Fix demo registration failure when authenticator extensions are present

emlun · emlun · commit e371103fd380 · 2023-06-21T18:46:01.000+02:00
diff --git a/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java b/webauthn-server-demo/src/main/java/demo/webauthn/WebAuthnServer.java
@@ -647,7 +647,17 @@ public void serialize(
                   throw new RuntimeException(e);
                 }
               });
-      gen.writeObjectField("extensions", value.getExtensions());
+      value
+          .getExtensions()
+          .ifPresent(
+              extensions -> {
+                try {
+                  gen.writeObjectField(
+                      "extensions", JacksonCodecs.cbor().readTree(extensions.EncodeToBytes()));
+                } catch (IOException e) {
+                  throw new RuntimeException(e);
+                }
+              });
       gen.writeEndObject();
     }
   }
diff --git a/webauthn-server-demo/src/test/scala/demo/webauthn/WebAuthnServerSpec.scala b/webauthn-server-demo/src/test/scala/demo/webauthn/WebAuthnServerSpec.scala
@@ -38,6 +38,7 @@ import com.yubico.webauthn.data.Generators.arbitraryAuthenticatorTransport
 import com.yubico.webauthn.data.PublicKeyCredentialRequestOptions
 import com.yubico.webauthn.data.RelyingPartyIdentity
 import com.yubico.webauthn.data.ResidentKeyRequirement
+import com.yubico.webauthn.test.RealExamples
 import demo.webauthn.data.AssertionRequestWrapper
 import demo.webauthn.data.CredentialRegistration
 import demo.webauthn.data.RegistrationRequest
@@ -91,23 +92,27 @@ class WebAuthnServerSpec
       }
 
       it("has a finish method which accepts and outputs JSON.") {
-        val requestId = ByteArray.fromBase64Url("request1")
-
-        val server = newServerWithRegistrationRequest(
-          RegistrationTestData.FidoU2f.BasicAttestation
-        )
+        for {
+          testData <- List(
+            RegistrationTestData.FidoU2f.BasicAttestation, // This test case for no particular reason
+            RealExamples.LargeBlobWrite.asRegistrationTestData, // This test case because it has authenticator extensions
+          )
+        } {
+          val requestId = ByteArray.fromBase64Url("request1")
+          val server = newServerWithRegistrationRequest(testData)
 
-        val authenticationAttestationResponseJson =
-          """{"attestationObject":"v2hhdXRoRGF0YVikSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAFOQABAgMEBQYHCAkKCwwNDg8AIIjjhj6nH3qL2QF3tkUogilFykuaXjJTw35O4m-0NSX0pSJYIA5Nt8eYkLco-NQfKPXaA6dD9UfX_SHaYo-L-YQb78HsAyYBAiFYIOuzRl1o1Hem2jVRYhjkbSeIydhqLln9iltAgsDYjXRTIAFjZm10aGZpZG8tdTJmZ2F0dFN0bXS_Y3g1Y59ZAekwggHlMIIBjKADAgECAgIFOTAKBggqhkjOPQQDAjBqMSYwJAYDVQQDDB1ZdWJpY28gV2ViQXV0aG4gdW5pdCB0ZXN0cyBDQTEPMA0GA1UECgwGWXViaWNvMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMQswCQYDVQQGEwJTRTAeFw0xODA5MDYxNzQyMDBaFw0xODA5MDYxNzQyMDBaMGcxIzAhBgNVBAMMGll1YmljbyBXZWJBdXRobiB1bml0IHRlc3RzMQ8wDQYDVQQKDAZZdWJpY28xIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xCzAJBgNVBAYTAlNFMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ-8bFED9TnFhaArujgB0foNaV4gQIulP1mC5DO1wvSByw4eOyXujpPHkTw9y5e5J2J3N9coSReZJgBRpvFzYD6MlMCMwIQYLKwYBBAGC5RwBAQQEEgQQAAECAwQFBgcICQoLDA0ODzAKBggqhkjOPQQDAgNHADBEAiB4bL25EH06vPBOVnReObXrS910ARVOLJPPnKNoZbe64gIgX1Rg5oydH45zEMEVDjNPStwv6Z3nE_isMeY-szlQhv3_Y3NpZ1hHMEUCIQDBs1nbSuuKQ6yoHMQoRp8eCT_HZvR45F_aVP6qFX_wKgIgMCL58bv-crkLwTwiEL9ibCV4nDYM-DZuW5_BFCJbcxn__w","clientDataJSON":"eyJjaGFsbGVuZ2UiOiJBQUVCQWdNRkNBMFZJamRaRUdsNVlscyIsIm9yaWdpbiI6ImxvY2FsaG9zdCIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUiLCJ0b2tlbkJpbmRpbmciOnsic3RhdHVzIjoic3VwcG9ydGVkIn19"}"""
-        val publicKeyCredentialJson =
-          s"""{"id":"iOOGPqcfeovZAXe2RSiCKUXKS5peMlPDfk7ib7Q1JfQ","response":${authenticationAttestationResponseJson},"clientExtensionResults":{},"type":"public-key"}"""
-        val responseJson =
-          s"""{"requestId":"${requestId.getBase64Url}","credential":${publicKeyCredentialJson}}"""
+          val authenticationAttestationResponseJson =
+            s"""{"attestationObject":"${testData.attestationObject.getBase64Url}","clientDataJSON":"${testData.clientDataJsonBytes.getBase64Url}"}"""
+          val publicKeyCredentialJson =
+            s"""{"id":"${testData.response.getId.getBase64Url}","response":${authenticationAttestationResponseJson},"clientExtensionResults":{},"type":"public-key"}"""
+          val responseJson =
+            s"""{"requestId":"${requestId.getBase64Url}","credential":${publicKeyCredentialJson}}"""
 
-        val response = server.finishRegistration(responseJson)
-        val json = jsonMapper.writeValueAsString(response.right.get)
+          val response = server.finishRegistration(responseJson)
+          val json = jsonMapper.writeValueAsString(response.right.get)
 
-        json should not be null
+          json should not be null
+        }
       }
 
     }
@@ -393,8 +398,8 @@ class WebAuthnServerSpec
       new InMemoryRegistrationStorage,
       registrationRequests,
       newCache(),
-      rpId,
-      origins,
+      testData.rpId,
+      Set(testData.response.getResponse.getClientData.getOrigin).asJava,
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -647,7 +647,17 @@ public void serialize(`
`647`	`647`	`throw new RuntimeException(e);`
`648`	`648`	`}`
`649`	`649`	`});`
`650`		`- gen.writeObjectField("extensions", value.getExtensions());`
	`650`	`+ value`
	`651`	`+ .getExtensions()`
	`652`	`+ .ifPresent(`
	`653`	`+ extensions -> {`
	`654`	`+ try {`
	`655`	`+ gen.writeObjectField(`
	`656`	`+ "extensions", JacksonCodecs.cbor().readTree(extensions.EncodeToBytes()));`
	`657`	`+ } catch (IOException e) {`
	`658`	`+ throw new RuntimeException(e);`
	`659`	`+ }`
	`660`	`+ });`
`651`	`661`	`gen.writeEndObject();`
`652`	`662`	`}`
`653`	`663`	`}`