use of com.webauthn4j.data.attestation.statement.AppleAnonymousAttestationStatement in project webauthn4j by webauthn4j.
the class AppleAnonymousAttestationStatementValidator method validate.
// ~ Instance fields
// ================================================================================================
@Override
@NonNull
public AttestationType validate(@NonNull CoreRegistrationObject registrationObject) {
AssertUtil.notNull(registrationObject, "registrationObject must not be null");
if (!supports(registrationObject)) {
throw new IllegalArgumentException(String.format("Specified format '%s' is not supported by %s.", registrationObject.getAttestationObject().getFormat(), this.getClass().getName()));
}
AppleAnonymousAttestationStatement attestationStatement = (AppleAnonymousAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
validateAttestationStatementNotNull(attestationStatement);
validateNonce(registrationObject);
validatePublicKey(registrationObject, attestationStatement);
return AttestationType.BASIC;
}
use of com.webauthn4j.data.attestation.statement.AppleAnonymousAttestationStatement in project webauthn4j by webauthn4j.
the class AppleAnonymousAttestationStatementValidator method validateNonce.
private void validateNonce(@NonNull CoreRegistrationObject registrationObject) {
AppleAnonymousAttestationStatement attestationStatement = (AppleAnonymousAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
byte[] nonce = getNonce(registrationObject);
byte[] extensionValue = attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getExtensionValue("1.2.840.113635.100.8.2");
byte[] extracted;
try {
Asn1OctetString extensionEnvelope = new Asn1OctetString();
extensionEnvelope.decode(extensionValue);
extensionEnvelope.getValue();
byte[] extensionEnvelopeValue = extensionEnvelope.getValue();
Asn1Container container = (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(extensionEnvelopeValue));
Asn1ParseResult firstElement = container.getChildren().get(0);
Asn1OctetString octetString = new Asn1OctetString();
octetString.decode(firstElement);
extracted = octetString.getValue();
} catch (IOException | RuntimeException e) {
throw new BadAttestationStatementException("Failed to extract nonce from Apple anonymous attestation statement.", e);
}
// there is no need to prevent timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
if (!Arrays.equals(extracted, nonce)) {
throw new BadAttestationStatementException("nonce doesn't match.");
}
}
Aggregations