| 1 | // Copyright (c) 2018, Yubico AB | |
| 2 | // All rights reserved. | |
| 3 | // | |
| 4 | // Redistribution and use in source and binary forms, with or without | |
| 5 | // modification, are permitted provided that the following conditions are met: | |
| 6 | // | |
| 7 | // 1. Redistributions of source code must retain the above copyright notice, this | |
| 8 | // list of conditions and the following disclaimer. | |
| 9 | // | |
| 10 | // 2. Redistributions in binary form must reproduce the above copyright notice, | |
| 11 | // this list of conditions and the following disclaimer in the documentation | |
| 12 | // and/or other materials provided with the distribution. | |
| 13 | // | |
| 14 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | |
| 15 | // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
| 16 | // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 17 | // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 18 | // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 19 | // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 20 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 21 | // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 22 | // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 23 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 24 | ||
| 25 | package com.yubico.webauthn.data; | |
| 26 | ||
| 27 | import com.fasterxml.jackson.annotation.JsonCreator; | |
| 28 | import com.fasterxml.jackson.core.JsonGenerator; | |
| 29 | import com.fasterxml.jackson.databind.JsonNode; | |
| 30 | import com.fasterxml.jackson.databind.SerializerProvider; | |
| 31 | import com.fasterxml.jackson.databind.annotation.JsonSerialize; | |
| 32 | import com.fasterxml.jackson.databind.node.ObjectNode; | |
| 33 | import com.yubico.internal.util.ExceptionUtil; | |
| 34 | import com.yubico.internal.util.JacksonCodecs; | |
| 35 | import com.yubico.webauthn.data.exception.Base64UrlException; | |
| 36 | import java.io.IOException; | |
| 37 | import java.util.Optional; | |
| 38 | import lombok.AccessLevel; | |
| 39 | import lombok.Getter; | |
| 40 | import lombok.NonNull; | |
| 41 | import lombok.Value; | |
| 42 | ||
| 43 | /** | |
| 44 | * The client data represents the contextual bindings of both the Relying Party and the client. | |
| 45 | * | |
| 46 | * @see <a | |
| 47 | * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dictdef-collectedclientdata">§5.10.1. | |
| 48 | * Client Data Used in WebAuthn Signatures (dictionary CollectedClientData) </a> | |
| 49 | */ | |
| 50 | @Value | |
| 51 | @JsonSerialize(using = CollectedClientData.JsonSerializer.class) | |
| 52 | public class CollectedClientData { | |
| 53 | ||
| 54 | /** The client data returned from the client. */ | |
| 55 | @NonNull | |
| 56 | @Getter(AccessLevel.NONE) | |
| 57 | private final ByteArray clientDataJson; | |
| 58 | ||
| 59 | @NonNull | |
| 60 | @Getter(AccessLevel.NONE) | |
| 61 | private final transient ObjectNode clientData; | |
| 62 | ||
| 63 | /** | |
| 64 | * The base64url encoding of the challenge provided by the Relying Party. See the <a | |
| 65 | * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-cryptographic-challenges">§13.1 | |
| 66 | * Cryptographic Challenges</a> security consideration. | |
| 67 | */ | |
| 68 | @NonNull private final transient ByteArray challenge; | |
| 69 | ||
| 70 | /** | |
| 71 | * The fully qualified origin of the requester, as provided to the authenticator by the client, in | |
| 72 | * the syntax defined by <a href="https://tools.ietf.org/html/rfc6454">RFC 6454</a>. | |
| 73 | */ | |
| 74 | @NonNull private final transient String origin; | |
| 75 | ||
| 76 | /** The type of the requested operation, set by the client. */ | |
| 77 | @NonNull private final transient String type; | |
| 78 | ||
| 79 | @JsonCreator | |
| 80 |
1
1. <init> : negated conditional → KILLED |
public CollectedClientData(@NonNull ByteArray clientDataJSON) |
| 81 | throws IOException, Base64UrlException { | |
| 82 | JsonNode clientData = JacksonCodecs.json().readTree(clientDataJSON.getBytes()); | |
| 83 | ||
| 84 |
2
1. <init> : negated conditional → KILLED 2. <init> : removed call to com/yubico/internal/util/ExceptionUtil::assertTrue → KILLED |
ExceptionUtil.assertTrue( |
| 85 |
1
1. <init> : negated conditional → KILLED |
clientData != null && clientData.isObject(), "Collected client data must be JSON object."); |
| 86 | ||
| 87 | this.clientDataJson = clientDataJSON; | |
| 88 | this.clientData = (ObjectNode) clientData; | |
| 89 | ||
| 90 | try { | |
| 91 | challenge = ByteArray.fromBase64Url(clientData.get("challenge").textValue()); | |
| 92 | } catch (NullPointerException e) { | |
| 93 | throw new IllegalArgumentException("Missing field: \"challenge\""); | |
| 94 | } catch (Base64UrlException e) { | |
| 95 | throw new Base64UrlException("Invalid \"challenge\" value", e); | |
| 96 | } | |
| 97 | ||
| 98 | try { | |
| 99 | origin = clientData.get("origin").textValue(); | |
| 100 | } catch (NullPointerException e) { | |
| 101 | throw new IllegalArgumentException("Missing field: \"origin\""); | |
| 102 | } | |
| 103 | ||
| 104 | try { | |
| 105 | type = clientData.get("type").textValue(); | |
| 106 | } catch (NullPointerException e) { | |
| 107 | throw new IllegalArgumentException("Missing field: \"type\""); | |
| 108 | } | |
| 109 | } | |
| 110 | ||
| 111 | /** | |
| 112 | * Information about the state of the <a href="https://tools.ietf.org/html/rfc8471">Token Binding | |
| 113 | * protocol</a> used when communicating with the Relying Party. Its absence indicates that the | |
| 114 | * client doesn't support token binding. | |
| 115 | */ | |
| 116 | public final Optional<TokenBindingInfo> getTokenBinding() { | |
| 117 |
1
1. getTokenBinding : replaced return value with Optional.empty for com/yubico/webauthn/data/CollectedClientData::getTokenBinding → KILLED |
return Optional.ofNullable(clientData.get("tokenBinding")) |
| 118 | .map( | |
| 119 | tb -> { | |
| 120 |
1
1. lambda$getTokenBinding$1 : negated conditional → KILLED |
if (tb.isObject()) { |
| 121 | String status = tb.get("status").textValue(); | |
| 122 |
1
1. lambda$getTokenBinding$1 : replaced return value with null for com/yubico/webauthn/data/CollectedClientData::lambda$getTokenBinding$1 → KILLED |
return new TokenBindingInfo( |
| 123 | TokenBindingStatus.fromJsonString(status), | |
| 124 | Optional.ofNullable(tb.get("id")) | |
| 125 | .map(JsonNode::textValue) | |
| 126 | .map( | |
| 127 | id -> { | |
| 128 | try { | |
| 129 |
1
1. lambda$getTokenBinding$0 : replaced return value with null for com/yubico/webauthn/data/CollectedClientData::lambda$getTokenBinding$0 → KILLED |
return ByteArray.fromBase64Url(id); |
| 130 | } catch (Base64UrlException e) { | |
| 131 | throw new IllegalArgumentException( | |
| 132 | "Property \"id\" is not valid Base64Url data", e); | |
| 133 | } | |
| 134 | })); | |
| 135 | } else { | |
| 136 | throw new IllegalArgumentException( | |
| 137 | "Property \"tokenBinding\" missing from client data."); | |
| 138 | } | |
| 139 | }); | |
| 140 | } | |
| 141 | ||
| 142 | static class JsonSerializer | |
| 143 | extends com.fasterxml.jackson.databind.JsonSerializer<CollectedClientData> { | |
| 144 | @Override | |
| 145 | public void serialize( | |
| 146 | CollectedClientData value, JsonGenerator gen, SerializerProvider serializers) | |
| 147 | throws IOException { | |
| 148 |
1
1. serialize : removed call to com/fasterxml/jackson/core/JsonGenerator::writeString → KILLED |
gen.writeString(value.clientDataJson.getBase64Url()); |
| 149 | } | |
| 150 | } | |
| 151 | } | |
Mutations | ||
| 80 |
1.1 |
|
| 84 |
1.1 2.2 |
|
| 85 |
1.1 |
|
| 117 |
1.1 |
|
| 120 |
1.1 |
|
| 122 |
1.1 |
|
| 129 |
1.1 |
|
| 148 |
1.1 |