Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:54 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Sep 21, 2011 7:48 am 
Offline

Joined: Wed Sep 21, 2011 7:24 am
Posts: 1
I recently checked out the Yubico Java client (https://github.com/Yubico/yubico-java-client) but when I try to package it (mvn package) I get the following failure:
Quote:
Failed tests:
testBadOTP(com.yubico.client.v2.YubicoClientTest)

More detail from the report:
Code:
testBadOTP(com.yubico.client.v2.YubicoClientTest)  Time elapsed: 3.757 sec  <<< FAILURE!
java.lang.AssertionError:
at org.junit.Assert.fail(Assert.java:91)
at org.junit.Assert.assertTrue(Assert.java:43)
at org.junit.Assert.assertNotNull(Assert.java:524)
at org.junit.Assert.assertNotNull(Assert.java:535)
at com.yubico.client.v2.YubicoClientTest.testBadOTP(YubicoClientTest.java:58)

I did some digging around in the code and it appears the test is failing because of a null response; the reason it's null is that the client (com.yubico.client.v2.impl.YubicoClientImpl.java) appears to be expecting the otp and nonce fields to be present in the response but they aren't. For example, it sends this request: http://api.yubico.com/wsapi/2.0/verify?id=4711&otp=kaka&timestamp=1&nonce=88b2a1c644e6451491e86304a0a43031

And gets this response back:
Quote:
h=W0/njCTAq0X+QYS3SgZR2uP3Veg=
t=2011-09-21T06:01:38Z0993
status=BAD_OTP

The nonce and otp fields are missing - in the replayed OTP test, the nonce and otp fields ARE present in the response.

I am a bit confused as to what fields SHOULD be in a server response as the Validation Protocol 2.0 (http://code.google.com/p/yubikey-val-server-php/wiki/ValidationProtocolV20) doesn't appear to mention nonce and otp as fields that are returned in a response (Should they always be present?).

Any thoughts on how to get it to pass the tests so it will build correctly?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Dec 07, 2011 2:52 pm 
For the record, this was resolved by the OP in a patch that has now been applied to the Java validation client.

/Fredrik


Top
  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group