Search in sources :

Example 1 with MetadataItem

use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.

the class FidoMdsMetadataItemsProvider method refresh.

private void refresh() {
    MetadataTOCPayload tocPayload = fetchMetadataTOCPayload(false);
    cachedMetadataItemMap = tocPayload.getEntries().parallelStream().map(entry -> {
        try {
            return fetchFidoMdsMetadataItem(entry);
        } catch (RuntimeException e) {
            logger.warn("Failed to fetch MetadataTOCPayLoad", e);
            return null;
        }
    }).filter(Objects::nonNull).distinct().collect(Collectors.groupingBy(MetadataItem::getAaguid)).entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, entry -> Collections.unmodifiableSet(new HashSet<>(entry.getValue()))));
    nextUpdate = tocPayload.getNextUpdate().atStartOfDay().atOffset(ZoneOffset.UTC);
    lastRefresh = OffsetDateTime.now(ZoneOffset.UTC);
}
Also used : JWSFactory(com.webauthn4j.data.jws.JWSFactory) java.util(java.util) URISyntaxException(java.net.URISyntaxException) LoggerFactory(org.slf4j.LoggerFactory) HttpClient(com.webauthn4j.metadata.HttpClient) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) java.security.cert(java.security.cert) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) JWS(com.webauthn4j.data.jws.JWS) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) URI(java.net.URI) ZoneOffset(java.time.ZoneOffset) Path(java.nio.file.Path) MDSException(com.webauthn4j.metadata.exception.MDSException) MetadataTOCPayload(com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayload) JsonConverter(com.webauthn4j.converter.util.JsonConverter) Logger(org.slf4j.Logger) Files(java.nio.file.Files) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) IOException(java.io.IOException) Collectors(java.util.stream.Collectors) MessageDigestUtil(com.webauthn4j.util.MessageDigestUtil) StandardCharsets(java.nio.charset.StandardCharsets) UncheckedIOException(java.io.UncheckedIOException) SimpleHttpClient(com.webauthn4j.metadata.SimpleHttpClient) OffsetDateTime(java.time.OffsetDateTime) MetadataStatement(com.webauthn4j.metadata.legacy.data.statement.MetadataStatement) MetadataItemImpl(com.webauthn4j.metadata.legacy.data.MetadataItemImpl) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) CertificateUtil(com.webauthn4j.util.CertificateUtil) MetadataTOCPayloadEntry(com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayloadEntry) MetadataStatementValidator(com.webauthn4j.metadata.legacy.validator.MetadataStatementValidator) InputStream(java.io.InputStream) MetadataTOCPayloadEntry(com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayloadEntry) MetadataTOCPayload(com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayload)

Example 2 with MetadataItem

use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.

the class FidoMdsMetadataValidator method validate.

@Override
public void validate(RegistrationObject registrationObject) {
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData(), "authenticatorData must not be null");
    AssertUtil.notNull(registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData(), "attestedCredentialData must not be null");
    AAGUID aaguid = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getAaguid();
    AttestationStatement attestationStatement = registrationObject.getAttestationObject().getAttestationStatement();
    Set<MetadataItem> metadataItems = metadataItemsResolver.resolve(aaguid);
    List<AuthenticatorAttestationType> authenticatorAttestationTypes = metadataItems.stream().flatMap(item -> item.getMetadataStatement().getAttestationTypes().stream()).collect(Collectors.toList());
    boolean isSurrogate = !authenticatorAttestationTypes.isEmpty() && authenticatorAttestationTypes.stream().allMatch(type -> type.equals(AuthenticatorAttestationType.BASIC_SURROGATE));
    if (isSurrogate && attestationStatement instanceof CertificateBaseAttestationStatement) {
        CertificateBaseAttestationStatement certificateBaseAttestationStatement = (CertificateBaseAttestationStatement) attestationStatement;
        if (certificateBaseAttestationStatement.getX5c() != null) {
            throw new BadAttestationStatementException("Although AAGUID is registered for surrogate attestation in metadata, x5c contains certificates.");
        }
    }
    for (MetadataItem metadataItem : metadataItems) {
        doAdditionalValidationForFidoMdsMetadataItem(metadataItem);
    }
}
Also used : X509Certificate(java.security.cert.X509Certificate) RegistrationObject(com.webauthn4j.validator.RegistrationObject) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) BadStatusException(com.webauthn4j.metadata.exception.BadStatusException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) Set(java.util.Set) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) Collectors(java.util.stream.Collectors) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType) List(java.util.List) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) CustomRegistrationValidator(com.webauthn4j.validator.CustomRegistrationValidator) AssertUtil(com.webauthn4j.util.AssertUtil) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) AttestationStatement(com.webauthn4j.data.attestation.statement.AttestationStatement) CertificateBaseAttestationStatement(com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) AuthenticatorAttestationType(com.webauthn4j.data.AuthenticatorAttestationType)

Example 3 with MetadataItem

use of com.webauthn4j.metadata.legacy.data.MetadataItem in project webauthn4j by webauthn4j.

the class AggregatingMetadataItemsProviderTest method provide_test_common_entry_returned_from_providers.

@Test
void provide_test_common_entry_returned_from_providers() {
    MetadataItem metadataItemA = mock(MetadataItem.class);
    MetadataItem metadataItemB = mock(MetadataItem.class);
    MetadataItemsProvider providerA = mock(MetadataItemsProvider.class);
    Map<AAGUID, Set<MetadataItem>> mapA = new HashMap<>();
    mapA.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Collections.singletonList(metadataItemA)));
    when(providerA.provide()).thenReturn(mapA);
    MetadataItemsProvider providerB = mock(MetadataItemsProvider.class);
    Map<AAGUID, Set<MetadataItem>> mapB = new HashMap<>();
    mapB.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Arrays.asList(metadataItemA, metadataItemB)));
    when(providerB.provide()).thenReturn(mapB);
    MetadataItemsProvider target = new AggregatingMetadataItemsProvider(Arrays.asList(providerA, providerB));
    assertThat(target.provide().keySet()).containsExactly(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"));
    assertThat(target.provide().get(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"))).containsExactlyInAnyOrder(metadataItemA, metadataItemB);
}
Also used : MetadataItemsProvider(com.webauthn4j.metadata.legacy.MetadataItemsProvider) AggregatingMetadataItemsProvider(com.webauthn4j.metadata.legacy.AggregatingMetadataItemsProvider) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) AggregatingMetadataItemsProvider(com.webauthn4j.metadata.legacy.AggregatingMetadataItemsProvider) MetadataItem(com.webauthn4j.metadata.legacy.data.MetadataItem) Test(org.junit.jupiter.api.Test)

Aggregations

AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)3 MetadataItem (com.webauthn4j.metadata.legacy.data.MetadataItem)3 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)2 Collectors (java.util.stream.Collectors)2 JsonConverter (com.webauthn4j.converter.util.JsonConverter)1 AuthenticatorAttestationType (com.webauthn4j.data.AuthenticatorAttestationType)1 AttestationStatement (com.webauthn4j.data.attestation.statement.AttestationStatement)1 CertificateBaseAttestationStatement (com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement)1 JWS (com.webauthn4j.data.jws.JWS)1 JWSFactory (com.webauthn4j.data.jws.JWSFactory)1 HttpClient (com.webauthn4j.metadata.HttpClient)1 SimpleHttpClient (com.webauthn4j.metadata.SimpleHttpClient)1 BadStatusException (com.webauthn4j.metadata.exception.BadStatusException)1 MDSException (com.webauthn4j.metadata.exception.MDSException)1 AggregatingMetadataItemsProvider (com.webauthn4j.metadata.legacy.AggregatingMetadataItemsProvider)1 MetadataItemsProvider (com.webauthn4j.metadata.legacy.MetadataItemsProvider)1 MetadataItemImpl (com.webauthn4j.metadata.legacy.data.MetadataItemImpl)1 MetadataStatement (com.webauthn4j.metadata.legacy.data.statement.MetadataStatement)1 MetadataTOCPayload (com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayload)1 MetadataTOCPayloadEntry (com.webauthn4j.metadata.legacy.data.toc.MetadataTOCPayloadEntry)1