libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Pass webauthn signature algorithm IDs as integers instead of strings (#20832)

Browse source 
closes #20831
This commit is contained in:
ComplexSpaces 2023-06-07 03:46:16 -06:00 committed by GitHub
parent bea8778683
commit 1af4a7a532
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java
View file

@ -17,6 +17,7 @@
package org.keycloak.authentication.requiredactions; package org.keycloak.authentication.requiredactions;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64; import java.util.Base64;
import java.util.Collections; import java.util.Collections;
@ -117,7 +118,8 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
// mandatory // mandatory
WebAuthnPolicy policy = getWebAuthnPolicy(context); WebAuthnPolicy policy = getWebAuthnPolicy(context);
List<String> signatureAlgorithmsList = policy.getSignatureAlgorithm(); List<String> signatureAlgorithmsList = policy.getSignatureAlgorithm();
String signatureAlgorithms = stringifySignatureAlgorithms(signatureAlgorithmsList); // Convert human-readable algorithms to their COSE identifier form
List<Long> signatureAlgorithms = convertSignatureAlgorithms(signatureAlgorithmsList);
String rpEntityName = policy.getRpEntityName(); String rpEntityName = policy.getRpEntityName();
// optional // optional
@ -284,38 +286,45 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
); );
} }
private String stringifySignatureAlgorithms(List<String> signatureAlgorithmsList) { /**
if (signatureAlgorithmsList == null || signatureAlgorithmsList.isEmpty()) return ""; * Converts a list of human-readable webauthn signature methods (ES256, RS256, etc) into
StringBuilder sb = new StringBuilder(); * their <a href="https://www.iana.org/assignments/cose/cose.xhtml#algorithms"> COSE identifier</a> form.
*
* Returns the list of converted algorithm identifiers.
**/
private List<Long> convertSignatureAlgorithms(List<String> signatureAlgorithmsList) {
List<Long> algs = new ArrayList();
if (signatureAlgorithmsList == null || signatureAlgorithmsList.isEmpty()) return algs;
for (String s : signatureAlgorithmsList) { for (String s : signatureAlgorithmsList) {
switch (s) { switch (s) {
case Algorithm.ES256 : case Algorithm.ES256 :
sb.append(COSEAlgorithmIdentifier.ES256.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.ES256.getValue());
break; break;
case Algorithm.RS256 : case Algorithm.RS256 :
sb.append(COSEAlgorithmIdentifier.RS256.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.RS256.getValue());
break; break;
case Algorithm.ES384 : case Algorithm.ES384 :
sb.append(COSEAlgorithmIdentifier.ES384.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.ES384.getValue());
break; break;
case Algorithm.RS384 : case Algorithm.RS384 :
sb.append(COSEAlgorithmIdentifier.RS384.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.RS384.getValue());
break; break;
case Algorithm.ES512 : case Algorithm.ES512 :
sb.append(COSEAlgorithmIdentifier.ES512.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.ES512.getValue());
break; break;
case Algorithm.RS512 : case Algorithm.RS512 :
sb.append(COSEAlgorithmIdentifier.RS512.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.RS512.getValue());
break; break;
case "RS1" : case "RS1" :
sb.append(COSEAlgorithmIdentifier.RS1.getValue()).append(","); algs.add(COSEAlgorithmIdentifier.RS1.getValue());
break; break;
default: default:
// NOP // NOP
} }
} }
if (sb.lastIndexOf(",") > -1) sb.deleteCharAt(sb.lastIndexOf(","));
return sb.toString(); return algs;
} }
private void showInfoAfterWebAuthnApiCreate(RegistrationData response) { private void showInfoAfterWebAuthnApiCreate(RegistrationData response) {

7
themes/src/main/resources/theme/base/login/webauthn-register.ftl
View file

@ -36,7 +36,7 @@
let userid = "${userid}"; let userid = "${userid}";
let username = "${username}"; let username = "${username}";
let signatureAlgorithms = "${signatureAlgorithms}"; let signatureAlgorithms =[<#list signatureAlgorithms as sigAlg>${sigAlg},</#list>]
let pubKeyCredParams = getPubKeyCredParams(signatureAlgorithms); let pubKeyCredParams = getPubKeyCredParams(signatureAlgorithms);
let rpEntityName = "${rpEntityName}"; let rpEntityName = "${rpEntityName}";
@ -128,13 +128,12 @@
}); });
} }
function getPubKeyCredParams(signatureAlgorithms) { function getPubKeyCredParams(signatureAlgorithmsList) {
let pubKeyCredParams = []; let pubKeyCredParams = [];
if (signatureAlgorithms === "") { if (signatureAlgorithmsList === []) {
pubKeyCredParams.push({type: "public-key", alg: -7}); pubKeyCredParams.push({type: "public-key", alg: -7});
return pubKeyCredParams; return pubKeyCredParams;
} }
let signatureAlgorithmsList = signatureAlgorithms.split(',');
for (let i = 0; i < signatureAlgorithmsList.length; i++) { for (let i = 0; i < signatureAlgorithmsList.length; i++) {
pubKeyCredParams.push({ pubKeyCredParams.push({