support for ask/identity v2

a3b1b488 · Josh Ji · b4794503 · a3b1b488 · a3b1b488 · a3b1b488
Commit a3b1b488 authored Nov 06, 2023 by Josh Ji
6 changed files
--- a/src/main/java/com/example/rpserver/controller/GetAssertion.java
+++ b/src/main/java/com/example/rpserver/controller/GetAssertion.java
@@ -40,6 +40,6 @@ public class GetAssertion {
 	public ResponseEntity<Response> finishMakeCredential(@RequestParam("data") String data){
 		logger.info("data : {}", data);
 		logger.info("Finish Get Assertion");
-		return ResponseEntity.ok(new Response(true, "Login Successfully"));
+		return ResponseEntity.ok(new Response(true, "Login Successfully", ""));
 	}
 }
--- a/src/main/java/com/example/rpserver/controller/MakeCredential.java
+++ b/src/main/java/com/example/rpserver/controller/MakeCredential.java
@@ -119,8 +119,12 @@ public class MakeCredential {
 				identityFromIDP = "JoshJi";
 		}else {
 			extensions = extractExtensions(attestationObjectBytes);
-			identityFromIDP = askIDP(extensions[0], extensions[1]);
-			logger.info("identityFromIDP : {}", identityFromIDP);
+			if(extensions.length==1){
+				identityFromIDP=extensions[0];
+			}else{
+				identityFromIDP = askIDP(extensions);
+				logger.info("identityFromIDP : {}", identityFromIDP);
+			}
 		}

 		RegistrationRequest registrationRequest = new RegistrationRequest(attestationObjectBytes, clientDataJSONBytes);
@@ -140,7 +144,7 @@ public class MakeCredential {
 				user.getUserName(),
 				rawId));

-		return ResponseEntity.ok().body(new Response(true, "Successfully created credential@@"+identityFromIDP));
+		return ResponseEntity.ok().body(new Response(true, "Successfully created credential", identityFromIDP));
 	}

 	private String[] extractExtensions(byte[] attestationObjectBytes){
@@ -159,31 +163,52 @@ public class MakeCredential {
 				for (DataItem item : extensions)
 					logger.info("extensions : {}", item);

-				byte[][] extensionSendsOut = new byte[2][];
-				extensionSendsOut[0] = ((ByteString) extensions.get(0)).getBytes();
-				extensionSendsOut[1] = ((ByteString) extensions.get(1)).getBytes();
+				String[] params = new String[extensions.size()];
+
+				for (int i = 0; i < extensions.size(); i++) {
+					params[i] = HexUtil.encodeToString(((ByteString)extensions.get(i)).getBytes());
+					logger.info(params[i]);
+				}
+
+//				byte[][] extensionSendsOut = new byte[extensions.size()][];
+//				extensionSendsOut[0] = ((ByteString) extensions.get(0)).getBytes();
+//				extensionSendsOut[1] = ((ByteString) extensions.get(1)).getBytes();
+//
+//				hmac = HexUtil.encodeToString(extensionSendsOut[0]); // param 1 : hmac
+//				Cx = HexUtil.encodeToString(extensionSendsOut[1]); // param 2 : Cx

-				hmac = HexUtil.encodeToString(extensionSendsOut[0]); // param 1 : hmac
-				Cx = HexUtil.encodeToString(extensionSendsOut[1]); // param 2 : Cx
+				return params;

-			} catch (CborException e) {
+			} catch (Exception e) {
 				e.printStackTrace();
+				return new String[]{"PII_NOT_SUPPORT"};
 			}
-		return new String[]{hmac, Cx};
 			
 	}

 	@Autowired
 	Environment env;
-	private String askIDP(String hmac, String Cx){
+	private String askIDP(String[] param){
 		RestTemplate restTemplate = new RestTemplate();
 		String idp_addr = env.getProperty("server.idp.url");
-		String uri = idp_addr + "api/idp/askIdentity";
 		HashMap<String, String> map = new HashMap<>();
-		String base64hmac = Base64Util.encodeToString(HexUtil.decode(hmac));
-		String base64Cx = Base64Util.encodeToString(HexUtil.decode(Cx));
-		map.put("HMAC_base64", base64hmac);
-		map.put("Cx_base64", base64Cx);
+		String uri = idp_addr;
+		switch (param.length){
+			case 2:{
+				uri += "api/idp/askIdentity";
+				map.put("HMAC_base64", Base64Util.encodeToString(HexUtil.decode(param[0])));
+				map.put("Cx_base64", Base64Util.encodeToString(HexUtil.decode(param[1])));
+				break;
+			}
+			case 4:{
+				uri += "api/idp/askIdentityV2";
+				map.put("nonce_base64", Base64Util.encodeToString(HexUtil.decode(param[0])));
+				map.put("idHash_base64", Base64Util.encodeToString(HexUtil.decode(param[1])));
+				map.put("cE_base64", Base64Util.encodeToString(HexUtil.decode(param[2])));
+				map.put("HMAC_base64", Base64Util.encodeToString(HexUtil.decode(param[3])));
+				break;
+			}
+		}
 		return restTemplate.postForObject(uri, map, String.class);
 	}
 }
--- a/src/main/java/com/example/rpserver/model/Response.java
+++ b/src/main/java/com/example/rpserver/model/Response.java
@@ -5,10 +5,12 @@ package com.example.rpserver.model;
 public class Response {
 	private boolean success;
 	private String message;
+	private String identity;

-	public Response(boolean success, String message){
+	public Response(boolean success, String message, String identity){
 		this.success = success;
 		this.message = message;
+		this.identity=identity;
 	}

 	public boolean isSuccess() {
@@ -26,4 +28,11 @@ public class Response {
 	public void setMessage(String message) {
 		this.message = message;
 	}
+	public String getIdentity() {
+		return identity;
+	}
+
+	public void setIdentity(String identity) {
+		this.identity = identity;
+	}
 }
--- a/src/main/resources/static/img/question_mark.jpg
+++ b/src/main/resources/static/img/question_mark.jpg
--- a/src/main/resources/static/js/webauthn.js
+++ b/src/main/resources/static/js/webauthn.js
@@ -445,9 +445,9 @@ function makeCredential(advancedOptions) {
            console.log(parameters);

            if (parameters && parameters.success) {
-                const msg = parameters.message.split("@@")[0]
+                const msg = parameters.message
                showSuccessMsg(msg);
-                document.forms['profile']['id_from_idp'].value=parameters.message.split("@@")[1]
+                document.forms['profile']['id_from_idp'].value=parameters.identity
                document.forms['profile'].submit()
                fetchCredentials();
            } else {

--- a/src/main/resources/templates/profile.html
+++ b/src/main/resources/templates/profile.html
@@ -13,7 +13,7 @@
 	<!--navbar-->
 	<nav class="navbar bg-light navbar-light">
 		<div class="container-fluid">
-			<a href="#" class="navbar-brand">
+			<a href="/" class="navbar-brand">
 <!--				<img src="img/logo1.png" alt="Taiwan Tech Logo" class="navbar-brand" style="height: 40pt">-->
 				FIDO DEMO
 			</a>
@@ -86,7 +86,13 @@
 							Welcome!
 						</h2>
 						<hr>
-						<img src="img/avatar1.jpg" alt="Avatar1">
+						<img src="img/avatar1.jpg" alt="Avatar1" id="avatar">
+						<input type="hidden" id="id_from_idp" th:value="${id_from_idp}">
+						<script>
+							if(document.getElementById("id_from_idp").value==="PII_NOT_SUPPORT"){
+								document.getElementById("avatar").src="img/question_mark.jpg"
+							}
+						</script>
 						<h3 class="p-3">Name: </h3>
 						<h3 class="p-3" th:text="${id_from_idp}">Josh Ji</h3>
 					</div>