Example 1 with EC2COSEKey
use of com.webauthn4j.data.attestation.authenticator.EC2COSEKey in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorAdaptor method register.
@Override
public CredentialCreationResponse register(PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions, CollectedClientData collectedClientData, RegistrationEmulationOption registrationEmulationOption, AttestationOption attestationOption) {
String rpId = publicKeyCredentialCreationOptions.getRp().getId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte[] challengeParameter = MessageDigestUtil.createSHA256().digest(collectedClientDataConverter.convertToBytes(collectedClientData));
// noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
RegistrationRequest registrationRequest = new RegistrationRequest(challengeParameter, applicationParameter);
RegistrationResponse registrationResponse = fidoU2FAuthenticator.register(registrationRequest, registrationEmulationOption);
AttestationStatement attestationStatement = new FIDOU2FAttestationStatement(new AttestationCertificatePath(Collections.singletonList(registrationResponse.getAttestationCertificate())), registrationResponse.getSignature());
EC2COSEKey ec2CredentialPublicKey = EC2COSEKey.createFromUncompressedECCKey(registrationResponse.getUserPublicKey());
// zero-filled 16bytes(128bits) array
AAGUID aaguid = AAGUID.ZERO;
AttestedCredentialData attestedCredentialData = new AttestedCredentialData(aaguid, registrationResponse.getKeyHandle(), ec2CredentialPublicKey);
byte flag = BIT_AT | BIT_UP;
AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = new AuthenticatorData<>(rpIdHash, flag, 0, attestedCredentialData);
AttestationObject attestationObject = new AttestationObject(authenticatorData, attestationStatement);
return new CredentialCreationResponse(attestationObject);
}
Also used :
AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath)
AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID)
RegistrationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)
AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)
AuthenticatorData(com.webauthn4j.data.attestation.authenticator.AuthenticatorData)
AttestationObject(com.webauthn4j.data.attestation.AttestationObject)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
EC2COSEKey(com.webauthn4j.data.attestation.authenticator.EC2COSEKey)
CredentialCreationResponse(com.webauthn4j.test.authenticator.CredentialCreationResponse)
Example 2 with EC2COSEKey
use of com.webauthn4j.data.attestation.authenticator.EC2COSEKey in project webauthn4j by webauthn4j.
the class FIDOU2FAttestationStatementValidator method getSignedData.
private byte[] getSignedData(@NonNull CoreRegistrationObject registrationObject) {
String rpId = registrationObject.getServerProperty().getRpId();
MessageDigest messageDigest = MessageDigestUtil.createSHA256();
AttestationObject attestationObject = registrationObject.getAttestationObject();
// noinspection ConstantConditions as null check is already done in caller
EC2COSEKey credentialPublicKey = (EC2COSEKey) attestationObject.getAuthenticatorData().getAttestedCredentialData().getCOSEKey();
byte[] rpIdBytes = rpId.getBytes(StandardCharsets.UTF_8);
byte[] applicationParameter = messageDigest.digest(rpIdBytes);
byte[] challengeParameter = registrationObject.getClientDataHash();
byte[] keyHandle = attestationObject.getAuthenticatorData().getAttestedCredentialData().getCredentialId();
byte[] userPublicKeyBytes = getPublicKeyBytes(credentialPublicKey);
ByteBuffer byteBuffer = ByteBuffer.allocate(1 + 32 + 32 + keyHandle.length + 65);
// RFU
byteBuffer.put((byte) 0x00);
byteBuffer.put(applicationParameter);
byteBuffer.put(challengeParameter);
byteBuffer.put(keyHandle);
byteBuffer.put(userPublicKeyBytes);
return byteBuffer.array();
}
Also used :
AttestationObject(com.webauthn4j.data.attestation.AttestationObject)
EC2COSEKey(com.webauthn4j.data.attestation.authenticator.EC2COSEKey)
ByteBuffer(java.nio.ByteBuffer)
Example 3 with EC2COSEKey
use of com.webauthn4j.data.attestation.authenticator.EC2COSEKey in project webauthn4j by webauthn4j.
the class CoreRegistrationDataValidatorTest method validateCOSEKey_test.
@Test
void validateCOSEKey_test() {
EC2COSEKey original = EC2COSEKey.create((ECPrivateKey) ECUtil.createKeyPair().getPrivate());
EC2COSEKey ec2COSEKey = new EC2COSEKey(original.getKeyId(), COSEAlgorithmIdentifier.ES256, original.getKeyOps(), original.getCurve(), null, null, original.getD());
assertThatThrownBy(() -> target.validateCOSEKey(ec2COSEKey)).isInstanceOf(ConstraintViolationException.class);
}
Also used :
EC2COSEKey(com.webauthn4j.data.attestation.authenticator.EC2COSEKey)
Test(org.junit.jupiter.api.Test)
Aggregations
EC2COSEKey (com.webauthn4j.data.attestation.authenticator.EC2COSEKey)3
AttestationObject (com.webauthn4j.data.attestation.AttestationObject)2
AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)1
AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)1
AuthenticatorData (com.webauthn4j.data.attestation.authenticator.AuthenticatorData)1
AttestationCertificatePath (com.webauthn4j.data.attestation.statement.AttestationCertificatePath)1
AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)1
FIDOU2FAttestationStatement (com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)1
RegistrationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)1
CredentialCreationResponse (com.webauthn4j.test.authenticator.CredentialCreationResponse)1
ByteBuffer (java.nio.ByteBuffer)1
Test (org.junit.jupiter.api.Test)1
