下面列出了org.springframework.security.authentication.AuthenticationTrustResolverImpl#com.webauthn4j.converter.util.ObjectConverter 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public void configure(H http) throws Exception {
super.configure(http);
if (optionsProvider == null) {
optionsProvider = WebAuthnConfigurerUtil.getOptionsProvider(http);
}
http.setSharedObject(OptionsProvider.class, optionsProvider);
if (objectConverter == null) {
objectConverter = WebAuthnConfigurerUtil.getObjectConverter(http);
}
http.setSharedObject(ObjectConverter.class, objectConverter);
fidoServerAttestationOptionsEndpointConfig.configure(http);
fidoServerAttestationResultEndpointConfig.configure(http);
fidoServerAssertionOptionsEndpointConfig.configure(http);
fidoServerAssertionResultEndpointConfig.configure(http);
}
public FidoServerAssertionResultEndpointFilter(
ObjectConverter objectConverter,
ServerPropertyProvider serverPropertyProvider,
RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
this.jsonConverter = objectConverter.getJsonConverter();
this.serverPropertyProvider = serverPropertyProvider;
this.serverPublicKeyCredentialValidator = new ServerPublicKeyCredentialValidator<>();
this.setAuthenticationSuccessHandler(new FidoServerAssertionResultEndpointSuccessHandler(objectConverter));
this.setAuthenticationFailureHandler(new FidoServerAssertionResultEndpointFailureHandler(objectConverter));
this.collectedClientDataConverter = new CollectedClientDataConverter(objectConverter);
this.serverEndpointFilterUtil = new ServerEndpointFilterUtil(objectConverter);
checkConfig();
}
@Bean
public MetadataItemsProvider fidoMetadataItemsProvider(ObjectConverter objectConverter, HttpClient httpClient) {
X509Certificate conformanceTestCertificate = CertificateUtil.generateX509Certificate(Base64Util.decode("MIICZzCCAe6gAwIBAgIPBF0rd3WL/GExWV/szYNVMAoGCCqGSM49BAMDMGcxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMScwJQYDVQQLDB5GQUtFIE1ldGFkYXRhIFRPQyBTaWduaW5nIEZBS0UxFzAVBgNVBAMMDkZBS0UgUm9vdCBGQUtFMB4XDTE3MDIwMTAwMDAwMFoXDTQ1MDEzMTIzNTk1OVowZzELMAkGA1UEBhMCVVMxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxJzAlBgNVBAsMHkZBS0UgTWV0YWRhdGEgVE9DIFNpZ25pbmcgRkFLRTEXMBUGA1UEAwwORkFLRSBSb290IEZBS0UwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARcVLd6r4fnNHzs5K2zfbg//4X9/oBqmsdRVtZ9iXhlgM9vFYaKviYtqmwkq0D3Lihg3qefeZgXXYi4dFgvzU7ZLBapSNM3CT8RDBe/MBJqsPwaRQbIsGmmItmt/ESNQD6jYDBeMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTd95rIHO/hX9Oh69szXzD0ahmZWTAfBgNVHSMEGDAWgBTd95rIHO/hX9Oh69szXzD0ahmZWTAKBggqhkjOPQQDAwNnADBkAjBkP3L99KEXQzviJVGytDMWBmITMBYv1LgNXXiSilWixTyQqHrYrFpLvNFyPZQvS6sCMFMAOUCwAch/515XH0XlDbMgdIe2N4zzdY77TVwiHmsxTFWRT0FtS7fUk85c/LzSPQ=="));
String[] urls = new String[]{
"https://fidoalliance.co.nz/mds/execute/24972a67c1d02c6a848f457c5ab1955f63148441e031e4d3d7eaa79e25ae6a46",
"https://fidoalliance.co.nz/mds/execute/427712e10ca2cb354691740a37cd37496874eb5524709150d7e6f9ebd83917e2",
"https://fidoalliance.co.nz/mds/execute/6ec77bdf780b80fec995b9083d1bf9659680dfe31b97114b14ae28808b252de2",
"https://fidoalliance.co.nz/mds/execute/a1715169d003018816bd238b523f03a37b4ce85a8edc299e9afe0e74f27ad6a3",
"https://fidoalliance.co.nz/mds/execute/b3227b69040df61b7dd2e02285207613c1f1a1f531d5cb10b1c5b85827ed4f96"
};
List<MetadataItemsProvider> list = new ArrayList<>();
Arrays.stream(urls).map(url -> {
FidoMdsMetadataItemsProvider metadataItemsProvider = new FidoMdsMetadataItemsProvider(objectConverter, httpClient, conformanceTestCertificate);
metadataItemsProvider.setFidoMetadataServiceEndpoint(url);
return metadataItemsProvider;
}).forEach(list::add);
return new AggregatingMetadataItemsProvider(list);
}
public WebAuthnManager(List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
List<CustomRegistrationValidator> customRegistrationValidators,
List<CustomAuthenticationValidator> customAuthenticationValidators,
ObjectConverter objectConverter) {
this.webAuthnRegistrationManager = new WebAuthnRegistrationManager(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
customRegistrationValidators,
objectConverter);
this.webAuthnAuthenticationManager = new WebAuthnAuthenticationManager(
customAuthenticationValidators,
objectConverter);
}
/**
* Creates {@link WebAuthnManager} with non strict configuration
*
* @param objectConverter ObjectConverter
* @return configured {@link WebAuthnManager}
*/
public static WebAuthnManager createNonStrictWebAuthnManager(ObjectConverter objectConverter) {
return new WebAuthnManager(
Arrays.asList(
new NoneAttestationStatementValidator(),
new NullFIDOU2FAttestationStatementValidator(),
new NullPackedAttestationStatementValidator(),
new NullTPMAttestationStatementValidator(),
new NullAndroidKeyAttestationStatementValidator(),
new NullAndroidSafetyNetAttestationStatementValidator()
),
new NullCertPathTrustworthinessValidator(),
new NullSelfAttestationTrustworthinessValidator(),
objectConverter
);
}
public WebAuthnRegistrationManager(
List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
List<CustomRegistrationValidator> customRegistrationValidators,
ObjectConverter objectConverter) {
AssertUtil.notNull(attestationStatementValidators, "attestationStatementValidators must not be null");
AssertUtil.notNull(certPathTrustworthinessValidator, "certPathTrustworthinessValidator must not be null");
AssertUtil.notNull(selfAttestationTrustworthinessValidator, "selfAttestationTrustworthinessValidator must not be null");
AssertUtil.notNull(customRegistrationValidators, "customRegistrationValidators must not be null");
AssertUtil.notNull(objectConverter, "objectConverter must not be null");
registrationDataValidator = new RegistrationDataValidator(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
customRegistrationValidators,
objectConverter);
collectedClientDataConverter = new CollectedClientDataConverter(objectConverter);
attestationObjectConverter = new AttestationObjectConverter(objectConverter);
authenticatorTransportConverter = new AuthenticatorTransportConverter();
authenticationExtensionsClientOutputsConverter = new AuthenticationExtensionsClientOutputsConverter(objectConverter);
}
/**
* Creates {@link WebAuthnManager} with non strict configuration
*
* @param objectConverter ObjectConverter
* @return configured {@link WebAuthnManager}
*/
public static WebAuthnRegistrationManager createNonStrictWebAuthnRegistrationManager(ObjectConverter objectConverter) {
return new WebAuthnRegistrationManager(
Arrays.asList(
new NoneAttestationStatementValidator(),
new NullFIDOU2FAttestationStatementValidator(),
new NullPackedAttestationStatementValidator(),
new NullTPMAttestationStatementValidator(),
new NullAndroidKeyAttestationStatementValidator(),
new NullAndroidSafetyNetAttestationStatementValidator()
),
new NullCertPathTrustworthinessValidator(),
new NullSelfAttestationTrustworthinessValidator(),
objectConverter
);
}
public RegistrationDataValidatorTest() {
ObjectConverter objectConverter = new ObjectConverter();
target = new RegistrationDataValidator(Arrays.asList(
new NoneAttestationStatementValidator(),
new NullFIDOU2FAttestationStatementValidator(),
new NullPackedAttestationStatementValidator(),
new NullTPMAttestationStatementValidator(),
new NullAndroidKeyAttestationStatementValidator(),
new NullAndroidSafetyNetAttestationStatementValidator()
),
new NullCertPathTrustworthinessValidator(),
new NullSelfAttestationTrustworthinessValidator(),
Collections.emptyList(),
objectConverter);
}
@Test
void serialization_deserialization_test() {
ObjectConverter objectConverter = new ObjectConverter();
CborConverter cborConverter = objectConverter.getCborConverter();
TestAuthenticator original = new TestAuthenticator(
TestDataUtil.createAttestedCredentialData(),
TestAttestationStatementUtil.createFIDOU2FAttestationStatement(),
0,
Collections.emptySet(),
null,
null);
byte[] serialized = cborConverter.writeValueAsBytes(original);
Authenticator deserialized = cborConverter.readValue(serialized, TestAuthenticator.class);
assertThat(deserialized).isEqualTo(original);
}
public WebAuthnCredentialProvider(KeycloakSession session, ObjectConverter objectConverter) {
this.session = session;
if (credentialPublicKeyConverter == null)
credentialPublicKeyConverter = new CredentialPublicKeyConverter(objectConverter);
if (attestationStatementConverter == null)
attestationStatementConverter = new AttestationStatementConverter(objectConverter);
}
public FidoServerAttestationResultEndpointFilter(
ObjectConverter objectConverter,
WebAuthnUserDetailsService webAuthnUserDetailsService,
WebAuthnRegistrationRequestValidator webAuthnRegistrationRequestValidator) {
super(FILTER_URL, objectConverter);
this.attestationObjectConverter = new AttestationObjectConverter(objectConverter);
this.collectedClientDataConverter = new CollectedClientDataConverter(objectConverter);
this.serverPublicKeyCredentialValidator = new ServerPublicKeyCredentialValidator<>();
this.webAuthnUserDetailsService = webAuthnUserDetailsService;
this.webAuthnRegistrationRequestValidator = webAuthnRegistrationRequestValidator;
checkConfig();
}
public ServerEndpointFilterBase(
String filterProcessesUrl,
ObjectConverter objectConverter) {
this.filterProcessesUrl = filterProcessesUrl;
this.objectConverter = objectConverter;
this.serverEndpointFilterUtil = new ServerEndpointFilterUtil(this.objectConverter);
checkConfig();
}
@Bean
public ObjectConverter objectConverter() {
ObjectMapper jsonMapper = new ObjectMapper();
jsonMapper.registerModule(new WebAuthnMetadataJSONModule());
ObjectMapper cborMapper = new ObjectMapper(new CBORFactory());
return new ObjectConverter(jsonMapper, cborMapper);
}
private WebAuthnRegistrationManager createWebAuthnRegistrationManager() {
return new WebAuthnRegistrationManager(
Arrays.asList(
new NoneAttestationStatementValidator(),
new PackedAttestationStatementValidator(),
new TPMAttestationStatementValidator(),
new AndroidKeyAttestationStatementValidator(),
new AndroidSafetyNetAttestationStatementValidator(),
new FIDOU2FAttestationStatementValidator()
), this.certPathtrustValidator,
new DefaultSelfAttestationTrustworthinessValidator(),
Collections.emptyList(), // Custom Registration Validator is not supported
new ObjectConverter()
);
}
@Bean
public ObjectConverter objectConverter() {
ObjectMapper jsonMapper = new ObjectMapper();
jsonMapper.registerModule(new WebAuthnMetadataJSONModule());
jsonMapper.registerSubtypes(new NamedType(ExampleExtensionClientInput.class, ExampleExtensionClientInput.ID));
ObjectMapper cborMapper = new ObjectMapper(new CBORFactory());
cborMapper.registerSubtypes(new NamedType(ExampleExtensionAuthenticatorOutput.class, ExampleExtensionAuthenticatorOutput.ID));
return new ObjectConverter(jsonMapper, cborMapper);
}
public WebAuthnModelAuthenticator() {
this(
AAGUID.ZERO,
new KeyPair(
TestAttestationUtil.load3tierTestAuthenticatorAttestationPublicKey(),
TestAttestationUtil.load3tierTestAuthenticatorAttestationPrivateKey()),
TestAttestationUtil.load3tierTestCACertificatePath(),
TestAttestationUtil.load3tierTestIntermediateCAPrivateKey(),
0,
true,
new ObjectConverter()
);
}
@SuppressWarnings("unused")
public WebAuthnJSONModule(ObjectConverter objectConverter) {
super("WebAuthnJSONModule");
this.addDeserializer(Challenge.class, new ChallengeDeserializer());
this.addDeserializer(ExtensionClientInput.class, new ExtensionClientInputDeserializer());
this.addDeserializer(RegistrationExtensionClientInput.class, new RegistrationExtensionClientInputDeserializer());
this.addDeserializer(AuthenticationExtensionClientInput.class, new AuthenticationExtensionClientInputDeserializer());
this.addDeserializer(ExtensionClientOutput.class, new ExtensionClientOutputDeserializer());
this.addDeserializer(UnknownExtensionClientInput.class, new UnknownExtensionClientInputDeserializer());
this.addDeserializer(UnknownExtensionClientOutput.class, new UnknownExtensionClientOutputDeserializer());
this.addDeserializer(JWS.class, new JWSDeserializer(objectConverter));
this.addDeserializer(X509Certificate.class, new X509CertificateDeserializer());
this.addSerializer(new ChallengeSerializer());
this.addSerializer(new JWSSerializer());
this.addSerializer(new X509CertificateSerializer());
// client extension inputs
this.registerSubtypes(new NamedType(CredentialPropertiesExtensionClientInput.class, CredentialPropertiesExtensionClientInput.ID));
this.registerSubtypes(new NamedType(FIDOAppIDExtensionClientInput.class, FIDOAppIDExtensionClientInput.ID));
// client extension outputs
this.registerSubtypes(new NamedType(CredentialPropertiesExtensionClientOutput.class, CredentialPropertiesExtensionClientOutput.ID));
this.registerSubtypes(new NamedType(FIDOAppIDExtensionClientOutput.class, FIDOAppIDExtensionClientOutput.ID));
}
MetadataItemsProviderTest() {
ObjectMapper jsonMapper = new ObjectMapper();
jsonMapper.registerModule(new WebAuthnMetadataJSONModule());
ObjectMapper cborMapper = new ObjectMapper(new CBORFactory());
objectConverter = new ObjectConverter(jsonMapper, cborMapper);
target = new FidoMdsMetadataItemsProvider(objectConverter, fidoMDSClient);
}
public WebAuthnManager(List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
List<CustomRegistrationValidator> customRegistrationValidators,
List<CustomAuthenticationValidator> customAuthenticationValidators) {
this(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
customRegistrationValidators,
customAuthenticationValidators,
new ObjectConverter()
);
}
public WebAuthnManager(List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
ObjectConverter objectConverter) {
this(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
new ArrayList<>(),
new ArrayList<>(),
objectConverter
);
}
public WebAuthnAuthenticationManager(List<CustomAuthenticationValidator> customAuthenticationValidators, ObjectConverter objectConverter) {
AssertUtil.notNull(customAuthenticationValidators, "customAuthenticationValidators must not be null");
AssertUtil.notNull(objectConverter, "objectConverter must not be null");
authenticationDataValidator = new AuthenticationDataValidator(customAuthenticationValidators);
collectedClientDataConverter = new CollectedClientDataConverter(objectConverter);
authenticatorDataConverter = new AuthenticatorDataConverter(objectConverter);
authenticationExtensionsClientOutputsConverter = new AuthenticationExtensionsClientOutputsConverter(objectConverter);
}
public WebAuthnRegistrationManager(List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
List<CustomRegistrationValidator> customRegistrationValidators) {
this(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
customRegistrationValidators,
new ObjectConverter()
);
}
public WebAuthnRegistrationManager(List<AttestationStatementValidator> attestationStatementValidators,
CertPathTrustworthinessValidator certPathTrustworthinessValidator,
SelfAttestationTrustworthinessValidator selfAttestationTrustworthinessValidator,
ObjectConverter objectConverter) {
this(
attestationStatementValidators,
certPathTrustworthinessValidator,
selfAttestationTrustworthinessValidator,
Collections.emptyList(),
objectConverter
);
}
@Test
void deserialize_test() throws CertificateEncodingException {
ObjectConverter objectConverter = new ObjectConverter();
CborConverter cborConverter = objectConverter.getCborConverter();
Map<String, byte[]> source = new HashMap<>();
source.put("certificate", TestAttestationUtil.load2tierTestAuthenticatorAttestationCertificate().getEncoded());
byte[] input = cborConverter.writeValueAsBytes(source);
X509CertificateDeserializerTestData result = cborConverter.readValue(input, X509CertificateDeserializerTestData.class);
assertThat(result.getCertificate()).isInstanceOf(X509Certificate.class);
}
@Test
void deserialize_test_with_JSON_data() {
ObjectConverter objectConverter = new ObjectConverter();
JsonConverter jsonConverter = objectConverter.getJsonConverter();
Map<String, ExtensionClientOutput<?>> extensionOutputs =
jsonConverter.readValue(
"{ " +
"\"appid\": true, " +
"\"credProps\": {\"rk\": true }, " +
"\"txAuthSimple\": \"authorization message\", " +
"\"txAuthGeneric\": { \"contentType\": \"image/png\", \"content\": null }, " +
"\"authnSel\": true, " +
"\"exts\": [\"exts\", \"authnSel\"], " +
"\"uvi\": [], " +
"\"loc\": { \"latitude\": 0, \"longitude\":0, \"accuracy\": 1 }, " +
"\"biometricPerfBounds\": true " +
"}",
new TypeReference<Map<String, ExtensionClientOutput<?>>>() {
}
);
assertAll(
() -> assertThat(extensionOutputs).containsKeys(
FIDOAppIDExtensionClientOutput.ID,
CredentialPropertiesExtensionClientOutput.ID
),
() -> assertThat(extensionOutputs).containsValues(
new FIDOAppIDExtensionClientOutput(true),
new CredentialPropertiesExtensionClientOutput(new CredentialPropertiesExtensionClientOutput.CredentialPropertiesOutput(true))
)
);
}
@Test
void constructor_test() {
ObjectConverter objectConverter = new ObjectConverter();
List<CustomAuthenticationValidator> customAuthenticationValidators = Collections.emptyList();
assertThatCode(WebAuthnAuthenticationManager::new).doesNotThrowAnyException();
assertThatCode(()-> new WebAuthnAuthenticationManager(customAuthenticationValidators)).doesNotThrowAnyException();
assertThatCode(()-> new WebAuthnAuthenticationManager(customAuthenticationValidators, objectConverter)).doesNotThrowAnyException();
}
public Base64UrlStringToCollectedClientDataConverter(ObjectConverter objectConverter) {
converter = new CollectedClientDataConverter(objectConverter);
}
public FidoMdsMetadataItemsProvider(ObjectConverter objectConverter, HttpClient httpClient) {
this(objectConverter, null, httpClient);
}
public MetadataStatementTest() {
ObjectMapper jsonMapper = new ObjectMapper();
jsonMapper.registerModule(new WebAuthnMetadataJSONModule());
ObjectMapper cborMapper = new ObjectMapper(new CBORFactory());
objectConverter = new ObjectConverter(jsonMapper, cborMapper);
}
public OptionsEndpointFilter(OptionsProvider optionsProvider, ObjectConverter objectConverter) {
this.optionsProvider = optionsProvider;
this.jsonConverter = objectConverter.getJsonConverter();
this.trustResolver = new AuthenticationTrustResolverImpl();
checkConfig();
}