Search in sources :

Example 1 with BadAlgorithmException

use of com.webauthn4j.validator.exception.BadAlgorithmException in project webauthn4j by webauthn4j.

the class PackedAttestationStatementValidator method validateSelfAttestation.

@SuppressWarnings("SameReturnValue")
@NonNull
private AttestationType validateSelfAttestation(@NonNull CoreRegistrationObject registrationObject, @NonNull byte[] sig, @NonNull COSEAlgorithmIdentifier alg, @NonNull byte[] attrToBeSigned) {
    // noinspection ConstantConditions as null check is already done in caller
    COSEKey coseKey = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCOSEKey();
    // Validate that alg matches the algorithm of the coseKey in authenticatorData.
    COSEAlgorithmIdentifier credentialPublicKeyAlgorithm = coseKey.getAlgorithm();
    if (!alg.equals(credentialPublicKeyAlgorithm)) {
        throw new BadAlgorithmException("`alg` in attestation statement doesn't match the algorithm of the coseKey in authenticatorData.");
    }
    // noinspection ConstantConditions as null check is already done in caller
    if (!verifySignature(coseKey.getPublicKey(), alg, sig, attrToBeSigned)) {
        throw new BadSignatureException("`sig` in attestation statement is not valid signature over the concatenation of authenticatorData and clientDataHash.");
    }
    // If successful, return attestation type Self and empty attestation trust path.
    return AttestationType.SELF;
}
Also used : BadSignatureException(com.webauthn4j.validator.exception.BadSignatureException) BadAlgorithmException(com.webauthn4j.validator.exception.BadAlgorithmException) COSEKey(com.webauthn4j.data.attestation.authenticator.COSEKey) COSEAlgorithmIdentifier(com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Aggregations

COSEKey (com.webauthn4j.data.attestation.authenticator.COSEKey)1 COSEAlgorithmIdentifier (com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier)1 BadAlgorithmException (com.webauthn4j.validator.exception.BadAlgorithmException)1 BadSignatureException (com.webauthn4j.validator.exception.BadSignatureException)1 NonNull (org.checkerframework.checker.nullness.qual.NonNull)1