diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java index 8655aa443..d8b479285 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java @@ -33,7 +33,7 @@ public class PowerAuthClientException extends Exception { private final PowerAuthError powerAuthError; /** - * Default constructor. + * No-arg constructor. */ public PowerAuthClientException() { this.powerAuthError = null; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java index 4599f1039..3d9b7aff9 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java @@ -27,7 +27,7 @@ public class PowerAuthErrorRecovery extends PowerAuthError { private int currentRecoveryPukIndex; /** - * Default constructor. + * No-arg constructor. */ public PowerAuthErrorRecovery() { } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java index d3a59a633..13fc82e3d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java @@ -30,10 +30,19 @@ public class Fido2AuthenticationFailedException extends Exception { @Serial private static final long serialVersionUID = -3214199555928548491L; + /** + * Exception constructor with message. + * @param message Exception message. + */ public Fido2AuthenticationFailedException(String message) { super(message); } + /** + * Exception constructor with message and cause. + * @param message Exception message. + * @param cause Exception cause. + */ public Fido2AuthenticationFailedException(String message, Throwable cause) { super(message, cause); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java index 6a7b045f1..812984dce 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java @@ -31,10 +31,19 @@ public class Fido2DeserializationException extends IOException { @Serial private static final long serialVersionUID = 1835532378587759773L; + /** + * Exception constructor with message. + * @param message Exception message. + */ public Fido2DeserializationException(String message) { super(message); } + /** + * Exception constructor with message and cause. + * @param message Exception message. + * @param cause Exception cause. + */ public Fido2DeserializationException(String message, Throwable cause) { super(message, cause); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index bfc67ad0b..1055883ae 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -54,12 +54,23 @@ public class AssertionController { private final AssertionRequestValidator assertionRequestValidator; private final AssertionService assertionService; + /** + * Assertion controller constructor. + * @param assertionRequestValidator Assertion request validator. + * @param assertionService Assertion service. + */ @Autowired public AssertionController(AssertionRequestValidator assertionRequestValidator, AssertionService assertionService) { this.assertionRequestValidator = assertionRequestValidator; this.assertionService = assertionService; } + /** + * Request generating of an assertion challenge for an operation. + * @param request Assertion challenge request. + * @return Assertion challenge response. + * @throws Exception Thrown in case assertion challenge could not be generated. + */ @Operation( summary = "Generate an assertion challenge", description = "Generate a FIDO2 assertion challenge for an operation." @@ -76,13 +87,19 @@ public ObjectResponse requestAssertionChallenge(@Val return new ObjectResponse<>(assertionChallengeResponse); } + /** + * Verify a FIDO2 assertion for an operation. + * @param request Verify an assertion request. + * @return Verify an assertion response. + * @throws Fido2AuthenticationFailedException Thrown in case assertion validation fails. + */ @Operation( summary = "Verify an assertion", description = "Verify a FIDO2 assertion for an operation based on an assertion verification request generated and signed by the authenticator." ) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Assertion verification succeeded"), - @ApiResponse(responseCode = "400", description = "Invalid request or assertion verification failed"), + @ApiResponse(responseCode = "400", description = "Invalid request or assertion verification failed"), @ApiResponse(responseCode = "500", description = "Unexpected server error") }) @PostMapping diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 0f562dd58..02e54b9e4 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -54,11 +54,21 @@ public class RegistrationController { private final RegistrationService registrationService; + /** + * Registration controller constructor. + * @param registrationService Registration service. + */ @Autowired public RegistrationController(RegistrationService registrationService) { this.registrationService = registrationService; } + /** + * Obtain a list of registered FIDO2 authenticators. + * @param request Registered authenticators list request. + * @return Registered authenticators list response. + * @throws Exception Thrown in case registered authenticators list could not be obtained. + */ @Operation( summary = "List registered authenticators", description = "Obtain a list of registered FIDO2 authenticators for specified user." @@ -71,10 +81,16 @@ public RegistrationController(RegistrationService registrationService) { @PostMapping("list") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); - final RegisteredAuthenticatorsResponse responseObject = registrationService.registrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); + final RegisteredAuthenticatorsResponse responseObject = registrationService.listRegistrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); return new ObjectResponse<>(responseObject); } + /** + * Request a registration challenge. + * @param request Registration challenge request. + * @return Registration challenge response. + * @throws Exception Thrown in case registration challenge could not be generated. + */ @Operation( summary = "Generate a registration challenge", description = "Generate a FIDO2 registration challenge for specified user." @@ -91,6 +107,12 @@ public ObjectResponse requestRegistrationChalleng return new ObjectResponse<>(responseObject); } + /** + * Register an authenticator. + * @param request Register an authenticator request. + * @return Register an authenticator response. + * @throws Exception Thrown in case registration fails. + */ @Operation( summary = "Register an authenticator", description = "Register a FIDO2 authenticator based on a registration request generated and signed by the authenticator." diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java index 27d54689c..0edb52027 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java @@ -32,6 +32,12 @@ @Slf4j public class AssertionConverter { + /** + * Convert authenticator detail to assertion verification response. + * @param source Authenticator detail. + * @param assertionValid Whether assertion is valid. + * @return Converted assertion verification response. + */ public AssertionVerificationResponse fromAuthenticatorDetail(AuthenticatorDetail source, boolean assertionValid) { if (source == null) { return null; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index e313bbfd1..8407f2484 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -45,6 +45,14 @@ public class RegistrationConverter { private final AaguidList aaguidRegistry = new AaguidList(); + /** + * Convert registration challenge to authenticator detail. + * @param challenge Registration challenge. + * @param requestObject Registration request. + * @param aaguid AAGUID bytes. + * @param publicKey Public key bytes. + * @return Authenticator detail, if present. + */ public Optional convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { try { final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); @@ -70,19 +78,11 @@ public Optional convert(RegistrationChallenge challenge, Re } } - private Map convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { - final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); - final Map params = new HashMap<>(); - params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); - params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); - params.put("credentialId", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getCredentialId()); - params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); - params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); - params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); - params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); - return params; - } - + /** + * Convert authenticator detail to registration response. + * @param source Authenticator detail. + * @return Registration response. + */ public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail source) { final RegistrationResponse result = new RegistrationResponse(); result.setUserId(source.getUserId()); @@ -101,4 +101,18 @@ public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail sour result.setMaxFailedAttempts(source.getMaxFailedAttempts()); return result; } + + private Map convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { + final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); + final Map params = new HashMap<>(); + params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); + params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); + params.put("credentialId", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getCredentialId()); + params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); + params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); + params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); + params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); + return params; + } + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java index c1d276de0..7a4c326d0 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java @@ -32,6 +32,8 @@ import java.util.Base64; /** + * JSON deserializer for the attestation object. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -43,14 +45,28 @@ public class AttestationObjectDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialize the FIDO2 attestation object from JSON request. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 attestation object. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java index 2308f49f7..d2a0b2c4a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AttestationStatement; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.extern.slf4j.Slf4j; @@ -32,6 +33,8 @@ import java.util.Map; /** + * JSON deserializer for the attestation statement. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -41,25 +44,44 @@ public class AttestationStatementDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialize the FIDO2 attestation object from JSON request. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 attestation statement. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - final Map map = jsonParser.readValueAs(new TypeReference<>() {}); - final AttestationStatement result = new AttestationStatement(); - final Integer alg = (Integer) map.get("alg"); - if (alg != null && -7 == alg) { - result.setAlgorithm(SignatureAlgorithm.ES256); - } else { - result.setAlgorithm(SignatureAlgorithm.UNKNOWN); + public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + final Map map = jsonParser.readValueAs(new TypeReference<>() {}); + final AttestationStatement result = new AttestationStatement(); + final Integer alg = (Integer) map.get("alg"); + if (alg != null && -7 == alg) { + result.setAlgorithm(SignatureAlgorithm.ES256); + } else { + result.setAlgorithm(SignatureAlgorithm.UNKNOWN); + } + result.setSignature((byte[]) map.get("sig")); + return result; + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } - result.setSignature((byte[]) map.get("sig")); - return result; } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index f942c7398..a14a52455 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -18,12 +18,12 @@ package com.wultra.powerauth.fido2.rest.model.converter.serialization; -import com.fasterxml.jackson.core.JacksonException; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; import com.wultra.powerauth.fido2.rest.model.entity.ECPoint; import com.wultra.powerauth.fido2.rest.model.entity.Flags; @@ -40,6 +40,8 @@ import java.util.Map; /** + * JSON deserializer for FIDO2 authenticator data. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -51,101 +53,119 @@ public class AuthenticatorDataDeserializer extends StdDeserializer vc) { + + /** + * Deserializer constructor with value class parameter. + * @param vc Value class parameter. + */ + public AuthenticatorDataDeserializer(Class vc) { super(vc); } + /** + * Deserialized the FIDO2 authenticator data. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 authenticator data. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - final AuthenticatorData result = new AuthenticatorData(); - - // Serialize Auth Data - final byte[] authData = jsonParser.getBinaryValue(); - result.setEncoded(authData); - - // Get RP ID Hash - final byte[] rpIdHash = new byte[32]; - System.arraycopy(authData, 0, rpIdHash,0, 32); - result.setRpIdHash(rpIdHash); - - // Get Flags - final byte flagByte = authData[32]; - final Flags flags = result.getFlags(); - - flags.setUserPresent(isFlagOn(flagByte, 0)); - flags.setReservedBit2(isFlagOn(flagByte, 1)); - flags.setUserVerified(isFlagOn(flagByte, 2)); - flags.setBackupEligible(isFlagOn(flagByte, 3)); - flags.setBackupState(isFlagOn(flagByte, 4)); - flags.setReservedBit6(isFlagOn(flagByte, 5)); - flags.setAttestedCredentialsIncluded(isFlagOn(flagByte,6)); - flags.setExtensionDataIncluded(isFlagOn(flagByte,7)); - - // Get Signature Counter - final byte[] signCountBytes = new byte[4]; - System.arraycopy(authData, 33, signCountBytes, 0, 4); - final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default - result.setSignCount(signCount); - - if (authData.length > 37) { // get info about the credentials - - // Get AAGUID - final byte[] aaguid = new byte[16]; - System.arraycopy(authData, 37, aaguid, 0, 16); - result.getAttestedCredentialData().setAaguid(aaguid); - - // Get credential ID length - final byte[] credentialIdLength = new byte[2]; - System.arraycopy(authData, 53, credentialIdLength, 0, 2); - final ByteBuffer wrapped = ByteBuffer.wrap(credentialIdLength); // big-endian by default - short credentialIdLengthValue = wrapped.getShort(); - - // Get credentialId - final byte[] credentialId = new byte[credentialIdLengthValue]; - System.arraycopy(authData, 55, credentialId, 0, credentialIdLengthValue); - result.getAttestedCredentialData().setCredentialId(credentialId); - - // Get credentialPublicKey - final int remainingLength = authData.length - (55 + credentialIdLengthValue); - final byte[] credentialPublicKey = new byte[remainingLength]; - System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); - final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() { - }); - - final PublicKeyObject publicKeyObject = new PublicKeyObject(); - final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); - if (algorithm != null && -7 == algorithm) { - publicKeyObject.setAlgorithm(SignatureAlgorithm.ES256); - } else { - throw new RuntimeException("Unsupported algorithm: " + algorithm); - } - final Integer curveType = (Integer) credentialPublicKeyMap.get("-1"); - if (curveType != null && 1 == curveType) { - publicKeyObject.setCurveType(CurveType.P256); - } else { - throw new RuntimeException("Unsupported curve type: " + curveType); - } - final Integer keyType = (Integer) credentialPublicKeyMap.get("1"); - if (keyType != null && 2 == keyType) { - publicKeyObject.setKeyType(ECKeyType.UNCOMPRESSED); - } else { - throw new RuntimeException("Unsupported key type: " + keyType); + public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + final AuthenticatorData result = new AuthenticatorData(); + + // Serialize Auth Data + final byte[] authData = jsonParser.getBinaryValue(); + result.setEncoded(authData); + + // Get RP ID Hash + final byte[] rpIdHash = new byte[32]; + System.arraycopy(authData, 0, rpIdHash, 0, 32); + result.setRpIdHash(rpIdHash); + + // Get Flags + final byte flagByte = authData[32]; + final Flags flags = result.getFlags(); + + flags.setUserPresent(isFlagOn(flagByte, 0)); + flags.setReservedBit2(isFlagOn(flagByte, 1)); + flags.setUserVerified(isFlagOn(flagByte, 2)); + flags.setBackupEligible(isFlagOn(flagByte, 3)); + flags.setBackupState(isFlagOn(flagByte, 4)); + flags.setReservedBit6(isFlagOn(flagByte, 5)); + flags.setAttestedCredentialsIncluded(isFlagOn(flagByte, 6)); + flags.setExtensionDataIncluded(isFlagOn(flagByte, 7)); + + // Get Signature Counter + final byte[] signCountBytes = new byte[4]; + System.arraycopy(authData, 33, signCountBytes, 0, 4); + final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default + result.setSignCount(signCount); + + if (authData.length > 37) { // get info about the credentials + + // Get AAGUID + final byte[] aaguid = new byte[16]; + System.arraycopy(authData, 37, aaguid, 0, 16); + result.getAttestedCredentialData().setAaguid(aaguid); + + // Get credential ID length + final byte[] credentialIdLength = new byte[2]; + System.arraycopy(authData, 53, credentialIdLength, 0, 2); + final ByteBuffer wrapped = ByteBuffer.wrap(credentialIdLength); // big-endian by default + short credentialIdLengthValue = wrapped.getShort(); + + // Get credentialId + final byte[] credentialId = new byte[credentialIdLengthValue]; + System.arraycopy(authData, 55, credentialId, 0, credentialIdLengthValue); + result.getAttestedCredentialData().setCredentialId(credentialId); + + // Get credentialPublicKey + final int remainingLength = authData.length - (55 + credentialIdLengthValue); + final byte[] credentialPublicKey = new byte[remainingLength]; + System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); + final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() {}); + + final PublicKeyObject publicKeyObject = new PublicKeyObject(); + final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); + if (algorithm != null && -7 == algorithm) { + publicKeyObject.setAlgorithm(SignatureAlgorithm.ES256); + } else { + throw new RuntimeException("Unsupported algorithm: " + algorithm); + } + final Integer curveType = (Integer) credentialPublicKeyMap.get("-1"); + if (curveType != null && 1 == curveType) { + publicKeyObject.setCurveType(CurveType.P256); + } else { + throw new RuntimeException("Unsupported curve type: " + curveType); + } + final Integer keyType = (Integer) credentialPublicKeyMap.get("1"); + if (keyType != null && 2 == keyType) { + publicKeyObject.setKeyType(ECKeyType.UNCOMPRESSED); + } else { + throw new RuntimeException("Unsupported key type: " + keyType); + } + + final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); + final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); + final ECPoint point = new ECPoint(); + point.setX(xBytes); + point.setY(yBytes); + publicKeyObject.setPoint(point); + + result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); } - - final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); - final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); - final ECPoint point = new ECPoint(); - point.setX(xBytes); - point.setY(yBytes); - publicKeyObject.setPoint(point); - - result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); + return result; + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } - - return result; } private boolean isFlagOn(byte flags, int position) throws IOException { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java index fe0801665..25c3026d7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java @@ -21,29 +21,55 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; import java.io.IOException; import java.io.Serial; import java.util.Base64; /** + * Deserializer from Base64 to byte array. + * * @author Petr Dvorak, petr@wultra.com */ +@Component +@Slf4j public class Base64ToByteArrayDeserializer extends StdDeserializer { @Serial private static final long serialVersionUID = 4519714786533202920L; + /** + * No-arg deserializer constructor. + */ public Base64ToByteArrayDeserializer() { this(null); } + /** + * Deserializer constructor with value class parameter. + * @param vc Value class. + */ public Base64ToByteArrayDeserializer(Class vc) { super(vc); } + /** + * Deserialize data from Base64 to byte array. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized byte array. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - return Base64.getDecoder().decode(jsonParser.getText()); + public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + return Base64.getDecoder().decode(jsonParser.getText()); + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); + } } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java index 31d61449f..2daff0d15 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -30,6 +31,8 @@ import java.util.Base64; /** + * Deserializer from Base64 to string. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -39,16 +42,35 @@ public class Base64ToStringDeserializer extends StdDeserializer { @Serial private static final long serialVersionUID = 2540966716709142276L; + /** + * No-arg deserializer constructor. + */ public Base64ToStringDeserializer() { this(null); } + /** + * Deserializer constructor with value class parameter. + * @param vc Value class. + */ public Base64ToStringDeserializer(Class vc) { super(vc); } + /** + * Deserialize data from Base64 to string. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized string. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - return new String(Base64.getDecoder().decode(jsonParser.getText()), StandardCharsets.UTF_8); + public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + return new String(Base64.getDecoder().decode(jsonParser.getText()), StandardCharsets.UTF_8); + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); + } } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index 38498c8a4..ddb5615fa 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -33,6 +33,8 @@ import java.util.Base64; /** + * Deserializer for FIDO2 collected client data. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -44,14 +46,28 @@ public class CollectedClientDataDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialized the FIDO2 collected client data. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 collected client data. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override public CollectedClientData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java index 7d54eed23..e5867df3c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java @@ -23,6 +23,8 @@ import java.util.List; /** + * Assertion challenge. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java index dafa7c33c..5848374d8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java @@ -25,6 +25,8 @@ import lombok.Data; /** + * Attestation object. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java index 8c59404fe..299da3af4 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java @@ -22,6 +22,8 @@ import lombok.Data; /** + * Attestation statement. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java index f08265ec2..2e3a473df 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Attested credential data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java index 54d962491..3ed46bdc6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java @@ -27,6 +27,8 @@ import lombok.Data; /** + * Authenticator assertion response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java index f78eb68be..cd86705e7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java @@ -26,6 +26,8 @@ import java.util.List; /** + * Authenticator attestation response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java index 7d976f852..d280f191d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java @@ -24,6 +24,8 @@ import lombok.Data; /** + * Authenticator data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java index 5985b996b..cba05f8ee 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java @@ -26,6 +26,8 @@ import lombok.Data; /** + * Collected client data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java index fdae77c50..8d8b5d350 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Elliptic curve point coordinates. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java index 3f93a6e16..9a2ee93d9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * FIDO2 flags. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java index 47dbbf5da..70ec54056 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -24,6 +24,8 @@ import lombok.Data; /** + * Class representing a public key object. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java index 21598d731..299449f66 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Elliptic curve type enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum CurveType { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java index a4f8851ea..76ba75175 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Elliptic key type enumeration. + * * @author Roman Strobl, roman.strobl@wultra.com */ public enum ECKeyType { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java index 10a9f66fa..245a89568 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java @@ -21,6 +21,8 @@ import java.util.List; /** + * Attestation format enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum Fmt { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java index 712069058..9680c2d3b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Signature algorithm enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum SignatureAlgorithm { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index bea3f8e2c..09c20505b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -26,6 +26,8 @@ import java.util.List; /** + * Assertion verification request. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index 591bb6fe1..46e97b508 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -23,6 +23,8 @@ import lombok.Data; /** + * Registration request. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java index e9c08f3dd..17e123a30 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -23,6 +23,8 @@ import java.util.List; /** + * Assertion challenge response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java index 5cd7b4da9..d7eb23993 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java @@ -25,6 +25,8 @@ import java.util.List; /** + * List of registered authenticators response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java index 48f24cbc7..334027cfe 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Registration challenge response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java index c0015dcf5..f1f2944f9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -26,6 +26,8 @@ import java.util.Map; /** + * Registration response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java index b235b4ab7..c5d70d2d8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java @@ -37,6 +37,11 @@ @Slf4j public class AssertionRequestValidator { + /** + * Validate an assertion verification request. + * @param request Assertion verification request. + * @return Validation result. + */ public String validate(AssertionVerificationRequest request) { if (request == null || request.getResponse() == null diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java index 21800b9c6..29e10fc3b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java @@ -40,6 +40,11 @@ @Slf4j public class RegistrationRequestValidator { + /** + * Validate a registration request. + * @param request Registration request. + * @return Validation result. + */ public String validate(RegistrationRequest request) { if (request == null) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 5940f0e91..0534b44be 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -53,6 +53,14 @@ public class AssertionService { private final AssertionConverter assertionConverter; private final AssertionChallengeConverter assertionChallengeConverter; + /** + * Assertion service constructor. + * @param cryptographyService Cryptography service. + * @param authenticatorProvider Authenticator provider. + * @param assertionProvider Assertion provider. + * @param assertionConverter Assertion converter. + * @param assertionChallengeConverter Assertion challenge converter. + */ @Autowired public AssertionService(CryptographyService cryptographyService, AuthenticatorProvider authenticatorProvider, AssertionProvider assertionProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { this.cryptographyService = cryptographyService; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index f34da19a8..03c0d1d85 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -52,6 +52,16 @@ public class RegistrationService { private final RegistrationRequestValidator registrationRequestValidator; private final CryptographyService cryptographyService; + /** + * Registration service. + * + * @param authenticatorProvider Authenticator provider. + * @param registrationProvider Registration provider. + * @param registrationChallengeConverter Registration challenge converter. + * @param registrationConverter Registration converter. + * @param registrationRequestValidator Registration request validator. + * @param cryptographyService Cryptography service. + */ @Autowired public RegistrationService(AuthenticatorProvider authenticatorProvider, RegistrationProvider registrationProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { this.authenticatorProvider = authenticatorProvider; @@ -62,17 +72,40 @@ public RegistrationService(AuthenticatorProvider authenticatorProvider, Registra this.cryptographyService = cryptographyService; } - public RegisteredAuthenticatorsResponse registrationsForUser(String userId, String applicationId) throws Fido2AuthenticationFailedException { + /** + * List registrations for a user. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registered authenticator list response. + * @throws Fido2AuthenticationFailedException In case list request fails. + */ + public RegisteredAuthenticatorsResponse listRegistrationsForUser(String userId, String applicationId) throws Fido2AuthenticationFailedException { final RegisteredAuthenticatorsResponse responseObject = new RegisteredAuthenticatorsResponse(); responseObject.getAuthenticators().addAll(authenticatorProvider.findByUserId(userId, applicationId)); return responseObject; } + /** + * Request a registration challenge. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registration challenge response. + * @throws Exception Thrown in case creating challenge fails. + */ public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistration(userId, applicationId); return registrationChallengeConverter.fromChallenge(challenge); } + /** + * Register an authenticator. + * + * @param requestObject Registration request. + * @return Registration response. + * @throws Exception Thrown in case registration fails. + */ public RegistrationResponse register(RegistrationRequest requestObject) throws Exception { final String applicationId = requestObject.getApplicationId(); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java index b8336e338..92a318fed 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java @@ -30,8 +30,36 @@ * @author Petr Dvorak, petr@wultra.com */ public interface AuthenticatorProvider { + + /** + * Store an authenticator. + * + * @param applicationId Application identifier. + * @param challenge Registration challenge. + * @param authenticatorDetail Authenticator detail. + * @return Authenticator detail. + * @throws Fido2AuthenticationFailedException Thrown in case storing authenticator fails. + */ AuthenticatorDetail storeAuthenticator(String applicationId, String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + + /** + * Find an authenticator by a user identifier. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Authenticator detail list. + * @throws Fido2AuthenticationFailedException Thrown in case lookup fails. + */ List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException; + + /** + * Find an authenticator by a credential identifier. + * + * @param credentialId Credential identifier. + * @param applicationId Application identifier. + * @return Authenticator detail, if found. + * @throws Fido2AuthenticationFailedException Thrown in case lookup fails. + */ Optional findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index e3f157ff7..f4fc85c23 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -26,9 +26,40 @@ * @author Petr Dvorak, petr@wultra.com */ public interface CryptographyService { + + /** + * Verify signature for a registration. + * + * @param applicationId Application identifier. + * @param clientDataJSON Collected client data. + * @param authData Authenticator data. + * @param signature Signature bytes. + * @param attestedCredentialData Attested credential data. + * @return Whether signature verification succeeded. + * @throws Exception Thrown in case of a cryptography error. + */ boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws Exception; + /** + * Verify signature for an assertion. + * + * @param applicationId Application identifier. + * @param authenticatorId Authenticator identifier. + * @param clientDataJSON Collected client data. + * @param authData Authenticator data. + * @param signature Signature bytes. + * @param authenticatorDetail Authenticator detail. + * @return Whether signature verification succeeded. + * @throws Exception Thrown in case of a cryptography error. + */ boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; + /** + * Convert public key object to bytes. + * + * @param publicKey Public key object. + * @return Public key bytes. + * @throws Exception Thrown in case of a cryptography error. + */ byte[] publicKeyToBytes(PublicKeyObject publicKey) throws Exception; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java index 817b927ca..18e32c48f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java @@ -43,7 +43,7 @@ public class SignatureMetadataConverter implements AttributeConverter activationHistory = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public ActivationRecordEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java index 6f30d80a3..193d979f7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java @@ -61,7 +61,7 @@ public class ApplicationEntity implements Serializable { private final List recoveryCodes = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public ApplicationEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java index 25e00dd2d..fb0e1559c 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java @@ -59,7 +59,7 @@ public class MasterKeyPairEntity implements Serializable { private ApplicationEntity application; /** - * Default constructor + * No-arg constructor */ public MasterKeyPairEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java index 1ebe328b0..8e5a2cd40 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java @@ -83,7 +83,7 @@ public class RecoveryCodeEntity implements Serializable { private final List recoveryPuks = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public RecoveryCodeEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java index 73d787070..7c734d3de 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java @@ -70,7 +70,7 @@ public class RecoveryConfigEntity implements Serializable { private ApplicationEntity application; /** - * Default constructor + * No-arg constructor */ public RecoveryConfigEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java index e01223b41..0e739d0cd 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java @@ -67,7 +67,7 @@ public class RecoveryPukEntity implements Serializable { private Date timestampLastChange; /** - * Default constructor. + * No-arg constructor. */ public RecoveryPukEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java index 9f3688ae3..e0798e6e4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java @@ -95,7 +95,7 @@ public class SignatureEntity implements Serializable { private Date timestampCreated; /** - * Default constructor. + * No-arg constructor. */ public SignatureEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java index 323ee127c..43b4ded1f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java @@ -44,7 +44,7 @@ public enum EncryptionMode { final byte value; /** - * Default constructor with byte value of encryption mode. + * No-arg constructor with byte value of encryption mode. * @param value Byte value of encryption mode. */ EncryptionMode(final byte value) { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java index f3bb5320b..05aca19e3 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java @@ -30,7 +30,7 @@ public class ActivationRecovery { private String puk; /** - * Default constuctor. + * No-arg constructor. */ public ActivationRecovery() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java index a22782fdb..e1a2de5b8 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java @@ -28,7 +28,7 @@ public class TokenInfo { private String tokenSecret; /** - * Default constructor. + * No-arg constructor. */ public TokenInfo() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java index 8c831f941..858f5ca79 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java @@ -34,7 +34,7 @@ public class ActivationLayer2Request { private String deviceInfo; /** - * Default constructor. + * No-arg constructor. */ public ActivationLayer2Request() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java index a703606d5..4fd70488f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java @@ -30,7 +30,7 @@ public class ConfirmRecoveryRequestPayload { private String recoveryCode; /** - * Default constructor. + * No-arg constructor. */ public ConfirmRecoveryRequestPayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java index 323a18d47..a47ddc2ec 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java @@ -28,7 +28,7 @@ public class VaultUnlockRequestPayload { private String reason; /** - * Default constructor. + * No-arg constructor. */ public VaultUnlockRequestPayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java index 8b6aa8872..bf4dba184 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java @@ -33,7 +33,7 @@ public class ActivationLayer2Response { private ActivationRecovery activationRecovery; /** - * Default constructor. + * No-arg constructor. */ public ActivationLayer2Response() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java index a8505b6b5..dc3c76fa7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java @@ -30,7 +30,7 @@ public class ConfirmRecoveryResponsePayload { private boolean alreadyConfirmed; /** - * Default constructor. + * No-arg constructor. */ public ConfirmRecoveryResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java index d4268d5e4..1e4fc4d8e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java @@ -28,7 +28,7 @@ public class UpgradeResponsePayload { /** - * Default constructor. + * No-arg constructor. */ public UpgradeResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java index 385d9e9d2..244c0b28d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java @@ -28,7 +28,7 @@ public class VaultUnlockResponsePayload { private String encryptedVaultEncryptionKey; /** - * Default constructor. + * No-arg constructor. */ public VaultUnlockResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java index 2d7c22021..946c413de 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java @@ -32,7 +32,7 @@ public class OfflineSignatureRequest { private List signatureTypes; /** - * Default constructor. + * No-arg constructor. */ public OfflineSignatureRequest() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java index 05a8351f3..ce102740b 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java @@ -30,7 +30,7 @@ public class OnlineSignatureRequest { private SignatureType signatureType; /** - * Default constructor. + * No-arg constructor. */ public OnlineSignatureRequest() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java index 933096d5e..789edbff4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java @@ -38,7 +38,7 @@ public class SignatureData { private Integer forcedSignatureVersion; /** - * Default constructor. + * No-arg constructor. */ public SignatureData() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java index 711f29b13..47718f499 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java @@ -33,7 +33,7 @@ public class SignatureResponse { private SignatureType usedSignatureType; /** - * Default constructor. + * No-arg constructor. */ public SignatureResponse() { }