use of org.apache.kerby.asn1.type.Asn1OctetString in project webauthn4j by webauthn4j.
the class PackedAttestationStatementValidator method extractAAGUIDFromAttestationCertificate.
@NonNull
AAGUID extractAAGUIDFromAttestationCertificate(@NonNull X509Certificate certificate) {
byte[] extensionValue = certificate.getExtensionValue(ID_FIDO_GEN_CE_AAGUID);
if (extensionValue == null) {
return AAGUID.NULL;
}
try {
Asn1OctetString envelope = new Asn1OctetString();
envelope.decode(extensionValue);
Asn1OctetString innerEnvelope = new Asn1OctetString();
innerEnvelope.decode(envelope.getValue());
return new AAGUID(UUIDUtil.fromBytes(innerEnvelope.getValue()));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
use of org.apache.kerby.asn1.type.Asn1OctetString in project jans by JanssenProject.
the class AppleAttestationProcessor method getExtension.
/*-
[
{
"type": "OBJECT_IDENTIFIER",
"data": "1.2.840.113635.100.8.2"
},
{
"type": "OCTET_STRING",
"data": [
{
"type": "SEQUENCE",
"data": [
{
"type": "[1]",
"data": [
{
"type": "OCTET_STRING",
"data": {
"type": "Buffer",
"data": [92, 219, 157, 144, 115, 64, 69, 91, 99, 115, 230, 117, 43, 115, 252, 54, 132, 83, 96, 34, 21, 250, 234, 187, 124, 22, 95, 11, 173, 172, 7, 204]
}
}
]
}
]
}
]
}
]
*/
public byte[] getExtension(X509Certificate attestationCert) {
byte[] extensionValue = attestationCert.getExtensionValue(KEY_DESCRIPTION_OID);
byte[] extracted;
try {
Asn1OctetString extensionEnvelope = new Asn1OctetString();
extensionEnvelope.decode(extensionValue);
extensionEnvelope.getValue();
byte[] extensionEnvelopeValue = extensionEnvelope.getValue();
Asn1Container container = (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(extensionEnvelopeValue));
Asn1ParseResult firstElement = container.getChildren().get(0);
Asn1OctetString octetString = new Asn1OctetString();
octetString.decode(firstElement);
extracted = octetString.getValue();
return extracted;
} catch (IOException | RuntimeException e) {
throw new AttestationException("Failed to extract nonce from Apple anonymous attestation statement.");
}
}
use of org.apache.kerby.asn1.type.Asn1OctetString in project webauthn4j by webauthn4j.
the class KeyDescriptionValidator method extractKeyDescription.
@NonNull
Asn1Container extractKeyDescription(@NonNull X509Certificate x509Certificate) throws IOException {
byte[] attestationExtensionBytes = x509Certificate.getExtensionValue(ATTESTATION_EXTENSION_OID);
Asn1OctetString envelope = new Asn1OctetString();
if (attestationExtensionBytes == null) {
throw new KeyDescriptionValidationException("KeyDescription must not be null");
}
envelope.decode(attestationExtensionBytes);
return (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(envelope.getValue()));
}
use of org.apache.kerby.asn1.type.Asn1OctetString in project webauthn4j by webauthn4j.
the class AppleAnonymousAttestationStatementValidator method validateNonce.
private void validateNonce(@NonNull CoreRegistrationObject registrationObject) {
AppleAnonymousAttestationStatement attestationStatement = (AppleAnonymousAttestationStatement) registrationObject.getAttestationObject().getAttestationStatement();
byte[] nonce = getNonce(registrationObject);
byte[] extensionValue = attestationStatement.getX5c().getEndEntityAttestationCertificate().getCertificate().getExtensionValue("1.2.840.113635.100.8.2");
byte[] extracted;
try {
Asn1OctetString extensionEnvelope = new Asn1OctetString();
extensionEnvelope.decode(extensionValue);
extensionEnvelope.getValue();
byte[] extensionEnvelopeValue = extensionEnvelope.getValue();
Asn1Container container = (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(extensionEnvelopeValue));
Asn1ParseResult firstElement = container.getChildren().get(0);
Asn1OctetString octetString = new Asn1OctetString();
octetString.decode(firstElement);
extracted = octetString.getValue();
} catch (IOException | RuntimeException e) {
throw new BadAttestationStatementException("Failed to extract nonce from Apple anonymous attestation statement.", e);
}
// there is no need to prevent timing attack and it is OK to use `Arrays.equals` instead of `MessageDigest.isEqual` here.
if (!Arrays.equals(extracted, nonce)) {
throw new BadAttestationStatementException("nonce doesn't match.");
}
}
use of org.apache.kerby.asn1.type.Asn1OctetString in project webauthn4j by webauthn4j.
the class AppleAppAttestAttestationStatementValidator method extractNonce.
byte[] extractNonce(X509Certificate attestationCertificate) {
byte[] attestationExtensionBytes = attestationCertificate.getExtensionValue(APPLE_CRED_CERT_EXTENSION_OID);
if (attestationExtensionBytes == null) {
throw new BadAttestationStatementException("Apple X.509 extension not found");
}
Asn1OctetString envelope = new Asn1OctetString();
try {
envelope.decode(attestationExtensionBytes);
Asn1Container container = (Asn1Container) Asn1Parser.parse(ByteBuffer.wrap(envelope.getValue()));
Asn1OctetString subEnvelop = new Asn1OctetString();
subEnvelop.decode(container.getChildren().get(0));
return subEnvelop.getValue();
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
Aggregations