Examples with AttestedCredentialData com.yubico.webauthn.data.AttestedCredentialData used on opensource projects

Search in sources :

Example 1 with AttestedCredentialData

use of com.yubico.webauthn.data.AttestedCredentialData in project java-webauthn-server by Yubico.

the class FidoU2fAttestationStatementVerifier method verifyAttestationSignature.

@Override
public boolean verifyAttestationSignature(AttestationObject attestationObject, ByteArray clientDataJsonHash) {
    final X509Certificate attestationCertificate;
    try {
        attestationCertificate = getAttestationCertificate(attestationObject);
    } catch (CertificateException e) {
        throw new IllegalArgumentException(String.format("Failed to parse X.509 certificate from attestation object: %s", attestationObject));
    }
    if (!("EC".equals(attestationCertificate.getPublicKey().getAlgorithm()) && isP256(((ECPublicKey) attestationCertificate.getPublicKey()).getParams()))) {
        throw new IllegalArgumentException("Attestation certificate for fido-u2f must have an ECDSA P-256 public key.");
    }
    final Optional<AttestedCredentialData> attData = attestationObject.getAuthenticatorData().getAttestedCredentialData();
    return attData.map(attestedCredentialData -> {
        JsonNode signature = attestationObject.getAttestationStatement().get("sig");
        if (signature == null) {
            throw new IllegalArgumentException("fido-u2f attestation statement must have a \"sig\" property set to a DER encoded signature.");
        }
        if (signature.isBinary()) {
            final ByteArray userPublicKey;
            try {
                userPublicKey = getRawUserPublicKey(attestationObject);
            } catch (IOException | CoseException e) {
                RuntimeException err = new RuntimeException(String.format("Failed to parse public key from attestation data %s", attestedCredentialData), e);
                log.error(err.getMessage(), err);
                throw err;
            }
            ByteArray keyHandle = attestedCredentialData.getCredentialId();
            U2fRawRegisterResponse u2fRegisterResponse;
            try {
                u2fRegisterResponse = new U2fRawRegisterResponse(userPublicKey, keyHandle, attestationCertificate, new ByteArray(signature.binaryValue()));
            } catch (IOException e) {
                RuntimeException err = new RuntimeException("signature.isBinary() was true but signature.binaryValue() failed", e);
                log.error(err.getMessage(), err);
                throw err;
            }
            return u2fRegisterResponse.verifySignature(attestationObject.getAuthenticatorData().getRpIdHash(), clientDataJsonHash);
        } else {
            throw new IllegalArgumentException("\"sig\" property of fido-u2f attestation statement must be a CBOR byte array value.");
        }
    }).orElseThrow(() -> new IllegalArgumentException("Attestation object for credential creation must have attestation data."));
}
Also used : AttestedCredentialData(com.yubico.webauthn.data.AttestedCredentialData) X509Certificate(java.security.cert.X509Certificate) Crypto.isP256(com.yubico.webauthn.Crypto.isP256) AttestationObject(com.yubico.webauthn.data.AttestationObject) AttestedCredentialData(com.yubico.webauthn.data.AttestedCredentialData) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) CoseException(COSE.CoseException) IOException(java.io.IOException) PublicKey(java.security.PublicKey) CertificateException(java.security.cert.CertificateException) Slf4j(lombok.extern.slf4j.Slf4j) ExceptionUtil(com.yubico.internal.util.ExceptionUtil) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) JsonNode(com.fasterxml.jackson.databind.JsonNode) ByteArray(com.yubico.webauthn.data.ByteArray) AttestationType(com.yubico.webauthn.data.AttestationType) ECPublicKey(java.security.interfaces.ECPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) ByteArray(com.yubico.webauthn.data.ByteArray) CertificateException(java.security.cert.CertificateException) JsonNode(com.fasterxml.jackson.databind.JsonNode) IOException(java.io.IOException) X509Certificate(java.security.cert.X509Certificate)

Aggregations

CoseException (COSE.CoseException)1 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 ExceptionUtil (com.yubico.internal.util.ExceptionUtil)1 Crypto.isP256 (com.yubico.webauthn.Crypto.isP256)1 AttestationObject (com.yubico.webauthn.data.AttestationObject)1 AttestationType (com.yubico.webauthn.data.AttestationType)1 AttestedCredentialData (com.yubico.webauthn.data.AttestedCredentialData)1 ByteArray (com.yubico.webauthn.data.ByteArray)1 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 Optional (java.util.Optional)1 Slf4j (lombok.extern.slf4j.Slf4j)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial