diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 102b6aa15..2ca37dfcd 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -26,6 +26,7 @@ import com.wultra.security.powerauth.fido2.model.entity.AuthenticatorDetail; import com.wultra.security.powerauth.fido2.model.request.AssertionChallengeRequest; import com.wultra.security.powerauth.fido2.model.response.AssertionChallengeResponse; +import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import lombok.extern.slf4j.Slf4j; import java.nio.charset.StandardCharsets; @@ -108,16 +109,16 @@ public static AssertionChallenge convertAssertionChallengeFromOperationDetail(Op if (authenticatorDetails != null && !authenticatorDetails.isEmpty()) { final List allowCredentials = new ArrayList<>(); - boolean hasWultraModel = false; for (AuthenticatorDetail ad: authenticatorDetails) { @SuppressWarnings("unchecked") final List transports = (List) ad.getExtras().get("transports"); final String aaguid = (String) ad.getExtras().get("aaguid"); - final byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); + byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); if (aaguid != null && Fido2DefaultAuthenticators.isWultraModel(aaguid)) { - hasWultraModel = true; + final byte[] operationDataBytes = source.getData().getBytes(StandardCharsets.UTF_8); + credentialId = ByteUtils.concat(credentialId, operationDataBytes); } final AllowCredentials ac = AllowCredentials.builder() @@ -126,13 +127,6 @@ public static AssertionChallenge convertAssertionChallengeFromOperationDetail(Op .build(); allowCredentials.add(ac); } - if (hasWultraModel) { - final byte[] credentialId = source.getData().getBytes(StandardCharsets.UTF_8); - final AllowCredentials ac = AllowCredentials.builder() - .credentialId(credentialId) - .build(); - allowCredentials.add(ac); - } destination.setAllowCredentials(allowCredentials); } return destination; diff --git a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java index 1ed9f2220..7d997db0d 100644 --- a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java +++ b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java @@ -153,16 +153,11 @@ void testConvertAssertionChallengeFromOperationDetail_withWultraAuthenticatorDet assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); assertNotNull(assertionChallenge.getAllowCredentials()); - assertEquals(2, assertionChallenge.getAllowCredentials().size()); + assertEquals(1, assertionChallenge.getAllowCredentials().size()); final AllowCredentials allowCredential = assertionChallenge.getAllowCredentials().get(0); - assertArrayEquals("credential-1".getBytes(), allowCredential.getCredentialId()); + assertArrayEquals("credential-1A1*A100CZK".getBytes(), allowCredential.getCredentialId()); assertEquals("usb", allowCredential.getTransports().get(0)); assertEquals("public-key", allowCredential.getType()); - - final AllowCredentials operationDataCredential = assertionChallenge.getAllowCredentials().get(1); - assertArrayEquals("A1*A100CZK".getBytes(), operationDataCredential.getCredentialId()); - assertTrue(operationDataCredential.getTransports().isEmpty()); - assertEquals("public-key", operationDataCredential.getType()); } @Test @@ -198,21 +193,16 @@ void testConvertAssertionChallengeFromOperationDetail_multipleWultraAuthenticato assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); assertNotNull(assertionChallenge.getAllowCredentials()); - assertEquals(3, assertionChallenge.getAllowCredentials().size()); + assertEquals(2, assertionChallenge.getAllowCredentials().size()); final AllowCredentials allowCredential1 = assertionChallenge.getAllowCredentials().get(0); - assertArrayEquals("credential-1".getBytes(), allowCredential1.getCredentialId()); + assertArrayEquals("credential-1A1*A100CZK".getBytes(), allowCredential1.getCredentialId()); assertEquals("usb", allowCredential1.getTransports().get(0)); assertEquals("public-key", allowCredential1.getType()); final AllowCredentials allowCredential2 = assertionChallenge.getAllowCredentials().get(1); - assertArrayEquals("credential-2".getBytes(), allowCredential2.getCredentialId()); + assertArrayEquals("credential-2A1*A100CZK".getBytes(), allowCredential2.getCredentialId()); assertEquals("usb", allowCredential2.getTransports().get(0)); assertEquals("public-key", allowCredential2.getType()); - - final AllowCredentials operationDataCredential = assertionChallenge.getAllowCredentials().get(2); - assertArrayEquals("A1*A100CZK".getBytes(), operationDataCredential.getCredentialId()); - assertTrue(operationDataCredential.getTransports().isEmpty()); - assertEquals("public-key", operationDataCredential.getType()); } }