Enable AppId extension in demo server

Author: emlun

webauthn-server-demo/src/main/java/demo/App.java

@@ -2,8 +2,8 @@
 
 import javax.ws.rs.core.Application;
 
+import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import demo.webauthn.WebAuthnRestResource;
-import java.net.MalformedURLException;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
@@ -19,9 +19,13 @@ public Set<Class<?>> getClasses() {
 
     @Override
     public Set<Object> getSingletons() {
-        return new HashSet<>(Arrays.asList(
-            new WebAuthnRestResource()
-        ));
+        try {
+            return new HashSet<>(Arrays.asList(
+                new WebAuthnRestResource()
+            ));
+        } catch (InvalidAppIdException e) {
+            throw new RuntimeException(e);
+        }
     }
 
 }

webauthn-server-demo/src/main/java/demo/webauthn/Config.java

@@ -1,6 +1,8 @@
 package demo.webauthn;
 
 import com.yubico.webauthn.data.RelyingPartyIdentity;
+import com.yubico.webauthn.extension.appid.AppId;
+import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Arrays;
@@ -22,20 +24,24 @@ public class Config {
     private final List<String> origins;
     private final int port;
     private final RelyingPartyIdentity rpIdentity;
+    private final Optional<AppId> appId;
 
-    private Config(List<String> origins, int port, RelyingPartyIdentity rpIdentity) {
+    private Config(List<String> origins, int port, RelyingPartyIdentity rpIdentity, Optional<AppId> appId) {
         this.origins = Collections.unmodifiableList(origins);
         this.port = port;
         this.rpIdentity = rpIdentity;
+        this.appId = appId;
     }
 
     private static Config instance;
     private static Config getInstance() {
         if (instance == null) {
             try {
-                instance = new Config(computeOrigins(), computePort(), computeRpIdentity());
+                instance = new Config(computeOrigins(), computePort(), computeRpIdentity(), computeAppId());
             } catch (MalformedURLException e) {
                 throw new RuntimeException(e);
+            } catch (InvalidAppIdException e) {
+                throw new RuntimeException(e);
             }
         }
         return instance;
@@ -53,6 +59,10 @@ public static RelyingPartyIdentity getRpIdentity() {
         return getInstance().rpIdentity;
     }
 
+    public static Optional<AppId> getAppId() {
+        return getInstance().appId;
+    }
+
     private static List<String> computeOrigins() {
         final String origins = System.getenv("YUBICO_WEBAUTHN_ALLOWED_ORIGINS");
 
@@ -113,4 +123,15 @@ private static RelyingPartyIdentity computeRpIdentity() throws MalformedURLExcep
         return result;
     }
 
+    private static Optional<AppId> computeAppId() throws InvalidAppIdException {
+        final String appId = System.getenv("YUBICO_WEBAUTHN_U2F_APPID");
+        logger.debug("U2F AppId: {}", appId);
+
+        if (appId == null) {
+            return Optional.empty();
+        } else {
+            return Optional.of(new AppId(appId));
+        }
+    }
+
 }

webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnRestResource.java

@@ -24,6 +24,7 @@
 import com.yubico.webauthn.data.ByteArray;
 import com.yubico.webauthn.data.exception.Base64UrlException;
 import com.yubico.internal.util.WebAuthnCodecs;
+import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import com.yubico.webauthn.meta.VersionInfo;
 import demo.webauthn.data.AssertionRequest;
 import demo.webauthn.data.RegistrationRequest;
@@ -47,7 +48,7 @@ public class WebAuthnRestResource {
     private final ObjectMapper jsonMapper = WebAuthnCodecs.json();
     private final JsonNodeFactory jsonFactory = JsonNodeFactory.instance;
 
-    public WebAuthnRestResource() {
+    public WebAuthnRestResource() throws InvalidAppIdException {
         this(new WebAuthnServer());
     }
 

webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java

@@ -8,6 +8,7 @@
 import com.google.common.io.CharStreams;
 import com.google.common.io.Closeables;
 import com.yubico.internal.util.CertificateParser;
+import com.yubico.internal.util.WebAuthnCodecs;
 import com.yubico.util.Either;
 import com.yubico.webauthn.ChallengeGenerator;
 import com.yubico.webauthn.FinishAssertionOptions;
@@ -16,7 +17,6 @@
 import com.yubico.webauthn.RelyingParty;
 import com.yubico.webauthn.StartAssertionOptions;
 import com.yubico.webauthn.StartRegistrationOptions;
-import com.yubico.internal.util.WebAuthnCodecs;
 import com.yubico.webauthn.attestation.MetadataResolver;
 import com.yubico.webauthn.attestation.MetadataService;
 import com.yubico.webauthn.attestation.StandardMetadataService;
@@ -32,6 +32,8 @@
 import com.yubico.webauthn.data.UserIdentity;
 import com.yubico.webauthn.exception.AssertionFailedException;
 import com.yubico.webauthn.exception.RegistrationFailedException;
+import com.yubico.webauthn.extension.appid.AppId;
+import com.yubico.webauthn.extension.appid.InvalidAppIdException;
 import demo.webauthn.data.AssertionRequest;
 import demo.webauthn.data.AssertionResponse;
 import demo.webauthn.data.CredentialRegistration;
@@ -78,11 +80,11 @@ public class WebAuthnServer {
 
     private final RelyingParty rp;
 
-    public WebAuthnServer() {
-        this(new InMemoryRegistrationStorage(), newCache(), newCache(), Config.getRpIdentity(), Config.getOrigins());
+    public WebAuthnServer() throws InvalidAppIdException {
+        this(new InMemoryRegistrationStorage(), newCache(), newCache(), Config.getRpIdentity(), Config.getOrigins(), Config.getAppId());
     }
 
-    public WebAuthnServer(RegistrationStorage userStorage, Cache<ByteArray, RegistrationRequest> registerRequestStorage, Cache<ByteArray, AssertionRequest> assertRequestStorage, RelyingPartyIdentity rpIdentity, List<String> origins) {
+    public WebAuthnServer(RegistrationStorage userStorage, Cache<ByteArray, RegistrationRequest> registerRequestStorage, Cache<ByteArray, AssertionRequest> assertRequestStorage, RelyingPartyIdentity rpIdentity, List<String> origins, Optional<AppId> appId) throws InvalidAppIdException {
         this.userStorage = userStorage;
         this.registerRequestStorage = registerRequestStorage;
         this.assertRequestStorage = assertRequestStorage;
@@ -99,6 +101,7 @@ public WebAuthnServer(RegistrationStorage userStorage, Cache<ByteArray, Registra
             .allowUntrustedAttestation(true)
             .validateSignatureCounter(true)
             .validateTypeAttribute(false)
+            .appId(appId)
             .build();
     }
 

webauthn-server-demo/src/test/scala/demo/webauthn/WebAuthnServerSpec.scala

@@ -22,6 +22,7 @@ import com.yubico.webauthn.data.PublicKeyCredentialDescriptor
 import com.yubico.webauthn.data.AttestationType
 import com.yubico.webauthn.data.CollectedClientData
 import com.yubico.webauthn.data.ByteArray
+import com.yubico.webauthn.extension.appid.AppId
 import demo.webauthn.data.CredentialRegistration
 import demo.webauthn.data.RegistrationRequest
 import demo.webauthn.data.RegistrationResponse
@@ -47,6 +48,7 @@ class WebAuthnServerSpec extends FunSpec with Matchers {
   private val requestId = ByteArray.fromBase64Url("request1")
   private val rpId = RelyingPartyIdentity.builder().id("localhost").name("Test party").build()
   private val origins = List("localhost").asJava
+  private val appId = Optional.empty[AppId]
 
   describe("WebAuthnServer") {
 
@@ -143,7 +145,7 @@ class WebAuthnServerSpec extends FunSpec with Matchers {
           .build()
         ).asJava)
 
-        new WebAuthnServer(userStorage, newCache(), assertionRequests, rpId, origins)
+        new WebAuthnServer(userStorage, newCache(), assertionRequests, rpId, origins, appId)
       }
     }
 
@@ -154,7 +156,7 @@ class WebAuthnServerSpec extends FunSpec with Matchers {
   private def newServerWithUser(testData: RegistrationTestData) = {
     val userStorage: RegistrationStorage = makeUserStorage(testData)
 
-    new WebAuthnServer(userStorage, newCache(), newCache(), rpId, origins)
+    new WebAuthnServer(userStorage, newCache(), newCache(), rpId, origins, appId)
   }
 
   private def makeUserStorage(testData: RegistrationTestData) = {
@@ -197,7 +199,7 @@ class WebAuthnServerSpec extends FunSpec with Matchers {
       testData.request
     ))
 
-    new WebAuthnServer(new InMemoryRegistrationStorage, registrationRequests, newCache(), rpId, origins)
+    new WebAuthnServer(new InMemoryRegistrationStorage, registrationRequests, newCache(), rpId, origins, appId)
   }
 
   private def newCache[K <: Object, V <: Object](): Cache[K, V] =