use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.
the class FidoMdsMetadataItemsProvider method refresh.
private void refresh() {
MetadataTOCPayload tocPayload = fetchMetadataTOCPayload(false);
cachedMetadataItemMap = tocPayload.getEntries().parallelStream().map(entry -> {
try {
return fetchFidoMdsMetadataItem(entry);
} catch (RuntimeException e) {
logger.warn("Failed to fetch MetadataTOCPayLoad", e);
return null;
}
}).filter(Objects::nonNull).distinct().collect(Collectors.groupingBy(MetadataItem::getAaguid)).entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> Collections.unmodifiableSet(new HashSet<>(entry.getValue()))));
nextUpdate = tocPayload.getNextUpdate().atStartOfDay().atOffset(ZoneOffset.UTC);
lastRefresh = OffsetDateTime.now(ZoneOffset.UTC);
}
use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.
the class FidoMdsMetadataValidator method validate.
@Override
public void validate(RegistrationObject registrationObject) {
AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData(), "authenticatorData must not be null");
AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), "attestedCredentialData must not be null");
AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
List<AuthenticatorAttestationType> authenticatorAttestationTypes = metadataItems.stream().flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
boolean isSurrogate = !authenticatorAttestationTypes.isEmpty() && authenticatorAttestationTypes.stream().allMatch(type -> type.equals(AuthenticatorAttestationType.BASIC_SURROGATE));
if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
if (certificateBaseAttestationStatement.getX5c() != null) {
throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
}
}
for (MetadataItem metadataItem : metadataItems) {
doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
}
}
use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.
the class AggregatingMetadataItemsProviderTest method provide_test_common_entry_returned_from_providers.
@Test
void provide_test_common_entry_returned_from_providers() {
MetadataItem metadataItemA = mock(MetadataItem.class);
MetadataItem metadataItemB = mock(MetadataItem.class);
MetadataItemsProvider providerA = mock(MetadataItemsProvider.class);
Map<AAGUID, Set<MetadataItem>> mapA = new HashMap<>();
mapA.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Collections.singletonList(metadataItemA)));
when(providerA.provide()).thenReturn(mapA);
MetadataItemsProvider providerB = mock(MetadataItemsProvider.class);
Map<AAGUID, Set<MetadataItem>> mapB = new HashMap<>();
mapB.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Arrays.asList(metadataItemA, metadataItemB)));
when(providerB.provide()).thenReturn(mapB);
MetadataItemsProvider target = new AggregatingMetadataItemsProvider(Arrays.asList(providerA, providerB));
assertThat(target.provide().keySet()).containsExactly(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"));
assertThat(target.provide().get(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"))).containsExactlyInAnyOrder(metadataItemA, metadataItemB);
}
Aggregations