From 29594a348eefacb85f15b13847eafb7208669867 Mon Sep 17 00:00:00 2001
From: Madhumita <madhu@gluu.org>
Date: Wed, 25 Sep 2024 13:34:34 +0530
Subject: [PATCH] fix(jans-fido2): #9248 Renaming domain to origin and
 application id to RpId

Signed-off-by: Madhumita <madhu@gluu.org>
---
 .../fido2/service/operation/AssertionService.java  | 14 +++++++-------
 .../service/operation/AttestationService.java      |  6 +++---
 .../persist/AuthenticationPersistenceService.java  |  2 +-
 .../persist/RegistrationPersistenceService.java    |  2 +-
 .../attestation/U2FAttestationProcessor.java       |  2 +-
 .../U2FSuperGluuAttestationProcessor.java          |  2 +-
 .../fido2/service/verifier/AssertionVerifier.java  |  2 +-
 .../service/persist/DeviceRegistrationService.java |  4 ++--
 .../attestation/U2FAttestationProcessorTest.java   | 11 ++++++-----
 9 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
index 7f8f4241a3b..da426f42a99 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AssertionService.java
@@ -188,10 +188,10 @@ public AssertionOptionsResponse options(AssertionOptions assertionOptions) {
 		Fido2AuthenticationData entity = new Fido2AuthenticationData();
 		entity.setUsername(username);
 		entity.setChallenge(challenge);
-		entity.setDomain(documentDomain);
+		entity.setOrigin(documentDomain);
 		entity.setUserVerificationOption(userVerification);
 		entity.setStatus(Fido2AuthenticationStatus.pending);
-		entity.setApplicationId(documentDomain);
+		entity.setRpId(documentDomain);
 		
 
 		// Store original request
@@ -251,10 +251,10 @@ public AsserOptGenerateResponse generateOptions(AssertionOptionsGenerate asserti
 		Fido2AuthenticationData entity = new Fido2AuthenticationData();
 		entity.setUsername(null);
 		entity.setChallenge(challenge);
-		entity.setDomain(documentDomain);
+		entity.setOrigin(documentDomain);
 		entity.setUserVerificationOption(userVerification);
 		entity.setStatus(Fido2AuthenticationStatus.pending);
-		entity.setApplicationId(documentDomain);
+		entity.setRpId(documentDomain);
 
 		// Store original request
 		entity.setAssertionRequest(CommonUtilService.toJsonNode(assertionOptionsGenerate).toString());
@@ -307,7 +307,7 @@ public AttestationOrAssertionResponse verify(AssertionResult assertionResult) {
 		Fido2AuthenticationData authenticationData = authenticationEntity.getAuthenticationData();
 
 		// Verify domain
-		domainVerifier.verifyDomain(authenticationData.getDomain(), clientJsonNode);
+		domainVerifier.verifyDomain(authenticationData.getOrigin(), clientJsonNode);
 
 		// Find registered public key
 		Fido2RegistrationEntry registrationEntry = registrationPersistenceService.findByPublicKeyId(keyId, authenticationEntity.getRpId())
@@ -452,11 +452,11 @@ private Pair<List<PublicKeyCredentialDescriptor>, String> prepareAllowedCredenti
 		});
 
 		Optional<Fido2RegistrationEntry> fidoRegistration = allowedFido2Registrations.parallelStream()
-				.filter(f -> StringUtils.isNotEmpty(f.getRegistrationData().getApplicationId())).findAny();
+				.filter(f -> StringUtils.isNotEmpty(f.getRegistrationData().getRpId())).findAny();
 		String applicationId = null;
 
 		// applicationId should not be sent incase of pure fido2
-		applicationId = fidoRegistration.get().getRegistrationData().getApplicationId();
+		applicationId = fidoRegistration.get().getRegistrationData().getRpId();
 
 		return Pair.of(allowedFido2Keys, applicationId);
 	}
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java
index 528ca52b0c4..f3eea950a9b 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/operation/AttestationService.java
@@ -241,7 +241,7 @@ else if(hints.contains(PublicKeyCredentialHints.SECURITY_KEY.getValue()) || hint
 		entity.setUsername(attestationOptions.getUsername());
 		entity.setUserId(userId);
 		entity.setChallenge(challenge);
-		entity.setDomain(documentDomain);
+		entity.setOrigin(documentDomain);
 		entity.setStatus(Fido2RegistrationStatus.pending);
 		//if (params.hasNonNull(CommonVerifiers.SUPER_GLUU_APP_ID)) {
 		/*
@@ -249,7 +249,7 @@ else if(hints.contains(PublicKeyCredentialHints.SECURITY_KEY.getValue()) || hint
 		 * entity.setApplicationId(attestationOptions.getSuperGluuAppId()); } else {
 		 */
 		// TODO: this can be removed out in the future
-			entity.setApplicationId(documentDomain);
+			entity.setRpId(documentDomain);
 		//}
 
 		// Store original requests
@@ -304,7 +304,7 @@ public AttestationOrAssertionResponse verify(AttestationResult attestationResult
 		Fido2RegistrationData registrationData = registrationEntry.getRegistrationData();
 
 		// Verify domain
-		domainVerifier.verifyDomain(registrationData.getDomain(), clientDataJSONNode);
+		domainVerifier.verifyDomain(registrationData.getOrigin(), clientDataJSONNode);
 
 		// Verify authenticator attestation response
 		CredAndCounterData attestationData = attestationVerifier.verifyAuthenticatorAttestationResponse(attestationResult.getResponse(),
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java
index b661e583306..cb7fce0c181 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/AuthenticationPersistenceService.java
@@ -101,7 +101,7 @@ public Fido2AuthenticationEntry buildFido2AuthenticationEntry(Fido2Authenticatio
         if (StringUtils.isNotEmpty(challenge)) {
         	authenticationEntity.setChallengeHash(challengeGenerator.getChallengeHashCode(challenge));
         }
-        authenticationEntity.setRpId(authenticationData.getApplicationId());
+        authenticationEntity.setRpId(authenticationData.getRpId());
 
         authenticationData.setCreatedDate(now);
         authenticationData.setCreatedBy(userName);
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
index d025f66dabf..e968af063ea 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/persist/RegistrationPersistenceService.java
@@ -91,7 +91,7 @@ public Fido2RegistrationEntry buildFido2RegistrationEntry(Fido2RegistrationData
         if (StringUtils.isNotEmpty(challenge)) {
         	registrationEntry.setChallengeHash(getChallengeHashCode(challenge));
         }
-        registrationEntry.setRpId(registrationData.getApplicationId());
+        registrationEntry.setRpId(registrationData.getRpId());
 
         registrationData.setCreatedDate(now);
         registrationData.setCreatedBy(userName);
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java
index 06b947aad3a..28bd832287d 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessor.java
@@ -99,7 +99,7 @@ public void process(JsonNode attStmt, AuthData authData, Fido2RegistrationData r
         commonVerifiers.verifyAAGUIDZeroed(authData);
 
         userVerificationVerifier.verifyUserPresent(authData);
-        commonVerifiers.verifyRpIdHash(authData, registration.getDomain());
+        commonVerifiers.verifyRpIdHash(authData, registration.getOrigin());
 
         if (attStmt.hasNonNull("x5c")) {
             Iterator<JsonNode> i = attStmt.get("x5c").elements();
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FSuperGluuAttestationProcessor.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FSuperGluuAttestationProcessor.java
index ec22a2c8a6e..7820c743dc1 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FSuperGluuAttestationProcessor.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/processor/attestation/U2FSuperGluuAttestationProcessor.java
@@ -119,7 +119,7 @@ public void process(JsonNode attStmt, AuthData authData, Fido2RegistrationData r
             byte[] challengeHash = DigestUtils.getSha256Digest().digest(registration.getChallenge().getBytes(Charset.forName("UTF-8")));
             
             // RP ID hash is application for Super Gluu
-            byte[] rpIdhash = DigestUtils.getSha256Digest().digest(registration.getApplicationId().getBytes(Charset.forName("UTF-8")));
+            byte[] rpIdhash = DigestUtils.getSha256Digest().digest(registration.getRpId().getBytes(Charset.forName("UTF-8")));
 			
             authenticatorDataVerifier.verifyU2FAttestationSignature(authData, rpIdhash, challengeHash, signature, verifiedCert, alg);
         }
diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/verifier/AssertionVerifier.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/verifier/AssertionVerifier.java
index cf39f9a990a..2f0d100684e 100644
--- a/jans-fido2/server/src/main/java/io/jans/fido2/service/verifier/AssertionVerifier.java
+++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/verifier/AssertionVerifier.java
@@ -93,7 +93,7 @@ public void verifyAuthenticatorAssertionResponse(Response response, Fido2Registr
     public void process(String base64AuthenticatorData, String signature, String clientDataJson, Fido2RegistrationData registration,
             Fido2AuthenticationData authenticationEntity) {
         AuthData authData = authenticatorDataParser.parseAssertionData(base64AuthenticatorData);
-        commonVerifiers.verifyRpIdHash(authData, registration.getDomain());
+        commonVerifiers.verifyRpIdHash(authData, registration.getOrigin());
 
         log.debug("User verification option {}", authenticationEntity.getUserVerificationOption());
         userVerificationVerifier.verifyUserVerificationOption(authenticationEntity.getUserVerificationOption(), authData);
diff --git a/jans-fido2/server/src/main/java/io/jans/u2f/service/persist/DeviceRegistrationService.java b/jans-fido2/server/src/main/java/io/jans/u2f/service/persist/DeviceRegistrationService.java
index a233f8052d5..f8aa49e4ec1 100644
--- a/jans-fido2/server/src/main/java/io/jans/u2f/service/persist/DeviceRegistrationService.java
+++ b/jans-fido2/server/src/main/java/io/jans/u2f/service/persist/DeviceRegistrationService.java
@@ -160,7 +160,7 @@ protected Fido2RegistrationData convertToFido2RegistrationData(String documentDo
 		registrationData.setUpdatedBy(username);
 
 		registrationData.setUsername(username);
-		registrationData.setDomain(documentDomain);
+		registrationData.setOrigin(documentDomain);
 
 		JsonNode uncompressedECPoint = coseService.convertECKeyToUncompressedPoint(
 				base64Service.urlDecode(fidoRegistration.getDeviceRegistrationConfiguration().getPublicKey()));
@@ -179,7 +179,7 @@ protected Fido2RegistrationData convertToFido2RegistrationData(String documentDo
 
 		registrationData.setStatus(Fido2RegistrationStatus.registered);
 		
-		registrationData.setApplicationId(fidoRegistration.getApplication());
+		registrationData.setRpId(fidoRegistration.getApplication());
 
 		return registrationData;
 	}
diff --git a/jans-fido2/server/src/test/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessorTest.java b/jans-fido2/server/src/test/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessorTest.java
index d5f557717bd..42920a77e6f 100644
--- a/jans-fido2/server/src/test/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessorTest.java
+++ b/jans-fido2/server/src/test/java/io/jans/fido2/service/processor/attestation/U2FAttestationProcessorTest.java
@@ -87,7 +87,7 @@ void process_ifAttStmtHasX5cAndVerifyAttestationThrowErrorAndCertificatesIsEmpty
         byte[] clientDataHash = new byte[]{};
         CredAndCounterData credIdAndCounters = mock(CredAndCounterData.class);
         JsonNode x5cNode = mock(JsonNode.class);
-        when(registration.getDomain()).thenReturn("test-domain");
+        when(registration.getOrigin()).thenReturn("test-domain");
         when(attStmt.hasNonNull("x5c")).thenReturn(true);
         when(attStmt.get("x5c")).thenReturn(x5cNode);
         when(x5cNode.elements()).thenReturn(Collections.emptyIterator());
@@ -124,7 +124,7 @@ void process_ifAttStmprocess_ifAttStmtHasX5cAndVerifyAttestationThrowErrorAndCer
         byte[] clientDataHash = new byte[]{};
         CredAndCounterData credIdAndCounters = mock(CredAndCounterData.class);
         JsonNode x5cNode = mock(JsonNode.class);
-        when(registration.getDomain()).thenReturn("test-domain");
+        when(registration.getOrigin()).thenReturn("test-domain");
         when(attStmt.hasNonNull("x5c")).thenReturn(true);
         when(attStmt.get("x5c")).thenReturn(x5cNode);
         when(x5cNode.elements()).thenReturn(Collections.singletonList((JsonNode) new TextNode("cert1")).iterator());
@@ -162,7 +162,8 @@ void process_ifAttStmtHasX5cAndCertificatesIsNotEmptyAndVerifyAttestationIsValid
         byte[] clientDataHash = new byte[]{};
         CredAndCounterData credIdAndCounters = mock(CredAndCounterData.class);
         JsonNode x5cNode = mock(JsonNode.class);
-        when(registration.getDomain()).thenReturn("test-domain");
+        when(registration.getOrigin
+        		()).thenReturn("test-domain");
         when(attStmt.hasNonNull("x5c")).thenReturn(true);
         when(attStmt.get("x5c")).thenReturn(x5cNode);
         when(x5cNode.elements()).thenReturn(Collections.singletonList((JsonNode) new TextNode("cert1")).iterator());
@@ -193,7 +194,7 @@ void process_ifAttStmtHasEcdaaKeyId_badRequestException() {
         Fido2RegistrationData registration = mock(Fido2RegistrationData.class);
         byte[] clientDataHash = new byte[]{};
         CredAndCounterData credIdAndCounters = mock(CredAndCounterData.class);
-        when(registration.getDomain()).thenReturn("test-domain");
+        when(registration.getOrigin()).thenReturn("test-domain");
         when(attStmt.get("sig")).thenReturn(mock(JsonNode.class));
         when(attStmt.hasNonNull("x5c")).thenReturn(false);
         when(attStmt.hasNonNull("ecdaaKeyId")).thenReturn(true);
@@ -222,7 +223,7 @@ void process_ifAttStmtNotIsX5cOrEcdaaKeyId_success() {
         Fido2RegistrationData registration = mock(Fido2RegistrationData.class);
         byte[] clientDataHash = new byte[]{};
         CredAndCounterData credIdAndCounters = mock(CredAndCounterData.class);
-        when(registration.getDomain()).thenReturn("test-domain");
+        when(registration.getOrigin()).thenReturn("test-domain");
         when(authData.getAuthDataDecoded()).thenReturn("test-decoded".getBytes());
         when(attStmt.get("sig")).thenReturn(mock(JsonNode.class));
         when(commonVerifiers.verifyBase64String(any())).thenReturn("test-signature");