use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.
the class FidoMdsMetadataItemsProvider method fetchMetadataStatement.
MetadataStatement fetchMetadataStatement(String uri, byte[] expectedHash) {
String uriWithToken = appendToken(uri, token);
String metadataStatementBase64url = httpClient.fetch(uriWithToken);
String metadataStatementStr = new String(Base64UrlUtil.decode(metadataStatementBase64url));
byte[] hash = MessageDigestUtil.createSHA256().digest(metadataStatementBase64url.getBytes(StandardCharsets.UTF_8));
// As hash is known data to statement provider, there is no risk of timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
if (!Arrays.equals(hash, expectedHash)) {
throw new MDSException("Hash of metadataStatement doesn't match");
}
MetadataStatement metadataStatement = jsonConverter.readValue(metadataStatementStr, MetadataStatement.class);
metadataStatementValidator.validate(metadataStatement);
return metadataStatement;
}
use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.
the class JsonFileMetadataStatementsProvider method readJsonFile.
MetadataStatement readJsonFile(Path path) {
try (InputStream inputStream = Files.newInputStream(path)) {
MetadataStatement metadataStatement = jsonConverter.readValue(inputStream, MetadataStatement.class);
metadataStatementValidator.validate(metadataStatement);
return metadataStatement;
} catch (IOException e) {
throw new UncheckedIOException("Failed to load a metadata statement json file", e);
}
}
use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.
the class AggregatingMetadataStatementsProviderTest method provide_test_common_entry_returned_from_providers.
@Test
void provide_test_common_entry_returned_from_providers() {
MetadataStatement metadataStatementA = mock(MetadataStatement.class);
MetadataStatement metadataStatementB = mock(MetadataStatement.class);
MetadataStatementsProvider providerA = mock(MetadataStatementsProvider.class);
Map<AAGUID, Set<MetadataStatement>> mapA = new HashMap<>();
mapA.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Collections.singletonList(metadataStatementA)));
when(providerA.provide()).thenReturn(mapA);
MetadataStatementsProvider providerB = mock(MetadataStatementsProvider.class);
Map<AAGUID, Set<MetadataStatement>> mapB = new HashMap<>();
mapB.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Arrays.asList(metadataStatementA, metadataStatementB)));
when(providerB.provide()).thenReturn(mapB);
AggregatingMetadataStatementsProvider target = new AggregatingMetadataStatementsProvider(Arrays.asList(providerA, providerB));
assertThat(target.provide().keySet()).containsExactly(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"));
assertThat(target.provide().get(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"))).containsExactlyInAnyOrder(metadataStatementA, metadataStatementB);
}
Aggregations