Open DTonoki opened 4 years ago
It can reproduce only Linux environment. Windows 10 has no problem.
End of AuthData has credProtect text. 6B6372656450726F7465637402 6B=text(11) 372656450726F74656374=credProtect 02=unsigned(2)
Should use Webauthn4J 0.11.1 or higher and jackson-2.10 or higher to resolve parse error.
The reproduction situation in my case is as follows.
WebAuthnRegister:07/06/2020 12:30:59:600 PM JST: Thread[ajp-bio-8009-exec-9,5,main]: TransactionId[5d81cb52-6371-4b6b-9dcf-fbb63a39b052-678]
ERROR: WebAuthnValidator.validateCreateResponse : Error validating response. User handle is 32bf23d8-e834-4429-b27c-751c557d9f19
com.webauthn4j.converter.exception.DataConversionException: Input data does not match expected form
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:86)
at com.webauthn4j.converter.AuthenticatorDataConverter.convertToExtensions(AuthenticatorDataConverter.java:142)
at com.webauthn4j.converter.AuthenticatorDataConverter.convert(AuthenticatorDataConverter.java:119)
at com.webauthn4j.converter.jackson.deserializer.AuthenticatorDataDeserializer.deserialize(AuthenticatorDataDeserializer.java:50)
at com.webauthn4j.converter.jackson.deserializer.AuthenticatorDataDeserializer.deserialize(AuthenticatorDataDeserializer.java:32)
at com.fasterxml.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:530)
at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeWithErrorWrapping(BeanDeserializer.java:528)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeUsingPropertyBasedWithExternalTypeId(BeanDeserializer.java:945)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeWithExternalTypeId(BeanDeserializer.java:853)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:324)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:159)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4013)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3091)
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:73)
at com.webauthn4j.converter.AttestationObjectConverter.convert(AttestationObjectConverter.java:69)
at com.webauthn4j.validator.WebAuthnRegistrationContextValidator.validate(WebAuthnRegistrationContextValidator.java:213)
at jp.co.osstech.openam.authentication.modules.webauthn.WebAuthn4JValidatorImpl.validateCreateResponse(WebAuthn4JValidatorImpl.java:83)
at jp.co.osstech.openam.authentication.modules.webauthn.WebAuthnRegister.storeAuthenticator(WebAuthnRegister.java:245)
at jp.co.osstech.openam.authentication.modules.webauthn.WebAuthnRegister.process(WebAuthnRegister.java:131)
at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1056)
at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1224)
...
Caused by: com.fasterxml.jackson.databind.exc.InvalidFormatException: value is out of range
at [Source: (ByteArrayInputStream); line: -1, column: 13] (through reference chain: java.util.LinkedHashMap["credProtect"])
at com.webauthn4j.converter.jackson.deserializer.ExtensionAuthenticatorOutputDeserializer.deserialize(ExtensionAuthenticatorOutputDeserializer.java:63)
at com.webauthn4j.converter.jackson.deserializer.ExtensionAuthenticatorOutputDeserializer.deserialize(ExtensionAuthenticatorOutputDeserializer.java:36)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer._readAndBindStringKeyMap(MapDeserializer.java:527)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:364)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:344)
at com.fasterxml.jackson.databind.deser.std.MapDeserializer.deserialize(MapDeserializer.java:29)
at com.fasterxml.jackson.databind.DeserializationContext.readValue(DeserializationContext.java:760)
at com.fasterxml.jackson.databind.DeserializationContext.readValue(DeserializationContext.java:747)
at com.webauthn4j.converter.jackson.deserializer.AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer.deserialize(AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer.java:42)
at com.webauthn4j.converter.jackson.deserializer.AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer.deserialize(AuthenticationExtensionsAuthenticatorOutputsEnvelopeDeserializer.java:30)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4013)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3070)
at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:84)
... 105 more
Description
WebAuthn Authenticator Registration fail when Yubikey5+Chrome+ResidentKey
Steps to reproduce
Config WebAuthn(Registor) module with Residentkey = true.
Do Authenticator Registration with Chrome and Yubikey5.
Expected Results
Registration Complete
Actual Results
Registration fail
Enviroment
OpenAM15-SNAPSHOT OpenAM14-RELEASE
Debug Log
debug log ERROR: WebAuthnValidator.validateCreateResponse : Error validating response. User handle is 7fba47c1-d769-4ae6-8d66- 1c03bcb8add7 java.io.UncheckedIOException: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instan ce of
java.io.Serializable
(no Creators, like default construct, exist): abstract types either need to be mapped t o concrete types, have custom deserializer, or contain additional type information at [Source: (ByteArrayInputStream); line: -1, column: 13] (through reference chain: java.util.LinkedHashMap["credPr otect"]) at com.webauthn4j.converter.util.CborConverter.readValue(CborConverter.java:86) at com.webauthn4j.converter.AuthenticatorDataConverter.convertToExtensions(AuthenticatorDataConverter.java:145)References
CTAP2.1 Draft
https://fidoalliance.org/specs/fido2/fido-client-to-authenticator-protocol-v2.1-rd-20191217.html