From 0fea95a181811de2f592debcec5af76f9adda5b2 Mon Sep 17 00:00:00 2001 From: Madhumita Subramaniam Date: Tue, 8 Nov 2022 22:51:33 +0530 Subject: [PATCH] fix(jans-fido2): #1120 (#2928) * fix: #1120 * fix(jans-fido2): minor #2928 --- jans-fido2/client/pom.xml | 4 ++++ jans-fido2/pom.xml | 1 - jans-fido2/server/pom.xml | 9 ++++++++- .../fido2/exception/AttestationException.java | 9 +++++++++ .../fido2/exception/Fido2CompromisedDevice.java | 12 +++++++++++- .../Fido2MissingAttestationCertException.java | 4 ++++ .../fido2/exception/Fido2RpRuntimeException.java | 4 ++++ .../fido2/exception/Fido2RuntimeException.java | 4 ++++ .../java/io/jans/fido2/model/auth/AuthData.java | 1 + .../model/auth/PublicKeyCredentialDescriptor.java | 1 + .../jans/fido2/model/cert/CertificateHolder.java | 2 ++ .../io/jans/fido2/model/error/Fido2RPError.java | 4 ++++ .../mds/AuthenticatorCertificationStatus.java | 5 ++++- .../fido2/service/AuthenticatorDataParser.java | 5 +++++ .../java/io/jans/fido2/service/Base64Service.java | 2 ++ .../io/jans/fido2/service/CertificateService.java | 2 ++ .../io/jans/fido2/service/ChallengeGenerator.java | 4 ++++ .../java/io/jans/fido2/service/CoseService.java | 4 ++++ .../io/jans/fido2/service/DataMapperService.java | 1 + .../io/jans/fido2/service/app/AppInitializer.java | 2 ++ .../jans/fido2/service/app/MDS3UpdateTimer.java | 1 + .../jans/fido2/service/mds/LocalMdsService.java | 4 ++++ .../io/jans/fido2/service/mds/TocService.java | 4 ++++ .../fido2/service/operation/AssertionService.java | 3 +++ .../service/operation/AttestationService.java | 1 + .../persist/AuthenticationPersistenceService.java | 2 ++ .../persist/RegistrationPersistenceService.java | 1 + .../assertion/AppleAssertionFormatProcessor.java | 15 ++++++++++++--- .../assertion/AssertionProcessorFactory.java | 4 ++++ .../assertion/PackedAssertionFormatProcessor.java | 4 ++++ .../assertion/U2FAssertionFormatProcessor.java | 4 ++++ .../AndroidKeyAttestationProcessor.java | 4 ++++ .../AndroidSafetyNetAttestationProcessor.java | 4 ++++ .../attestation/AppleAttestationProcessor.java | 4 ++-- .../attestation/AttestationProcessorFactory.java | 7 +++++++ .../attestation/NoneAttestationProcessor.java | 15 +++++++++++++++ .../attestation/PackedAttestationProcessor.java | 4 ++++ .../processor/attestation/TPMProcessor.java | 4 ++++ .../attestation/U2FAttestationProcessor.java | 4 ++++ .../processors/AssertionFormatProcessor.java | 4 ++++ .../processors/AttestationFormatProcessor.java | 4 ++++ .../fido2/service/shared/OrganizationService.java | 4 ++++ .../ws/rs/controller/AssertionController.java | 1 + .../ws/rs/controller/AttestationController.java | 1 + 44 files changed, 174 insertions(+), 9 deletions(-) diff --git a/jans-fido2/client/pom.xml b/jans-fido2/client/pom.xml index bfb414337d3..5523b2f3c7b 100644 --- a/jans-fido2/client/pom.xml +++ b/jans-fido2/client/pom.xml @@ -61,6 +61,10 @@ maven-project-info-reports-plugin 2.2 + + org.apache.maven.plugins + maven-javadoc-plugin + diff --git a/jans-fido2/pom.xml b/jans-fido2/pom.xml index df7af1deb9a..46cd11b8cc1 100644 --- a/jans-fido2/pom.xml +++ b/jans-fido2/pom.xml @@ -168,5 +168,4 @@ - \ No newline at end of file diff --git a/jans-fido2/server/pom.xml b/jans-fido2/server/pom.xml index 595d39e90a6..17767c4fb95 100644 --- a/jans-fido2/server/pom.xml +++ b/jans-fido2/server/pom.xml @@ -150,5 +150,12 @@ 2.0.1 - + + + + org.apache.maven.plugins + maven-javadoc-plugin + + + \ No newline at end of file diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/exception/AttestationException.java b/jans-fido2/server/src/main/java/io/jans/fido2/exception/AttestationException.java index 6c0954c8049..3f60dd429c2 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/exception/AttestationException.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/exception/AttestationException.java @@ -1,7 +1,16 @@ package io.jans.fido2.exception; +/** + * Exception Class for Attestation related exceptions. + * Extended from Fido2RuntimeException + * + */ public class AttestationException extends Fido2RuntimeException{ + /** + * Constructor for AttestationException + * @param errorMessage String containing error message + */ public AttestationException(String errorMessage) { super(errorMessage); } diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2CompromisedDevice.java b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2CompromisedDevice.java index 9201a902b88..cd0d6483c54 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2CompromisedDevice.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2CompromisedDevice.java @@ -6,13 +6,23 @@ package io.jans.fido2.exception; +/** + * RuntimeException Class for Fido2CompromisedDevice + * Extends RuntimeException + * + */ public class Fido2CompromisedDevice extends RuntimeException { private static final long serialVersionUID = -318563205092295773L; + /** + * Constructor for Fido2CompromisedDevice + * @param message String: the detailed message + * @param cause Throwable: the cause + */ public Fido2CompromisedDevice(String message, Throwable cause) { super(message, cause); - } + } public Fido2CompromisedDevice(String message) { super(message); diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2MissingAttestationCertException.java b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2MissingAttestationCertException.java index 2435c317f22..c5050d3fa8c 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2MissingAttestationCertException.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2MissingAttestationCertException.java @@ -6,6 +6,10 @@ package io.jans.fido2.exception; +/** + * Missing attestation certificate Exception + * + */ public class Fido2MissingAttestationCertException extends Fido2RuntimeException { private static final long serialVersionUID = 9114154955909766262L; diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RpRuntimeException.java b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RpRuntimeException.java index 1f4bbe73892..055cf5c45a6 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RpRuntimeException.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RpRuntimeException.java @@ -8,6 +8,10 @@ import io.jans.fido2.model.error.Fido2RPError; +/** + * Class for Fido2RpRuntimeException + * + */ public class Fido2RpRuntimeException extends RuntimeException { private static final long serialVersionUID = -518563205092295773L; diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RuntimeException.java b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RuntimeException.java index 85c27b652d9..98b110a895a 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RuntimeException.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/exception/Fido2RuntimeException.java @@ -8,6 +8,10 @@ import io.jans.fido2.model.error.Fido2RPError; +/** + * Parent class of all FIDO2 RuntimeExceptions + * + */ public class Fido2RuntimeException extends RuntimeException { private static final long serialVersionUID = -118563205092295773L; diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/AuthData.java b/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/AuthData.java index 868892f3aad..e2d97bcfa77 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/AuthData.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/AuthData.java @@ -19,6 +19,7 @@ package io.jans.fido2.model.auth; /** + * authData structure from https://www.w3.org/TR/webauthn/#authenticator-data * @author Yuriy Movchan * @version March 9, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/PublicKeyCredentialDescriptor.java b/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/PublicKeyCredentialDescriptor.java index 9b7341de0d1..26184eaafca 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/PublicKeyCredentialDescriptor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/model/auth/PublicKeyCredentialDescriptor.java @@ -10,6 +10,7 @@ import com.fasterxml.jackson.annotation.JsonInclude; /** + * PublicKeyCredentialDescriptor - https://www.w3.org/TR/webauthn-2/#enum-credentialType * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/model/cert/CertificateHolder.java b/jans-fido2/server/src/main/java/io/jans/fido2/model/cert/CertificateHolder.java index 287d680aee9..e8e2934a59f 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/model/cert/CertificateHolder.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/model/cert/CertificateHolder.java @@ -9,6 +9,8 @@ import java.security.cert.Certificate; /** + * A holding class for certificate + * * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/model/error/Fido2RPError.java b/jans-fido2/server/src/main/java/io/jans/fido2/model/error/Fido2RPError.java index 751c2a30e4d..3a365b8959f 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/model/error/Fido2RPError.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/model/error/Fido2RPError.java @@ -18,6 +18,10 @@ package io.jans.fido2.model.error; +/** + * Error class for FIDO2 RP Errors + * + */ public class Fido2RPError { private final String status; diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/model/mds/AuthenticatorCertificationStatus.java b/jans-fido2/server/src/main/java/io/jans/fido2/model/mds/AuthenticatorCertificationStatus.java index bb7017a4415..6c0f16ddbba 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/model/mds/AuthenticatorCertificationStatus.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/model/mds/AuthenticatorCertificationStatus.java @@ -6,7 +6,10 @@ package io.jans.fido2.model.mds; -// https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-service-v2.0-rd-20180702.html +/** + * This enumeration describes the status of an authenticator model as identified by its AAID and potentially some additional information (such as a specific attestation key). -https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-metadata-service-v2.0-rd-20180702.html + * + */ public enum AuthenticatorCertificationStatus { NOT_FIDO_CERTIFIED, FIDO_CERTIFIED, USER_VERIFICATION_BYPASS, ATTESTATION_KEY_COMPROMISE, USER_KEY_REMOTE_COMPROMISE, USER_KEY_PHYSICAL_COMPROMISE, UPDATE_AVAILABLE, REVOKED, SELF_ASSERTION_SUBMITTED, FIDO_CERTIFIED_L1, FIDO_CERTIFIED_L1plus, FIDO_CERTIFIED_L2, FIDO_CERTIFIED_L2plus, FIDO_CERTIFIED_L3, FIDO_CERTIFIED_L3plus diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/AuthenticatorDataParser.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/AuthenticatorDataParser.java index 3891a9cca2f..b379d641695 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/AuthenticatorDataParser.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/AuthenticatorDataParser.java @@ -40,6 +40,11 @@ * @author Yuriy Movchan * @version March 9, 2020 */ +/** + * authData — a raw buffer struct containing user info. + * Parser for authData or authenticatorData + * + */ @ApplicationScoped public class AuthenticatorDataParser { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/Base64Service.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/Base64Service.java index 488b35180c0..ab9d8801c2d 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/Base64Service.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/Base64Service.java @@ -17,9 +17,11 @@ import org.slf4j.Logger; /** + * Utility methods for base64 encoding / decoding * @author Yuriy Movchan * @version May 08, 2020 */ + @ApplicationScoped public class Base64Service { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/CertificateService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/CertificateService.java index 22a91b25d3f..4f422c5237a 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/CertificateService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/CertificateService.java @@ -35,9 +35,11 @@ import org.slf4j.Logger; /** + * Utiltiy class for Certificate related operations * @author Yuriy Movchan * @version May 08, 2020 */ + @ApplicationScoped public class CertificateService { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/ChallengeGenerator.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/ChallengeGenerator.java index c28e02a7702..da56677137c 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/ChallengeGenerator.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/ChallengeGenerator.java @@ -23,6 +23,10 @@ import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; +/** + * Challenge generator class + * + */ @ApplicationScoped public class ChallengeGenerator { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/CoseService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/CoseService.java index 2f4b5937cda..a9289cdc136 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/CoseService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/CoseService.java @@ -52,6 +52,10 @@ import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; +/** + * Utility classes for COSE key structure. + * + */ @ApplicationScoped public class CoseService { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/DataMapperService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/DataMapperService.java index 7b359dc382d..aa7df988bb2 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/DataMapperService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/DataMapperService.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.dataformat.cbor.CBORParser; /** + * Conversions to/from JSON format and to/from CBOR format * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java index 5a79d79de80..274f425a1b9 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java @@ -47,6 +47,8 @@ import java.util.Properties; /** + * + * FIDO2 server initializer * @author Yuriy MOvchan * @version May 12, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/MDS3UpdateTimer.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/MDS3UpdateTimer.java index 10a71c1a3ab..caff39300ba 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/MDS3UpdateTimer.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/MDS3UpdateTimer.java @@ -25,6 +25,7 @@ import org.slf4j.Logger; /** + * Class that periodically updates the mds3 blob in the FIDO2 server * @author madhumitas * */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/LocalMdsService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/LocalMdsService.java index 2ccc708b50f..69f020af9c5 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/LocalMdsService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/LocalMdsService.java @@ -31,6 +31,10 @@ import com.fasterxml.jackson.databind.JsonNode; /** + * The FIDO2 server has a local database of authenticator data in json format. + * It is parsed before MDS blob is looked up. This data has to be obtained from + * the vendor and placed in the local folder for metadata + * * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/TocService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/TocService.java index 9102016be96..6a156260662 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/TocService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/mds/TocService.java @@ -57,6 +57,10 @@ import com.nimbusds.jose.crypto.ECDSAVerifier; import com.nimbusds.jose.crypto.RSASSAVerifier; +/** + * TOC is parsed and Hashmap containing JSON object of individual Authenticators is created. + * + */ @ApplicationScoped public class TocService { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java index aaa05212c81..da6ad8fcd13 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java @@ -46,9 +46,12 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** + * Core offering by the FIDO2 server, assertion is invoked upon authentication + * * @author Yuriy Movchan * @version May 08, 2020 */ + @ApplicationScoped public class AssertionService { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java index ab10af982cf..6e08e192f56 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java @@ -41,6 +41,7 @@ import com.fasterxml.jackson.databind.node.ObjectNode; /** + * Core offering by the FIDO2 server, attestation is invoked upon enrollment * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java index 5b261c9b888..01af2919887 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java @@ -34,6 +34,8 @@ import org.slf4j.Logger; /** + * Every authentication is persisted under Person Entry + * * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java index 54dbc56d62b..931a3459189 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java @@ -37,6 +37,7 @@ import org.slf4j.Logger; /** + * Every registration is persisted under Person Entry * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AppleAssertionFormatProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AppleAssertionFormatProcessor.java index 8b58e0b3b27..89428afb496 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AppleAssertionFormatProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AppleAssertionFormatProcessor.java @@ -40,6 +40,14 @@ import io.jans.fido2.service.verifier.CommonVerifiers; import io.jans.fido2.service.verifier.UserVerificationVerifier; +/** + * Processor class for Assertions from Apple Platform authenticator - reference + * - + * https://medium.com/webauthnworks/webauthn-fido2-verifying-apple-anonymous-attestation-5eaff334c849 + * + * @author madhumitas + * + */ @ApplicationScoped public class AppleAssertionFormatProcessor implements AssertionFormatProcessor { @@ -73,13 +81,14 @@ public AttestationFormat getAttestationFormat() { } @Override - public void process(String base64AuthenticatorData, String signature, String clientDataJson, Fido2RegistrationData registration, - Fido2AuthenticationData authenticationEntity) { + public void process(String base64AuthenticatorData, String signature, String clientDataJson, + Fido2RegistrationData registration, Fido2AuthenticationData authenticationEntity) { AuthData authData = authenticatorDataParser.parseAssertionData(base64AuthenticatorData); commonVerifiers.verifyRpIdHash(authData, registration.getDomain()); log.info("User verification option {}", authenticationEntity.getUserVerificationOption()); - userVerificationVerifier.verifyUserVerificationOption(authenticationEntity.getUserVerificationOption(), authData); + userVerificationVerifier.verifyUserVerificationOption(authenticationEntity.getUserVerificationOption(), + authData); byte[] clientDataHash = DigestUtils.getSha256Digest().digest(base64Service.urlDecode(clientDataJson)); diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AssertionProcessorFactory.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AssertionProcessorFactory.java index f3956d043f3..34fc36acedc 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AssertionProcessorFactory.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/AssertionProcessorFactory.java @@ -30,6 +30,10 @@ import io.jans.fido2.exception.Fido2RuntimeException; import io.jans.fido2.service.processors.AssertionFormatProcessor; +/** + * Factory Class that returns Processor based on the attestationType value in Fido2RegistrationData + * + */ @ApplicationScoped public class AssertionProcessorFactory { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/PackedAssertionFormatProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/PackedAssertionFormatProcessor.java index 7e2e2a577e7..5e46633c682 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/PackedAssertionFormatProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/PackedAssertionFormatProcessor.java @@ -44,6 +44,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Class which processes assertions of "packed" fmt (attestation type) + * + */ @ApplicationScoped public class PackedAssertionFormatProcessor implements AssertionFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/U2FAssertionFormatProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/U2FAssertionFormatProcessor.java index e75d61904c0..0371850d76e 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/U2FAssertionFormatProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/assertion/U2FAssertionFormatProcessor.java @@ -42,6 +42,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Class which processes assertions of "fido2-u2f" fmt (attestation type) + * + */ @ApplicationScoped public class U2FAssertionFormatProcessor implements AssertionFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidKeyAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidKeyAttestationProcessor.java index c6b1695ab73..8e3bcf58f9b 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidKeyAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidKeyAttestationProcessor.java @@ -46,6 +46,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Attestation processor for attestations of fmt = android-key + * + */ @ApplicationScoped public class AndroidKeyAttestationProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidSafetyNetAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidSafetyNetAttestationProcessor.java index 14b394f7250..74d67e00731 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidSafetyNetAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AndroidSafetyNetAttestationProcessor.java @@ -44,6 +44,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Attestation processor for attestations of fmt = android-safetynet + * + */ @ApplicationScoped public class AndroidSafetyNetAttestationProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AppleAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AppleAttestationProcessor.java index a1d92246c63..8c380682e90 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AppleAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AppleAttestationProcessor.java @@ -38,7 +38,7 @@ import io.jans.fido2.service.verifier.UserVerificationVerifier; /** - * For Apple's anonymous attestation + * For Apple's anonymous attestation fmt="apple" * * @author madhumitas * @@ -92,7 +92,7 @@ public void process(JsonNode attStmt, AuthData authData, Fido2RegistrationData c CredAndCounterData credIdAndCounters) { log.info("AttStmt: " + attStmt.asText()); - // Check attStmt and it contains ā€œx5cā€ then its a FULL attestation. + // Check attStmt and it contains "x5c" then its a FULL attestation. if (attStmt.hasNonNull("x5c")) { // 1. Verify |x5c| is a valid certificate chain starting from the |credCert| diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AttestationProcessorFactory.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AttestationProcessorFactory.java index 57718987e30..43e5a011a66 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AttestationProcessorFactory.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/AttestationProcessorFactory.java @@ -35,6 +35,13 @@ import io.jans.fido2.exception.Fido2RuntimeException; import io.jans.fido2.service.processors.AttestationFormatProcessor; +/** + * The attestationObject contains base64url encoded buffer of CBOR encoded + * attestation object. When parsed, the "fmt" value contains the attestation + * format. + * AttestationProcessorFactory - Factory Class that returns Processor based on the fmt + * + */ @ApplicationScoped public class AttestationProcessorFactory { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/NoneAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/NoneAttestationProcessor.java index b3fe78120b4..fb4b9b99237 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/NoneAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/NoneAttestationProcessor.java @@ -31,6 +31,21 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Attestation processor for attestations of fmt = none One of the attestation + * formats called 'none'. When you getting it, that means two things: + * + * 1. You really don't need attestation, and so you are deliberately ignoring + * it. + * + * 2. You forgot to set attestation flag to 'direct' when making credential. + * + * If you are getting attestation with fmt set to none, then no attestation + * is provided, and you don't have anything to verify. Simply extract user + * relevant information as specified below and save it to the database. + * + * + */ @ApplicationScoped public class NoneAttestationProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/PackedAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/PackedAttestationProcessor.java index 425622daf57..4f0152b5896 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/PackedAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/PackedAttestationProcessor.java @@ -47,6 +47,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Attestation processor for attestations of fmt = packed + * + */ @ApplicationScoped public class PackedAttestationProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/TPMProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/TPMProcessor.java index 69053203c4d..b2d8965d5da 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/TPMProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/TPMProcessor.java @@ -59,6 +59,10 @@ import tss.tpm.TPMT_PUBLIC; import tss.tpm.TPM_GENERATED; +/** + * Attestation processor for attestations of fmt = tpm + * + */ @ApplicationScoped public class TPMProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java index 7d5ed8d1470..b3bdab9b405 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java @@ -47,6 +47,10 @@ import com.fasterxml.jackson.databind.JsonNode; +/** + * Attestation processor for attestations of fmt =fido-u2f + * + */ @ApplicationScoped public class U2FAttestationProcessor implements AttestationFormatProcessor { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AssertionFormatProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AssertionFormatProcessor.java index 94645fcd14a..94c8a1794f0 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AssertionFormatProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AssertionFormatProcessor.java @@ -22,6 +22,10 @@ import io.jans.fido2.model.entry.Fido2AuthenticationData; import io.jans.orm.model.fido2.Fido2RegistrationData; +/** + * Interface class for AssertionFormatProcessor + * + */ public interface AssertionFormatProcessor { AttestationFormat getAttestationFormat(); diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AttestationFormatProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AttestationFormatProcessor.java index 8e83605f0eb..a8054fdfa09 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AttestationFormatProcessor.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processors/AttestationFormatProcessor.java @@ -25,6 +25,10 @@ import com.fasterxml.jackson.databind.JsonNode; import io.jans.orm.model.fido2.Fido2RegistrationData; +/** + * Interface class for AttestationFormatProcessor + * + */ public interface AttestationFormatProcessor { AttestationFormat getAttestationFormat(); diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/shared/OrganizationService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/shared/OrganizationService.java index 849116a4212..340bc765bb2 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/shared/OrganizationService.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/shared/OrganizationService.java @@ -13,6 +13,10 @@ import io.jans.fido2.model.conf.AppConfiguration; import io.jans.model.ApplicationType; +/** + * Obtain Organization Info + * + */ @ApplicationScoped @Named("organizationService") public class OrganizationService extends io.jans.as.common.service.OrganizationService { diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java index b138c6d06e2..5ccd6b86000 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AssertionController.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.JsonNode; /** + * serves request for /assertion endpoint exposed by FIDO2 sever * @author Yuriy Movchan * @version May 08, 2020 */ diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java index 672fe89b04d..6967b9a9515 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/ws/rs/controller/AttestationController.java @@ -26,6 +26,7 @@ import com.fasterxml.jackson.databind.JsonNode; /** + * serves request for /attestation endpoint exposed by FIDO2 sever * @author Yuriy Movchan * @version May 08, 2020 */