summaryrefslogtreecommitdiff
path: root/pdf-over-gui
diff options
context:
space:
mode:
authorJakob Heher <jakob.heher@iaik.tugraz.at>2022-09-30 12:15:03 +0200
committerJakob Heher <jakob.heher@iaik.tugraz.at>2022-09-30 12:15:03 +0200
commit9e1335af0ab4a4169def73ce7281f31f292b8756 (patch)
tree3d59d5521054a04f52cd29cd39198520fd421842 /pdf-over-gui
parent281cc23ba6b50c270dc22027cab80c01d35563e7 (diff)
downloadpdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.tar.gz
pdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.tar.bz2
pdf-over-9e1335af0ab4a4169def73ce7281f31f292b8756.zip
Revert "fido2 proof of concept"
(it should've probably been on a feature branch) This reverts commit fd24a56578a323715b844b610ba91a3bfd400342.
Diffstat (limited to 'pdf-over-gui')
-rw-r--r--pdf-over-gui/pom.xml5
-rw-r--r--pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java55
-rw-r--r--pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java76
-rw-r--r--pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java7
4 files changed, 12 insertions, 131 deletions
diff --git a/pdf-over-gui/pom.xml b/pdf-over-gui/pom.xml
index b856e881..671f2967 100644
--- a/pdf-over-gui/pom.xml
+++ b/pdf-over-gui/pom.xml
@@ -65,11 +65,6 @@
<version>${project.parent.version}</version>
<scope>compile</scope>
</dependency>
- <dependency>
- <groupId>at.a-sit</groupId>
- <artifactId>webauthn-java</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- </dependency>
</dependencies>
<dependencyManagement>
<dependencies>
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
index 09255956..9b7e4d09 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/MobileBKUConnector.java
@@ -15,15 +15,10 @@
*/
package at.asit.pdfover.gui.bku;
-import java.util.Base64;
-
// Imports
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.gson.JsonNull;
-import com.google.gson.JsonObject;
-
import at.asit.pdfover.commons.Constants;
import at.asit.pdfover.gui.bku.mobile.ATrustHandler;
import at.asit.pdfover.gui.bku.mobile.ATrustStatus;
@@ -35,11 +30,6 @@ import at.asit.pdfover.signator.SLRequest;
import at.asit.pdfover.signator.SLResponse;
import at.asit.pdfover.signator.SignatureException;
import at.asit.pdfover.signer.pdfas.PdfAs4SigningState;
-import at.asit.webauthn.PublicKeyCredential;
-import at.asit.webauthn.PublicKeyCredentialRequestOptions;
-import at.asit.webauthn.WebAuthN;
-import at.asit.webauthn.exceptions.WebAuthNOperationFailed;
-import at.asit.webauthn.responsefields.AuthenticatorAssertionResponse;
/**
*
@@ -136,51 +126,6 @@ public class MobileBKUConnector implements BkuSlConnector {
if (status instanceof ATrustStatus) {
ATrustStatus aStatus = (ATrustStatus) status;
ATrustHandler aHandler = (ATrustHandler) handler;
- if (aStatus.fido2OptionAvailable && (aStatus.fido2FormOptions == null)) {
- try {
- handler.handleCredentialsResponse(aHandler.postFIDO2Request());
- } catch (Exception ex) {
- log.error("Error in PostCredentialsThread", ex);
- this.state.threadException = ex;
- throw new SignatureException(ex);
- }
- }
- if (aStatus.fido2FormOptions != null) {
- log.info("Fido2 credentials GET!");
- if (WebAuthN.isAvailable())
- {
- log.info("Authenticating with WebAuthn!");
- enterTAN = false;
- try {
- PublicKeyCredential<AuthenticatorAssertionResponse> credential =
- PublicKeyCredentialRequestOptions.FromJSONString(aStatus.fido2FormOptions.get(aStatus.fido2OptionsKey)).get("https://service.a-trust.at");
-
- Base64.Encoder base64 = Base64.getEncoder();
- JsonObject aTrustCredential = new JsonObject();
- aTrustCredential.addProperty("id", credential.id);
- aTrustCredential.addProperty("rawId", base64.encodeToString(credential.rawId));
- aTrustCredential.addProperty("type", credential.type);
- aTrustCredential.add("extensions", new JsonObject()); // TODO fix getClientExtensionResults() in library
-
- JsonObject aTrustCredentialResponse = new JsonObject();
- aTrustCredential.add("response", aTrustCredentialResponse);
- aTrustCredentialResponse.addProperty("authenticatorData", base64.encodeToString(credential.response.authenticatorData));
- aTrustCredentialResponse.addProperty("clientDataJson", base64.encodeToString(credential.response.clientDataJSON));
- aTrustCredentialResponse.addProperty("signature", base64.encodeToString(credential.response.signature));
- if (credential.response.userHandle != null)
- aTrustCredentialResponse.addProperty("userHandle", base64.encodeToString(credential.response.userHandle));
- else
- aTrustCredentialResponse.add("userHandle", JsonNull.INSTANCE);
-
- aStatus.fido2FormOptions.put(aStatus.fido2ResultKey, aTrustCredential.toString());
- handler.handleTANResponse(aHandler.postFIDO2Result()); // TODO dedicated response
- } catch (WebAuthNOperationFailed e) {
- log.error("WebAuthN failed", e);
- } catch (Exception e) {
- log.error("generic failure", e);
- }
- }
- }
if (aStatus.qrCodeURL != null) {
this.state.showQR();
if ("cancel".equals(this.state.status.errorMessage))
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java
index 70d1c35e..ce08c575 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustHandler.java
@@ -21,8 +21,6 @@ import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
-import java.util.HashMap;
-import java.util.Map;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpStatus;
@@ -234,12 +232,7 @@ public class ATrustHandler extends MobileBKUHandler {
sessionID = MobileBKUHelper.extractSubstring(responseData, "signature.aspx?sid=", "\"");
viewState = MobileBKUHelper.extractValueFromTagWithParam(responseData, "", "id", "__VIEWSTATE", "value");
eventValidation = MobileBKUHelper.extractValueFromTagWithParam(responseData, "", "id", "__EVENTVALIDATION", "value");
- try {
- refVal = MobileBKUHelper.extractSubstring(responseData, "id='vergleichswert'><b>Vergleichswert:</b>", "</div>");
- } catch (Exception e) {
- refVal = null;
- log.debug("No reference value");
- }
+ refVal = MobileBKUHelper.extractSubstring(responseData, "id='vergleichswert'><b>Vergleichswert:</b>", "</div>");
signatureDataURL = status.baseURL + "/ShowSigobj.aspx" +
MobileBKUHelper.extractSubstring(responseData, "ShowSigobj.aspx", "'");
try {
@@ -265,27 +258,17 @@ public class ATrustHandler extends MobileBKUHandler {
}catch (Exception e) {
log.debug("No text_tan tag");
}
-
- status.fido2OptionAvailable = (responseDocument.selectFirst("#FidoButton") != null);
- {
- Element fidoBlock = responseDocument.selectFirst("#fidoBlock");
-
- if (fidoBlock != null) {
- Map<String,String> options = new HashMap<>();
- for (Element field : fidoBlock.select("input"))
- {
- if (!field.hasAttr("name"))
- continue;
- options.put(field.attr("name"), field.attr("value"));
- if ("credentialOptions".equals(field.attr("id")))
- status.fido2OptionsKey = field.attr("name");
- if ("credentialResult".equals(field.attr("id")))
- status.fido2ResultKey = field.attr("name");
- }
- log.info("Fido credential options: {}", options);
- status.fido2FormOptions = options;
- status.qrCodeURL = null;
- }
+ try {
+ String webauthnLink = MobileBKUHelper.extractValueFromTagWithParam(responseData, "a", "id", "FidoButton", "href");
+ log.info("Webauthn link: {}", webauthnLink);
+ } catch (Exception e) {
+ log.info("No webauthnLink");
+ }
+ try {
+ String webauthnData = MobileBKUHelper.extractValueFromTagWithParam(responseData, "input", "id", "credentialOptions", "value");
+ log.info("Fido credential options: {}", webauthnData);
+ } catch (Exception e) {
+ log.info("No webauthnData");
}
} else if (responseData.contains("sl:InfoboxReadResponse")) {
@@ -363,7 +346,6 @@ public class ATrustHandler extends MobileBKUHandler {
return executePost(client, post);
}
-
/* (non-Javadoc)
* @see at.asit.pdfover.gui.workflow.states.mobilebku.MobileBKUHandler#handleTANResponse(java.lang.String)
*/
@@ -425,40 +407,6 @@ public class ATrustHandler extends MobileBKUHandler {
}
/**
- * Cancel QR process, request FIDO2 authentication
- * @return the response
- * @throws IOException Error during posting
- */
-
- public String postFIDO2Request() throws IOException {
- ATrustStatus status = getStatus();
-
- MobileBKUHelper.registerTrustedSocketFactory();
- HttpClient client = MobileBKUHelper.getHttpClient(status);
- GetMethod get = new GetMethod(status.baseURL + "/usefido.aspx?sid=" + status.sessionID);
- get.getParams().setContentCharset("utf-8");
-
- return executeGet(client, get);
- }
-
- public String postFIDO2Result() throws IOException {
- ATrustStatus status = getStatus();
-
- MobileBKUHelper.registerTrustedSocketFactory();
- HttpClient client = MobileBKUHelper.getHttpClient(status);
-
- PostMethod post = new PostMethod(status.baseURL + "/signature.aspx?sid=" + status.sessionID);
- post.getParams().setContentCharset("utf-8");
- post.addParameter("__VIEWSTATE", status.viewState);
- post.addParameter("__VIEWSTATEGENERATOR", status.viewStateGenerator);
- post.addParameter("__EVENTVALIDATION", status.eventValidation);
- for (Map.Entry<String, String> entry : status.fido2FormOptions.entrySet())
- post.addParameter(entry.getKey(), entry.getValue());
-
- return executePost(client, post);
- }
-
- /**
* Get the QR code image
* @return the QR code image as a String
*/
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java
index 6258b4ce..b61b3a8b 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/bku/mobile/ATrustStatus.java
@@ -15,8 +15,6 @@
*/
package at.asit.pdfover.gui.bku.mobile;
-import java.util.Map;
-
// Imports
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,11 +47,6 @@ public class ATrustStatus extends MobileBKUStatus {
public String dynAttrSignButton;
public boolean isSMSTan = false;
- public boolean fido2OptionAvailable = false;
- public String fido2OptionsKey;
- public String fido2ResultKey;
- public Map<String,String> fido2FormOptions;
-
/**
* Constructor
* @param provider the ConfigProvider