libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Update WebAuthn4J to 0.12.0.RELEASE

Browse source
This commit is contained in:
ynojima 2020-05-24 12:06:10 +09:00 committed by Marek Posolda
parent 8d8fae5def
commit 420968cc53
5 changed files with 17 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
distribution/feature-packs/server-feature-pack/src/main/resources/licenses/keycloak/licenses.xml
View file

@ -521,22 +521,22 @@
<dependency> <dependency>
<groupId>com.webauthn4j</groupId> <groupId>com.webauthn4j</groupId>
<artifactId>webauthnj4-core</artifactId> <artifactId>webauthnj4-core</artifactId>
<version>0.10.2.RELEASE</version> <version>0.12.0.RELEASE</version>
<licenses> <licenses>
<license> <license>
<name>Apache Software License 2.0</name> <name>Apache Software License 2.0</name>
<url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt</url> <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
</license> </license>
</licenses> </licenses>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.webauthn4j</groupId> <groupId>com.webauthn4j</groupId>
<artifactId>webauthnj4-util</artifactId> <artifactId>webauthnj4-util</artifactId>
<version>0.10.2.RELEASE</version> <version>0.12.0.RELEASE</version>
<licenses> <licenses>
<license> <license>
<name>Apache Software License 2.0</name> <name>Apache Software License 2.0</name>
<url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt</url> <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
</license> </license>
</licenses> </licenses>
</dependency> </dependency>

4
distribution/feature-packs/server-feature-pack/src/main/resources/licenses/rh-sso/licenses.xml
View file

@ -525,7 +525,7 @@
<licenses> <licenses>
<license> <license>
<name>Apache Software License 2.0</name> <name>Apache Software License 2.0</name>
<url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt</url> <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
</license> </license>
</licenses> </licenses>
</dependency> </dependency>
@ -536,7 +536,7 @@
<licenses> <licenses>
<license> <license>
<name>Apache Software License 2.0</name> <name>Apache Software License 2.0</name>
<url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.10.2.RELEASE/LICENSE.txt</url> <url>https://raw.githubusercontent.com/webauthn4j/webauthn4j/0.12.0.RELEASE/LICENSE.txt</url>
</license> </license>
</licenses> </licenses>
</dependency> </dependency>

2
pom.xml
View file

@ -168,7 +168,7 @@
<spring-boot22.version>2.2.0.RELEASE</spring-boot22.version> <spring-boot22.version>2.2.0.RELEASE</spring-boot22.version>
<!-- webauthn support --> <!-- webauthn support -->
<webauthn4j.version>0.10.2.RELEASE</webauthn4j.version> <webauthn4j.version>0.12.0.RELEASE</webauthn4j.version>
<org.apache.kerby.kerby-asn1.version>2.0.0</org.apache.kerby.kerby-asn1.version> <org.apache.kerby.kerby-asn1.version>2.0.0</org.apache.kerby.kerby-asn1.version>
</properties> </properties>

16
services/src/main/java/org/keycloak/authentication/requiredactions/WebAuthnRegister.java
View file

@ -26,6 +26,7 @@ import java.util.stream.Collectors;
import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import com.webauthn4j.WebAuthnRegistrationManager;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.WebAuthnConstants; import org.keycloak.WebAuthnConstants;
import org.keycloak.authentication.CredentialRegistrator; import org.keycloak.authentication.CredentialRegistrator;
@ -42,8 +43,6 @@ import org.keycloak.credential.WebAuthnCredentialProviderFactory;
import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.Algorithm;
import org.keycloak.events.Details; import org.keycloak.events.Details;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.forms.login.LoginFormsProvider;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.WebAuthnPolicy; import org.keycloak.models.WebAuthnPolicy;
@ -68,7 +67,6 @@ import com.webauthn4j.validator.attestation.statement.packed.PackedAttestationSt
import com.webauthn4j.validator.attestation.statement.tpm.TPMAttestationStatementValidator; import com.webauthn4j.validator.attestation.statement.tpm.TPMAttestationStatementValidator;
import com.webauthn4j.validator.attestation.statement.u2f.FIDOU2FAttestationStatementValidator; import com.webauthn4j.validator.attestation.statement.u2f.FIDOU2FAttestationStatementValidator;
import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator; import com.webauthn4j.validator.attestation.trustworthiness.certpath.CertPathTrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.ecdaa.DefaultECDAATrustworthinessValidator;
import com.webauthn4j.validator.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessValidator; import com.webauthn4j.validator.attestation.trustworthiness.self.DefaultSelfAttestationTrustworthinessValidator;
import org.keycloak.models.credential.WebAuthnCredentialModel; import org.keycloak.models.credential.WebAuthnCredentialModel;
@ -208,12 +206,12 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON); RegistrationRequest registrationRequest = new RegistrationRequest(attestationObject, clientDataJSON);
RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, isUserVerificationRequired); RegistrationParameters registrationParameters = new RegistrationParameters(serverProperty, isUserVerificationRequired);
WebAuthnManager webAuthnManager = createWebAuthnManager(); WebAuthnRegistrationManager webAuthnRegistrationManager = createWebAuthnRegistrationManager();
try { try {
// parse // parse
RegistrationData registrationData = webAuthnManager.parse(registrationRequest); RegistrationData registrationData = webAuthnRegistrationManager.parse(registrationRequest);
// validate // validate
webAuthnManager.validate(registrationData, registrationParameters); webAuthnRegistrationManager.validate(registrationData, registrationParameters);
showInfoAfterWebAuthnApiCreate(registrationData); showInfoAfterWebAuthnApiCreate(registrationData);
@ -252,8 +250,8 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
} }
} }
private WebAuthnManager createWebAuthnManager() { private WebAuthnRegistrationManager createWebAuthnRegistrationManager() {
return new WebAuthnManager( return new WebAuthnRegistrationManager(
Arrays.asList( Arrays.asList(
new NoneAttestationStatementValidator(), new NoneAttestationStatementValidator(),
new PackedAttestationStatementValidator(), new PackedAttestationStatementValidator(),
@ -262,10 +260,8 @@ public class WebAuthnRegister implements RequiredActionProvider, CredentialRegis
new AndroidSafetyNetAttestationStatementValidator(), new AndroidSafetyNetAttestationStatementValidator(),
new FIDOU2FAttestationStatementValidator() new FIDOU2FAttestationStatementValidator()
), this.certPathtrustValidator, ), this.certPathtrustValidator,
new DefaultECDAATrustworthinessValidator(),
new DefaultSelfAttestationTrustworthinessValidator(), new DefaultSelfAttestationTrustworthinessValidator(),
Collections.emptyList(), // Custom Registration Validator is not supported Collections.emptyList(), // Custom Registration Validator is not supported
Collections.emptyList(), // Custom Authentication Validator is not supported
new ObjectConverter() new ObjectConverter()
); );
} }

7
services/src/main/java/org/keycloak/credential/WebAuthnCredentialProvider.java
View file

@ -21,6 +21,7 @@ import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import com.webauthn4j.WebAuthnAuthenticationManager;
import com.webauthn4j.converter.util.ObjectConverter; import com.webauthn4j.converter.util.ObjectConverter;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory; import org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory;
@ -167,7 +168,7 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
WebAuthnCredentialModelInput context = WebAuthnCredentialModelInput.class.cast(input); WebAuthnCredentialModelInput context = WebAuthnCredentialModelInput.class.cast(input);
List<WebAuthnCredentialModelInput> auths = getWebAuthnCredentialModelList(realm, user); List<WebAuthnCredentialModelInput> auths = getWebAuthnCredentialModelList(realm, user);
WebAuthnManager webAuthnManager = WebAuthnManager.createNonStrictWebAuthnManager(); // not special setting is needed for authentication's validation. WebAuthnAuthenticationManager webAuthnAuthenticationManager = new WebAuthnAuthenticationManager();
AuthenticationData authenticationData = null; AuthenticationData authenticationData = null;
try { try {
@ -182,14 +183,14 @@ public class WebAuthnCredentialProvider implements CredentialProvider<WebAuthnCr
); );
// parse // parse
authenticationData = webAuthnManager.parse(context.getAuthenticationRequest()); authenticationData = webAuthnAuthenticationManager.parse(context.getAuthenticationRequest());
// validate // validate
AuthenticationParameters authenticationParameters = new AuthenticationParameters( AuthenticationParameters authenticationParameters = new AuthenticationParameters(
context.getAuthenticationParameters().getServerProperty(), context.getAuthenticationParameters().getServerProperty(),
authenticator, authenticator,
context.getAuthenticationParameters().isUserVerificationRequired() context.getAuthenticationParameters().isUserVerificationRequired()
); );
webAuthnManager.validate(authenticationData, authenticationParameters); webAuthnAuthenticationManager.validate(authenticationData, authenticationParameters);
logger.debugv("response.getAuthenticatorData().getFlags() = {0}", authenticationData.getAuthenticatorData().getFlags()); logger.debugv("response.getAuthenticatorData().getFlags() = {0}", authenticationData.getAuthenticatorData().getFlags());