47 implement token enrollment via validatecheck (#51)

* Update challenge and consts with image

* implement imgs

* Update the tests

* Update WebAuthn.java

* Update PIResponse.java

* Make possible to get the challenge's image

* Update TestWebAuthn.java

* Update TestU2F.java

* Update tests

Author: lukasmatusiewicz

src/main/java/org/privacyidea/Challenge.java

@@ -51,7 +51,7 @@ public String getMessage()
         return message;
     }
 
-    public String getImage() { return image; }
+    public String getImage() { return image.replaceAll("\"", ""); }
 
     public String getTransactionID()
     {

src/main/java/org/privacyidea/JSONParser.java

@@ -24,6 +24,7 @@
 import static org.privacyidea.PIConstants.ERROR;
 import static org.privacyidea.PIConstants.ID;
 import static org.privacyidea.PIConstants.IMAGE;
+import static org.privacyidea.PIConstants.IMG;
 import static org.privacyidea.PIConstants.INFO;
 import static org.privacyidea.PIConstants.JSONRPC;
 import static org.privacyidea.PIConstants.MAXFAIL;
@@ -213,18 +214,18 @@ public PIResponse parsePIResponse(String serverResponse)
                                                         .getAsJsonObject();
                     String serial = getString(challenge, SERIAL);
                     String message = getString(challenge, MESSAGE);
-                    String image = getString(challenge, IMAGE);
+                    String image = getItemFromAttributes(IMG, challenge).replaceAll("\"", "");
                     String transactionid = getString(challenge, TRANSACTION_ID);
                     String type = getString(challenge, TYPE);
 
                     if (TOKEN_TYPE_WEBAUTHN.equals(type))
                     {
-                        String webAuthnSignRequest = getSignRequestFromAttributes(WEBAUTHN_SIGN_REQUEST, challenge);
+                        String webAuthnSignRequest = getItemFromAttributes(WEBAUTHN_SIGN_REQUEST, challenge);
                         response.multichallenge.add(new WebAuthn(serial, message, image, transactionid, webAuthnSignRequest));
                     }
                     else if (TOKEN_TYPE_U2F.equals(type))
                     {
-                        String u2fSignRequest = getSignRequestFromAttributes(U2F_SIGN_REQUEST, challenge);
+                        String u2fSignRequest = getItemFromAttributes(U2F_SIGN_REQUEST, challenge);
                         response.multichallenge.add(new U2F(serial, message, image, transactionid, u2fSignRequest));
                     }
                     else
@@ -257,14 +258,14 @@ static String mergeWebAuthnSignRequest(WebAuthn webAuthn, List<String> arr) thro
         return signRequest.toString();
     }
 
-    private String getSignRequestFromAttributes(String requestType, JsonObject jsonObject)
+    private String getItemFromAttributes(String item, JsonObject jsonObject)
     {
         String ret = "";
         JsonElement attributeElement = jsonObject.get(ATTRIBUTES);
         if (attributeElement != null && !attributeElement.isJsonNull())
         {
             JsonElement requestElement = attributeElement.getAsJsonObject()
-                                                         .get(requestType);
+                                                         .get(item);
             if (requestElement != null && !requestElement.isJsonNull())
             {
                 ret = requestElement.toString();

src/main/java/org/privacyidea/PIConstants.java

@@ -65,6 +65,7 @@ private PIConstants()
     public static final String PREFERRED_CLIENT_MODE = "preferred_client_mode";
     public static final String MESSAGE = "message";
     public static final String IMAGE = "image";
+    public static final String IMG = "img";
     public static final String MESSAGES = "messages";
     public static final String MULTI_CHALLENGE = "multi_challenge";
     public static final String ATTRIBUTES = "attributes";

src/test/java/org/privacyidea/TestU2F.java

@@ -104,12 +104,19 @@ public void testTriggerU2F()
         Optional<Challenge> opt = response.multiChallenge().stream()
                                           .filter(challenge -> TOKEN_TYPE_U2F.equals(challenge.getType()))
                                           .findFirst();
-        Challenge a = opt.get();
-        if (a instanceof U2F)
+        if (opt.isPresent())
         {
-            U2F b = (U2F) a;
-            String trimmedRequest = u2fSignRequest.replaceAll("\n", "").replaceAll(" ", "");
-            assertEquals(trimmedRequest, b.signRequest());
+            Challenge a = opt.get();
+            if (a instanceof U2F)
+            {
+                U2F b = (U2F) a;
+                String trimmedRequest = u2fSignRequest.replaceAll("\n", "").replaceAll(" ", "");
+                assertEquals(trimmedRequest, b.signRequest());
+            }
+            else
+            {
+                fail();
+            }
         }
         else
         {
@@ -155,4 +162,41 @@ public void testSuccess()
         assertTrue(response.status);
         assertTrue(response.value);
     }
+
+    @Test
+    public void testSuccessWithoutHeader()
+    {
+        String username = "Test";
+
+        String responseBody =
+                "{\n" + "  \"detail\": {\n" + "    \"message\": \"matching 1 tokens\",\n" + "    \"otplen\": 6,\n" +
+                "    \"serial\": \"PISP0001C673\",\n" + "    \"threadid\": 140536383567616,\n" +
+                "    \"type\": \"totp\"\n" + "  },\n" + "  \"id\": 1,\n" + "  \"jsonrpc\": \"2.0\",\n" +
+                "  \"result\": {\n" + "    \"status\": true,\n" + "    \"value\": true\n" + "  },\n" +
+                "  \"time\": 1589276995.4397042,\n" + "  \"version\": \"privacyIDEA 3.2.1\",\n" +
+                "  \"versionnumber\": \"3.2.1\",\n" + "  \"signature\": \"rsa_sha256_pss:AAAAAAAAAAA\"\n" + "}";
+
+        mockServer.when(HttpRequest.request().withPath(PIConstants.ENDPOINT_VALIDATE_CHECK).withMethod("POST").withBody(
+                          "user=Test&transaction_id=16786665691788289392&pass=" +
+                          "&clientdata=eyJjaGFsbGVuZ2UiOiJpY2UBc3NlcnRpb24ifQ" +
+                          "&signaturedata=AQAAAxAwRQIgZwEObruoCRRo738F9up1tdV2M0H1MdP5pkO5Eg"))
+                  .respond(HttpResponse.response().withBody(responseBody));
+
+        String u2fSignResponse = "{\"clientData\":\"eyJjaGFsbGVuZ2UiOiJpY2UBc3NlcnRpb24ifQ\"," + "\"errorCode\":0," +
+                                 "\"keyHandle\":\"UUHmZ4BUFCrt7q88MhlQkjlZqzZW1lC-jDdFd2pKDUsNnA\"," +
+                                 "\"signatureData\":\"AQAAAxAwRQIgZwEObruoCRRo738F9up1tdV2M0H1MdP5pkO5Eg\"}";
+
+        PIResponse response = privacyIDEA.validateCheckU2F(username, "16786665691788289392", u2fSignResponse);
+
+        assertEquals(1, response.id);
+        assertEquals("matching 1 tokens", response.message);
+        assertEquals(6, response.otpLength);
+        assertEquals("PISP0001C673", response.serial);
+        assertEquals("totp", response.type);
+        assertEquals("2.0", response.jsonRPCVersion);
+        assertEquals("3.2.1", response.piVersion);
+        assertEquals("rsa_sha256_pss:AAAAAAAAAAA", response.signature);
+        assertTrue(response.status);
+        assertTrue(response.value);
+    }
 }

src/test/java/org/privacyidea/TestValidateCheck.java

@@ -15,6 +15,8 @@
  */
 package org.privacyidea;
 
+import java.util.HashMap;
+import java.util.Map;
 import java.util.concurrent.TimeUnit;
 import org.junit.After;
 import org.junit.Before;
@@ -80,6 +82,42 @@ public void testOTPSuccess()
         assertTrue(response.value);
     }
 
+    @Test
+    public void testOTPAddHeader()
+    {
+        String responseBody =
+                "{\n" + "  \"detail\": {\n" + "    \"message\": \"matching 1 tokens\",\n" + "    \"otplen\": 6,\n" +
+                "    \"serial\": \"PISP0001C673\",\n" + "    \"threadid\": 140536383567616,\n" +
+                "    \"type\": \"totp\"\n" + "  },\n" + "  \"id\": 1,\n" + "  \"jsonrpc\": \"2.0\",\n" +
+                "  \"result\": {\n" + "    \"status\": true,\n" + "    \"value\": true\n" + "  },\n" +
+                "  \"time\": 1589276995.4397042,\n" + "  \"version\": \"privacyIDEA 3.2.1\",\n" +
+                "  \"versionnumber\": \"3.2.1\",\n" + "  \"signature\": \"rsa_sha256_pss:AAAAAAAAAAA\"\n" + "}";
+
+        mockServer.when(HttpRequest.request().withMethod("POST").withPath("/validate/check")
+                                   .withBody("user=" + username + "&pass=" + otp)).respond(
+                HttpResponse.response().withContentType(MediaType.APPLICATION_JSON).withBody(responseBody)
+                            .withDelay(TimeUnit.MILLISECONDS, 50));
+
+        Map<String, String> header = new HashMap<>();
+        header.put("accept-language", "en");
+        PIResponse response = privacyIDEA.validateCheck(username, otp, header);
+
+        assertEquals(1, response.id);
+        assertEquals("matching 1 tokens", response.message);
+        assertEquals(6, response.otpLength);
+        assertEquals("PISP0001C673", response.serial);
+        assertEquals("totp", response.type);
+        assertEquals("2.0", response.jsonRPCVersion);
+        assertEquals("3.2.1", response.piVersion);
+        assertEquals("rsa_sha256_pss:AAAAAAAAAAA", response.signature);
+        // Trim all whitespaces, newlines
+        assertEquals(responseBody.replaceAll("[\n\r]", ""), response.rawMessage.replaceAll("[\n\r]", ""));
+        assertEquals(responseBody.replaceAll("[\n\r]", ""), response.toString().replaceAll("[\n\r]", ""));
+        // result
+        assertTrue(response.status);
+        assertTrue(response.value);
+    }
+
     @Test
     public void testLostValues()
     {

src/test/java/org/privacyidea/TestValidateCheckSerial.java

@@ -57,7 +57,40 @@ public void testNoChallengeResponsePINPlusOTP()
         String serial = "TOTP0001AFB9";
         String pinPlusOTP = "123456";
 
-        PIResponse response = privacyIDEA.validateCheckSerial(serial, pinPlusOTP, Collections.emptyMap());
+        PIResponse response = privacyIDEA.validateCheckSerial(serial, pinPlusOTP);
+
+        assertEquals(responseBody, response.toString());
+        assertEquals("matching1tokens", response.message);
+        assertEquals(6, response.otpLength);
+        assertEquals("TOTP0001AFB9", response.serial);
+        assertEquals("totp", response.type);
+        assertEquals(1, response.id);
+        assertEquals("2.0", response.jsonRPCVersion);
+        assertTrue(response.status);
+        assertTrue(response.value);
+        assertEquals("3.6.3", response.piVersion);
+        assertEquals("rsa_sha256_pss:913056e002a...103456d32cca0222e5d", response.signature);
+    }
+
+    @Test
+    public void testNoChallengeResponseTransactionID()
+    {
+        String responseBody = "{\"detail\":{" + "\"message\":\"matching1tokens\"," + "\"otplen\":6," +
+                              "\"serial\":\"TOTP0001AFB9\"," + "\"threadid\":140050919388928," + "\"type\":\"totp\"}," +
+                              "\"id\":1," + "\"jsonrpc\":\"2.0\"," + "\"result\":{" + "\"status\":true," +
+                              "\"value\":true}," + "\"time\":1649684011.250808," + "\"version\":\"privacyIDEA3.6.3\"," +
+                              "\"versionnumber\":\"3.6.3\"," +
+                              "\"signature\":\"rsa_sha256_pss:913056e002a...103456d32cca0222e5d\"}";
+
+        mockServer.when(HttpRequest.request().withPath(PIConstants.ENDPOINT_VALIDATE_CHECK).withMethod("POST")
+                                   .withBody("serial=TOTP0001AFB9&pass=123456&transaction_id=12093809214"))
+                  .respond(HttpResponse.response().withBody(responseBody));
+
+        String serial = "TOTP0001AFB9";
+        String pinPlusOTP = "123456";
+        String transactionID = "12093809214";
+
+        PIResponse response = privacyIDEA.validateCheckSerial(serial, pinPlusOTP, transactionID);
 
         assertEquals(responseBody, response.toString());
         assertEquals("matching1tokens", response.message);

src/test/java/org/privacyidea/TestWebAuthn.java

@@ -57,7 +57,9 @@ public void testSuccess()
         String webauthnSignResponse = "{" + "\"credentialid\":\"X9FrwMfmzj...saw21\"," +
                                       "\"authenticatordata\":\"xGzvgq0bVGR3WR0A...ZJdA7cBAAAACA\"," +
                                       "\"clientdata\":\"eyJjaGFsbG...dfhs\"," +
-                                      "\"signaturedata\":\"MEUCIQDNrG...43hc\"}";
+                                      "\"signaturedata\":\"MEUCIQDNrG...43hc\"," +
+                                      "\"assertionclientextensions\":\"alsjdlfkjsadjeiw\"," +
+                                      "\"userhandle\":\"jalsdkjflsjfuhuweuvccco2\"\n" + "}";
 
         String responseBody =
                 "{\n" + "  \"detail\": {\n" + "    \"message\": \"matching 1 tokens\",\n" + "    \"otplen\": 6,\n" +
@@ -68,7 +70,7 @@ public void testSuccess()
                 "  \"versionnumber\": \"3.2.1\",\n" + "  \"signature\": \"rsa_sha256_pss:AAAAAAAAAAA\"\n" + "}";
 
         mockServer.when(HttpRequest.request().withPath(PIConstants.ENDPOINT_VALIDATE_CHECK).withMethod("POST").withBody(
-                          "user=Test&transaction_id=16786665691788289392&pass=&credentialid=X9FrwMfmzj...saw21&clientdata=eyJjaGFsbG...dfhs&signaturedata=MEUCIQDNrG...43hc&authenticatordata=xGzvgq0bVGR3WR0A...ZJdA7cBAAAACA"))
+                          "user=Test&transaction_id=16786665691788289392&pass=&credentialid=X9FrwMfmzj...saw21&clientdata=eyJjaGFsbG...dfhs&signaturedata=MEUCIQDNrG...43hc&authenticatordata=xGzvgq0bVGR3WR0A...ZJdA7cBAAAACA&userhandle=jalsdkjflsjfuhuweuvccco2&assertionclientextensions=alsjdlfkjsadjeiw"))
                   .respond(HttpResponse.response().withBody(responseBody));
 
         PIResponse response = privacyIDEA.validateCheckWebAuthn("Test", "16786665691788289392", webauthnSignResponse,
@@ -149,6 +151,7 @@ public void testTriggerWebAuthn()
             WebAuthn b = (WebAuthn) a;
             String trimmedRequest = webauthnrequest.replaceAll("\n", "").replaceAll(" ", "");
             assertEquals(trimmedRequest, b.signRequest());
+            assertEquals("static/img/FIDO-U2F-Security-Key-444x444.png", b.getImage());
         }
         else
         {