加入詢問IDP的流程

14752a87 · Josh Ji · 6801ea37 · 14752a87 · 6801ea37 · 14752a87
Commit 14752a87 authored Aug 20, 2022 by Josh Ji
9 changed files
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -12,4 +12,7 @@
    </option>
  </component>
  <component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="true" project-jdk-name="1.8.0_221" project-jdk-type="JavaSDK" />
+  <component name="ProjectType">
+    <option name="id" value="jpab" />
+  </component>
 </project>
\ No newline at end of file
--- a/gaedemo.iml
+++ b/gaedemo.iml
-<?xml version="1.0" encoding="UTF-8"?>
-<module version="4">
-  <component name="FacetManager">
-    <facet type="google-app-engine" name="Google App Engine">
-      <configuration />
-    </facet>
-    <facet type="app-engine-standard" name="Google App Engine Standard">
-      <configuration />
-    </facet>
-  </component>
-</module>
\ No newline at end of file
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
    <version>1.0-SNAPSHOT</version>
    <groupId>com.google.webauthn</groupId>
-    <artifactId>gaedemo</artifactId>
+    <artifactId>webauthn-demo-josh</artifactId>
    <!-- [START set_versions] -->
    <properties>
@@ -26,6 +26,13 @@
    <!-- [END set_versions] -->
    <dependencies>
+        <!--Unirest-->
+        <dependency>
+            <groupId>com.konghq</groupId>
+            <artifactId>unirest-java</artifactId>
+            <version>3.13.6</version>
+            <classifier>standalone</classifier>
+        </dependency>
        <!-- Compile/runtime dependencies -->
        <dependency>
            <groupId>com.google.cloud</groupId>

--- a/src/main/java/com/google/webauthn/gaedemo/objects/AttestationObject.java
+++ b/src/main/java/com/google/webauthn/gaedemo/objects/AttestationObject.java
@@ -74,7 +74,6 @@ public class AttestationObject {
            case "attStmt":
              attStmt = attObjMap.get(key);
              break;
          }
        }
      }

--- a/src/main/java/com/google/webauthn/gaedemo/objects/AuthenticationExtensionsClientInputs.java
+++ b/src/main/java/com/google/webauthn/gaedemo/objects/AuthenticationExtensionsClientInputs.java
@@ -86,6 +86,13 @@ public class AuthenticationExtensionsClientInputs {
    return keyPair;
  }
+  public void addPrlabExtension(){
+    if (registrationExtensions == null) {
+      registrationExtensions = new JsonObject();
+    }
+    registrationExtensions.addProperty("PRLab", true);
+  }
  /**
   * @return registration extensions.
   */

--- a/src/main/java/com/google/webauthn/gaedemo/servlets/BeginMakeCredential.java
+++ b/src/main/java/com/google/webauthn/gaedemo/servlets/BeginMakeCredential.java
@@ -108,6 +108,10 @@ public class BeginMakeCredential extends HttpServlet {
      storedKeyPair.save(session.getId());
    } catch (Exception e) {}
+    /* josh start */
+    extensions.addPrlabExtension();
+    /* josh end */
    optionsJson.add("extensions", extensions.getRegistrationExtensions());
    response.setContentType("application/json");

--- a/src/main/java/com/google/webauthn/gaedemo/servlets/FinishMakeCredential.java
+++ b/src/main/java/com/google/webauthn/gaedemo/servlets/FinishMakeCredential.java
@@ -15,7 +15,11 @@
 package com.google.webauthn.gaedemo.servlets;
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
 import java.security.KeyPair;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
 import javax.servlet.ServletException;
@@ -23,6 +27,9 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import co.nstant.in.cbor.CborDecoder;
+import co.nstant.in.cbor.CborException;
+import co.nstant.in.cbor.model.*;
 import com.google.appengine.api.users.UserService;
 import com.google.appengine.api.users.UserServiceFactory;
 import com.google.common.base.Splitter;
@@ -46,143 +53,187 @@ import com.google.webauthn.gaedemo.server.U2fServer;
 import com.google.webauthn.gaedemo.service.UserProxyService;
 import com.google.webauthn.gaedemo.storage.CableKeyPair;
 import com.google.webauthn.gaedemo.storage.Credential;
+import kong.unirest.HttpResponse;
+import kong.unirest.Unirest;
+import org.bouncycastle.util.encoders.HexEncoder;
+import unirest.shaded.org.apache.commons.codec.binary.Hex;
 public class FinishMakeCredential extends HttpServlet {
-  private static final int FINGERPRINT = 2;
+	private static final int FINGERPRINT = 2;
-  private static final int SCREEN_LOCK = 134;
+	private static final int SCREEN_LOCK = 134;
-  private static final long serialVersionUID = 1L;
+	private static final long serialVersionUID = 1L;
-  private final UserService userService = UserServiceFactory.getUserService();
+	private final UserService userService = UserServiceFactory.getUserService();
-  public FinishMakeCredential() {}
+	public FinishMakeCredential() {}
-  @Override
+	@Override
-  protected void doGet(HttpServletRequest request, HttpServletResponse response)
+	protected void doGet(HttpServletRequest request, HttpServletResponse response)
-      throws ServletException, IOException {
+			throws ServletException, IOException {
-    doPost(request, response);
+		doPost(request, response);
-  }
+	}
-  @Override
+	@Override
-  protected void doPost(HttpServletRequest request, HttpServletResponse response)
+	protected void doPost(HttpServletRequest request, HttpServletResponse response)
-      throws ServletException, IOException {
+			throws ServletException, IOException {
-    /* Tyler start -----------------*/
+		/* Tyler start -----------------*/
-    UserProxyService userProxyService = UserProxyService.getInstance();
+		UserProxyService userProxyService = UserProxyService.getInstance();
-    String currentUser = userProxyService.getCurrentUser().getEmail();
+		String currentUser = userProxyService.getCurrentUser().getEmail();
-    /* Tyler end -----------------*/
+		/* Tyler end -----------------*/
    /* Original code
    String currentUser = userService.getCurrentUser().getEmail();
     */
-    String data = request.getParameter("data");
+		String data = request.getParameter("data");
-    if (data == null) {
+		if (data == null) {
-      data = "";
+			data = "";
-    }
+		}
-    String session = request.getParameter("session");
+		System.out.println(data);
-    if (session == null) {
+		String session = request.getParameter("session");
-      session = "";
+		if (session == null) {
-    }
+			session = "";
+		}
-    String credentialId = null;
-    String type = null;
+		String credentialId = null;
-    String uvm = null;
+		String type = null;
-    JsonElement makeCredentialResponse = null;
+		String uvm = null;
-    CablePairingData cablePairingData = null;
+		JsonElement makeCredentialResponse = null;
+		CablePairingData cablePairingData = null;
-    try {
-      JsonObject json = new JsonParser().parse(data).getAsJsonObject();
+		try {
-      JsonElement idJson = json.get("id");
+			JsonObject json = new JsonParser().parse(data).getAsJsonObject();
-      if (idJson != null) {
+			JsonElement idJson = json.get("id");
-        credentialId = idJson.getAsString();
+			if (idJson != null) {
-      }
+				credentialId = idJson.getAsString();
-      JsonElement typeJson = json.get("type");
+			}
-      if (typeJson != null) {
+			JsonElement typeJson = json.get("type");
-        type = typeJson.getAsString();
+			if (typeJson != null) {
-      }
+				type = typeJson.getAsString();
-      JsonElement uvmJson = json.get("uvm");
+			}
-      if (uvmJson != null && uvmJson.isJsonArray()) {
+			JsonElement uvmJson = json.get("uvm");
-        JsonArray uvmArray = uvmJson.getAsJsonArray();
+			if (uvmJson != null && uvmJson.isJsonArray()) {
-        if (uvmJson.isJsonArray()) {
+				JsonArray uvmArray = uvmJson.getAsJsonArray();
-          JsonElement uvmElement = uvmArray.get(0);
+				if (uvmJson.isJsonArray()) {
-          if (uvmElement != null) {
+					JsonElement uvmElement = uvmArray.get(0);
-            switch (uvmElement.getAsJsonObject().get("userVerificationMethod").getAsInt()){
+					if (uvmElement != null) {
-              case FINGERPRINT:
+						switch (uvmElement.getAsJsonObject().get("userVerificationMethod").getAsInt()){
-                uvm = "Fingerprint";
+							case FINGERPRINT:
-                break;
+								uvm = "Fingerprint";
-              case SCREEN_LOCK:
+								break;
-                uvm = "Screen Lock";
+							case SCREEN_LOCK:
-                break;
+								uvm = "Screen Lock";
-              default:
+								break;
-                uvm = "Others";
+							default:
-                break;
+								uvm = "Others";
-            }
+								break;
-          }
+						}
-        }
+					}
-      }
+				}
-      makeCredentialResponse = json.get("response");
+			}
-    } catch (IllegalStateException e) {
+			makeCredentialResponse = json.get("response");
-      throw new ServletException("Passed data not a json object");
+		} catch (IllegalStateException e) {
-    } catch (ClassCastException e) {
+			throw new ServletException("Passed data not a json object");
-      throw new ServletException("Invalid input");
+		} catch (ClassCastException e) {
-    } catch (JsonParseException e) {
+			throw new ServletException("Invalid input");
-      throw new ServletException("Input not valid json");
+		} catch (JsonParseException e) {
-    }
+			throw new ServletException("Input not valid json");
+		}
-    AuthenticatorAttestationResponse attestation = null;
-    try {
+		AuthenticatorAttestationResponse attestation = null;
-      attestation = new AuthenticatorAttestationResponse(makeCredentialResponse);
+		try {
-    } catch (ResponseException e) {
+			attestation = new AuthenticatorAttestationResponse(makeCredentialResponse);
-      throw new ServletException(e);
+		} catch (ResponseException e) {
-    }
+			throw new ServletException(e);
+		}
-    if (attestation.getAttestationObject().getAuthenticatorData().hasExtensionData()) {
-      Map<String, AttestationExtension> extensionMap =
+		if (attestation.getAttestationObject().getAuthenticatorData().hasExtensionData()) {
-          attestation.getAttestationObject().getAuthenticatorData().getExtensionData();
+			Map<String, AttestationExtension> extensionMap =
-      if (extensionMap.containsKey(CableRegistrationData.KEY)) {
+					attestation.getAttestationObject().getAuthenticatorData().getExtensionData();
-        CableRegistrationData cableData =
+			if (extensionMap.containsKey(CableRegistrationData.KEY)) {
-            (CableRegistrationData) extensionMap.get(CableRegistrationData.KEY);
+				CableRegistrationData cableData =
+						(CableRegistrationData) extensionMap.get(CableRegistrationData.KEY);
-        // Get key pair generated during the StartMakeCredential operation
-        KeyPair sessionKeyPair = CableKeyPair.get(Long.valueOf(session));
+				// Get key pair generated during the StartMakeCredential operation
+				KeyPair sessionKeyPair = CableKeyPair.get(Long.valueOf(session));
-        cablePairingData = CablePairingData.generatePairingData(cableData, sessionKeyPair);
-      }
+				cablePairingData = CablePairingData.generatePairingData(cableData, sessionKeyPair);
-    }
+			}
+		}
-    // Recoding of credential ID is needed, because the ID from HTTP servlet request doesn't support
-    // padding.
+		/* josh start */
-    String credentialIdRecoded =
+		if(1==1) {
-        BaseEncoding.base64Url().encode(BaseEncoding.base64Url().decode(credentialId));
+			String attestationObjectBase64 = makeCredentialResponse.getAsJsonObject().get("attestationObject").getAsString();
+			System.out.println("attestationObject base64: " + attestationObjectBase64);
-    PublicKeyCredential cred = new PublicKeyCredential(credentialIdRecoded, type,
+			byte[] attestationObject = BaseEncoding.base64().decode(attestationObjectBase64);
-        BaseEncoding.base64Url().decode(credentialId), attestation);
+			try {
+				co.nstant.in.cbor.model.Map attestationObjectCbor = (co.nstant.in.cbor.model.Map) CborDecoder.decode(attestationObject).get(0);
-    String domain = (request.isSecure() ? "https://" : "http://") + request.getHeader("Host");
+				for (DataItem key : attestationObjectCbor.getKeys())
-    String rpId = Iterables.get(Splitter.on(':').split(request.getHeader("Host")), 0);
+					System.out.println(key);
-    switch (cred.getAttestationType()) {
-      case FIDOU2F:
+				co.nstant.in.cbor.model.Map attestationStatement = (co.nstant.in.cbor.model.Map) attestationObjectCbor.get(new UnicodeString("attStmt"));
-        U2fServer.registerCredential(cred, currentUser, session, domain, rpId);
+				for (DataItem key : attestationStatement.getKeys())
-        break;
+					System.out.println(key);
-      case ANDROIDSAFETYNET:
-        AndroidSafetyNetServer.registerCredential(cred, currentUser, session, rpId);
+				List<DataItem> extensions = ((Array) attestationStatement.get(new UnicodeString("extensions"))).getDataItems();
-        break;
+				for (DataItem item : extensions)
-      case PACKED:
+					System.out.println(item);
-        PackedServer.registerCredential(cred, currentUser, session, rpId);
-        break;
+				byte[][] extensionSendsOut = new byte[2][];
-      case NONE:
+				extensionSendsOut[0] = ((ByteString) extensions.get(0)).getBytes();
-        break;
+				extensionSendsOut[1] = ((ByteString) extensions.get(1)).getBytes();
-    }
+				for (byte[] bytes : extensionSendsOut)
-    Credential credential = new Credential(cred);
+					System.out.println(Hex.encodeHexString(bytes));
-    if (cablePairingData != null) {
-      credential.setCablePairingData(cablePairingData);
+				String p1 = BaseEncoding.base64().encode(extensionSendsOut[0]); // param 1 : hmac
-    }
+				String p2 = BaseEncoding.base64().encode(extensionSendsOut[1]); // param 2 : Cx
-    credential.setUserVerificationMethod(uvm);
-    credential.save(currentUser);
+				HttpResponse<String> httpResponse = Unirest.post("http://localhost:8086/api/idp/askIdentity")
+						.header("Content-Type", "application/json")
-    PublicKeyCredentialResponse rsp =
+						.body("{\"p1\":\"" + p1 + "\",\"p2\":\"" + p2 + "\"}")
-        new PublicKeyCredentialResponse(true, "Successfully created credential");
+						.asString();
-    response.setContentType("application/json");
+				System.out.println(httpResponse.getBody());
-    response.getWriter().println(rsp.toJson());
+			} catch (CborException e) {
-  }
+				e.printStackTrace();
+			}
+		}/* josh end */
+		// Recoding of credential ID is needed, because the ID from HTTP servlet request doesn't support
+		// padding.
+		String credentialIdRecoded =
+				BaseEncoding.base64Url().encode(BaseEncoding.base64Url().decode(credentialId));
+		PublicKeyCredential cred = new PublicKeyCredential(credentialIdRecoded, type,
+				BaseEncoding.base64Url().decode(credentialId), attestation);
+		String domain = (request.isSecure() ? "https://" : "http://") + request.getHeader("Host");
+		String rpId = Iterables.get(Splitter.on(':').split(request.getHeader("Host")), 0);
+		switch (cred.getAttestationType()) {
+			case FIDOU2F:
+				U2fServer.registerCredential(cred, currentUser, session, domain, rpId);
+				break;
+			case ANDROIDSAFETYNET:
+				AndroidSafetyNetServer.registerCredential(cred, currentUser, session, rpId);
+				break;
+			case PACKED:
+//        PackedServer.registerCredential(cred, currentUser, session, rpId); //
+				break;
+			case NONE:
+				break;
+		}
+		Credential credential = new Credential(cred);
+		if (cablePairingData != null) {
+			credential.setCablePairingData(cablePairingData);
+		}
+		credential.setUserVerificationMethod(uvm);
+		credential.save(currentUser);
+		PublicKeyCredentialResponse rsp =
+				new PublicKeyCredentialResponse(true, "Successfully created credential");
+		response.setContentType("application/json");
+		response.getWriter().println(rsp.toJson());
+	}
 }
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
-  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
-  version="2.5">
+         version="2.5">
-  <welcome-file-list>
+    <welcome-file-list>
-    <welcome-file>Home</welcome-file>
+        <welcome-file>Home</welcome-file>
-  </welcome-file-list>
+    </welcome-file-list>
-  <filter>
+    <filter>
-    <filter-name>ObjectifyFilter</filter-name>
+        <filter-name>ObjectifyFilter</filter-name>
-    <filter-class>com.googlecode.objectify.ObjectifyFilter</filter-class>
+        <filter-class>com.googlecode.objectify.ObjectifyFilter</filter-class>
-  </filter>
+    </filter>
-  <filter-mapping>
+    <filter-mapping>
-    <filter-name>ObjectifyFilter</filter-name>
+        <filter-name>ObjectifyFilter</filter-name>
-    <url-pattern>/*</url-pattern>
+        <url-pattern>/*</url-pattern>
-  </filter-mapping>
+    </filter-mapping>
-  <listener>
+    <listener>
-    <listener-class>com.google.webauthn.gaedemo.server.OfyHelper</listener-class>
+        <listener-class>com.google.webauthn.gaedemo.server.OfyHelper</listener-class>
-  </listener>
+    </listener>
-<!--  <security-constraint>-->
+    <!--  <security-constraint>-->
-<!--    <web-resource-collection>-->
+    <!--    <web-resource-collection>-->
-<!--      <web-resource-name>assetlinks</web-resource-name>-->
+    <!--      <web-resource-name>assetlinks</web-resource-name>-->
-<!--      <url-pattern>/.well-known/*</url-pattern>-->
+    <!--      <url-pattern>/.well-known/*</url-pattern>-->
-<!--    </web-resource-collection>-->
+    <!--    </web-resource-collection>-->
-<!--    &lt;!&ndash; OMIT auth-constraint &ndash;&gt;-->
+    <!--    &lt;!&ndash; OMIT auth-constraint &ndash;&gt;-->
-<!--  </security-constraint>-->
+    <!--  </security-constraint>-->
-<!--  <security-constraint>-->
+    <!--  <security-constraint>-->
-<!--    <web-resource-collection>-->
+    <!--    <web-resource-collection>-->
-<!--      <web-resource-name>cron</web-resource-name>-->
+    <!--      <web-resource-name>cron</web-resource-name>-->
-<!--      <url-pattern>/DeleteOldSessions</url-pattern>-->
+    <!--      <url-pattern>/DeleteOldSessions</url-pattern>-->
-<!--    </web-resource-collection>-->
+    <!--    </web-resource-collection>-->
-<!--    <auth-constraint>-->
+    <!--    <auth-constraint>-->
-<!--      <role-name>admin</role-name>-->
+    <!--      <role-name>admin</role-name>-->
-<!--    </auth-constraint>-->
+    <!--    </auth-constraint>-->
-<!--  </security-constraint>-->
+    <!--  </security-constraint>-->
-<!--  <security-constraint>-->
+    <!--  <security-constraint>-->
-<!--    <web-resource-collection>-->
+    <!--    <web-resource-collection>-->
-<!--      <url-pattern>/_ah/api/*</url-pattern>-->
+    <!--      <url-pattern>/_ah/api/*</url-pattern>-->
-<!--    </web-resource-collection>-->
+    <!--    </web-resource-collection>-->
-<!--    <user-data-constraint>-->
+    <!--    <user-data-constraint>-->
-<!--      <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
+    <!--      <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
-<!--    </user-data-constraint>-->
+    <!--    </user-data-constraint>-->
-<!--  </security-constraint>-->
+    <!--  </security-constraint>-->
-<!--  <security-constraint>-->
+    <!--  <security-constraint>-->
-<!--    <web-resource-collection>-->
+    <!--    <web-resource-collection>-->
-<!--      <web-resource-name>all-others</web-resource-name>-->
+    <!--      <web-resource-name>all-others</web-resource-name>-->
-<!--      <url-pattern>/*</url-pattern>-->
+    <!--      <url-pattern>/*</url-pattern>-->
-<!--    </web-resource-collection>-->
+    <!--    </web-resource-collection>-->
-<!--    <auth-constraint>-->
+    <!--    <auth-constraint>-->
-<!--      <role-name>*</role-name>-->
+    <!--      <role-name>*</role-name>-->
-<!--    </auth-constraint>-->
+    <!--    </auth-constraint>-->
-<!--    <user-data-constraint>-->
+    <!--    <user-data-constraint>-->
-<!--      <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
+    <!--      <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
-<!--    </user-data-constraint>-->
+    <!--    </user-data-constraint>-->
-<!--  </security-constraint>-->
+    <!--  </security-constraint>-->
-  <context-param>
+    <context-param>
-    <param-name>name</param-name>
+        <param-name>name</param-name>
-    <param-value>webauthn-demo</param-value>
+        <param-value>webauthn-demo</param-value>
-  </context-param>
+    </context-param>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>FinishMakeCredential</display-name>
+        <display-name>FinishMakeCredential</display-name>
-    <servlet-name>FinishMakeCredential</servlet-name>
+        <servlet-name>FinishMakeCredential</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.FinishMakeCredential</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.FinishMakeCredential</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>FinishMakeCredential</servlet-name>
+        <servlet-name>FinishMakeCredential</servlet-name>
-    <url-pattern>/FinishMakeCredential</url-pattern>
+        <url-pattern>/FinishMakeCredential</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>BeginMakeCredential</display-name>
+        <display-name>BeginMakeCredential</display-name>
-    <servlet-name>BeginMakeCredential</servlet-name>
+        <servlet-name>BeginMakeCredential</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.BeginMakeCredential</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.BeginMakeCredential</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>BeginMakeCredential</servlet-name>
+        <servlet-name>BeginMakeCredential</servlet-name>
-    <url-pattern>/BeginMakeCredential</url-pattern>
+        <url-pattern>/BeginMakeCredential</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>BeginGetAssertion</display-name>
+        <display-name>BeginGetAssertion</display-name>
-    <servlet-name>BeginGetAssertion</servlet-name>
+        <servlet-name>BeginGetAssertion</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.BeginGetAssertion</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.BeginGetAssertion</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>BeginGetAssertion</servlet-name>
+        <servlet-name>BeginGetAssertion</servlet-name>
-    <url-pattern>/BeginGetAssertion</url-pattern>
+        <url-pattern>/BeginGetAssertion</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>RegisteredKeys</display-name>
+        <display-name>RegisteredKeys</display-name>
-    <servlet-name>RegisteredKeys</servlet-name>
+        <servlet-name>RegisteredKeys</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.RegisteredKeys</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.RegisteredKeys</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>RegisteredKeys</servlet-name>
+        <servlet-name>RegisteredKeys</servlet-name>
-    <url-pattern>/RegisteredKeys</url-pattern>
+        <url-pattern>/RegisteredKeys</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>RemoveCredential</display-name>
+        <display-name>RemoveCredential</display-name>
-    <servlet-name>RemoveCredential</servlet-name>
+        <servlet-name>RemoveCredential</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.RemoveCredential</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.RemoveCredential</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>RemoveCredential</servlet-name>
+        <servlet-name>RemoveCredential</servlet-name>
-    <url-pattern>/RemoveCredential</url-pattern>
+        <url-pattern>/RemoveCredential</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>UpdateCredential</display-name>
+        <display-name>UpdateCredential</display-name>
-    <servlet-name>UpdateCredential</servlet-name>
+        <servlet-name>UpdateCredential</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.UpdateCredential</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.UpdateCredential</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>UpdateCredential</servlet-name>
+        <servlet-name>UpdateCredential</servlet-name>
-    <url-pattern>/UpdateCredential</url-pattern>
+        <url-pattern>/UpdateCredential</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>Home</display-name>
+        <display-name>Home</display-name>
-    <servlet-name>Home</servlet-name>
+        <servlet-name>Home</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.Home</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.Home</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>Cable</display-name>
+        <display-name>Cable</display-name>
-    <servlet-name>Cable</servlet-name>
+        <servlet-name>Cable</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.Cable</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.Cable</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>Login</display-name>
+        <display-name>Login</display-name>
-    <servlet-name>Login</servlet-name>
+        <servlet-name>Login</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.Login</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.Login</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>Home</servlet-name>
+        <servlet-name>Home</servlet-name>
-    <url-pattern>/Home</url-pattern>
+        <url-pattern>/Home</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>Cable</servlet-name>
+        <servlet-name>Cable</servlet-name>
-    <url-pattern>/Cable</url-pattern>
+        <url-pattern>/Cable</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>Login</servlet-name>
+        <servlet-name>Login</servlet-name>
-    <url-pattern>/Login</url-pattern>
+        <url-pattern>/Login</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>FinishGetAssertion</display-name>
+        <display-name>FinishGetAssertion</display-name>
-    <servlet-name>FinishGetAssertion</servlet-name>
+        <servlet-name>FinishGetAssertion</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.FinishGetAssertion</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.FinishGetAssertion</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>FinishGetAssertion</servlet-name>
+        <servlet-name>FinishGetAssertion</servlet-name>
-    <url-pattern>/FinishGetAssertion</url-pattern>
+        <url-pattern>/FinishGetAssertion</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>CreateSession</display-name>
+        <display-name>CreateSession</display-name>
-    <servlet-name>CreateSession</servlet-name>
+        <servlet-name>CreateSession</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.CreateSession</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.CreateSession</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>CreateSession</servlet-name>
+        <servlet-name>CreateSession</servlet-name>
-    <url-pattern>/CreateSession</url-pattern>
+        <url-pattern>/CreateSession</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>GetSession</display-name>
+        <display-name>GetSession</display-name>
-    <servlet-name>GetSession</servlet-name>
+        <servlet-name>GetSession</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.GetSession</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.GetSession</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>GetSession</servlet-name>
+        <servlet-name>GetSession</servlet-name>
-    <url-pattern>/GetSession</url-pattern>
+        <url-pattern>/GetSession</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>SaveCredential</display-name>
+        <display-name>SaveCredential</display-name>
-    <servlet-name>SaveCredential</servlet-name>
+        <servlet-name>SaveCredential</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.SaveCredential</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.SaveCredential</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>SaveCredential</servlet-name>
+        <servlet-name>SaveCredential</servlet-name>
-    <url-pattern>/SaveCredential</url-pattern>
+        <url-pattern>/SaveCredential</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <description></description>
+      <description/>
-    <display-name>DeleteOldSessions</display-name>
+        <display-name>DeleteOldSessions</display-name>
-    <servlet-name>DeleteOldSessions</servlet-name>
+        <servlet-name>DeleteOldSessions</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.DeleteOldSessions</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.DeleteOldSessions</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>DeleteOldSessions</servlet-name>
+        <servlet-name>DeleteOldSessions</servlet-name>
-    <url-pattern>/DeleteOldSessions</url-pattern>
+        <url-pattern>/DeleteOldSessions</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <servlet-name>EndpointsServlet</servlet-name>
+        <servlet-name>EndpointsServlet</servlet-name>
-    <servlet-class>com.google.api.server.spi.EndpointsServlet</servlet-class>
+        <servlet-class>com.google.api.server.spi.EndpointsServlet</servlet-class>
-    <init-param>
+        <init-param>
-      <param-name>services</param-name>
+            <param-name>services</param-name>
-      <param-value>com.google.webauthn.gaedemo.endpoints.Fido2RequestHandler</param-value>
+            <param-value>com.google.webauthn.gaedemo.endpoints.Fido2RequestHandler</param-value>
-    </init-param>
+        </init-param>
-    <init-param>
+        <init-param>
-      <param-name>restricted</param-name>
+            <param-name>restricted</param-name>
-      <param-value>false</param-value>
+            <param-value>false</param-value>
-    </init-param>
+        </init-param>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>EndpointsServlet</servlet-name>
+        <servlet-name>EndpointsServlet</servlet-name>
-    <url-pattern>/_ah/api/*</url-pattern>
+        <url-pattern>/_ah/api/*</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
-  <servlet>
+    <servlet>
-    <servlet-name>AssetLinks</servlet-name>
+        <servlet-name>AssetLinks</servlet-name>
-    <servlet-class>com.google.webauthn.gaedemo.servlets.AssetLinksHttpServlet</servlet-class>
+        <servlet-class>com.google.webauthn.gaedemo.servlets.AssetLinksHttpServlet</servlet-class>
-  </servlet>
+    </servlet>
-  <servlet-mapping>
+    <servlet-mapping>
-    <servlet-name>AssetLinks</servlet-name>
+        <servlet-name>AssetLinks</servlet-name>
-    <url-pattern>/.well-known/assetlinks.json</url-pattern>
+        <url-pattern>/.well-known/assetlinks.json</url-pattern>
-  </servlet-mapping>
+    </servlet-mapping>
 </web-app>
--- a/src/main/webapp/js/webauthn.js
+++ b/src/main/webapp/js/webauthn.js
@@ -96,6 +96,7 @@ function _fetch(url, obj) {
 function fetchCredentials() {
  _fetch('/RegisteredKeys').then(response => {
    let credentials = '';
+    console.log(response);
    for (let i in response) {
      let { handle, base64handle, publicKey, name, date, id, transports, userVerificationMethod } = response[i];
      const trimmedHandle = base64handle.replace(/=/g, '');
@@ -448,6 +449,8 @@ function getAssertion() {
    const requestOptions = {};
    _parameters = parameters;
+    console.log(parameters)
    requestOptions.challenge = strToBin(parameters.challenge);
    if ($('#customTimeout').value != '') {
      requestOptions.timeout = $('#customTimeout').value;