-
Notifications
You must be signed in to change notification settings - Fork 0
/
Fido2AuthenticationProvider.kt
49 lines (43 loc) · 1.93 KB
/
Fido2AuthenticationProvider.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
package com.example.springsecuritylogin
import com.example.springsecuritylogin.service.LineFido2ServerService
import com.example.springsecuritylogin.util.SampleUtil
import org.springframework.security.authentication.AuthenticationProvider
import org.springframework.security.authentication.BadCredentialsException
import org.springframework.security.core.Authentication
import org.springframework.security.core.authority.SimpleGrantedAuthority
import org.springframework.security.core.userdetails.User
import org.springframework.stereotype.Component
@Component
class Fido2AuthenticationProvider(
private val lineFido2ServerService: LineFido2ServerService,
) : AuthenticationProvider {
override fun authenticate(authentication: Authentication): Authentication {
if (authentication is AssertionAuthenticationToken) {
// verify FIDO assertion
if (!lineFido2ServerService.verifyAuthenticateAssertion(
authentication.credentials.sessionId,
authentication.credentials.assertion,
)
) {
throw BadCredentialsException("Invalid Assertion")
}
} else {
throw BadCredentialsException("Invalid Authentication")
}
// set Authenticated
val authorities = listOf(
SimpleGrantedAuthority(SampleUtil.Auth.AUTHENTICATED_FIDO.value),
SimpleGrantedAuthority(SampleUtil.Role.USER.value)
)
val principalNew = User(
authentication.principal.username,
authentication.principal.password ?: "",
authorities)
var result = AssertionAuthenticationToken(principalNew, authentication.credentials, authorities)
result.isAuthenticated = true
return result
}
override fun supports(authentication: Class<*>?): Boolean {
return AssertionAuthenticationToken::class.java.isAssignableFrom(authentication)
}
}