Example 16 with BadAttestationStatementException
use of com.webauthn4j.validator.exception.BadAttestationStatementException in project webauthn4j by webauthn4j.
the class DCAttestationDataValidator method validateKeyId.
private void validateKeyId(@NonNull CoreRegistrationData registrationData) {
DCAttestationData dcAttestationData = (DCAttestationData) registrationData;
byte[] keyId = dcAttestationData.getKeyId();
// noinspection ConstantConditions as null check is already done in caller
byte[] credentialId = registrationData.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCredentialId();
// there is no need to prevent timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
if (!Arrays.equals(keyId, credentialId)) {
throw new BadAttestationStatementException("key identifier doesn't match credentialId.");
}
}
Also used :
BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException)
DCAttestationData(com.webauthn4j.appattest.data.DCAttestationData)
Example 17 with BadAttestationStatementException
use of com.webauthn4j.validator.exception.BadAttestationStatementException in project webauthn4j by webauthn4j.
the class AppleAppAttestAttestationStatementValidator method extractNonce.
byte[] extractNonce(X509Certificate attestationCertificate) {
byte[] attestationExtensionBytes = attestationCertificate.getExtensionValue(APPLE_CRED_CERT_EXTENSION_OID);
if (attestationExtensionBytes == null) {
throw new BadAttestationStatementException("Apple X.509 extension not found");
}
Asn1OctetString envelope = new Asn1OctetString();
try {
envelope.decode(attestationExtensionBytes);
Asn1Container container = (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(envelope.getValue()));
Asn1OctetString subEnvelop = new Asn1OctetString();
subEnvelop.decode(container.getChildren().get(0));
return subEnvelop.getValue();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Also used :
BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException)
Asn1Container(org.apache.kerby.asn1.parse.Asn1Container)
UncheckedIOException(java.io.UncheckedIOException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
Asn1OctetString(org.apache.kerby.asn1.type.Asn1OctetString)
Aggregations
BadAttestationStatementException (com.webauthn4j.validator.exception.BadAttestationStatementException)17
X509Certificate (java.security.cert.X509Certificate)4
NonNull (org.checkerframework.checker.nullness.qual.NonNull)4
AAGUID (com.webauthn4j.data.attestation.authenticator.AAGUID)3
IOException (java.io.IOException)3
RegistrationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)2
ECPublicKey (java.security.interfaces.ECPublicKey)2
Asn1Container (org.apache.kerby.asn1.parse.Asn1Container)2
Asn1OctetString (org.apache.kerby.asn1.type.Asn1OctetString)2
Asn1Utf8String (org.apache.kerby.asn1.type.Asn1Utf8String)2
DCAttestationData (com.webauthn4j.appattest.data.DCAttestationData)1
AppleAppAttestAttestationStatement (com.webauthn4j.appattest.data.attestation.statement.AppleAppAttestAttestationStatement)1
DCRegistrationObject (com.webauthn4j.appattest.validator.DCRegistrationObject)1
ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)1
AuthenticatorAttestationType (com.webauthn4j.data.AuthenticatorAttestationType)1
SignatureAlgorithm (com.webauthn4j.data.SignatureAlgorithm)1
AndroidKeyAttestationStatement (com.webauthn4j.data.attestation.statement.AndroidKeyAttestationStatement)1
AndroidSafetyNetAttestationStatement (com.webauthn4j.data.attestation.statement.AndroidSafetyNetAttestationStatement)1
AppleAnonymousAttestationStatement (com.webauthn4j.data.attestation.statement.AppleAnonymousAttestationStatement)1
AttestationCertificate (com.webauthn4j.data.attestation.statement.AttestationCertificate)1
