Skip to content

Commit

Permalink
Add field AssertionResult.credential: RegisteredCredential
Browse files Browse the repository at this point in the history
  • Loading branch information
@emlun
emlun committed May 31, 2022
1 parent a747531 commit 5b3fe6a
Show file tree
Hide file tree
Showing 5 changed files with 120 additions and 74 deletions.
8 changes: 8 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,17 @@
== Version 2.1.0 (unreleased) ==

Deprecations:

* Deprecated method `AssertionResult.getCredentialId(): ByteArray`. Use
`.getCredential().getCredentialId()` instead.
* Deprecated method `AssertionResult.getUserHandle(): ByteArray`. Use
`.getCredential().getUserHandle()` instead.

New features:

* Added method `FidoMetadataDownloader.refreshBlob()`.
* Added function `COSEAlgorithmIdentifier.fromPublicKey(ByteArray)`.
* Added method `AssertionResult.getCredential(): RegisteredCredential`.


== Version 2.0.0 ==
Expand Down
124 changes: 86 additions & 38 deletions webauthn-server-core/src/main/java/com/yubico/webauthn/AssertionResult.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.yubico.internal.util.ExceptionUtil;
import com.yubico.webauthn.data.AuthenticatorAssertionExtensionOutputs;
import com.yubico.webauthn.data.AuthenticatorData;
import com.yubico.webauthn.data.ByteArray;
Expand All @@ -46,24 +47,16 @@ public class AssertionResult {
private final boolean success;

/**
* The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">credential
* ID</a> of the credential used for the assertion.
*
* @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">Credential
* ID</a>
* @see PublicKeyCredentialRequestOptions#getAllowCredentials()
*/
@NonNull private final ByteArray credentialId;

/**
* The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">user handle</a>
* of the authenticated user.
* The {@link RegisteredCredential} that was returned by {@link
* CredentialRepository#lookup(ByteArray, ByteArray)} and whose public key was used to
* successfully verify the assertion signature.
*
* @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">User Handle</a>
* @see UserIdentity#getId()
* @see #getUsername()
* <p>NOTE: The {@link RegisteredCredential#getSignatureCount() signature count} in this object
* will reflect the signature counter state <i>before</i> the assertion operation, not the new
* counter value. When updating your database state, use the signature counter from {@link
* #getSignatureCount()} instead.
*/
@NonNull private final ByteArray userHandle;
private final RegisteredCredential credential;

/**
* The username of the authenticated user.
Expand Down Expand Up @@ -107,22 +100,54 @@ public class AssertionResult {

private final AuthenticatorAssertionExtensionOutputs authenticatorExtensionOutputs;

private AssertionResult(
boolean success,
@NonNull @JsonProperty("credential") RegisteredCredential credential,
@NonNull String username,
long signatureCount,
boolean signatureCounterValid,
ClientAssertionExtensionOutputs clientExtensionOutputs,
AuthenticatorAssertionExtensionOutputs authenticatorExtensionOutputs) {
this(
success,
credential,
username,
null,
null,
signatureCount,
signatureCounterValid,
clientExtensionOutputs,
authenticatorExtensionOutputs);
}

@JsonCreator
private AssertionResult(
@JsonProperty("success") boolean success,
@NonNull @JsonProperty("credentialId") ByteArray credentialId,
@NonNull @JsonProperty("userHandle") ByteArray userHandle,
@NonNull @JsonProperty("credential") RegisteredCredential credential,
@NonNull @JsonProperty("username") String username,
@JsonProperty("credentialId") ByteArray credentialId, // TODO: Delete in next major release
@JsonProperty("userHandle") ByteArray userHandle, // TODO: Delete in next major release
@JsonProperty("signatureCount") long signatureCount,
@JsonProperty("signatureCounterValid") boolean signatureCounterValid,
@JsonProperty("clientExtensionOutputs")
ClientAssertionExtensionOutputs clientExtensionOutputs,
@JsonProperty("authenticatorExtensionOutputs")
AuthenticatorAssertionExtensionOutputs authenticatorExtensionOutputs) {
this.success = success;
this.credentialId = credentialId;
this.userHandle = userHandle;
this.credential = credential;
this.username = username;

if (credentialId != null) {
ExceptionUtil.assure(
credential.getCredentialId().equals(credentialId),
"Legacy credentialId is present and does not equal credential.credentialId");
}
if (userHandle != null) {
ExceptionUtil.assure(
credential.getUserHandle().equals(userHandle),
"Legacy userHandle is present and does not equal credential.userHandle");
}

this.signatureCount = signatureCount;
this.signatureCounterValid = signatureCounterValid;
this.clientExtensionOutputs =
Expand All @@ -132,6 +157,36 @@ private AssertionResult(
this.authenticatorExtensionOutputs = authenticatorExtensionOutputs;
}

/**
* The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">credential
* ID</a> of the credential used for the assertion.
*
* @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#credential-id">Credential
* ID</a>
* @see PublicKeyCredentialRequestOptions#getAllowCredentials()
* @deprecated Use {@link #getCredential()}.{@link RegisteredCredential#getCredentialId()
* getCredentialId()} instead.
*/
@Deprecated
public ByteArray getCredentialId() {
return credential.getCredentialId();
}

/**
* The <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">user handle</a>
* of the authenticated user.
*
* @see <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#user-handle">User Handle</a>
* @see UserIdentity#getId()
* @see #getUsername()
* @deprecated Use {@link #getCredential()}.{@link RegisteredCredential#getUserHandle()} ()
* getUserHandle()} instead.
*/
@Deprecated
public ByteArray getUserHandle() {
return credential.getUserHandle();
}

/**
* The <a
* href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-extension-output">client
Expand Down Expand Up @@ -180,49 +235,42 @@ public Step2 success(boolean success) {
}

public class Step2 {
public Step3 credentialId(ByteArray credentialId) {
builder.credentialId(credentialId);
public Step3 credential(RegisteredCredential credential) {
builder.credential(credential);
return new Step3();
}
}

public class Step3 {
public Step4 userHandle(ByteArray userHandle) {
builder.userHandle(userHandle);
public Step4 username(String username) {
builder.username(username);
return new Step4();
}
}

public class Step4 {
public Step5 username(String username) {
builder.username(username);
public Step5 signatureCount(long signatureCount) {
builder.signatureCount(signatureCount);
return new Step5();
}
}

public class Step5 {
public Step6 signatureCount(long signatureCount) {
builder.signatureCount(signatureCount);
public Step6 signatureCounterValid(boolean signatureCounterValid) {
builder.signatureCounterValid(signatureCounterValid);
return new Step6();
}
}

public class Step6 {
public Step7 signatureCounterValid(boolean signatureCounterValid) {
builder.signatureCounterValid(signatureCounterValid);
return new Step7();
}
}

public class Step7 {
public Step8 clientExtensionOutputs(
public Step7 clientExtensionOutputs(
ClientAssertionExtensionOutputs clientExtensionOutputs) {
builder.clientExtensionOutputs(clientExtensionOutputs);
return new Step8();
return new Step7();
}
}

public class Step8 {
public class Step7 {
public AssertionResultBuilder assertionExtensionOutputs(
AuthenticatorAssertionExtensionOutputs authenticatorExtensionOutputs) {
return builder.authenticatorExtensionOutputs(authenticatorExtensionOutputs);
Expand Down
Loading

0 comments on commit 5b3fe6a

Please sign in to comment.