Examples with AuthenticatorToBeFiltered com.yubico.fido.metadata.FidoMetadataService.Filters.AuthenticatorToBeFiltered used on opensource projects

Search in sources :

Example 1 with AuthenticatorToBeFiltered

use of com.yubico.fido.metadata.FidoMetadataService.Filters.AuthenticatorToBeFiltered in project java-webauthn-server by Yubico.

the class FidoMetadataService method findEntries.

/**
 * Look up metadata entries matching a given attestation certificate chain or AAGUID.
 *
 * @param attestationCertificateChain an attestation certificate chain, presumably from a WebAuthn
 *     attestation statement.
 * @param aaguid the AAGUID of the authenticator to look up, if available.
 * @return All metadata entries which satisfy ALL of the following:
 *     <ul>
 *       <li>It satisfies the {@link FidoMetadataServiceBuilder#prefilter(Predicate) prefilter}.
 *       <li>It satisfies AT LEAST ONE of the following:
 *           <ul>
 *             <li><code>aaguid</code> is present and equals the {@link
 *                 MetadataBLOBPayloadEntry#getAaguid() AAGUID} of the metadata entry.
 *             <li><code>aaguid</code> is present and equals the {@link
 *                 MetadataBLOBPayloadEntry#getAaguid() AAGUID} of the {@link
 *                 MetadataBLOBPayloadEntry#getMetadataStatement() metadata statement}, if any, in
 *                 the metadata entry.
 *             <li>The certificate subject key identifier of any certificate in <code>
 *                 attestationCertificateChain</code> matches any element of {@link
 *                 MetadataBLOBPayloadEntry#getAttestationCertificateKeyIdentifiers()
 *                 attestationCertificateKeyIdentifiers} in the metadata entry.
 *             <li>The certificate subject key identifier of any certificate in <code>
 *                 attestationCertificateChain</code> matches any element of {@link
 *                 MetadataStatement#getAttestationCertificateKeyIdentifiers()
 *                 attestationCertificateKeyIdentifiers} in the {@link
 *                 MetadataBLOBPayloadEntry#getMetadataStatement() metadata statement}, if any, in
 *                 the metadata entry.
 *           </ul>
 *       <li>It satisfies the {@link FidoMetadataServiceBuilder#filter(Predicate) filter} together
 *           with <code>attestationCertificateChain</code> and <code>aaguid</code>.
 *     </ul>
 *
 * @see #findEntries(List)
 * @see #findEntries(List, AAGUID)
 */
public Set<MetadataBLOBPayloadEntry> findEntries(@NonNull List<X509Certificate> attestationCertificateChain, @NonNull Optional<AAGUID> aaguid) {
    final Set<String> certSubjectKeyIdentifiers = attestationCertificateChain.stream().map(cert -> {
        try {
            return new ByteArray(CertificateParser.computeSubjectKeyIdentifier(cert)).getHex();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("SHA-1 hash algorithm is not available in JCA context.", e);
        }
    }).collect(Collectors.toSet());
    final Optional<AAGUID> nonzeroAaguid = aaguid.filter(a -> !a.isZero());
    log.debug("findEntries(certSubjectKeyIdentifiers = {}, aaguid = {})", certSubjectKeyIdentifiers, aaguid);
    if (!nonzeroAaguid.isPresent()) {
        log.debug("findEntries: ignoring zero AAGUID");
    }
    final Set<MetadataBLOBPayloadEntry> result = Stream.concat(nonzeroAaguid.map(prefilteredEntriesByAaguid::get).map(Collection::stream).orElseGet(Stream::empty), certSubjectKeyIdentifiers.stream().flatMap(cski -> Optional.ofNullable(prefilteredEntriesByCertificateKeyIdentifier.get(cski)).map(Collection::stream).orElseGet(Stream::empty))).filter(metadataBLOBPayloadEntry -> this.filter.test(new AuthenticatorToBeFiltered(attestationCertificateChain, metadataBLOBPayloadEntry, aaguid.orElse(null)))).collect(Collectors.toSet());
    log.debug("findEntries(certSubjectKeyIdentifiers = {}, aaguid = {}) => {} matches", certSubjectKeyIdentifiers, aaguid, result.size());
    return result;
}
Also used : X509Certificate(java.security.cert.X509Certificate) AuthenticatorToBeFiltered(com.yubico.fido.metadata.FidoMetadataService.Filters.AuthenticatorToBeFiltered) Arrays(java.util.Arrays) RequiredArgsConstructor(lombok.RequiredArgsConstructor) HashMap(java.util.HashMap) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) Value(lombok.Value) HashSet(java.util.HashSet) AccessLevel(lombok.AccessLevel) Map(java.util.Map) RelyingParty(com.yubico.webauthn.RelyingParty) DigestException(java.security.DigestException) CertPathValidatorException(java.security.cert.CertPathValidatorException) AttestationTrustSource(com.yubico.webauthn.attestation.AttestationTrustSource) Predicate(java.util.function.Predicate) NonNull(lombok.NonNull) SignatureException(java.security.SignatureException) Collection(java.util.Collection) Set(java.util.Set) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) Collectors(java.util.stream.Collectors) Consumer(java.util.function.Consumer) List(java.util.List) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) CertStore(java.security.cert.CertStore) CertificateParser(com.yubico.internal.util.CertificateParser) Base64UrlException(com.yubico.webauthn.data.exception.Base64UrlException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) InvalidKeyException(java.security.InvalidKeyException) RegistrationResult(com.yubico.webauthn.RegistrationResult) ByteArray(com.yubico.webauthn.data.ByteArray) AllArgsConstructor(lombok.AllArgsConstructor) Collections(java.util.Collections) RelyingPartyBuilder(com.yubico.webauthn.RelyingParty.RelyingPartyBuilder) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AuthenticatorToBeFiltered(com.yubico.fido.metadata.FidoMetadataService.Filters.AuthenticatorToBeFiltered) ByteArray(com.yubico.webauthn.data.ByteArray) Collection(java.util.Collection) Stream(java.util.stream.Stream)

Aggregations

AuthenticatorToBeFiltered (com.yubico.fido.metadata.FidoMetadataService.Filters.AuthenticatorToBeFiltered)1 CertificateParser (com.yubico.internal.util.CertificateParser)1 RegistrationResult (com.yubico.webauthn.RegistrationResult)1 RelyingParty (com.yubico.webauthn.RelyingParty)1 RelyingPartyBuilder (com.yubico.webauthn.RelyingParty.RelyingPartyBuilder)1 AttestationTrustSource (com.yubico.webauthn.attestation.AttestationTrustSource)1 ByteArray (com.yubico.webauthn.data.ByteArray)1 Base64UrlException (com.yubico.webauthn.data.exception.Base64UrlException)1 IOException (java.io.IOException)1 DigestException (java.security.DigestException)1 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SignatureException (java.security.SignatureException)1 CertPathValidatorException (java.security.cert.CertPathValidatorException)1 CertStore (java.security.cert.CertStore)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial