Examples with CertificateBaseAttestationStatement com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement used on opensource projects

Search in sources :

Example 1 with CertificateBaseAttestationStatement

use of com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement in project webauthn4j by webauthn4j.

the class FidoMdsMetadataValidator method validate.

@Override
public void validate(RegistrationObject registrationObject) {
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData(), "authenticatorData must not be null");
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), "attestedCredentialData must not be null");
    AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
    AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
    Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
    List<AuthenticatorAttestationType> authenticatorAttestationTypes = metadataItems.stream().flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
    boolean isSurrogate = !authenticatorAttestationTypes.isEmpty() && authenticatorAttestationTypes.stream().allMatch(type -> type.equals(AuthenticatorAttestationType.BASIC_SURROGATE));
    if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
        CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
        if (certificateBaseAttestationStatement.getX5c() != null) {
            throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
        }
    }
    for (MetadataItem metadataItem : metadataItems) {
        doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
    }
}
Also used : X509Certificate(java.security.cert.X509Certificate) RegistrationObject(com.webauthn4j.validator.RegistrationObject) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) BadStatusException(com.webauthn4j.metadata.exception.BadStatusException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) Set(java.util.Set) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) Collectors(java.util.stream.Collectors) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType) List(java.util.List) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) CustomRegistrationValidator(com.webauthn4j.validator.CustomRegistrationValidator) AssertUtil(com.webauthn4j.util.AssertUtil) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType)

Example 2 with CertificateBaseAttestationStatement

use of com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement in project webauthn4j by webauthn4j.

the class DefaultCertPathTrustworthinessValidatorTest method validate_full_chain_test.

@Test
void validate_full_chain_test() {
    Set<TrustAnchor> trustAnchors = CertificateUtil.generateTrustAnchors(Collections.singletonList(TestAttestationUtil.load3tierTestRootCACertificate()));
    when(trustAnchorRepository.find(aaguid)).thenReturn(trustAnchors);
    AttestationCertificatePath attestationCertificatePath = new AttestationCertificatePath(Arrays.asList(TestAttestationUtil.load3tierTestAuthenticatorAttestationCertificate(), TestAttestationUtil.load3tierTestIntermediateCACertificate(), TestAttestationUtil.load3tierTestRootCACertificate()));
    CertificateBaseAttestationStatement attestationStatement = TestAttestationStatementUtil.createBasicPackedAttestationStatement(attestationCertificatePath);
    target.setFullChainProhibited(true);
    assertThrows(CertificateException.class, () -> target.validate(aaguid, attestationStatement));
}
Also used : CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath) TrustAnchor(java.security.cert.TrustAnchor) Test(org.junit.jupiter.api.Test)

Example 3 with CertificateBaseAttestationStatement

use of com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement in project webauthn4j by webauthn4j.

the class DefaultCertPathTrustworthinessValidatorTest method validate_with_empty_trustAnchors_test.

@Test
void validate_with_empty_trustAnchors_test() {
    Set<TrustAnchor> trustAnchors = Collections.emptySet();
    when(trustAnchorRepository.find(aaguid)).thenReturn(trustAnchors);
    CertificateBaseAttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement(TestAttestationUtil.load2tierTestAttestationCertificatePath());
    assertThrows(TrustAnchorNotFoundException.class, () -> target.validate(aaguid, attestationStatement));
}
Also used : CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) TrustAnchor(java.security.cert.TrustAnchor) Test(org.junit.jupiter.api.Test)

Example 4 with CertificateBaseAttestationStatement

use of com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement in project webauthn4j by webauthn4j.

the class DefaultCertPathTrustworthinessValidatorTest method validate_u2f_test.

@Test
void validate_u2f_test() {
    Set<TrustAnchor> trustAnchors = CertificateUtil.generateTrustAnchors(Collections.singletonList(TestAttestationUtil.load2tierTestRootCACertificate()));
    when(trustAnchorRepository.find((byte[]) any())).thenReturn(trustAnchors);
    CertificateBaseAttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement(TestAttestationUtil.load2tierTestAttestationCertificatePath());
    target.validate(aaguid, attestationStatement);
}
Also used : CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) TrustAnchor(java.security.cert.TrustAnchor) Test(org.junit.jupiter.api.Test)

Example 5 with CertificateBaseAttestationStatement

use of com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement in project webauthn4j by webauthn4j.

the class TrustAnchorCertPathTrustworthinessValidatorTest method validate_test.

@Test
void validate_test() {
    Set<TrustAnchor> trustAnchors = CertificateUtil.generateTrustAnchors(Collections.singletonList(TestAttestationUtil.load2tierTestRootCACertificate()));
    when(trustAnchorsResolver.resolve(aaguid)).thenReturn(trustAnchors);
    CertificateBaseAttestationStatement attestationStatement = TestAttestationStatementUtil.createFIDOU2FAttestationStatement(TestAttestationUtil.load2tierTestAttestationCertificatePath());
    target.validate(aaguid, attestationStatement);
}
Also used : CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) TrustAnchor(java.security.cert.TrustAnchor) Test(org.junit.jupiter.api.Test)

Aggregations

CertificateBaseAttestationStatement (com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement)9 TrustAnchor (java.security.cert.TrustAnchor)7 Test (org.junit.jupiter.api.Test)7 AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)2 AttestationCertificatePath (com.webauthn4j.data.attestation.statement.AttestationCertificatePath)2 AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)2 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)1 AuthenticatorAttestationType (com.webauthn4j.data.AuthenticatorAttestationType)1 AttestationObject (com.webauthn4j.data.attestation.AttestationObject)1 AttestationType (com.webauthn4j.data.attestation.statement.AttestationType)1 FIDOU2FAttestationStatement (com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)1 BadStatusException (com.webauthn4j.metadata.exception.BadStatusException)1 MetadataItem (com.webauthn4j.metadata.legacy.data.MetadataItem)1 AssertUtil (com.webauthn4j.util.AssertUtil)1 CustomRegistrationValidator (com.webauthn4j.validator.CustomRegistrationValidator)1 RegistrationObject (com.webauthn4j.validator.RegistrationObject)1 BadAttestationStatementException (com.webauthn4j.validator.exception.BadAttestationStatementException)1 X509Certificate (java.security.cert.X509Certificate)1 List (java.util.List)1 Set (java.util.Set)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial