Example 16 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class ThisShouldCompile method getByteArray.
public ByteArray getByteArray() {
ByteArray a = new ByteArray(new byte[] { 1, 2, 3, 4 });
byte[] b = a.getBytes();
return a;
}
Also used :
ByteArray(com.yubico.webauthn.data.ByteArray)
Example 17 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class WebAuthnRestResource method deregisterCredential.
@Path("action/deregister")
@POST
public Response deregisterCredential(@NonNull @FormParam("sessionToken") String sessionTokenBase64, @NonNull @FormParam("credentialId") String credentialIdBase64) throws MalformedURLException, Base64UrlException {
logger.trace("deregisterCredential sesion: {}, credentialId: {}", sessionTokenBase64, credentialIdBase64);
final ByteArray credentialId;
try {
credentialId = ByteArray.fromBase64Url(credentialIdBase64);
} catch (Base64UrlException e) {
return messagesJson(Response.status(Status.BAD_REQUEST), "Credential ID is not valid Base64Url data: " + credentialIdBase64);
}
Either<List<String>, DeregisterCredentialResult> result = server.deregisterCredential(ByteArray.fromBase64Url(sessionTokenBase64), credentialId);
if (result.isRight()) {
return finishResponse(result, "Failed to deregister credential; further error message(s) were unfortunately lost to an internal server error.", "deregisterCredential", "");
} else {
return messagesJson(Response.status(Status.BAD_REQUEST), result.left().get());
}
}
Also used :
DeregisterCredentialResult(demo.webauthn.WebAuthnServer.DeregisterCredentialResult)
Base64UrlException(com.yubico.webauthn.data.exception.Base64UrlException)
ByteArray(com.yubico.webauthn.data.ByteArray)
List(java.util.List)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 18 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class ExtensionMatcher method matchHex.
private boolean matchHex(String matchKey, JsonNode matchValue, ASN1Primitive value) {
final String matchValueString = matchValue.get(EXTENSION_VALUE_VALUE).textValue();
final ByteArray matchBytes;
try {
matchBytes = ByteArray.fromHex(matchValueString);
} catch (HexException e) {
throw new IllegalArgumentException(String.format("Bad hex value in extension %s: %s", matchKey, matchValueString));
}
final ASN1Primitive innerValue;
if (value instanceof DEROctetString) {
try {
innerValue = ASN1Primitive.fromByteArray(((DEROctetString) value).getOctets());
} catch (IOException e) {
log.debug("Failed to parse {} extension value as ASN1: {}", matchKey, value);
return false;
}
} else {
log.debug("Expected nested bit string value for extension {}, was: {}", matchKey, value);
return false;
}
if (innerValue instanceof DEROctetString) {
final ByteArray readBytes = new ByteArray(((DEROctetString) innerValue).getOctets());
return matchBytes.equals(readBytes);
} else {
log.debug("Expected nested bit string value for extension {}, was: {}", matchKey, value);
return false;
}
}
Also used :
ByteArray(com.yubico.webauthn.data.ByteArray)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
HexException(com.yubico.webauthn.data.exception.HexException)
IOException(java.io.IOException)
ASN1Primitive(org.bouncycastle.asn1.ASN1Primitive)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Example 19 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class PackedAttestationStatementVerifier method verifySelfAttestationSignature.
private boolean verifySelfAttestationSignature(AttestationObject attestationObject, ByteArray clientDataJsonHash) {
final PublicKey pubkey;
try {
pubkey = WebAuthnCodecs.importCosePublicKey(attestationObject.getAuthenticatorData().getAttestedCredentialData().get().getCredentialPublicKey());
} catch (IOException | CoseException | InvalidKeySpecException e) {
throw ExceptionUtil.wrapAndLog(log, String.format("Failed to parse public key from attestation data %s", attestationObject.getAuthenticatorData().getAttestedCredentialData()), e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
final Long keyAlgId = CBORObject.DecodeFromBytes(attestationObject.getAuthenticatorData().getAttestedCredentialData().get().getCredentialPublicKey().getBytes()).get(CBORObject.FromObject(3)).AsInt64();
final COSEAlgorithmIdentifier keyAlg = COSEAlgorithmIdentifier.fromId(keyAlgId).orElseThrow(() -> new IllegalArgumentException("Unsupported COSE algorithm identifier: " + keyAlgId));
final Long sigAlgId = attestationObject.getAttestationStatement().get("alg").asLong();
final COSEAlgorithmIdentifier sigAlg = COSEAlgorithmIdentifier.fromId(sigAlgId).orElseThrow(() -> new IllegalArgumentException("Unsupported COSE algorithm identifier: " + sigAlgId));
if (!Objects.equals(keyAlg, sigAlg)) {
throw new IllegalArgumentException(String.format("Key algorithm and signature algorithm must be equal, was: Key: %s, Sig: %s", keyAlg, sigAlg));
}
ByteArray signedData = attestationObject.getAuthenticatorData().getBytes().concat(clientDataJsonHash);
ByteArray signature;
try {
signature = new ByteArray(attestationObject.getAttestationStatement().get("sig").binaryValue());
} catch (IOException e) {
throw ExceptionUtil.wrapAndLog(log, ".binaryValue() of \"sig\" failed", e);
}
return Crypto.verifySignature(pubkey, signedData, signature, keyAlg);
}
Also used :
PublicKey(java.security.PublicKey)
COSEAlgorithmIdentifier(com.yubico.webauthn.data.COSEAlgorithmIdentifier)
CoseException(COSE.CoseException)
ByteArray(com.yubico.webauthn.data.ByteArray)
IOException(java.io.IOException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 20 with ByteArray
use of com.yubico.webauthn.data.ByteArray in project java-webauthn-server by Yubico.
the class AndroidSafetynetAttestationStatementVerifier method verifyAttestationSignature.
@Override
public boolean verifyAttestationSignature(AttestationObject attestationObject, ByteArray clientDataJsonHash) {
final JsonNode ver = attestationObject.getAttestationStatement().get("ver");
if (ver == null || !ver.isTextual()) {
throw new IllegalArgumentException("Property \"ver\" of android-safetynet attestation statement must be a string, was: " + ver);
}
JsonWebSignatureCustom jws = parseJws(attestationObject);
if (!verifySignature(jws)) {
return false;
}
JsonNode payload = jws.getPayload();
ByteArray signedData = attestationObject.getAuthenticatorData().getBytes().concat(clientDataJsonHash);
ByteArray hashSignedData = Crypto.sha256(signedData);
ByteArray nonceByteArray = ByteArray.fromBase64(payload.get("nonce").textValue());
ExceptionUtil.assure(hashSignedData.equals(nonceByteArray), "Nonce does not equal authenticator data + client data. Expected nonce: %s, was nonce: %s", hashSignedData.getBase64Url(), nonceByteArray.getBase64Url());
ExceptionUtil.assure(payload.get("ctsProfileMatch").booleanValue(), "Expected ctsProfileMatch to be true, was: %s", payload.get("ctsProfileMatch"));
return true;
}Aggregations
ByteArray (com.yubico.webauthn.data.ByteArray)23
IOException (java.io.IOException)10
JsonNode (com.fasterxml.jackson.databind.JsonNode)7
X509Certificate (java.security.cert.X509Certificate)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)6
CertificateException (java.security.cert.CertificateException)6
List (java.util.List)5
Optional (java.util.Optional)5
CertificateParser (com.yubico.internal.util.CertificateParser)4
Base64UrlException (com.yubico.webauthn.data.exception.Base64UrlException)4
Collection (java.util.Collection)4
Collections (java.util.Collections)4
AllArgsConstructor (lombok.AllArgsConstructor)4
NonNull (lombok.NonNull)4
ASN1Primitive (org.bouncycastle.asn1.ASN1Primitive)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
DigestException (java.security.DigestException)3
Slf4j (lombok.extern.slf4j.Slf4j)3
CoseException (COSE.CoseException)2
