Merge pull request #124 from wso2-extensions/revert-122-product-is-18098

Revert "Improve trusted origin validation"
wso2-extensions · Dec 1, 2023 · b0429f8 · b0429f8
2 parents 05f779a + 3a6bf0e
commit b0429f8
Showing 1 changed file with 5 additions and 19 deletions.
diff --git a/...n/java/org/wso2/carbon/identity/application/authenticator/fido2/core/WebAuthnService.java b/...n/java/org/wso2/carbon/identity/application/authenticator/fido2/core/WebAuthnService.java
@@ -110,8 +110,6 @@
 
 import java.io.IOException;
 import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.net.URL;
 import java.security.SecureRandom;
 import java.text.MessageFormat;
@@ -214,8 +212,8 @@ public Either<String, RegistrationRequest> startRegistration(@NonNull String ori
     public Either<String, FIDO2RegistrationRequest> startFIDO2Registration(@NonNull String origin)
             throws JsonProcessingException, FIDO2AuthenticatorClientException {
 
+        validateFIDO2TrustedOrigin(origin);
         URL originUrl = getOriginUrl(origin);
-        validateFIDO2TrustedOrigin(originUrl);
         RelyingParty relyingParty = buildRelyingParty(originUrl);
 
         User user = User.getUserFromUserName(getTenantQualifiedUsername());
@@ -254,8 +252,8 @@ public Either<String, FIDO2RegistrationRequest> startFIDO2UsernamelessRegistrati
                                                                                        String username)
             throws JsonProcessingException, FIDO2AuthenticatorClientException {
 
+        validateFIDO2TrustedOrigin(origin);
         URL originUrl = getOriginUrl(origin);
-        validateFIDO2TrustedOrigin(originUrl);
         RelyingParty relyingParty = buildRelyingParty(originUrl);
 
         if (username == null) {
@@ -1086,28 +1084,15 @@ private AssertionRequest getAssertionRequest(FIDO2CacheEntry cacheEntry) throws
         return request;
     }
 
-    private void validateFIDO2TrustedOrigin(URL origin) throws FIDO2AuthenticatorClientException {
+    private void validateFIDO2TrustedOrigin(String origin) throws FIDO2AuthenticatorClientException {
 
-        String normalizedOrigin = normalizeOrigin(origin);
         readTrustedOrigins();
-        if (!origins.contains(normalizedOrigin)) {
+        if (!origins.contains(origin.trim())) {
             throw new FIDO2AuthenticatorClientException(INVALID_ORIGIN_MESSAGE,
                     ERROR_CODE_START_REGISTRATION_INVALID_ORIGIN.getErrorCode());
         }
     }
 
-    private String normalizeOrigin(URL origin) throws FIDO2AuthenticatorClientException {
-
-        try {
-            return new URI(origin.getProtocol(), null, origin.getHost(),
-                    origin.getPort() == -1 ? origin.getDefaultPort() : origin.getPort(),
-                    null, null, null).toString();
-        } catch (URISyntaxException e) {
-            throw new FIDO2AuthenticatorClientException(INVALID_ORIGIN_MESSAGE,
-                    ERROR_CODE_START_REGISTRATION_INVALID_ORIGIN.getErrorCode(), e);
-        }
-    }
-
     private URL getOriginUrl(String origin) throws FIDO2AuthenticatorClientException {
 
         URL originUrl;
@@ -1117,6 +1102,7 @@ private URL getOriginUrl(String origin) throws FIDO2AuthenticatorClientException
             throw new FIDO2AuthenticatorClientException(INVALID_ORIGIN_MESSAGE,
                     ERROR_CODE_START_REGISTRATION_INVALID_ORIGIN.getErrorCode(), e);
         }
+
         return originUrl;
     }