Skip to content
This repository has been archived by the owner on Jul 6, 2022. It is now read-only.

Yubico/java-u2flib-server

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

java-u2flib-server

Note
OBSOLETE: This project is no longer maintained. U2F has been superseded by Web Authentication, and this project is superseded by java-webauthn-server. We recommend using WebAuthn instead.

Build Status Coverage Status

Server-side U2F library for Java. Provides functionality for registering U2F devices and authenticating with said devices.

Migrating to WebAuthn

See the Migrating from U2F section in the java-webauthn-server documentation.

Dependency

Maven:

 <dependency>
   <groupId>com.yubico</groupId>
   <artifactId>u2flib-server-core</artifactId>
   <version>0.19.12</version>
 </dependency>

Gradle:

 repositories{ mavenCentral() }
 dependencies {
   compile 'com.yubico:u2flib-server-core:0.19.12'
 }

Example Usage

Note
Make sure that you have read Using a U2F library before continuing.
private abstract Iterable<DeviceRegistration> getRegistrations(String username);

@GET
public View startAuthentication(String username) throws NoEligibleDevicesException {

    // Generate a challenge for each U2F device that this user has registered
    SignRequestData requestData
        = u2f.startSignature(SERVER_ADDRESS, getRegistrations(username));

    // Store the challenges for future reference
    requestStorage.put(requestData.getRequestId(), requestData.toJson());

    // Return an HTML page containing the challenges
    return new AuthenticationView(requestData.toJson(), username);
}

@POST
public String finishAuthentication(SignResponse response, String username) throws
        DeviceCompromisedException {

    // Get the challenges that we stored when starting the authentication
    SignRequestData signRequest
        = requestStorage.remove(response.getRequestId());

    // Verify the that the given response is valid for one of the registered devices
    u2f.finishSignature(signRequest,
                             response,
                             getRegistrations(username));

    return "Successfully authenticated!";
}

In the above example getRegistrations() will return the U2F devices currently associated with a given user. This is most likely stored in a database. See u2flib-server-demo for a complete demo server (including registration and storage of U2F devices).

Attestation

The attestation module (u2flib-server-attestation) enables you to restrict registrations to certain U2F devices (e.g. devices made by a specific vendor). It can also provide metadata for devices.

Serialization

All relevant classes implement Serializable, so instead of using toJson(), you can use Java’s built in serialization mechanism. Internally the classes use Jackson to serialize to and from JSON, and the ObjectMapper from Jackson can be used.