Search in sources :

Example 1 with AuthenticatorAttestationType

use of com.webauthn4j.data.AuthenticatorAttestationType in project webauthn4j by webauthn4j.

the class FidoMdsMetadataValidator method validate.

@Override
public void validate(RegistrationObject registrationObject) {
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData(), "authenticatorData must not be null");
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), "attestedCredentialData must not be null");
    AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
    AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
    Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
    List<AuthenticatorAttestationType> authenticatorAttestationTypes = metadataItems.stream().flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
    boolean isSurrogate = !authenticatorAttestationTypes.isEmpty() && authenticatorAttestationTypes.stream().allMatch(type -> type.equals(AuthenticatorAttestationType.BASIC_SURROGATE));
    if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
        CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
        if (certificateBaseAttestationStatement.getX5c() != null) {
            throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
        }
    }
    for (MetadataItem metadataItem : metadataItems) {
        doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
    }
}
Also used : X509Certificate(java.security.cert.X509Certificate) RegistrationObject(com.webauthn4j.validator.RegistrationObject) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) BadStatusException(com.webauthn4j.metadata.exception.BadStatusException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) Set(java.util.Set) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) Collectors(java.util.stream.Collectors) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType) List(java.util.List) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) CustomRegistrationValidator(com.webauthn4j.validator.CustomRegistrationValidator) AssertUtil(com.webauthn4j.util.AssertUtil) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType)

Aggregations

ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)1 AuthenticatorAttestationType (com.webauthn4j.data.AuthenticatorAttestationType)1 AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)1 AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)1 CertificateBaseAttestationStatement (com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement)1 BadStatusException (com.webauthn4j.metadata.exception.BadStatusException)1 MetadataItem (com.webauthn4j.metadata.legacy.data.MetadataItem)1 AssertUtil (com.webauthn4j.util.AssertUtil)1 CustomRegistrationValidator (com.webauthn4j.validator.CustomRegistrationValidator)1 RegistrationObject (com.webauthn4j.validator.RegistrationObject)1 BadAttestationStatementException (com.webauthn4j.validator.exception.BadAttestationStatementException)1 X509Certificate (java.security.cert.X509Certificate)1 List (java.util.List)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1