Package com.tivoli.am.fim.fido.server

Class LocalFIDOClient

java.lang.Object
com.tivoli.am.fim.fido.server.LocalFIDOClient
public class LocalFIDOClient extends Object
LocalFIDOClient provides API to InfoMap and Java Extensions to make calls to a FIDO2 Relying Party without having to use a TCP Socket to call the runtime.

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    assertionOptions(String optionsString)
    Given a set of assertion options, generate an assertion request from the FIDO Server.
    String
    assertionResult(String assertionString)
    Validate an assertion response against the configured FIDO Server.
    String
    attestationOptions(String optionsString)
    Given a set of attestation options, generate an attestation request from the FIDO Server.
    String
    attestationResult(String attestationString)
    Validate a attestation response against a configured FIDO Server.
    String
    getAaguidLookupTable()
    Return a Base64 URL encoded JSON dictionary which contains mappings between AAGUID values and a description of the authenticator based on its Fido2Metadata document.
    static String
    getRpConfigId(String rpId)
    Fetch the configuration ID of the Relying Party with the given Relying Party ID (rpId).

    The configuration ID is required to invoke the FIDO server endpoints, which are of the format:

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • getAaguidLookupTable

      public String getAaguidLookupTable()
      Return a Base64 URL encoded JSON dictionary which contains mappings between AAGUID values and a description of the authenticator based on its Fido2Metadata document.
      This document may be retrieved from either static metadata, or metadata service blobs.
      Returns:
      a serialized JSON dictionary of aaguids which has been Base64 URL encoded. If no metadata exists then the string decodes to an empty dictionary.

    • attestationOptions

      public String attestationOptions(String optionsString) throws IOException
      Given a set of attestation options, generate an attestation request from the FIDO Server. The options in this request can be overridden by the Mediator.
      Parameters:
      options - Stringified JSON object containing the requested attestation options
      Returns:
      String Stringified JSONObject of Server generated attestation request which can be consumed by a FIDO2 Client
      Throws:
      IOException

    • attestationResult

      public String attestationResult(String attestationString) throws IOException
      Validate a attestation response against a configured FIDO Server. If the attestation is valid an registration is generated and the details are returned as JSON. If the attestation is unsuccessful then an error message is returned containing the reason the attestation failed.
      Parameters:
      attestation - Stringified JSON object containing the attestation result generated by the client/token
      Returns:
      String Stringified JSONObject containing registration details if successful or an error code/message if unsuccessful
      Throws:
      IOException

    • assertionOptions

      public String assertionOptions(String optionsString) throws IOException, FIDO2Exception
      Given a set of assertion options, generate an assertion request from the FIDO Server. The options in this request can be overridden by the Mediator.
      Parameters:
      options - Stringified JSON object containing the requested assertion options. This may be overwritten by a Mediator.
      Returns:
      String Stringified JSONObject containing Server generated assertion request which can be consumed by a FIDO2 Client
      Throws:
      IOException
      FIDO2Exception

    • assertionResult

      public String assertionResult(String assertionString) throws IOException
      Validate an assertion response against the configured FIDO Server. If the assertion is valid then the user's credentials are updated and a success JSON response is returned to the user. If the assertion is not valid, then an error message containing the reason for the failure is returned.
      Parameters:
      assertion - Stringified JSON object containing the assertion result generated by the client/token
      Returns:
      String Stringified JSONObject containing registration details if successful or an error code/message if unsuccessful
      Throws:
      IOException

    • getRpConfigId

      public static String getRpConfigId(String rpId)
      Fetch the configuration ID of the Relying Party with the given Relying Party ID (rpId).

      The configuration ID is required to invoke the FIDO server endpoints, which are of the format: 
       https://<host>/<aac_junction>/sps/fido2/<config_id>/attestation/options
 https://<host>/<aac_junction>/sps/fido2/<config_id>/attestation/result
 https://<host>/<aac_junction>/sps/fido2/<config_id>/assertion/options
 https://<host>/<aac_junction>/sps/fido2/<config_id>/assertion/result
      Parameters:
      rpId - the Relying Party ID, which is a valid domain string that identifies the WebAuthn Relying Party.
      Returns:
      the configuration ID