fido2 proof of concept

author: Jakob Heher <jakob.heher@iaik.tugraz.at> 2022-09-29 13:36:57 +0200
committer: Jakob Heher <jakob.heher@iaik.tugraz.at> 2022-09-29 13:36:57 +0200
commit: fd24a56578a323715b844b610ba91a3bfd400342 (patch)
tree: ab3fefdf5595068b5245b078a0727bbe7f74c52c /pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
parent: 93d1862956c3d7eca281d22b74a31c72391ed951 (diff)
download: pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.tar.gz
pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.tar.bz2
pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.zip
1 files changed, 55 insertions, 0 deletions
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
index 34b53173..dae4d007 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
@@ -15,10 +15,15 @@
  */
 package at.asit.pdfover.gui.bku;
 
+import java.util.Base64;
+
 // Imports
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.gson.JsonNull;
+import com.google.gson.JsonObject;
+
 import at.asit.pdfover.gui.bku.mobile.ATrustHandler;
 import at.asit.pdfover.gui.bku.mobile.ATrustStatus;
 import at.asit.pdfover.gui.bku.mobile.MobileBKUHandler;
@@ -29,6 +34,11 @@ import at.asit.pdfover.signator.SLRequest;
 import at.asit.pdfover.signator.SLResponse;
 import at.asit.pdfover.signator.SignatureException;
 import at.asit.pdfover.signer.pdfas.PdfAs4SigningState;
+import at.asit.webauthn.PublicKeyCredential;
+import at.asit.webauthn.PublicKeyCredentialRequestOptions;
+import at.asit.webauthn.WebAuthN;
+import at.asit.webauthn.exceptions.WebAuthNOperationFailed;
+import at.asit.webauthn.responsefields.AuthenticatorAssertionResponse;
 
 /**
  *
@@ -125,6 +135,51 @@ public class MobileBKUConnector implements BkuSlConnector {
 				if (status instanceof ATrustStatus) {
 					ATrustStatus aStatus = (ATrustStatus) status;
 					ATrustHandler aHandler = (ATrustHandler) handler;
+					if (aStatus.fido2OptionAvailable && (aStatus.fido2FormOptions == null)) {
+						try {
+							handler.handleCredentialsResponse(aHandler.postFIDO2Request());
+						} catch (Exception ex) {
+							log.error("Error in PostCredentialsThread", ex);
+							this.state.threadException = ex;
+							throw new SignatureException(ex);
+						}
+					}
+					if (aStatus.fido2FormOptions != null) {
+						log.info("Fido2 credentials GET!");
+						if (WebAuthN.isAvailable())
+						{
+							log.info("Authenticating with WebAuthn!");
+							enterTAN = false;
+							try {
+								PublicKeyCredential<AuthenticatorAssertionResponse> credential = 
+									PublicKeyCredentialRequestOptions.FromJSONString(aStatus.fido2FormOptions.get(aStatus.fido2OptionsKey)).get("https://service.a-trust.at");
+								
+								Base64.Encoder base64 = Base64.getEncoder();
+								JsonObject aTrustCredential = new JsonObject();
+								aTrustCredential.addProperty("id", credential.id);
+								aTrustCredential.addProperty("rawId", base64.encodeToString(credential.rawId));
+								aTrustCredential.addProperty("type", credential.type);
+								aTrustCredential.add("extensions", new JsonObject()); // TODO fix getClientExtensionResults() in library
+
+								JsonObject aTrustCredentialResponse = new JsonObject();
+								aTrustCredential.add("response", aTrustCredentialResponse);
+								aTrustCredentialResponse.addProperty("authenticatorData", base64.encodeToString(credential.response.authenticatorData));
+								aTrustCredentialResponse.addProperty("clientDataJson", base64.encodeToString(credential.response.clientDataJSON));
+								aTrustCredentialResponse.addProperty("signature", base64.encodeToString(credential.response.signature));
+								if (credential.response.userHandle != null)
+									aTrustCredentialResponse.addProperty("userHandle", base64.encodeToString(credential.response.userHandle));
+								else
+									aTrustCredentialResponse.add("userHandle", JsonNull.INSTANCE);
+
+								aStatus.fido2FormOptions.put(aStatus.fido2ResultKey, aTrustCredential.toString());
+								handler.handleTANResponse(aHandler.postFIDO2Result()); // TODO dedicated response
+							} catch (WebAuthNOperationFailed e) {
+								log.error("WebAuthN failed", e);
+							} catch (Exception e) {
+								log.error("generic failure", e);
+							}
+						}
+					}
 					if (aStatus.qrCodeURL != null) {
 						this.state.showQR();
 						if ("cancel".equals(this.state.status.errorMessage))
author	Jakob Heher <jakob.heher@iaik.tugraz.at>	2022-09-29 13:36:57 +0200
committer	Jakob Heher <jakob.heher@iaik.tugraz.at>	2022-09-29 13:36:57 +0200
commit	fd24a56578a323715b844b610ba91a3bfd400342 (patch)
tree	ab3fefdf5595068b5245b078a0727bbe7f74c52c /pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
parent	93d1862956c3d7eca281d22b74a31c72391ed951 (diff)
download	pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.tar.gz pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.tar.bz2 pdf-over-fd24a56578a323715b844b610ba91a3bfd400342.zip