Example 1 with FIDOU2FAttestationStatement
use of com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement in project webauthn4j by webauthn4j.
the class FIDOU2FAuthenticatorAdaptor method register.
@Override
public CredentialCreationResponse register(PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions, CollectedClientData collectedClientData, RegistrationEmulationOption registrationEmulationOption, AttestationOption attestationOption) {
String rpId = publicKeyCredentialCreationOptions.getRp().getId();
byte[] rpIdHash = MessageDigestUtil.createSHA256().digest(rpId.getBytes(StandardCharsets.UTF_8));
byte[] challengeParameter = MessageDigestUtil.createSHA256().digest(collectedClientDataConverter.convertToBytes(collectedClientData));
// noinspection UnnecessaryLocalVariable
byte[] applicationParameter = rpIdHash;
RegistrationRequest registrationRequest = new RegistrationRequest(challengeParameter, applicationParameter);
RegistrationResponse registrationResponse = fidoU2FAuthenticator.register(registrationRequest, registrationEmulationOption);
AttestationStatement attestationStatement = new FIDOU2FAttestationStatement(new AttestationCertificatePath(Collections.singletonList(registrationResponse.getAttestationCertificate())), registrationResponse.getSignature());
EC2COSEKey ec2CredentialPublicKey = EC2COSEKey.createFromUncompressedECCKey(registrationResponse.getUserPublicKey());
// zero-filled 16bytes(128bits) array
AAGUID aaguid = AAGUID.ZERO;
AttestedCredentialData attestedCredentialData = new AttestedCredentialData(aaguid, registrationResponse.getKeyHandle(), ec2CredentialPublicKey);
byte flag = BIT_AT | BIT_UP;
AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = new AuthenticatorData<>(rpIdHash, flag, 0, attestedCredentialData);
AttestationObject attestationObject = new AttestationObject(authenticatorData, attestationStatement);
return new CredentialCreationResponse(attestationObject);
}
Also used :
AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath)
AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID)
RegistrationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)
AttestedCredentialData(com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)
AuthenticatorData(com.webauthn4j.data.attestation.authenticator.AuthenticatorData)
AttestationObject(com.webauthn4j.data.attestation.AttestationObject)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
EC2COSEKey(com.webauthn4j.data.attestation.authenticator.EC2COSEKey)
CredentialCreationResponse(com.webauthn4j.test.authenticator.CredentialCreationResponse)
Example 2 with FIDOU2FAttestationStatement
use of com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement in project webauthn4j by webauthn4j.
the class FIDOU2FAttestationStatementValidatorTest method validateAttestationStatement_test.
@Test
void validateAttestationStatement_test() {
FIDOU2FAttestationStatement attestationStatement = mock(FIDOU2FAttestationStatement.class);
when(attestationStatement.getX5c()).thenReturn(new AttestationCertificatePath(Arrays.asList(TestAttestationUtil.load3tierTestAuthenticatorAttestationCertificate(), TestAttestationUtil.load3tierTestIntermediateCACertificate())));
assertThrows(BadAttestationStatementException.class, () -> target.validateAttestationStatement(attestationStatement));
}
Also used :
AttestationCertificatePath(com.webauthn4j.data.attestation.statement.AttestationCertificatePath)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
Test(org.junit.jupiter.api.Test)
Example 3 with FIDOU2FAttestationStatement
use of com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement in project webauthn4j by webauthn4j.
the class FIDOU2FAttestationStatementValidator method validate.
/**
* {@link AttestationType}.BASIC is always returned as RP cannot differentiate between BASIC and Attestation CA from the attestation data,
*
* @return AttestationType.BASIC
*/
@Override
@NonNull
public AttestationType validate(@NonNull CoreRegistrationObject registrationObject) {
AssertUtil.notNull(registrationObject, "registrationObject must not be null");
if (!supports(registrationObject)) {
throw new IllegalArgumentException("Specified format is not supported by " + this.getClass().getName());
}
FIDOU2FAttestationStatement attestationStatement = (FIDOU2FAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
validateAttestationStatementNotNull(attestationStatement);
validateAttestationStatement(attestationStatement);
validateSignature(registrationObject);
return AttestationType.BASIC;
}
Also used :
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
NonNull(org.checkerframework.checker.nullness.qual.NonNull)
Example 4 with FIDOU2FAttestationStatement
use of com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement in project webauthn4j by webauthn4j.
the class FIDOU2FAttestationStatementValidator method validateSignature.
private void validateSignature(@NonNull CoreRegistrationObject registrationObject) {
FIDOU2FAttestationStatement attestationStatement = (FIDOU2FAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
byte[] signedData = getSignedData(registrationObject);
byte[] signature = attestationStatement.getSig();
PublicKey publicKey = getPublicKey(attestationStatement);
try {
Signature verifier = Signature.getInstance("SHA256withECDSA");
verifier.initVerify(publicKey);
verifier.update(signedData);
if (verifier.verify(signature)) {
return;
}
throw new BadSignatureException("`sig` in attestation statement is not valid signature. Please refer U2F Raw Message Formats. https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html");
} catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException e) {
throw new BadSignatureException("`sig` in attestation statement is not valid signature. Please refer U2F Raw Message Formats. https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-raw-message-formats-v1.1-id-20160915.html");
}
}
Also used :
BadSignatureException(com.webauthn4j.validator.exception.BadSignatureException)
ECPublicKey(java.security.interfaces.ECPublicKey)
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
BadSignatureException(com.webauthn4j.validator.exception.BadSignatureException)
Example 5 with FIDOU2FAttestationStatement
use of com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement in project webauthn4j by webauthn4j.
the class DefaultCertPathTrustworthinessValidator method validate.
@Override
public void validate(@NonNull AAGUID aaguid, @NonNull CertificateBaseAttestationStatement attestationStatement, @NonNull Instant timestamp) {
AssertUtil.notNull(aaguid, "aaguid must not be null");
AssertUtil.notNull(aaguid, "attestationStatement must not be null");
AssertUtil.notNull(aaguid, "timestamp must not be null");
// noinspection ConstantConditions as null check is already done in caller
CertPath certPath = attestationStatement.getX5c().createCertPath();
Set<TrustAnchor> trustAnchors;
if (attestationStatement instanceof FIDOU2FAttestationStatement) {
FIDOU2FAttestationStatement fidou2fAttestationStatement = (FIDOU2FAttestationStatement) attestationStatement;
byte[] subjectKeyIdentifier = CertificateUtil.extractSubjectKeyIdentifier(fidou2fAttestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate());
trustAnchors = trustAnchorRepository.find(subjectKeyIdentifier);
} else {
trustAnchors = trustAnchorRepository.find(aaguid);
}
validateCertPath(certPath, trustAnchors, timestamp);
}
Also used :
FIDOU2FAttestationStatement(com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)
Aggregations
FIDOU2FAttestationStatement (com.webauthn4j.data.attestation.statement.FIDOU2FAttestationStatement)6
AttestationCertificatePath (com.webauthn4j.data.attestation.statement.AttestationCertificatePath)3
Test (org.junit.jupiter.api.Test)2
AttestationObject (com.webauthn4j.data.attestation.AttestationObject)1
AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)1
AttestedCredentialData (com.webauthn4j.data.attestation.authenticator.AttestedCredentialData)1
AuthenticatorData (com.webauthn4j.data.attestation.authenticator.AuthenticatorData)1
EC2COSEKey (com.webauthn4j.data.attestation.authenticator.EC2COSEKey)1
AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)1
RegistrationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)1
CredentialCreationResponse (com.webauthn4j.test.authenticator.CredentialCreationResponse)1
BadSignatureException (com.webauthn4j.validator.exception.BadSignatureException)1
ECPublicKey (java.security.interfaces.ECPublicKey)1
NonNull (org.checkerframework.checker.nullness.qual.NonNull)1
