public RegisterRequest startRegistration(String appId, byte[] challenge) { return new RegisterRequest(Base64Util.base64urlencode(challenge), appId); }
public DeviceRegistration(String keyHandle, String publicKey, X509Certificate attestationCert, long counter) throws BadInputException { this.keyHandle = keyHandle; try { String attestationCertDecoded = Base64Util.base64urlencode(attestationCert.getEncoded()); this.deviceRegistrationConfiguration = new DeviceRegistrationConfiguration(publicKey, attestationCertDecoded); } catch (CertificateEncodingException e) { throw new BadInputException("Malformed attestation certificate", e); } this.counter = counter; }
private void storeLogoutParametersInSession(SessionId sessionId) throws JsonGenerationException, JsonMappingException, IOException { Map<String, String> sessionAttributes = sessionId.getSessionAttributes(); LogoutParameters logoutParameters = new LogoutParameters(idTokenHint, postLogoutRedirectUri); String logoutParametersJson = jsonService.objectToJson(logoutParameters); String logoutParametersBase64 = Base64Util.base64urlencode(logoutParametersJson.getBytes(Util.UTF8_STRING_ENCODING)); sessionAttributes.put(EXTERNAL_LOGOUT, Boolean.toString(true)); sessionAttributes.put(EXTERNAL_LOGOUT_DATA, logoutParametersBase64); sessionIdService.updateSessionId(sessionId); }
public DeviceRegistration createDevice(RawRegisterResponse rawRegisterResponse) throws BadInputException { return new DeviceRegistration(Base64Util.base64urlencode(rawRegisterResponse.getKeyHandle()), Base64Util.base64urlencode(rawRegisterResponse .getUserPublicKey()), rawRegisterResponse.getAttestationCertificate(), INITIAL_DEVICE_COUNTER_VALUE); }
public String getEncodedJwt(JSONObject jwks) throws Exception { String encodedJwt = null; if (cryptoProvider == null) { throw new Exception("The Crypto Provider cannot be null."); } JSONObject headerJsonObject = headerToJSONObject(); JSONObject payloadJsonObject = getClaims(); String headerString = headerJsonObject.toString(); String payloadString = payloadJsonObject.toString(); String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING)); String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING)); String signingInput = encodedHeader + "." + encodedPayload; String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm); encodedJwt = encodedHeader + "." + encodedPayload + "." + encodedSignature; return encodedJwt; }
@Override public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception { RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey(); Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC"); signature.initSign(privateKey); signature.update(signingInput.getBytes()); return Base64Util.base64urlencode(signature.sign()); }
@Test public void testSecureClickRawAuthenticationResponse() { String secureClickResponseHex = "01010000 001a3044 0220652a 4248527f 805a6203 a903e820 20d9d871 3966614b f41b93c9 02c83a9f c56f0220 230283f9 8305f889 d379278b 5fde2e2f d3e68182 08dfff75 3e218b74 a6e56306"; byte[] secureClickResponseBytes = Hex.decode(secureClickResponseHex); // Base64 URL encode to allow consume by API String u2fResponseBase64 = Base64Util.base64urlencode(secureClickResponseBytes); RawAuthenticateResponse rawAuthenticateResponse = rawAuthenticationService.parseRawAuthenticateResponse(u2fResponseBase64); assertNotNull(rawAuthenticateResponse); }
public AuthenticateRequest startAuthentication(String appId, DeviceRegistration device, byte[] challenge) throws DeviceCompromisedException { if (device.isCompromised()) { throw new DeviceCompromisedException(device, "Device has been marked as compromised, cannot authenticate"); } return new AuthenticateRequest(Base64Util.base64urlencode(challenge), appId, device.getKeyHandle()); }
byte[] lefMostHalf = new byte[digest.length / 2]; System.arraycopy(digest, 0, lefMostHalf, 0, lefMostHalf.length); hash = Base64Util.base64urlencode(lefMostHalf);
} else { String keyHandleWithoutPading = Base64Util.base64urlencode(Base64Util.base64urldecode(keyHandle));
requestJwt = entity; } else { String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(entity)); if (StringUtils.equals(reqUriHash, hash)) { requestJwt = entity;
String encodedHeader = Base64Util.base64urlencode(header.getBytes(Util.UTF8_STRING_ENCODING)); String encodedClaims = Base64Util.base64urlencode(claims.getBytes(Util.UTF8_STRING_ENCODING)); String headerString = headerJsonObject.toString(); String payloadString = payloadJsonObject.toString(); String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING)); String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING)); String signingInput = encodedHeader + "." + encodedPayload; String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
String encodedHeader = Base64Util.base64urlencode(header.getBytes(Util.UTF8_STRING_ENCODING)); String encodedClaims = Base64Util.base64urlencode(claims.getBytes(Util.UTF8_STRING_ENCODING)); String headerString = headerJsonObject.toString(); String payloadString = payloadJsonObject.toString(); String encodedHeader = Base64Util.base64urlencode(headerString.getBytes(Util.UTF8_STRING_ENCODING)); String encodedPayload = Base64Util.base64urlencode(payloadString.getBytes(Util.UTF8_STRING_ENCODING)); String signingInput = encodedHeader + "." + encodedPayload; String encodedSignature = cryptoProvider.sign(signingInput, keyId, sharedKey, signatureAlgorithm);
@Test public void testSecureClickRawRegistrationResponse() { String secureClickResponseHex = "83028b0504437390db40c114e3876bda46b3d5094821b396f8d56a08898b9af79ef98d119edc3dea4ee3459570dfa1886ef85114ad4ac1ffcd0cc3ddc576321273738c9dbb50b9c513cc01f03d6334eb01c6e6e951832556015a1057ace235d41b965fc9feba729678c707d7dc0b5fcecad7dd18b338d834649a750a6fb2ed89292f8183193fcd24341931431a09e00b745cb8523b84308201ac30820153a0030201020204782a0eb9300a06082a8648ce3d0403023046311c301a060355040a1313564153434f2044617461205365637572697479312630240603550403131d564153434f20444947495041535320536563757265436c69636b204341301e170d3136303232323038333930305a170d3431303232323038333930305a3053311c301a060355040a1313564153434f2044617461205365637572697479313330310603550403132a564153434f20444947495041535320536563757265436c69636b204174746573746174696f6e204b65793059301306072a8648ce3d020106082a8648ce3d030107034200044612a220e578b34f6a891e23d65a9e896498011ea9be3029bccf1a8fca465b176697af67e0d912386d4844df233c01e014bad9de9b3932614e65d94c21bfcc83a322302030090603551d13040230003013060b2b0601040182e51c020101040403020560300a06082a8648ce3d04030203470030440220395e8b68c043a77c8fdc4c6ef9b1194d393b694ce5bf616ae944b0cb1c7bcc60022011ccd27a799710e4fe5b0a64c0cff32feff505f79dc43d4753087937c317b105304402202831ab846ac0d61001e3a884077a8e8dc04c99d87f7cb6a5c8880113e5b82e0302201fb3a62fd44847fbc7e422a0d125eb34d67419098a46a6ed3285db986c6c01d89000"; byte[] secureClickResponseBytes = Hex.decode(secureClickResponseHex); // Skip first 3 and last 2 bytes // 0x83h - U2F message type // 0x028bh - Length of whole message byte[] u2fClickResponseBytes = new byte[secureClickResponseBytes.length - 3 - 2]; System.arraycopy(secureClickResponseBytes, 3, u2fClickResponseBytes, 0, u2fClickResponseBytes.length); // Base64 URL encode to allow consume by API String u2fResponseBase64 = Base64Util.base64urlencode(u2fClickResponseBytes); RawRegisterResponse rawRegisterResponse = rawRegistrationService.parseRawRegisterResponse(u2fResponseBase64); assertNotNull(rawRegisterResponse.getUserPublicKey()); assertEquals(rawRegisterResponse.getKeyHandle().length, 80); // Check attestation certificate assertNotNull(rawRegisterResponse.getAttestationCertificate()); assertEquals(rawRegisterResponse.getAttestationCertificate().getSigAlgName(), "SHA256WITHECDSA"); assertEquals(rawRegisterResponse.getAttestationCertificate().getSubjectDN().getName(), "O=VASCO Data Security,CN=VASCO DIGIPASS SecureClick Attestation Key"); assertEquals(rawRegisterResponse.getSignature().length, 70); }
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(authJwt)); String fileName = UUID.randomUUID().toString() + ".txt"; String filePath = requestFileBasePath + File.separator + fileName;
validRequestUri = true; } else { String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(request)); validRequestUri = StringUtils.equals(reqUriHash, hash);
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(authJwt)); String fileName = UUID.randomUUID().toString() + ".txt"; String filePath = requestFileBasePath + File.separator + fileName;
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400); String authJwt = jwtAuthorizationRequest.getEncodedJwt(); String hash = Base64Util.base64urlencode(JwtUtil.getMessageDigestSHA256(authJwt)); String fileName = UUID.randomUUID().toString() + ".txt"; String filePath = requestFileBasePath + File.separator + fileName;
.keyID(senderJWK.getKeyID()) .build(), new Payload(Base64Util.base64urlencode(PAYLOAD.getBytes(Charsets.UTF_8))));