-
Notifications
You must be signed in to change notification settings - Fork 160
Expand file tree
/
Copy pathWebAuthn.java
More file actions
179 lines (165 loc) · 6.75 KB
/
WebAuthn.java
File metadata and controls
179 lines (165 loc) · 6.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
/*
* Copyright 2019 Red Hat, Inc.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* and Apache License v2.0 which accompanies this distribution.
*
* The Eclipse Public License is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* The Apache License v2.0 is available at
* http://www.opensource.org/licenses/apache2.0.php
*
* You may elect to redistribute this code under either of these licenses.
*/
package io.vertx.ext.auth.webauthn;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.codegen.annotations.Nullable;
import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.*;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.AuthenticationProvider;
import io.vertx.ext.auth.webauthn.impl.WebAuthnImpl;
import java.util.List;
import java.util.function.Function;
/**
* Factory interface for creating WebAuthN based {@link io.vertx.ext.auth.authentication.AuthenticationProvider} instances.
*
* @author Paulo Lopes
*/
@VertxGen
public interface WebAuthn extends AuthenticationProvider {
/**
* Create a WebAuthN auth provider
*
* @param vertx the Vertx instance.
* @return the auth provider.
*/
static WebAuthn create(Vertx vertx) {
return create(vertx, new WebAuthnOptions());
}
/**
* Create a WebAuthN auth provider
*
* @param vertx the Vertx instance.
* @param options the custom options to the provider.
* @return the auth provider.
*/
static WebAuthn create(Vertx vertx, WebAuthnOptions options) {
return new WebAuthnImpl(vertx, options);
}
/**
* Gets a challenge and any other parameters for the {@code navigator.credentials.create()} call.
*
* The object being returned is described here <a href="https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions">https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions</a>
*
* The caller should extract the generated challenge and store it, so it can be fetched later for the
* {@link #authenticate(JsonObject)} call. The challenge could for example be stored in a session and later
* pulled from there.
*
* The user object should contain base64 url encoded id (the user handle), name and, optionally, displayName and icon.
* See the above link for more documentation on the content of the different fields. The user handle should be base64
* url encoded. You can use <code>java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(byte[])</code>
* to encode any user id bytes to base64 url format.
*
* For backwards compatibility, if user id is not defined, a random UUID will be generated instead. This has some
* drawbacks, as it might cause user to register the same authenticator multiple times.
*
* Will use the configured {@link #authenticatorFetcher(Function)} to fetch any existing authenticators
* by the user id or name. Any authenticators found will be added as excludedCredentials, so the application
* knows not to register those again.
*
* @param user - the user object with id, name and optionally displayName and icon
* @param handler server encoded make credentials request
* @return fluent self
*/
@Fluent
default WebAuthn createCredentialsOptions(JsonObject user, Handler<AsyncResult<JsonObject>> handler) {
createCredentialsOptions(user)
.onComplete(handler);
return this;
}
/**
* Same as {@link #createCredentialsOptions(JsonObject, Handler)} but returning a Future.
*/
Future<JsonObject> createCredentialsOptions(JsonObject user);
/**
* Creates an assertion challenge and any other parameters for the {@code navigator.credentials.get()} call.
* If the auth provider is configured with {@code RequireResidentKey} and the username is null then the
* generated assertion will be a RK assertion (Usernameless).
*
* The object being returned is described here <a href="https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions">https://w3c.github.io/webauthn/#dictdef-publickeycredentialcreationoptions</a>
*
* @param name the unique user identified
* @param handler server encoded get assertion request
* @return fluent self.
*/
@Fluent
default WebAuthn getCredentialsOptions(@Nullable String name, Handler<AsyncResult<JsonObject>> handler) {
getCredentialsOptions(name)
.onComplete(handler);
return this;
}
/**
* Same as {@link #getCredentialsOptions(String, Handler)} but returning a Future.
*/
Future<JsonObject> getCredentialsOptions(@Nullable String username);
/**
* Provide a {@link Function} that can fetch {@link Authenticator}s from a backend given the incomplete
* {@link Authenticator} argument.
*
* The implementation must consider the following fields <strong>exclusively</strong>, while performing the lookup:
* <ul>
* <li>{@link Authenticator#getUserId()}</li>
* <li>{@link Authenticator#getUserName()}</li>
* <li>{@link Authenticator#getCredID()} ()}</li>
* </ul>
*
* It may return more than 1 result, for example when a user can be identified using different modalities.
* To signal that a user is not allowed/present on the system, a failure should be returned, not {@code null}.
*
* The function signature is as follows:
*
* {@code (Authenticator) -> Future<List<Authenticator>>>}
*
* <ul>
* <li>{@link Authenticator} the incomplete authenticator data to lookup.</li>
* <li>{@link Future}async result with a list of authenticators.</li>
* </ul>
*
* @param fetcher fetcher function.
* @return fluent self.
*/
@Fluent
WebAuthn authenticatorFetcher(Function<Authenticator, Future<List<Authenticator>>> fetcher);
/**
* Provide a {@link Function} that can update or insert a {@link Authenticator}.
* The function <strong>should</strong> store a given authenticator to a persistence storage.
*
* When an authenticator is already present, this method <strong>must</strong> at least update
* {@link Authenticator#getCounter()}, and is not required to perform any other update.
*
* For new authenticators, the whole object data <strong>must</strong> be persisted.
*
* The function signature is as follows:
*
* {@code (Authenticator) -> Future<Void>}
*
* <ul>
* <li>{@link Authenticator} the authenticator data to update.</li>
* <li>{@link Future}async result of the operation.</li>
* </ul>
*
* @param updater updater function.
* @return fluent self.
*/
@Fluent
WebAuthn authenticatorUpdater(Function<Authenticator, Future<Void>> updater);
/**
* Getter to the instance FIDO2 Meta Data Service.
* @return the MDS instance.
*/
MetaDataService metaDataService();
}