAttestedCredentialData(attrCredData);
long count = Long.parseLong(credential.getValue());
auth.setCount(count);
auth.setAuthenticatorId(credential.getId());
auths.add(auth);
}
return auths;
}
示例7
@Override
public CredentialCreationResponse register(
PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions,
CollectedClientData collectedClientData,
RegistrationEmulationOption registrationEmulationOption,
AttestationOption attestationOption
) {
String rpId = publicKeyCredentialCreationOptions.getRp().getId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte[] challengeParameter = MessageDigestUtil.createSHA256().digest(collectedClientDataConverter.convertToBytes(collectedClientData));
//noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
RegistrationRequest registrationRequest = new RegistrationRequest(challengeParameter, applicationParameter);
RegistrationResponse registrationResponse = fidoU2FAuthenticator.register(registrationRequest, registrationEmulationOption);
AttestationStatement attestationStatement = new FIDOU2FAttestationStatement(
new AttestationCertificatePath(Collections.singletonList(registrationResponse.getAttestationCertificate())),
registrationResponse.getSignature()
);
EC2COSEKey ec2CredentialPublicKey = EC2COSEKey.createFromUncompressedECCKey(registrationResponse.getUserPublicKey());
AAGUID aaguid = AAGUID.ZERO; // zero-filled 16bytes(128bits) array
AttestedCredentialData attestedCredentialData =
new AttestedCredentialData(aaguid, registrationResponse.getKeyHandle(), ec2CredentialPublicKey);
byte flag = BIT_AT | BIT_UP;
AuthenticatorData<RegistrationExtensionAuthenticatorOutput<?>> authenticatorData = new AuthenticatorData<>(rpIdHash, flag, 0, attestedCredentialData);
AttestationObject attestationObject = new AttestationObject(authenticatorData, attestationStatement);
return new CredentialCreationResponse(attestationObject);
}
示例8
/**
* Converts from a byte array to {@link AuthenticatorData}.
*
* @param <T> ExtensionAuthenticatorOutput
* @param source the source byte array to convert
* @return the converted object
*/
public <T extends ExtensionAuthenticatorOutput<?>> AuthenticatorData<T> convert(byte[] source) {
try {
ByteBuffer byteBuffer = ByteBuffer.wrap(source);
byte[] rpIdHash = new byte[RPID_HASH_LENGTH];
byteBuffer.get(rpIdHash, 0, RPID_HASH_LENGTH);
byte flags = byteBuffer.get();
long counter = UnsignedNumberUtil.getUnsignedInt(byteBuffer);
AttestedCredentialData attestationData;
AuthenticationExtensionsAuthenticatorOutputs<T> extensions;
if (AuthenticatorData.checkFlagAT(flags)) {
attestationData = attestedCredentialDataConverter.convert(byteBuffer);
} else {
attestationData = null;
}
if (AuthenticatorData.checkFlagED(flags)) {
extensions = convertToExtensions(byteBuffer);
} else {
extensions = new AuthenticationExtensionsAuthenticatorOutputs<>();
}
if (byteBuffer.hasRemaining()) {
throw new DataConversionException("provided data does not have proper byte layout");
}
return new AuthenticatorData<>(rpIdHash, flags, counter, attestationData, extensions);
} catch (BufferUnderflowException e) {
throw new DataConversionException("provided data does not have proper byte layout", e);
}
}
示例9
public byte[] convert(AttestedCredentialData attestationData) {
try {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
byteArrayOutputStream.write(attestationData.getAaguid().getBytes());
byteArrayOutputStream.write(UnsignedNumberUtil.toBytes(attestationData.getCredentialId().length));
byteArrayOutputStream.write(attestationData.getCredentialId());
byteArrayOutputStream.write(convert(attestationData.getCOSEKey()));
return byteArrayOutputStream.toByteArray();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
示例10
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports,
Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
示例11
@Test
void convert_test() {
//Given
//noinspection SpellCheckingInspection
String input = "VQ5LVKpHQJ-alRq3bBMBMQAgcSLOLIaiEIVRz-EklkZ21K71OGcRvvgro1kLdT4pvCClAQIDJiABIVggLDjE-Yci-q4NHPYpTPLJCVkWFkxuL6Zz9jKUvWjnmM8iWCAZAjkRJgA59HxAzqq5NBKjKGNkRPzToDfI6gJR7YBYkQ";
//When
AttestedCredentialData attestedCredentialData = target.convert(Base64UrlUtil.decode(input));
assertThat(attestedCredentialData.getAaguid().getBytes()).isEqualTo(Base64UrlUtil.decode("VQ5LVKpHQJ-alRq3bBMBMQ"));
assertThat(attestedCredentialData.getCredentialId()).isEqualTo(Base64UrlUtil.decode("cSLOLIaiEIVRz-EklkZ21K71OGcRvvgro1kLdT4pvCA"));
}
示例12
public TestAuthenticator(
@JsonProperty("attestedCredentialData") AttestedCredentialData attestedCredentialData,
@JsonProperty("attestationStatement") AttestationStatement attestationStatement,
@JsonProperty("counter") long counter,
@JsonProperty("transports") Set<AuthenticatorTransport> transports,
@JsonProperty("clientExtensions") Map<String, RegistrationExtensionClientOutput<?>> clientExtensions,
@JsonProperty("authenticatorExtensions") Map<String, RegistrationExtensionAuthenticatorOutput<?>> authenticatorExtensions) {
this.attestedCredentialData = attestedCredentialData;
this.attestationStatement = attestationStatement;
this.transports = CollectionUtil.unmodifiableSet(transports);
this.clientExtensions = clientExtensions;
this.authenticatorExtensions = authenticatorExtensions;
setCounter(counter);
}
示例13
@Test
void constructor_test() {
AttestedCredentialData attestedCredentialData = TestDataUtil.createAttestedCredentialData();
AttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement();
Authenticator authenticator = TestDataUtil.createAuthenticator(attestedCredentialData, attestationStatement);
assertAll(
() -> assertThat(authenticator.getAttestedCredentialData()).isEqualTo(attestedCredentialData),
() -> assertThat(authenticator.getAttestationStatement()).isEqualTo(attestationStatement),
() -> assertThat(authenticator.getCounter()).isEqualTo(1)
);
}
示例14
private void showInfoAfterWebAuthnApiCreate(RegistrationData response) {
AttestedCredentialData attestedCredentialData = response.getAttestationObject().getAuthenticatorData().getAttestedCredentialData();
AttestationStatement attestationStatement = response.getAttestationObject().getAttestationStatement();
logger.debugv("createad key's algorithm = {0}", String.valueOf(attestedCredentialData.getCOSEKey().getAlgorithm().getValue()));
logger.debugv("aaguid = {0}", attestedCredentialData.getAaguid().toString());
logger.debugv("attestation format = {0}", attestationStatement.getFormat());
}
示例15
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
示例16
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
示例17
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
示例18
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
示例19
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
示例20
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
示例21
public AttestedCredentialData convert(byte[] attestedCredentialData) {
return convert(ByteBuffer.wrap(attestedCredentialData));
}
示例22
public AttestedCredentialDataDeserializer(ObjectConverter objectConverter) {
super(AttestedCredentialData.class);
attestedCredentialDataConverter = new AttestedCredentialDataConverter(objectConverter);
}
示例23
@Override
public AttestedCredentialData deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
byte[] value = p.getBinaryValue();
return attestedCredentialDataConverter.convert(value);
}
示例24
public WebAuthnCBORModule(ObjectConverter objectConverter) {
super("WebAuthnCBORModule");
this.addDeserializer(AAGUID.class, new AAGUIDDeserializer());
this.addDeserializer(AttestedCredentialData.class, new AttestedCredentialDataDeserializer(objectConverter));
this.addDeserializer(AuthenticationExtensionsAuthenticatorOutputsEnvelope.class, new AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer());
this.addDeserializer(CertPath.class, new CertPathDeserializer());
this.addDeserializer(Challenge.class, new ChallengeDeserializer());
this.addDeserializer(COSEKeyEnvelope.class, new COSEKeyEnvelopeDeserializer());
this.addDeserializer(AuthenticatorData.class, new AuthenticatorDataDeserializer(objectConverter));
this.addDeserializer(ExtensionAuthenticatorOutput.class, new ExtensionAuthenticatorOutputDeserializer());
this.addDeserializer(UnknownExtensionAuthenticatorOutput.class, new UnknownExtensionAuthenticatorOutputDeserializer());
this.addDeserializer(TPMSAttest.class, new TPMSAttestDeserializer());
this.addDeserializer(TPMTPublic.class, new TPMTPublicDeserializer());
this.addDeserializer(X509Certificate.class, new X509CertificateDeserializer());
this.addDeserializer(JWS.class, new JWSDeserializer(objectConverter));
this.addSerializer(new AAGUIDSerializer());
this.addSerializer(new AttestedCredentialDataSerializer(objectConverter));
this.addSerializer(new AuthenticatorDataSerializer(objectConverter));
this.addSerializer(new CertPathSerializer());
this.addSerializer(new ChallengeSerializer());
this.addSerializer(new EC2COSEKeySerializer());
this.addSerializer(new JWSSerializer());
this.addSerializer(new OriginSerializer());
this.addSerializer(new RSACOSEKeySerializer());
this.addSerializer(new TPMSAttestSerializer());
this.addSerializer(new TPMTPublicSerializer());
this.addSerializer(new X509CertificateSerializer());
// attestation statements
this.registerSubtypes(new NamedType(FIDOU2FAttestationStatement.class, FIDOU2FAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(PackedAttestationStatement.class, PackedAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(AndroidKeyAttestationStatement.class, AndroidKeyAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(AndroidSafetyNetAttestationStatement.class, AndroidSafetyNetAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(TPMAttestationStatement.class, TPMAttestationStatement.FORMAT));
this.registerSubtypes(new NamedType(NoneAttestationStatement.class, NoneAttestationStatement.FORMAT));
// authenticator extension outputs
}
示例25
public AttestedCredentialDataSerializer(ObjectConverter objectConverter) {
super(AttestedCredentialData.class);
attestedCredentialDataConverter = new AttestedCredentialDataConverter(objectConverter);
}
示例26
@Override
public void serialize(AttestedCredentialData value, JsonGenerator gen, SerializerProvider provider) throws IOException {
gen.writeBinary(attestedCredentialDataConverter.convert(value));
}
示例27
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter, Set<AuthenticatorTransport> transports) {
this(attestedCredentialData, attestationStatement, counter, transports, new HashMap<>(), new HashMap<>());
}
示例28
public AuthenticatorImpl(AttestedCredentialData attestedCredentialData, AttestationStatement attestationStatement, long counter) {
this(attestedCredentialData, attestationStatement, counter, Collections.emptySet());
}
示例29
@Override
public AttestedCredentialData getAttestedCredentialData() {
return attestedCredentialData;
}
示例30
public void setAttestedCredentialData(AttestedCredentialData attestedCredentialData) {
this.attestedCredentialData = attestedCredentialData;
}
