Drop U2F registration from demo app

Chrome has fully dropped support for the U2F API, so this is unlikely to work anymore. The main purpose of this feature in the demo was to illustrate use of the `appid` and `appidExclude` extensions. See: https://groups.google.com/a/chromium.org/g/blink-dev/c/xHC3AtU_65A
Yubico · May 16, 2022 · 1f823bc · 1f823bc
1 parent 49ee771
commit 1f823bc
Show file tree

Hide file tree

Showing 9 changed files with 5 additions and 1,291 deletions.
diff --git a/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java b/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java
diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnRestResource.java b/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnRestResource.java
@@ -154,8 +154,6 @@ private StartRegistrationResponse(RegistrationRequest request) throws MalformedU
 
   private final class StartRegistrationActions {
     public final URL finish = uriInfo.getAbsolutePathBuilder().path("finish").build().toURL();
-    public final URL finishU2f =
-        uriInfo.getAbsolutePathBuilder().path("finish-u2f").build().toURL();
 
     private StartRegistrationActions() throws MalformedURLException {}
   }
@@ -215,19 +213,6 @@ public Response finishRegistration(@NonNull String responseJson) {
         responseJson);
   }
 
-  @Path("register/finish-u2f")
-  @POST
-  public Response finishU2fRegistration(@NonNull String responseJson) throws ExecutionException {
-    logger.trace("finishRegistration responseJson: {}", responseJson);
-    Either<List<String>, WebAuthnServer.SuccessfulU2fRegistrationResult> result =
-        server.finishU2fRegistration(responseJson);
-    return finishResponse(
-        result,
-        "U2F registration failed; further error message(s) were unfortunately lost to an internal server error.",
-        "finishU2fRegistration",
-        responseJson);
-  }
-
   private final class StartAuthenticationResponse {
     public final boolean success = true;
     public final AssertionRequestWrapper request;

diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java b/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java
@@ -36,7 +36,6 @@
 import com.yubico.fido.metadata.FidoMetadataDownloaderException;
 import com.yubico.fido.metadata.UnexpectedLegalHeader;
 import com.yubico.internal.util.CertificateParser;
-import com.yubico.internal.util.ExceptionUtil;
 import com.yubico.internal.util.JacksonCodecs;
 import com.yubico.util.Either;
 import com.yubico.webauthn.AssertionResult;
@@ -47,7 +46,6 @@
 import com.yubico.webauthn.RelyingParty;
 import com.yubico.webauthn.StartAssertionOptions;
 import com.yubico.webauthn.StartRegistrationOptions;
-import com.yubico.webauthn.U2fVerifier;
 import com.yubico.webauthn.attestation.Attestation;
 import com.yubico.webauthn.attestation.YubicoJsonMetadataService;
 import com.yubico.webauthn.data.AttestationConveyancePreference;
@@ -56,7 +54,6 @@
 import com.yubico.webauthn.data.AuthenticatorTransport;
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
-import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
 import com.yubico.webauthn.data.RelyingPartyIdentity;
 import com.yubico.webauthn.data.ResidentKeyRequirement;
 import com.yubico.webauthn.data.UserIdentity;
@@ -70,8 +67,6 @@
 import demo.webauthn.data.CredentialRegistration;
 import demo.webauthn.data.RegistrationRequest;
 import demo.webauthn.data.RegistrationResponse;
-import demo.webauthn.data.U2fRegistrationResponse;
-import demo.webauthn.data.U2fRegistrationResult;
 import java.io.IOException;
 import java.security.DigestException;
 import java.security.InvalidAlgorithmParameterException;
@@ -275,18 +270,6 @@ public SuccessfulRegistrationResult(
     }
   }
 
-  @Value
-  public class SuccessfulU2fRegistrationResult {
-    final boolean success = true;
-    final RegistrationRequest request;
-    final U2fRegistrationResponse response;
-    final CredentialRegistration registration;
-    boolean attestationTrusted;
-    Optional<AttestationCertInfo> attestationCert;
-    final String username;
-    final ByteArray sessionToken;
-  }
-
   @Value
   public static class AttestationCertInfo {
     final ByteArray der;
@@ -392,86 +375,6 @@ public Either<List<String>, SuccessfulRegistrationResult> finishRegistration(
     }
   }
 
-  public Either<List<String>, SuccessfulU2fRegistrationResult> finishU2fRegistration(
-      String responseJson) throws ExecutionException {
-    logger.trace("finishU2fRegistration responseJson: {}", responseJson);
-    U2fRegistrationResponse response = null;
-    try {
-      response = jsonMapper.readValue(responseJson, U2fRegistrationResponse.class);
-    } catch (IOException e) {
-      logger.error("JSON error in finishU2fRegistration; responseJson: {}", responseJson, e);
-      return Either.left(
-          Arrays.asList(
-              "Registration failed!", "Failed to decode response object.", e.getMessage()));
-    }
-
-    RegistrationRequest request = registerRequestStorage.getIfPresent(response.getRequestId());
-    registerRequestStorage.invalidate(response.getRequestId());
-
-    if (request == null) {
-      logger.debug("fail finishU2fRegistration responseJson: {}", responseJson);
-      return Either.left(
-          Arrays.asList("Registration failed!", "No such registration in progress."));
-    } else {
-
-      try {
-        ExceptionUtil.assure(
-            U2fVerifier.verify(rp.getAppId().get(), request, response),
-            "Failed to verify signature.");
-      } catch (Exception e) {
-        logger.debug("Failed to verify U2F signature.", e);
-        return Either.left(Arrays.asList("Failed to verify signature.", e.getMessage()));
-      }
-
-      X509Certificate attestationCert = null;
-      try {
-        attestationCert =
-            CertificateParser.parseDer(
-                response
-                    .getCredential()
-                    .getU2fResponse()
-                    .getAttestationCertAndSignature()
-                    .getBytes());
-      } catch (CertificateException e) {
-        logger.error(
-            "Failed to parse attestation certificate: {}",
-            response.getCredential().getU2fResponse().getAttestationCertAndSignature(),
-            e);
-      }
-
-      Optional<Attestation> attestation = metadataService.findMetadata(attestationCert);
-
-      final U2fRegistrationResult result =
-          U2fRegistrationResult.builder()
-              .keyId(
-                  PublicKeyCredentialDescriptor.builder()
-                      .id(response.getCredential().getU2fResponse().getKeyHandle())
-                      .build())
-              .attestationTrusted(attestation.isPresent())
-              .publicKeyCose(
-                  rawEcdaKeyToCose(response.getCredential().getU2fResponse().getPublicKey()))
-              .attestationMetadata(attestation)
-              .build();
-
-      return Either.right(
-          new SuccessfulU2fRegistrationResult(
-              request,
-              response,
-              addRegistration(
-                  request.getPublicKeyCredentialCreationOptions().getUser(),
-                  request.getCredentialNickname(),
-                  0,
-                  result),
-              result.isAttestationTrusted(),
-              Optional.of(
-                  new AttestationCertInfo(
-                      response.getCredential().getU2fResponse().getAttestationCertAndSignature())),
-              request.getUsername(),
-              sessions.createSession(
-                  request.getPublicKeyCredentialCreationOptions().getUser().getId())));
-    }
-  }
-
   public Either<List<String>, AssertionRequestWrapper> startAuthentication(
       Optional<String> username) {
     logger.trace("startAuthentication username: {}", username);
@@ -655,24 +558,6 @@ private CredentialRegistration addRegistration(
             .flatMap(metadataService::findMetadata));
   }
 
-  private CredentialRegistration addRegistration(
-      UserIdentity userIdentity,
-      Optional<String> nickname,
-      long signatureCount,
-      U2fRegistrationResult result) {
-    return addRegistration(
-        userIdentity,
-        nickname,
-        RegisteredCredential.builder()
-            .credentialId(result.getKeyId().getId())
-            .userHandle(userIdentity.getId())
-            .publicKeyCose(result.getPublicKeyCose())
-            .signatureCount(signatureCount)
-            .build(),
-        Collections.emptySortedSet(),
-        result.getAttestationMetadata());
-  }
-
   private CredentialRegistration addRegistration(
       UserIdentity userIdentity,
       Optional<String> nickname,

diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/data/U2fCredential.java b/webauthn-server-demo/src/main/java/demo/webauthn/data/U2fCredential.java
diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/data/U2fCredentialResponse.java b/webauthn-server-demo/src/main/java/demo/webauthn/data/U2fCredentialResponse.java