Search in sources :

Example 1 with MetadataStatement

use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.

the class FidoMdsMetadataItemsProvider method fetchMetadataStatement.

MetadataStatement fetchMetadataStatement(String uri, byte[] expectedHash) {
    String uriWithToken = appendToken(uri, token);
    String metadataStatementBase64url = httpClient.fetch(uriWithToken);
    String metadataStatementStr = new String(Base64UrlUtil.decode(metadataStatementBase64url));
    byte[] hash = MessageDigestUtil.createSHA256().digest(metadataStatementBase64url.getBytes(StandardCharsets.UTF_8));
    // As hash is known data to statement provider, there is no risk of timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
    if (!Arrays.equals(hash, expectedHash)) {
        throw new MDSException("Hash of metadataStatement doesn't match");
    }
    MetadataStatement metadataStatement = jsonConverter.readValue(metadataStatementStr, MetadataStatement.class);
    metadataStatementValidator.validate(metadataStatement);
    return metadataStatement;
}
Also used : MetadataStatement(com.webauthn4j.metadata.legacy.data.statement.MetadataStatement) MDSException(com.webauthn4j.metadata.exception.MDSException)

Example 2 with MetadataStatement

use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.

the class JsonFileMetadataStatementsProvider method readJsonFile.

MetadataStatement readJsonFile(Path path) {
    try (InputStream inputStream = Files.newInputStream(path)) {
        MetadataStatement metadataStatement = jsonConverter.readValue(inputStream, MetadataStatement.class);
        metadataStatementValidator.validate(metadataStatement);
        return metadataStatement;
    } catch (IOException e) {
        throw new UncheckedIOException("Failed to load a metadata statement json file", e);
    }
}
Also used : InputStream(java.io.InputStream) MetadataStatement(com.webauthn4j.metadata.legacy.data.statement.MetadataStatement) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException)

Example 3 with MetadataStatement

use of com.webauthn4j.metadata.legacy.data.statement.MetadataStatement in project webauthn4j by webauthn4j.

the class AggregatingMetadataStatementsProviderTest method provide_test_common_entry_returned_from_providers.

@Test
void provide_test_common_entry_returned_from_providers() {
    MetadataStatement metadataStatementA = mock(MetadataStatement.class);
    MetadataStatement metadataStatementB = mock(MetadataStatement.class);
    MetadataStatementsProvider providerA = mock(MetadataStatementsProvider.class);
    Map<AAGUID, Set<MetadataStatement>> mapA = new HashMap<>();
    mapA.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Collections.singletonList(metadataStatementA)));
    when(providerA.provide()).thenReturn(mapA);
    MetadataStatementsProvider providerB = mock(MetadataStatementsProvider.class);
    Map<AAGUID, Set<MetadataStatement>> mapB = new HashMap<>();
    mapB.put(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"), new HashSet<>(Arrays.asList(metadataStatementA, metadataStatementB)));
    when(providerB.provide()).thenReturn(mapB);
    AggregatingMetadataStatementsProvider target = new AggregatingMetadataStatementsProvider(Arrays.asList(providerA, providerB));
    assertThat(target.provide().keySet()).containsExactly(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"));
    assertThat(target.provide().get(new AAGUID("df495bdc-223a-429d-9f0e-ebfa29155812"))).containsExactlyInAnyOrder(metadataStatementA, metadataStatementB);
}
Also used : MetadataStatement(com.webauthn4j.metadata.legacy.data.statement.MetadataStatement) AAGUID(com.webauthn4j.data.attestation.authenticator.AAGUID) Test(org.junit.jupiter.api.Test)

Aggregations

MetadataStatement (com.webauthn4j.metadata.legacy.data.statement.MetadataStatement)3 AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)1 MDSException (com.webauthn4j.metadata.exception.MDSException)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 UncheckedIOException (java.io.UncheckedIOException)1 Test (org.junit.jupiter.api.Test)1