Examples with MDSException com.webauthn4j.metadata.exception.MDSException used on opensource projects

Search in sources :

Example 1 with MDSException

use of com.webauthn4j.metadata.exception.MDSException in project webauthn4j by webauthn4j.

the class FidoMdsMetadataItemsProvider method fetchMetadataStatement.

MetadataStatement fetchMetadataStatement(String uri, byte[] expectedHash) {
    String uriWithToken = appendToken(uri, token);
    String metadataStatementBase64url = httpClient.fetch(uriWithToken);
    String metadataStatementStr = new String(Base64UrlUtil.decode(metadataStatementBase64url));
    byte[] hash = MessageDigestUtil.createSHA256().digest(metadataStatementBase64url.getBytes(StandardCharsets.UTF_8));
    // As hash is known data to statement provider, there is no risk of timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
    if (!Arrays.equals(hash, expectedHash)) {
        throw new MDSException("Hash of metadataStatement doesn't match");
    }
    MetadataStatement metadataStatement = jsonConverter.readValue(metadataStatementStr, MetadataStatement.class);
    metadataStatementValidator.validate(metadataStatement);
    return metadataStatement;
}
Also used : MetadataStatement(com.webauthn4j.metadata.legacy.data.statement.MetadataStatement) MDSException(com.webauthn4j.metadata.exception.MDSException)

Example 2 with MDSException

use of com.webauthn4j.metadata.exception.MDSException in project webauthn4j by webauthn4j.

the class FidoMDS3MetadataBLOBProvider method validateCertPath.

private void validateCertPath(@NonNull MetadataBLOB metadataBLOB) {
    CertPath certPath = metadataBLOB.getHeader().getX5c();
    CertPathValidator certPathValidator = CertificateUtil.createCertPathValidator();
    PKIXParameters certPathParameters = CertificateUtil.createPKIXParameters(trustAnchors);
    certPathParameters.setRevocationEnabled(revocationCheckEnabled);
    if (revocationCheckEnabled) {
        PKIXRevocationChecker pkixRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
        pkixRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS));
        certPathParameters.addCertPathChecker(pkixRevocationChecker);
    }
    try {
        certPathValidator.validate(certPath, certPathParameters);
    } catch (InvalidAlgorithmParameterException e) {
        throw new MDSException("invalid algorithm parameter", e);
    } catch (CertPathValidatorException e) {
        throw new MDSException("invalid cert path", e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) MDSException(com.webauthn4j.metadata.exception.MDSException)

Example 3 with MDSException

use of com.webauthn4j.metadata.exception.MDSException in project webauthn4j by webauthn4j.

the class FidoMDS3MetadataBLOBProvider method doProvide.

@Override
@NonNull
protected MetadataBLOB doProvide() {
    String responseBody = httpClient.fetch(blobEndpoint);
    MetadataBLOB metadataBLOB = metadataBLOBFactory.parse(responseBody);
    if (!metadataBLOB.isValidSignature()) {
        throw new MDSException("MetadataBLOB signature is invalid");
    }
    validateCertPath(metadataBLOB);
    return metadataBLOB;
}
Also used : MetadataBLOB(com.webauthn4j.metadata.data.MetadataBLOB) MDSException(com.webauthn4j.metadata.exception.MDSException) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 4 with MDSException

use of com.webauthn4j.metadata.exception.MDSException in project webauthn4j by webauthn4j.

the class FidoMdsMetadataItemsProvider method validateCertPath.

private void validateCertPath(JWS<MetadataTOCPayload> jws) {
    Set<TrustAnchor> trustAnchors = Collections.singleton(trustAnchor);
    CertPath certPath = jws.getHeader().getX5c();
    CertPathValidator certPathValidator = CertificateUtil.createCertPathValidator();
    PKIXParameters certPathParameters = CertificateUtil.createPKIXParameters(trustAnchors);
    PKIXRevocationChecker pkixRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
    pkixRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS));
    certPathParameters.addCertPathChecker(pkixRevocationChecker);
    try {
        certPathValidator.validate(certPath, certPathParameters);
    } catch (InvalidAlgorithmParameterException e) {
        throw new MDSException("invalid algorithm parameter", e);
    } catch (CertPathValidatorException e) {
        throw new MDSException("invalid cert path", e);
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) MDSException(com.webauthn4j.metadata.exception.MDSException)

Example 5 with MDSException

use of com.webauthn4j.metadata.exception.MDSException in project webauthn4j by webauthn4j.

the class SimpleHttpClient method fetch.

@Override
@NonNull
public String fetch(@NonNull String url) {
    try {
        URL fetchUrl = new URL(url);
        HttpURLConnection urlConnection = (HttpURLConnection) fetchUrl.openConnection();
        urlConnection.setRequestMethod("GET");
        urlConnection.connect();
        int status = urlConnection.getResponseCode();
        if (status == HttpURLConnection.HTTP_OK) {
            InputStream inputStream = urlConnection.getInputStream();
            BufferedInputStream bis = new BufferedInputStream(inputStream);
            ByteArrayOutputStream buf = new ByteArrayOutputStream();
            int result = bis.read();
            while (result != -1) {
                buf.write((byte) result);
                result = bis.read();
            }
            bis.close();
            return buf.toString("UTF-8");
        }
        throw new MDSException("failed to fetch " + url);
    } catch (IOException e) {
        throw new MDSException("failed to fetch " + url, e);
    }
}
Also used : HttpURLConnection(java.net.HttpURLConnection) BufferedInputStream(java.io.BufferedInputStream) BufferedInputStream(java.io.BufferedInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) MDSException(com.webauthn4j.metadata.exception.MDSException) URL(java.net.URL) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Aggregations

MDSException (com.webauthn4j.metadata.exception.MDSException)5 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 NonNull (org.checkerframework.checker.nullness.qual.NonNull)2 MetadataBLOB (com.webauthn4j.metadata.data.MetadataBLOB)1 MetadataStatement (com.webauthn4j.metadata.legacy.data.statement.MetadataStatement)1 BufferedInputStream (java.io.BufferedInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 HttpURLConnection (java.net.HttpURLConnection)1 URL (java.net.URL)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial