Examples with COSEAlgorithmIdentifier com.yubico.webauthn.data.COSEAlgorithmIdentifier used on opensource projects

Search in sources :

Example 1 with COSEAlgorithmIdentifier

use of com.yubico.webauthn.data.COSEAlgorithmIdentifier in project java-webauthn-server by Yubico.

the class PackedAttestationStatementVerifier method verifySelfAttestationSignature.

private boolean verifySelfAttestationSignature(AttestationObject attestationObject, ByteArray clientDataJsonHash) {
    final PublicKey pubkey;
    try {
        pubkey = WebAuthnCodecs.importCosePublicKey(attestationObject.getAuthenticatorData().getAttestedCredentialData().get().getCredentialPublicKey());
    } catch (IOException | CoseException | InvalidKeySpecException e) {
        throw ExceptionUtil.wrapAndLog(log, String.format("Failed to parse public key from attestation data %s", attestationObject.getAuthenticatorData().getAttestedCredentialData()), e);
    } catch (NoSuchAlgorithmException e) {
        throw new RuntimeException(e);
    }
    final Long keyAlgId = CBORObject.DecodeFromBytes(attestationObject.getAuthenticatorData().getAttestedCredentialData().get().getCredentialPublicKey().getBytes()).get(CBORObject.FromObject(3)).AsInt64();
    final COSEAlgorithmIdentifier keyAlg = COSEAlgorithmIdentifier.fromId(keyAlgId).orElseThrow(() -> new IllegalArgumentException("Unsupported COSE algorithm identifier: " + keyAlgId));
    final Long sigAlgId = attestationObject.getAttestationStatement().get("alg").asLong();
    final COSEAlgorithmIdentifier sigAlg = COSEAlgorithmIdentifier.fromId(sigAlgId).orElseThrow(() -> new IllegalArgumentException("Unsupported COSE algorithm identifier: " + sigAlgId));
    if (!Objects.equals(keyAlg, sigAlg)) {
        throw new IllegalArgumentException(String.format("Key algorithm and signature algorithm must be equal, was: Key: %s, Sig: %s", keyAlg, sigAlg));
    }
    ByteArray signedData = attestationObject.getAuthenticatorData().getBytes().concat(clientDataJsonHash);
    ByteArray signature;
    try {
        signature = new ByteArray(attestationObject.getAttestationStatement().get("sig").binaryValue());
    } catch (IOException e) {
        throw ExceptionUtil.wrapAndLog(log, ".binaryValue() of \"sig\" failed", e);
    }
    return Crypto.verifySignature(pubkey, signedData, signature, keyAlg);
}
Also used : PublicKey(java.security.PublicKey) COSEAlgorithmIdentifier(com.yubico.webauthn.data.COSEAlgorithmIdentifier) CoseException(COSE.CoseException) ByteArray(com.yubico.webauthn.data.ByteArray) IOException(java.io.IOException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

CoseException (COSE.CoseException)1 ByteArray (com.yubico.webauthn.data.ByteArray)1 COSEAlgorithmIdentifier (com.yubico.webauthn.data.COSEAlgorithmIdentifier)1 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial