From d0584dd3b67039c3bff76649547401e50012cce5 Mon Sep 17 00:00:00 2001
From: Yuriy M <95305560+yuremm@users.noreply.github.com>
Date: Fri, 24 Feb 2023 16:44:14 +0300
Subject: [PATCH] fix: fix user publicKey search (#3982)

* fix: fix user publicKey search

* chore: update tests

---------

Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
---
 .../service/operation/AssertionService.java     |  2 +-
 .../persist/RegistrationPersistenceService.java | 17 ++++++++++++++---
 .../fido2/service/sg/FullFlowAndroidTest.java   |  1 +
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
index 5ca67c1702b..8112ff60827 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
@@ -324,7 +324,7 @@ private Pair<ArrayNode, String> prepareAllowedCredentials(String documentDomain,
 
 		List<Fido2RegistrationEntry> existingFido2Registrations;
 		if (superGluu && StringHelper.isNotEmpty(requestedKeyHandle)) {
-			Fido2RegistrationEntry fido2RegistrationEntry = registrationPersistenceService.findByPublicKeyId(requestedKeyHandle, documentDomain).orElseThrow(() -> new Fido2RuntimeException(
+			Fido2RegistrationEntry fido2RegistrationEntry = registrationPersistenceService.findByPublicKeyId(username, requestedKeyHandle, documentDomain).orElseThrow(() -> new Fido2RuntimeException(
 						String.format("Can't find associated key '%s' for application '%s'", requestedKeyHandle, documentDomain)));
 			existingFido2Registrations = Arrays.asList(fido2RegistrationEntry);
 		} else {
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
index e928853672f..9228c30736c 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
@@ -95,17 +95,24 @@ public Fido2RegistrationEntry buildFido2RegistrationEntry(Fido2RegistrationData
         return registrationEntry;
 	}
 
-    public Optional<Fido2RegistrationEntry> findByPublicKeyId(String publicKeyId, String rpId) {
+    public Optional<Fido2RegistrationEntry> findByPublicKeyId(String userName, String publicKeyId, String rpId) {
         String baseDn = getBaseDnForFido2RegistrationEntries(null);
+    	if (StringHelper.isNotEmpty(userName)) {
+            String userInum = userService.getUserInum(userName);
+            if (userInum == null) {
+                return Optional.empty();
+            }
+            baseDn = getBaseDnForFido2RegistrationEntries(userInum);
+    	}
 
         Filter filter;
         Filter publicKeyIdFilter = Filter.createEqualityFilter("jansPublicKeyId", publicKeyId);
         Filter publicKeyIdHashFilter = Filter.createEqualityFilter("jansPublicKeyIdHash", getPublicKeyIdHash(publicKeyId));
         if (StringHelper.isNotEmpty(rpId)) {
         	Filter appIdFilter = Filter.createEqualityFilter("jansApp", rpId);
-            filter = Filter.createORFilter(publicKeyIdFilter, publicKeyIdHashFilter, appIdFilter);
+            filter = Filter.createANDFilter(publicKeyIdFilter, publicKeyIdHashFilter, appIdFilter);
         } else {
-            filter = Filter.createORFilter(publicKeyIdFilter, publicKeyIdHashFilter);
+            filter = Filter.createANDFilter(publicKeyIdFilter, publicKeyIdHashFilter);
         }
         List<Fido2RegistrationEntry> fido2RegistrationnEntries = persistenceEntryManager.findEntries(baseDn, Fido2RegistrationEntry.class, filter);
         
@@ -116,6 +123,10 @@ public Optional<Fido2RegistrationEntry> findByPublicKeyId(String publicKeyId, St
         return Optional.empty();
     }
 
+    public Optional<Fido2RegistrationEntry> findByPublicKeyId(String publicKeyId, String rpId) {
+    	return findByPublicKeyId(null, publicKeyId, rpId);
+    }
+
     public List<Fido2RegistrationEntry> findAllByUsername(String username) {
         String userInum = userService.getUserInum(username);
         if (userInum == null) {
diff --git a/jans-fido2/server/src/test/java/io/jans/fido2/service/sg/FullFlowAndroidTest.java b/jans-fido2/server/src/test/java/io/jans/fido2/service/sg/FullFlowAndroidTest.java
index 3b9f0a640b6..cd111e589c3 100644
--- a/jans-fido2/server/src/test/java/io/jans/fido2/service/sg/FullFlowAndroidTest.java
+++ b/jans-fido2/server/src/test/java/io/jans/fido2/service/sg/FullFlowAndroidTest.java
@@ -185,6 +185,7 @@ RegistrationPersistenceService produceRegistrationPersistenceService() {
 		if (registrationEntry != null) {
 			Mockito.when(registrationPersistenceService.findByChallenge(eq(registrationEntry.getChallange()), anyBoolean())).thenReturn(Arrays.asList(registrationEntry));
 			Mockito.when(registrationPersistenceService.findByPublicKeyId(eq(registrationEntry.getPublicKeyId()), eq(registrationEntry.getRpId()))).thenReturn(Optional.of(registrationEntry));
+			Mockito.when(registrationPersistenceService.findByPublicKeyId(anyString(), eq(registrationEntry.getPublicKeyId()), eq(registrationEntry.getRpId()))).thenReturn(Optional.of(registrationEntry));
 		}
 
 		Mockito.when(userService.getUser(anyString(), any())).thenReturn(new User());