Changeset 6757

Timestamp:

Jun 1, 2022, 9:43:04 AM (16 months ago)

Author:

Nicklas Nordborg

Message:

References #1396: Implement an login extension for WebAuthn?

Changed the signature counter to long instead of int since that is what the WebAuthn API uses (AssertionResult.getSignatureCount()).

Location:

extensions/net.sf.basedb.webauthn/trunk

Files:

• src/net/sf/basedb/webauthn/LoginProcessHandler.java (modified) (2 diffs)
• src/net/sf/basedb/webauthn/WebAuthnAuthenticationManager.java (modified) (1 diff)
• webauthn-extended-properties.xml (modified) (3 diffs)

extensions/net.sf.basedb.webauthn/trunk/src/net/sf/basedb/webauthn/LoginProcessHandler.java

@@ -196 +196 @@
         if (publicKey != null)
         {
-          Integer count = (Integer)user.getExtended("webAuthnSignatureCount");
+          Number count = (Number)user.getExtended("webAuthnSignatureCount");
           RegisteredCredential cred = RegisteredCredential.builder()
             .credentialId(credentialId)
             .userHandle(userHandle)
             .publicKeyCose(ByteArray.fromBase64(publicKey))
-            .signatureCount(count == null ? 0 : count)
+            .signatureCount(count == null ? 0 : count.longValue())
             .build();
           return Optional.of(cred);
@@ -223 +223 @@
         if (publicKey != null && userHandle != null)
         {
-          Integer count = (Integer)user.getExtended("webAuthnSignatureCount");
+          Number count = (Number)user.getExtended("webAuthnSignatureCount");
           RegisteredCredential cred = RegisteredCredential.builder()
             .credentialId(credentialId)
             .userHandle(ByteArray.fromBase64(userHandle))
             .publicKeyCose(ByteArray.fromBase64(publicKey))
-            .signatureCount(count == null ? 0 : count)
+            .signatureCount(count == null ? 0 : count.longValue())
             .build();
           return Collections.singleton(cred);

extensions/net.sf.basedb.webauthn/trunk/src/net/sf/basedb/webauthn/WebAuthnAuthenticationManager.java

@@ -78 +78 @@
     }
     AssertionResult result = handler.processAssertionResponse(assertionResponse);
-    user.setExtended("webAuthnSignatureCount", (int)result.getSignatureCount());
+    user.setExtended("webAuthnSignatureCount", result.getSignatureCount());
     auth = new AuthenticatedUser(WebAuthn.AUTHENTICATION_METHOD, user);
     return auth;

extensions/net.sf.basedb.webauthn/trunk/webauthn-extended-properties.xml

@@ -10 +10 @@
   <class name="UserData">
     <property
-      name="webAuthnSerial"
-      title="WA Serial Number"
-      description="Serial number of the security key (optional)"
-      column="wa_serial"
+      name="webAuthnUserHandle"
+      title="WA User Handle"
+      description="Unique ID for the user within the WebAuthn system"
+      column="wa_userhandle"
       type="string"
       length="255"
@@ -19 +19 @@
     />
     <property
-      name="webAuthnUserHandle"
-      title="WA User Handle"
-      description="Unique ID for the user within the WebAuthn system"
-      column="wa_userhandle"
+      name="webAuthnSerial"
+      title="WA Serial"
+      description="Serial number of the security key (optional)"
+      column="wa_serial"
       type="string"
       length="255"
@@ -49 +49 @@
     <property
       name="webAuthnSignatureCount"
-      title="WA Signature Count"
-      description="A counter that may be used by the authenticator"
+      title="WA Signature Counter"
+      description="A counter that may be used by the authenticator to make it harder for replay attacks"
       column="wa_signature_count"
-      type="int"
+      type="long"
       restricted-edit="true"
       hidden="true"