MOB-42 Fixed token authentication issues (wrong library version, cache getting recreated every request, origin in wrong form)

2025-12-04 04:45:12 +02:00 · 2021-11-11 21:47:27 +02:00
parent 9b0cb1a22d
commit 636beeb7f3
15 changed files with 64 additions and 21 deletions
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/AuthFragment.kt
@@ -90,7 +90,7 @@ class AuthFragment : Fragment() {
                    if (args.auth) {
                        val jws = Authenticator(comms).authenticate(
                            intentParameters.challenge,
-                            intentParameters.authUrl,
+                            intentParameters.origin,
                            viewModel.userPin
                        )
                        intentParameters.setToken(jws)
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/HomeFragment.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/HomeFragment.kt
@@ -14,6 +14,7 @@ import com.tarkvaraprojekt.mobileauthapp.databinding.FragmentHomeBinding
 import com.tarkvaraprojekt.mobileauthapp.model.ParametersViewModel
 import com.tarkvaraprojekt.mobileauthapp.model.SmartCardViewModel
 import java.lang.Exception
+import java.net.URLDecoder

 /**
 * HomeFragment is only shown to the user when then the user launches the application. When the application
@@ -30,6 +31,7 @@ class HomeFragment : Fragment() {

    private var binding: FragmentHomeBinding? = null

+
    override fun onCreateView(
        inflater: LayoutInflater,
        container: ViewGroup?,
@@ -56,11 +58,16 @@ class HomeFragment : Fragment() {
                    // We use !! because we want an exception when something is not right.
                    intentParams.setChallenge(requireActivity().intent.getStringExtra("challenge")!!)
                    intentParams.setAuthUrl(requireActivity().intent.getStringExtra("authUrl")!!)
+                    intentParams.setOrigin(requireActivity().intent.getStringExtra("originUrl")!!)
                } else { //Website
                    // Currently the test website won't send the authUrl parameter
                    //Log.i("intentDebugging", requireActivity().intent.data.toString())
-                    intentParams.setChallenge(requireActivity().intent.data!!.getQueryParameter("challenge")!!)
+                    var challenge = requireActivity().intent.data!!.getQueryParameter("challenge")!!
+                    // TODO: Since due to encoding plus gets converted to space, temporary solution is to replace it back.
+                    challenge = challenge.replace(" ", "+")
+                    intentParams.setChallenge(challenge)
                    intentParams.setAuthUrl(requireActivity().intent.data!!.getQueryParameter("authUrl")!!)
+                    intentParams.setOrigin(requireActivity().intent.data!!.getQueryParameter("originUrl")!!)
                }
            } catch (e: Exception) {
                // There was a problem with parameters, which means that authentication is not possible.
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/ResultFragment.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/ResultFragment.kt
@@ -67,7 +67,7 @@ class ResultFragment : Fragment() {
        Ion.getDefault(activity).getConscryptMiddleware().enable(false)

        Ion.with(activity)
-            .load("https://6bb0-85-253-195-252.ngrok.io/auth/authentication")
+            .load(paramsModel.origin + paramsModel.authUrl)
                .setJsonObjectBody(json)
                .asJsonObject()
                .setCallback { e, result ->
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/Authenticator.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/auth/Authenticator.kt
@@ -8,7 +8,7 @@ import java.security.MessageDigest
 import java.time.LocalDateTime
 import java.time.ZoneOffset

-class Authenticator(val comms : Comms) {
+class Authenticator(val comms: Comms) {

    val type = "JWT"
    val algorithm = "ES384"
@@ -36,7 +36,7 @@ class Authenticator(val comms : Comms) {
        // Get header and claims.
        val header = """{"typ":"$type","alg":"$algorithm","x5c":["$base64cert"]}"""
        val claims =
-            """{"iat":"$epoch","exp":"$exp","aud":"$originUrl","iss":"$iss","sub":"$sub","nonce":"$challenge","cnf":{"tbh":""}}"""
+            """{"iat":"$epoch","exp":"$exp","aud":["$originUrl"],"iss":"$iss","sub":"$sub","nonce":"$challenge","cnf":{"tbh":""}}"""

        val jwt = base64Encode(header.toByteArray(Charsets.UTF_8)) + "." + base64Encode(
            claims.toByteArray(Charsets.UTF_8)
@@ -51,7 +51,7 @@ class Authenticator(val comms : Comms) {
        return jwt + "." + base64Encode(signed)
    }

-    fun base64Encode(bytes: ByteArray) : String? {
+    fun base64Encode(bytes: ByteArray): String? {
        val encoded = java.util.Base64.getUrlEncoder().encodeToString(bytes)
        return encoded.replace("=", "")
    }
--- a/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/model/ParametersViewModel.kt
+++ b/MobileAuthApp/app/src/main/java/com/tarkvaraprojekt/mobileauthapp/model/ParametersViewModel.kt
@@ -13,6 +13,9 @@ class ParametersViewModel: ViewModel() {
    private var _token: String = ""
    val token get() = _token

+    private var _origin: String = ""
+    val origin get() = _origin
+
    fun setChallenge(newChallenge: String) {
        _challenge = newChallenge
    }
@@ -24,4 +27,8 @@ class ParametersViewModel: ViewModel() {
    fun setToken(newToken: String) {
        _token = newToken
    }
+
+    fun setOrigin(newOrigin: String) {
+        _origin = newOrigin
+    }
 }