Skip to content

Commit

Permalink
fixup! Revert new experimental interfaces and classes
Browse files Browse the repository at this point in the history
  • Loading branch information
@emlun
emlun committed Jan 16, 2025
1 parent 1a3ad3f commit aabacc5
Show file tree
Hide file tree
Showing 4 changed files with 131 additions and 157 deletions.
147 changes: 69 additions & 78 deletions webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,91 +142,82 @@ public void validate() {
@Value
class Step6 implements Step<Step7> {

private final Optional<ByteArray> requestedUserHandle;
private final Optional<String> requestedUsername;
private final Optional<ByteArray> responseUserHandle;

private final Optional<ByteArray> effectiveRequestUserHandle;
private final Optional<String> effectiveRequestUsername;
private final boolean userHandleDerivedFromUsername;

private final Optional<ByteArray> finalUserHandle;
private final Optional<String> finalUsername;
private final Optional<RegisteredCredential> registration;

public Step6() {
requestedUserHandle = request.getUserHandle();
requestedUsername = request.getUsername();
responseUserHandle = response.getResponse().getUserHandle();

effectiveRequestUserHandle =
OptionalUtil.orElseOptional(
requestedUserHandle,
() -> requestedUsername.flatMap(credentialRepository::getUserHandleForUsername));

effectiveRequestUsername =
OptionalUtil.orElseOptional(
requestedUsername,
() ->
requestedUserHandle.flatMap(FinishAssertionSteps.this::getUsernameForUserHandle));

userHandleDerivedFromUsername =
!requestedUserHandle.isPresent() && effectiveRequestUserHandle.isPresent();

finalUserHandle = OptionalUtil.orOptional(effectiveRequestUserHandle, responseUserHandle);
finalUsername =
OptionalUtil.orElseOptional(
effectiveRequestUsername,
() -> finalUserHandle.flatMap(FinishAssertionSteps.this::getUsernameForUserHandle));

registration =
finalUserHandle.flatMap(uh -> credentialRepository.lookup(response.getId(), uh));
}
private final Optional<ByteArray> userHandle =
OptionalUtil.orElseOptional(
request.getUserHandle(),
() ->
OptionalUtil.orElseOptional(
response.getResponse().getUserHandle(),
() ->
request
.getUsername()
.flatMap(credentialRepository::getUserHandleForUsername)));

private final Optional<String> username =
OptionalUtil.orElseOptional(
request.getUsername(),
() -> userHandle.flatMap(credentialRepository::getUsernameForUserHandle));

private final Optional<RegisteredCredential> registration =
userHandle.flatMap(uh -> credentialRepository.lookup(response.getId(), uh));

@Override
public Step7 nextStep() {
return new Step7(finalUsername, finalUserHandle.get(), registration);
return new Step7(username.get(), userHandle.get(), registration);
}

@Override
public void validate() {
assertTrue(
finalUserHandle.isPresent(),
"Could not identify user to authenticate: none of requested username, requested user handle or response user handle are set.");

if (requestedUserHandle.isPresent() && responseUserHandle.isPresent()) {
request.getUsername().isPresent()
|| request.getUserHandle().isPresent()
|| response.getResponse().getUserHandle().isPresent(),
"At least one of username and user handle must be given; none was.");
if (request.getUserHandle().isPresent()
&& response.getResponse().getUserHandle().isPresent()) {
assertTrue(
requestedUserHandle.get().equals(responseUserHandle.get()),
request.getUserHandle().get().equals(response.getResponse().getUserHandle().get()),
"User handle set in request (%s) does not match user handle in response (%s).",
requestedUserHandle.get(),
responseUserHandle.get());
request.getUserHandle().get(),
response.getResponse().getUserHandle().get());
}

if (userHandleDerivedFromUsername && responseUserHandle.isPresent()) {
assertTrue(
effectiveRequestUserHandle.get().equals(responseUserHandle.get()),
"User handle in request (%s) (derived from username: %s) does not match user handle in response (%s).",
effectiveRequestUserHandle.get(),
requestedUsername.get(),
responseUserHandle.get());
}
assertTrue(
userHandle.isPresent(),
"User handle not found for username: %s",
request.getUsername(),
response.getResponse().getUserHandle());

assertTrue(
username.isPresent(),
"Username not found for userHandle: %s",
request.getUsername(),
response.getResponse().getUserHandle());

assertTrue(registration.isPresent(), "Unknown credential: %s", response.getId());

assertTrue(
finalUserHandle.get().equals(registration.get().getUserHandle()),
userHandle.get().equals(registration.get().getUserHandle()),
"User handle %s does not own credential %s",
finalUserHandle.get(),
userHandle.get(),
response.getId());

assertTrue(
finalUsername.isPresent(), "Unknown username for user handle: %s", finalUserHandle.get());
final Optional<String> usernameFromRequest = request.getUsername();
final Optional<ByteArray> userHandleFromResponse = response.getResponse().getUserHandle();
if (usernameFromRequest.isPresent() && userHandleFromResponse.isPresent()) {
assertTrue(
userHandleFromResponse.equals(
credentialRepository.getUserHandleForUsername(usernameFromRequest.get())),
"User handle %s in response does not match username %s in request",
userHandleFromResponse,
usernameFromRequest);
}
}
}

@Value
class Step7 implements Step<Step8> {
private final Optional<String> username;
private final String username;
private final ByteArray userHandle;
private final Optional<RegisteredCredential> credential;

Expand All @@ -248,7 +239,7 @@ public void validate() {
@Value
class Step8 implements Step<Step10> {

private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand Down Expand Up @@ -280,7 +271,7 @@ public ByteArray signature() {

@Value
class Step10 implements Step<Step11> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -300,7 +291,7 @@ public CollectedClientData clientData() {

@Value
class Step11 implements Step<Step12> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;
private final CollectedClientData clientData;

Expand All @@ -323,7 +314,7 @@ public Step12 nextStep() {

@Value
class Step12 implements Step<Step13> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -344,7 +335,7 @@ public Step13 nextStep() {

@Value
class Step13 implements Step<Step14> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -364,7 +355,7 @@ public Step14 nextStep() {

@Value
class Step14 implements Step<Step15> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -381,7 +372,7 @@ public Step15 nextStep() {

@Value
class Step15 implements Step<Step16> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand Down Expand Up @@ -413,7 +404,7 @@ public Step16 nextStep() {

@Value
class Step16 implements Step<Step17> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -431,7 +422,7 @@ public Step17 nextStep() {

@Value
class Step17 implements Step<PendingStep16> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -456,7 +447,7 @@ public PendingStep16 nextStep() {
// Step 16 in editor's draft as of 2022-11-09 https://w3c.github.io/webauthn/
// TODO: Finalize this when spec matures
class PendingStep16 implements Step<Step18> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -479,7 +470,7 @@ public Step18 nextStep() {

@Value
class Step18 implements Step<Step19> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -493,7 +484,7 @@ public Step19 nextStep() {

@Value
class Step19 implements Step<Step20> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;

@Override
Expand All @@ -513,7 +504,7 @@ public ByteArray clientDataJsonHash() {

@Value
class Step20 implements Step<Step21> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;
private final ByteArray clientDataJsonHash;

Expand Down Expand Up @@ -558,12 +549,12 @@ public ByteArray signedBytes() {

@Value
class Step21 implements Step<Finished> {
private final Optional<String> username;
private final String username;
private final RegisteredCredential credential;
private final long assertionSignatureCount;
private final long storedSignatureCountBefore;

public Step21(Optional<String> username, RegisteredCredential credential) {
public Step21(String username, RegisteredCredential credential) {
this.username = username;
this.credential = credential;
this.assertionSignatureCount =
Expand Down Expand Up @@ -593,7 +584,7 @@ public Finished nextStep() {
@Value
class Finished implements Step<Finished> {
private final RegisteredCredential credential;
private final Optional<String> username;
private final String username;
private final long assertionSignatureCount;
private final boolean signatureCounterValid;

Expand All @@ -610,7 +601,7 @@ public Finished nextStep() {
@Override
public Optional<AssertionResult> result() {
return Optional.of(
new AssertionResult(true, response, credential, username.get(), signatureCounterValid));
new AssertionResult(true, response, credential, username, signatureCounterValid));
}
}
}
Loading

0 comments on commit aabacc5

Please sign in to comment.