use of com.webauthn4j.data.AuthenticatorAttestationType in project webauthn4j by webauthn4j.
the class FidoMdsMetadataValidator method validate.
@Override
public void validate(RegistrationObject registrationObject) {
AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData(), "authenticatorData must not be null");
AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), "attestedCredentialData must not be null");
AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
List<AuthenticatorAttestationType> authenticatorAttestationTypes = metadataItems.stream().flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
boolean isSurrogate = !authenticatorAttestationTypes.isEmpty() && authenticatorAttestationTypes.stream().allMatch(type -> type.equals(AuthenticatorAttestationType.BASIC_SURROGATE));
if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
if (certificateBaseAttestationStatement.getX5c() != null) {
throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
}
}
for (MetadataItem metadataItem : metadataItems) {
doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
}
}
Aggregations