diff options
| author | Jakob Heher <jakob.heher@iaik.tugraz.at> | 2022-09-30 12:15:03 +0200 |
|---|---|---|
| committer | Jakob Heher <jakob.heher@iaik.tugraz.at> | 2022-09-30 12:15:03 +0200 |
| commit | 9e1335af0ab4a4169def73ce7281f31f292b8756 (patch) | |
| tree | 3d59d5521054a04f52cd29cd39198520fd421842 | |
| parent | 281cc23ba6b50c270dc22027cab80c01d35563e7 (diff) | |
| download | pdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.tar.gz pdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.tar.bz2 pdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.zip | |
Revert "fido2 proof of concept"
(it should've probably been on a feature branch)
This reverts commit fd24a56578a323715b844b610ba91a3bfd400342.
4 files changed, 12 insertions, 131 deletions
diff --git a/pdf-over-gui/pom.xml b/pdf-over-gui/pom.xml index b856e881..671f2967 100644 --- a/pdf-over-gui/pom.xml +++ b/pdf-over-gui/pom.xml @@ -65,11 +65,6 @@ <version>${project.parent.version}</version> <scope>compile</scope> </dependency> - <dependency> - <groupId>at.a-sit</groupId> - <artifactId>webauthn-java</artifactId> - <version>0.0.1-SNAPSHOT</version> - </dependency> </dependencies> <dependencyManagement> <dependencies> diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java index 09255956..9b7e4d09 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java @@ -15,15 +15,10 @@ */
package at.asit.pdfover.gui.bku;
-import java.util.Base64;
-
// Imports
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.gson.JsonNull;
-import com.google.gson.JsonObject;
-
import at.asit.pdfover.commons.Constants;
import at.asit.pdfover.gui.bku.mobile.ATrustHandler;
import at.asit.pdfover.gui.bku.mobile.ATrustStatus;
@@ -35,11 +30,6 @@ import at.asit.pdfover.signator.SLRequest; import at.asit.pdfover.signator.SLResponse;
import at.asit.pdfover.signator.SignatureException;
import at.asit.pdfover.signer.pdfas.PdfAs4SigningState;
-import at.asit.webauthn.PublicKeyCredential;
-import at.asit.webauthn.PublicKeyCredentialRequestOptions;
-import at.asit.webauthn.WebAuthN;
-import at.asit.webauthn.exceptions.WebAuthNOperationFailed;
-import at.asit.webauthn.responsefields.AuthenticatorAssertionResponse;
/**
*
@@ -136,51 +126,6 @@ public class MobileBKUConnector implements BkuSlConnector { if (status instanceof ATrustStatus) {
ATrustStatus aStatus = (ATrustStatus) status;
ATrustHandler aHandler = (ATrustHandler) handler;
- if (aStatus.fido2OptionAvailable && (aStatus.fido2FormOptions == null)) {
- try {
- handler.handleCredentialsResponse(aHandler.postFIDO2Request());
- } catch (Exception ex) {
- log.error("Error in PostCredentialsThread", ex);
- this.state.threadException = ex;
- throw new SignatureException(ex);
- }
- }
- if (aStatus.fido2FormOptions != null) {
- log.info("Fido2 credentials GET!");
- if (WebAuthN.isAvailable())
- {
- log.info("Authenticating with WebAuthn!");
- enterTAN = false;
- try {
- PublicKeyCredential<AuthenticatorAssertionResponse> credential =
- PublicKeyCredentialRequestOptions.FromJSONString(aStatus.fido2FormOptions.get(aStatus.fido2OptionsKey)).get("https://service.a-trust.at");
-
- Base64.Encoder base64 = Base64.getEncoder();
- JsonObject aTrustCredential = new JsonObject();
- aTrustCredential.addProperty("id", credential.id);
- aTrustCredential.addProperty("rawId", base64.encodeToString(credential.rawId));
- aTrustCredential.addProperty("type", credential.type);
- aTrustCredential.add("extensions", new JsonObject()); // TODO fix getClientExtensionResults() in library
-
- JsonObject aTrustCredentialResponse = new JsonObject();
- aTrustCredential.add("response", aTrustCredentialResponse);
- aTrustCredentialResponse.addProperty("authenticatorData", base64.encodeToString(credential.response.authenticatorData));
- aTrustCredentialResponse.addProperty("clientDataJson", base64.encodeToString(credential.response.clientDataJSON));
- aTrustCredentialResponse.addProperty("signature", base64.encodeToString(credential.response.signature));
- if (credential.response.userHandle != null)
- aTrustCredentialResponse.addProperty("userHandle", base64.encodeToString(credential.response.userHandle));
- else
- aTrustCredentialResponse.add("userHandle", JsonNull.INSTANCE);
-
- aStatus.fido2FormOptions.put(aStatus.fido2ResultKey, aTrustCredential.toString());
- handler.handleTANResponse(aHandler.postFIDO2Result()); // TODO dedicated response
- } catch (WebAuthNOperationFailed e) {
- log.error("WebAuthN failed", e);
- } catch (Exception e) {
- log.error("generic failure", e);
- }
- }
- }
if (aStatus.qrCodeURL != null) {
this.state.showQR();
if ("cancel".equals(this.state.status.errorMessage))
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java index 70d1c35e..ce08c575 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java @@ -21,8 +21,6 @@ import java.io.BufferedInputStream; import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
-import java.util.HashMap;
-import java.util.Map;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpStatus;
@@ -234,12 +232,7 @@ public class ATrustHandler extends MobileBKUHandler { sessionID = MobileBKUHelper.extractSubstring(responseData, "signature.aspx?sid=", "\"");
viewState = MobileBKUHelper.extractValueFromTagWithParam(responseData, "", "id", "__VIEWSTATE", "value");
eventValidation = MobileBKUHelper.extractValueFromTagWithParam(responseData, "", "id", "__EVENTVALIDATION", "value");
- try {
- refVal = MobileBKUHelper.extractSubstring(responseData, "id='vergleichswert'><b>Vergleichswert:</b>", "</div>");
- } catch (Exception e) {
- refVal = null;
- log.debug("No reference value");
- }
+ refVal = MobileBKUHelper.extractSubstring(responseData, "id='vergleichswert'><b>Vergleichswert:</b>", "</div>");
signatureDataURL = status.baseURL + "/ShowSigobj.aspx" +
MobileBKUHelper.extractSubstring(responseData, "ShowSigobj.aspx", "'");
try {
@@ -265,27 +258,17 @@ public class ATrustHandler extends MobileBKUHandler { }catch (Exception e) {
log.debug("No text_tan tag");
}
-
- status.fido2OptionAvailable = (responseDocument.selectFirst("#FidoButton") != null);
- {
- Element fidoBlock = responseDocument.selectFirst("#fidoBlock");
-
- if (fidoBlock != null) {
- Map<String,String> options = new HashMap<>();
- for (Element field : fidoBlock.select("input"))
- {
- if (!field.hasAttr("name"))
- continue;
- options.put(field.attr("name"), field.attr("value"));
- if ("credentialOptions".equals(field.attr("id")))
- status.fido2OptionsKey = field.attr("name");
- if ("credentialResult".equals(field.attr("id")))
- status.fido2ResultKey = field.attr("name");
- }
- log.info("Fido credential options: {}", options);
- status.fido2FormOptions = options;
- status.qrCodeURL = null;
- }
+ try {
+ String webauthnLink = MobileBKUHelper.extractValueFromTagWithParam(responseData, "a", "id", "FidoButton", "href");
+ log.info("Webauthn link: {}", webauthnLink);
+ } catch (Exception e) {
+ log.info("No webauthnLink");
+ }
+ try {
+ String webauthnData = MobileBKUHelper.extractValueFromTagWithParam(responseData, "input", "id", "credentialOptions", "value");
+ log.info("Fido credential options: {}", webauthnData);
+ } catch (Exception e) {
+ log.info("No webauthnData");
}
} else if (responseData.contains("sl:InfoboxReadResponse")) {
@@ -363,7 +346,6 @@ public class ATrustHandler extends MobileBKUHandler { return executePost(client, post);
}
-
/* (non-Javadoc)
* @see at.asit.pdfover.gui.workflow.states.mobilebku.MobileBKUHandler#handleTANResponse(java.lang.String)
*/
@@ -425,40 +407,6 @@ public class ATrustHandler extends MobileBKUHandler { }
/**
- * Cancel QR process, request FIDO2 authentication
- * @return the response
- * @throws IOException Error during posting
- */
-
- public String postFIDO2Request() throws IOException {
- ATrustStatus status = getStatus();
-
- MobileBKUHelper.registerTrustedSocketFactory();
- HttpClient client = MobileBKUHelper.getHttpClient(status);
- GetMethod get = new GetMethod(status.baseURL + "/usefido.aspx?sid=" + status.sessionID);
- get.getParams().setContentCharset("utf-8");
-
- return executeGet(client, get);
- }
-
- public String postFIDO2Result() throws IOException {
- ATrustStatus status = getStatus();
-
- MobileBKUHelper.registerTrustedSocketFactory();
- HttpClient client = MobileBKUHelper.getHttpClient(status);
-
- PostMethod post = new PostMethod(status.baseURL + "/signature.aspx?sid=" + status.sessionID);
- post.getParams().setContentCharset("utf-8");
- post.addParameter("__VIEWSTATE", status.viewState);
- post.addParameter("__VIEWSTATEGENERATOR", status.viewStateGenerator);
- post.addParameter("__EVENTVALIDATION", status.eventValidation);
- for (Map.Entry<String, String> entry : status.fido2FormOptions.entrySet())
- post.addParameter(entry.getKey(), entry.getValue());
-
- return executePost(client, post);
- }
-
- /**
* Get the QR code image
* @return the QR code image as a String
*/
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java index 6258b4ce..b61b3a8b 100644 --- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java +++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java @@ -15,8 +15,6 @@ */
package at.asit.pdfover.gui.bku.mobile;
-import java.util.Map;
-
// Imports
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,11 +47,6 @@ public class ATrustStatus extends MobileBKUStatus { public String dynAttrSignButton;
public boolean isSMSTan = false;
- public boolean fido2OptionAvailable = false;
- public String fido2OptionsKey;
- public String fido2ResultKey;
- public Map<String,String> fido2FormOptions;
-
/**
* Constructor
* @param provider the ConfigProvider
|