Search in sources :

Example 1 with DCAttestationData

use of com.webauthn4j.appattest.data.DCAttestationData in project webauthn4j by webauthn4j.

the class DeviceCheckAttestationManager method parse.

@SuppressWarnings("java:S1130")
@NonNull
public DCAttestationData parse(@NonNull DCAttestationRequest dcAttestationRequest) throws DataConversionException {
    AssertUtil.notNull(dcAttestationRequest, "dcAttestationRequest must not be null");
    byte[] keyId = dcAttestationRequest.getKeyId();
    byte[] attestationObjectBytes = dcAttestationRequest.getAttestationObject();
    byte[] clientDataHash = dcAttestationRequest.getClientDataHash();
    AttestationObject attestationObject = attestationObjectBytes == null ? null : attestationObjectConverter.convert(attestationObjectBytes);
    return new DCAttestationData(keyId, attestationObject, attestationObjectBytes, clientDataHash);
}
Also used : AttestationObject(com.webauthn4j.data.attestation.AttestationObject) DCAttestationData(com.webauthn4j.appattest.data.DCAttestationData) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 2 with DCAttestationData

use of com.webauthn4j.appattest.data.DCAttestationData in project webauthn4j by webauthn4j.

the class DCAttestationDataValidator method validateKeyId.

private void validateKeyId(@NonNull CoreRegistrationData registrationData) {
    DCAttestationData dcAttestationData = (DCAttestationData) registrationData;
    byte[] keyId = dcAttestationData.getKeyId();
    // noinspection ConstantConditions as null check is already done in caller
    byte[] credentialId = registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCredentialId();
    // there is no need to prevent timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
    if (!Arrays.equals(keyId, credentialId)) {
        throw new BadAttestationStatementException("key identifier doesn't match credentialId.");
    }
}
Also used : BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) DCAttestationData(com.webauthn4j.appattest.data.DCAttestationData)

Example 3 with DCAttestationData

use of com.webauthn4j.appattest.data.DCAttestationData in project webauthn4j by webauthn4j.

the class DCAttestationDataValidator method createCoreRegistrationObject.

@Override
@NonNull
protected CoreRegistrationObject createCoreRegistrationObject(@NonNull CoreRegistrationData registrationData, @NonNull CoreRegistrationParameters registrationParameters) {
    AssertUtil.notNull(registrationData, "authenticationData must not be null");
    AssertUtil.notNull(registrationData, "authenticationParameters must not be null");
    DCAttestationData dcAttestationData = (DCAttestationData) registrationData;
    // noinspection ConstantConditions null check is already done in caller
    return new DCRegistrationObject(dcAttestationData.getKeyId(), registrationData.getAttestationObject(), registrationData.getAttestationObjectBytes(), registrationData.getClientDataHash(), registrationParameters.getServerProperty(), Instant.now());
}
Also used : DCAttestationData(com.webauthn4j.appattest.data.DCAttestationData) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Aggregations

DCAttestationData (com.webauthn4j.appattest.data.DCAttestationData)3 NonNull (org.checkerframework.checker.nullness.qual.NonNull)2 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)1 BadAttestationStatementException (com.webauthn4j.validator.exception.BadAttestationStatementException)1