Search in sources :

Example 1 with PublicKeyMismatchException

use of com.webauthn4j.validator.exception.PublicKeyMismatchException in project webauthn4j by webauthn4j.

the class AndroidKeyAttestationStatementValidator method validate.

@Override
@NonNull
public AttestationType validate(@NonNull CoreRegistrationObject registrationObject) {
    AssertUtil.notNull(registrationObject, "registrationObject must not be null");
    if (!supports(registrationObject)) {
        throw new IllegalArgumentException(String.format("Specified format '%s' is not supported by %s.", registrationObject.getAttestationObject().getFormat(), this.getClass().getName()));
    }
    AndroidKeyAttestationStatement attestationStatement = (AndroidKeyAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
    validateAttestationStatementNotNull(attestationStatement);
    if (attestationStatement.getX5c().isEmpty()) {
        throw new BadAttestationStatementException("No attestation certificate is found in android key attestation statement.");
    }
    // / Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract the contained fields.
    // / Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash using the public key in the first certificate in x5c with the algorithm specified in alg.
    validateSignature(registrationObject);
    // / Verify that the public key in the first certificate in x5c matches the credentialPublicKey in the attestedCredentialData in authenticatorData.
    PublicKey publicKeyInEndEntityCert = attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getPublicKey();
    AuthenticatorData<RegistrationExtensionAuthenticatorOutput> authenticatorData = registrationObject.getAttestationObject().getAuthenticatorData();
    // noinspection ConstantConditions as null check is already done in caller
    PublicKey publicKeyInCredentialData = authenticatorData.getAttestedCredentialData().getCOSEKey().getPublicKey();
    if (!publicKeyInEndEntityCert.equals(publicKeyInCredentialData)) {
        throw new PublicKeyMismatchException("The public key in the first certificate in x5c doesn't matches the credentialPublicKey in the attestedCredentialData in authenticatorData.");
    }
    byte[] clientDataHash = registrationObject.getClientDataHash();
    keyDescriptionValidator.validate(attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate(), clientDataHash, teeEnforcedOnly);
    return AttestationType.BASIC;
}
Also used : AndroidKeyAttestationStatement(com.webauthn4j.data.attestation.statement.AndroidKeyAttestationStatement) BadAttestationStatementException(com.webauthn4j.validator.exception.BadAttestationStatementException) PublicKey(java.security.PublicKey) RegistrationExtensionAuthenticatorOutput(com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput) PublicKeyMismatchException(com.webauthn4j.validator.exception.PublicKeyMismatchException) NonNull(org.checkerframework.checker.nullness.qual.NonNull)

Example 2 with PublicKeyMismatchException

use of com.webauthn4j.validator.exception.PublicKeyMismatchException in project webauthn4j by webauthn4j.

the class AppleAnonymousAttestationStatementValidator method validatePublicKey.

private void validatePublicKey(@NonNull CoreRegistrationObject registrationObject, @NonNull AppleAnonymousAttestationStatement attestationStatement) {
    PublicKey publicKeyInEndEntityCert = attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getPublicKey();
    // noinspection ConstantConditions as null check is already done in caller.
    PublicKey publicKeyInCredentialData = registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCOSEKey().getPublicKey();
    if (!publicKeyInEndEntityCert.equals(publicKeyInCredentialData)) {
        throw new PublicKeyMismatchException("The public key in the first certificate in x5c doesn't matches the credentialPublicKey in the attestedCredentialData in authenticatorData.");
    }
}
Also used : PublicKey(java.security.PublicKey) PublicKeyMismatchException(com.webauthn4j.validator.exception.PublicKeyMismatchException)

Aggregations

PublicKeyMismatchException (com.webauthn4j.validator.exception.PublicKeyMismatchException)2 PublicKey (java.security.PublicKey)2 AndroidKeyAttestationStatement (com.webauthn4j.data.attestation.statement.AndroidKeyAttestationStatement)1 RegistrationExtensionAuthenticatorOutput (com.webauthn4j.data.extension.authenticator.RegistrationExtensionAuthenticatorOutput)1 BadAttestationStatementException (com.webauthn4j.validator.exception.BadAttestationStatementException)1 NonNull (org.checkerframework.checker.nullness.qual.NonNull)1