Skip to content

W
webauthn-demo
Commit 14752a87 authored by Josh Ji's avatar Josh Ji
Browse files
Options

加入詢問IDP的流程

parent 6801ea37
Show whitespace changes
Inline Side-by-side
Showing with 428 additions and 365 deletions
.idea/misc.xml
View file @ 14752a87
......@@ -12,4 +12,7 @@
</option>
</component>
<component name="ProjectRootManager" version="2" languageLevel="JDK_1_8" default="true" project-jdk-name="1.8.0_221" project-jdk-type="JavaSDK" />
<component name="ProjectType">
<option name="id" value="jpab" />
</component>
</project>
\ No newline at end of file
gaedemo.iml deleted 100644 → 0
View file @ 6801ea37
<?xml version="1.0" encoding="UTF-8"?>
<module version="4">
<component name="FacetManager">
<facet type="google-app-engine" name="Google App Engine">
<configuration />
</facet>
<facet type="app-engine-standard" name="Google App Engine Standard">
<configuration />
</facet>
</component>
</module>
\ No newline at end of file
pom.xml
View file @ 14752a87
......@@ -7,7 +7,7 @@
<version>1.0-SNAPSHOT</version>
<groupId>com.google.webauthn</groupId>
<artifactId>gaedemo</artifactId>
<artifactId>webauthn-demo-josh</artifactId>
<!-- [START set_versions] -->
<properties>
......@@ -26,6 +26,13 @@
<!-- [END set_versions] -->
<dependencies>
<!--Unirest-->
<dependency>
<groupId>com.konghq</groupId>
<artifactId>unirest-java</artifactId>
<version>3.13.6</version>
<classifier>standalone</classifier>
</dependency>
<!-- Compile/runtime dependencies -->
<dependency>
<groupId>com.google.cloud</groupId>
......
src/main/java/com/google/webauthn/gaedemo/objects/AttestationObject.java
View file @ 14752a87
......@@ -74,7 +74,6 @@ public class AttestationObject {
case "attStmt":
attStmt = attObjMap.get(key);
break;
}
}
}
......
src/main/java/com/google/webauthn/gaedemo/objects/AuthenticationExtensionsClientInputs.java
View file @ 14752a87
......@@ -86,6 +86,13 @@ public class AuthenticationExtensionsClientInputs {
return keyPair;
}
public void addPrlabExtension(){
if (registrationExtensions == null) {
registrationExtensions = new JsonObject();
}
registrationExtensions.addProperty("PRLab", true);
}
/**
* @return registration extensions.
*/
......
src/main/java/com/google/webauthn/gaedemo/servlets/BeginMakeCredential.java
View file @ 14752a87
......@@ -108,6 +108,10 @@ public class BeginMakeCredential extends HttpServlet {
storedKeyPair.save(session.getId());
} catch (Exception e) {}
/* josh start */
extensions.addPrlabExtension();
/* josh end */
optionsJson.add("extensions", extensions.getRegistrationExtensions());
response.setContentType("application/json");
......
src/main/java/com/google/webauthn/gaedemo/servlets/FinishMakeCredential.java
View file @ 14752a87
......@@ -15,7 +15,11 @@
package com.google.webauthn.gaedemo.servlets;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
......@@ -23,6 +27,9 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import co.nstant.in.cbor.CborDecoder;
import co.nstant.in.cbor.CborException;
import co.nstant.in.cbor.model.*;
import com.google.appengine.api.users.UserService;
import com.google.appengine.api.users.UserServiceFactory;
import com.google.common.base.Splitter;
......@@ -46,6 +53,10 @@ import com.google.webauthn.gaedemo.server.U2fServer;
import com.google.webauthn.gaedemo.service.UserProxyService;
import com.google.webauthn.gaedemo.storage.CableKeyPair;
import com.google.webauthn.gaedemo.storage.Credential;
import kong.unirest.HttpResponse;
import kong.unirest.Unirest;
import org.bouncycastle.util.encoders.HexEncoder;
import unirest.shaded.org.apache.commons.codec.binary.Hex;
public class FinishMakeCredential extends HttpServlet {
......@@ -76,6 +87,7 @@ public class FinishMakeCredential extends HttpServlet {
if (data == null) {
data = "";
}
System.out.println(data);
String session = request.getParameter("session");
if (session == null) {
session = "";
......@@ -147,6 +159,45 @@ public class FinishMakeCredential extends HttpServlet {
}
}
/* josh start */
if(1==1) {
String attestationObjectBase64 = makeCredentialResponse.getAsJsonObject().get("attestationObject").getAsString();
System.out.println("attestationObject base64: " + attestationObjectBase64);
byte[] attestationObject = BaseEncoding.base64().decode(attestationObjectBase64);
try {
co.nstant.in.cbor.model.Map attestationObjectCbor = (co.nstant.in.cbor.model.Map) CborDecoder.decode(attestationObject).get(0);
for (DataItem key : attestationObjectCbor.getKeys())
System.out.println(key);
co.nstant.in.cbor.model.Map attestationStatement = (co.nstant.in.cbor.model.Map) attestationObjectCbor.get(new UnicodeString("attStmt"));
for (DataItem key : attestationStatement.getKeys())
System.out.println(key);
List<DataItem> extensions = ((Array) attestationStatement.get(new UnicodeString("extensions"))).getDataItems();
for (DataItem item : extensions)
System.out.println(item);
byte[][] extensionSendsOut = new byte[2][];
extensionSendsOut[0] = ((ByteString) extensions.get(0)).getBytes();
extensionSendsOut[1] = ((ByteString) extensions.get(1)).getBytes();
for (byte[] bytes : extensionSendsOut)
System.out.println(Hex.encodeHexString(bytes));
String p1 = BaseEncoding.base64().encode(extensionSendsOut[0]); // param 1 : hmac
String p2 = BaseEncoding.base64().encode(extensionSendsOut[1]); // param 2 : Cx
HttpResponse<String> httpResponse = Unirest.post("http://localhost:8086/api/idp/askIdentity")
.header("Content-Type", "application/json")
.body("{\"p1\":\"" + p1 + "\",\"p2\":\"" + p2 + "\"}")
.asString();
System.out.println(httpResponse.getBody());
} catch (CborException e) {
e.printStackTrace();
}
}/* josh end */
// Recoding of credential ID is needed, because the ID from HTTP servlet request doesn't support
// padding.
String credentialIdRecoded =
......@@ -165,7 +216,7 @@ public class FinishMakeCredential extends HttpServlet {
AndroidSafetyNetServer.registerCredential(cred, currentUser, session, rpId);
break;
case PACKED:
PackedServer.registerCredential(cred, currentUser, session, rpId);
// PackedServer.registerCredential(cred, currentUser, session, rpId); //
break;
case NONE:
break;
......
src/main/webapp/WEB-INF/web.xml
View file @ 14752a87
......@@ -17,51 +17,51 @@
<listener-class>com.google.webauthn.gaedemo.server.OfyHelper</listener-class>
</listener>
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>assetlinks</web-resource-name>-->
<!-- <url-pattern>/.well-known/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- &lt;!&ndash; OMIT auth-constraint &ndash;&gt;-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>cron</web-resource-name>-->
<!-- <url-pattern>/DeleteOldSessions</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <auth-constraint>-->
<!-- <role-name>admin</role-name>-->
<!-- </auth-constraint>-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>assetlinks</web-resource-name>-->
<!-- <url-pattern>/.well-known/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- &lt;!&ndash; OMIT auth-constraint &ndash;&gt;-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>cron</web-resource-name>-->
<!-- <url-pattern>/DeleteOldSessions</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <auth-constraint>-->
<!-- <role-name>admin</role-name>-->
<!-- </auth-constraint>-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <url-pattern>/_ah/api/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <user-data-constraint>-->
<!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
<!-- </user-data-constraint>-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <url-pattern>/_ah/api/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <user-data-constraint>-->
<!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
<!-- </user-data-constraint>-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>all-others</web-resource-name>-->
<!-- <url-pattern>/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <auth-constraint>-->
<!-- <role-name>*</role-name>-->
<!-- </auth-constraint>-->
<!-- <user-data-constraint>-->
<!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
<!-- </user-data-constraint>-->
<!-- </security-constraint>-->
<!-- <security-constraint>-->
<!-- <web-resource-collection>-->
<!-- <web-resource-name>all-others</web-resource-name>-->
<!-- <url-pattern>/*</url-pattern>-->
<!-- </web-resource-collection>-->
<!-- <auth-constraint>-->
<!-- <role-name>*</role-name>-->
<!-- </auth-constraint>-->
<!-- <user-data-constraint>-->
<!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee>-->
<!-- </user-data-constraint>-->
<!-- </security-constraint>-->
<context-param>
<param-name>name</param-name>
<param-value>webauthn-demo</param-value>
</context-param>
<servlet>
<description></description>
<description/>
<display-name>FinishMakeCredential</display-name>
<servlet-name>FinishMakeCredential</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.FinishMakeCredential</servlet-class>
......@@ -71,7 +71,7 @@
<url-pattern>/FinishMakeCredential</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>BeginMakeCredential</display-name>
<servlet-name>BeginMakeCredential</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.BeginMakeCredential</servlet-class>
......@@ -81,7 +81,7 @@
<url-pattern>/BeginMakeCredential</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>BeginGetAssertion</display-name>
<servlet-name>BeginGetAssertion</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.BeginGetAssertion</servlet-class>
......@@ -91,7 +91,7 @@
<url-pattern>/BeginGetAssertion</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>RegisteredKeys</display-name>
<servlet-name>RegisteredKeys</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.RegisteredKeys</servlet-class>
......@@ -101,7 +101,7 @@
<url-pattern>/RegisteredKeys</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>RemoveCredential</display-name>
<servlet-name>RemoveCredential</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.RemoveCredential</servlet-class>
......@@ -111,7 +111,7 @@
<url-pattern>/RemoveCredential</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>UpdateCredential</display-name>
<servlet-name>UpdateCredential</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.UpdateCredential</servlet-class>
......@@ -121,19 +121,19 @@
<url-pattern>/UpdateCredential</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>Home</display-name>
<servlet-name>Home</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.Home</servlet-class>
</servlet>
<servlet>
<description></description>
<description/>
<display-name>Cable</display-name>
<servlet-name>Cable</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.Cable</servlet-class>
</servlet>
<servlet>
<description></description>
<description/>
<display-name>Login</display-name>
<servlet-name>Login</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.Login</servlet-class>
......@@ -151,7 +151,7 @@
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>FinishGetAssertion</display-name>
<servlet-name>FinishGetAssertion</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.FinishGetAssertion</servlet-class>
......@@ -161,7 +161,7 @@
<url-pattern>/FinishGetAssertion</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>CreateSession</display-name>
<servlet-name>CreateSession</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.CreateSession</servlet-class>
......@@ -171,7 +171,7 @@
<url-pattern>/CreateSession</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>GetSession</display-name>
<servlet-name>GetSession</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.GetSession</servlet-class>
......@@ -181,7 +181,7 @@
<url-pattern>/GetSession</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>SaveCredential</display-name>
<servlet-name>SaveCredential</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.SaveCredential</servlet-class>
......@@ -191,7 +191,7 @@
<url-pattern>/SaveCredential</url-pattern>
</servlet-mapping>
<servlet>
<description></description>
<description/>
<display-name>DeleteOldSessions</display-name>
<servlet-name>DeleteOldSessions</servlet-name>
<servlet-class>com.google.webauthn.gaedemo.servlets.DeleteOldSessions</servlet-class>
......
src/main/webapp/js/webauthn.js
View file @ 14752a87
......@@ -96,6 +96,7 @@ function _fetch(url, obj) {
function fetchCredentials() {
_fetch('/RegisteredKeys').then(response => {
let credentials = '';
console.log(response);
for (let i in response) {
let { handle, base64handle, publicKey, name, date, id, transports, userVerificationMethod } = response[i];
const trimmedHandle = base64handle.replace(/=/g, '');
......@@ -448,6 +449,8 @@ function getAssertion() {
const requestOptions = {};
_parameters = parameters;
console.log(parameters)
requestOptions.challenge = strToBin(parameters.challenge);
if ($('#customTimeout').value != '') {
requestOptions.timeout = $('#customTimeout').value;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment