com.webauthn4j.data.attestation.authenticator.COSEKey Java Examples

public AttestedCredentialData convert(ByteBuffer attestedCredentialData) {
    byte[] aaguidBytes = new byte[AAGUID_LENGTH];
    attestedCredentialData.get(aaguidBytes, 0, AAGUID_LENGTH);
    AAGUID aaguid = new AAGUID(aaguidBytes);
    int length = UnsignedNumberUtil.getUnsignedShort(attestedCredentialData);
    byte[] credentialId = new byte[length];
    attestedCredentialData.get(credentialId, 0, length);
    byte[] remaining = new byte[attestedCredentialData.remaining()];
    attestedCredentialData.get(remaining);
    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(remaining);
    COSEKeyEnvelope coseKeyEnvelope = convertToCredentialPublicKey(byteArrayInputStream);
    COSEKey coseKey = coseKeyEnvelope.getCOSEKey();
    AttestedCredentialData result = new AttestedCredentialData(aaguid, credentialId, coseKey);
    int extensionsBufferLength = remaining.length - coseKeyEnvelope.getLength();
    attestedCredentialData.position(attestedCredentialData.position() - extensionsBufferLength);
    return result;
}
 

public static void validate(AttestedCredentialData attestedCredentialData) {
    if (attestedCredentialData == null) {
        throw new ConstraintViolationException("attestedCredentialData must not be null");
    }

    AAGUID aaguid = attestedCredentialData.getAaguid();
    if (aaguid == null) {
        throw new ConstraintViolationException("aaguid must not be null");
    }

    if (attestedCredentialData.getCredentialId() == null) {
        throw new ConstraintViolationException("credentialId must not be null");
    }

    COSEKey coseKey = attestedCredentialData.getCOSEKey();
    validate(coseKey);
}
 

private AttestationType validateSelfAttestation(RegistrationObject registrationObject, byte[] sig, COSEAlgorithmIdentifier alg, byte[] attrToBeSigned) {
    COSEKey coseKey =
            registrationObject.getAttestationObject().getAuthenticatorData().getAttestedCredentialData().getCOSEKey();
    // Validate that alg matches the algorithm of the coseKey in authenticatorData.
    COSEAlgorithmIdentifier credentialPublicKeyAlgorithm = coseKey.getAlgorithm();
    if (!alg.equals(credentialPublicKeyAlgorithm)) {
        throw new BadAlgorithmException("`alg` in attestation statement doesn't match the algorithm of the coseKey in authenticatorData.");
    }
    // Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash using the credential public key with alg.
    if (!verifySignature(coseKey.getPublicKey(), alg, sig, attrToBeSigned)) {
        throw new BadSignatureException("`sig` in attestation statement is not valid signature over the concatenation of authenticatorData and clientDataHash.");
    }
    // If successful, return attestation type Self and empty attestation trust path.
    return AttestationType.SELF;
}
 

/**
 * {@inheritDoc}
 */
@Override
public COSEKeyEnvelope deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
    COSEKey coseKey = ctxt.readValue(p, COSEKey.class);
    int length = (int) p.getCurrentLocation().getByteOffset();
    return new COSEKeyEnvelope(coseKey, length);
}
 

public void validate(AuthenticationData authenticationData, COSEKey coseKey) {
    byte[] signedData = getSignedData(authenticationData);
    byte[] signature = authenticationData.getSignature();
    if (!verifySignature(coseKey, signature, signedData)) {
        throw new BadSignatureException("Assertion signature is not valid.");
    }
}
 

@Override
public COSEKey convertToEntityAttribute(String dbData) {
    byte[] data = Base64UrlUtil.decode(dbData);
    return cborConverter.readValue(data, COSEKey.class);
}
 

public String toString() {
    StringBuilder sb = new StringBuilder("Credential Type = " + credentialType + ",");
    if (credentialDBId != null)
        sb.append("Credential DB Id = ")
          .append(credentialDBId)
          .append(",");
    if (attestationStatement != null) {
        sb.append("Attestation Statement Format = ")
          .append(attestationStatement.getFormat())
          .append(",");
    } else if (attestationStatementFormat != null) {
        sb.append("Attestation Statement Format = ")
          .append(attestationStatementFormat)
          .append(",");
    }
    if (attestedCredentialData != null) {
        sb.append("AAGUID = ")
          .append(attestedCredentialData.getAaguid().toString())
          .append(",");
        sb.append("CREDENTIAL_ID = ")
          .append(Base64.encodeBytes(attestedCredentialData.getCredentialId()))
          .append(",");
        COSEKey credPubKey = attestedCredentialData.getCOSEKey();
        byte[] keyId = credPubKey.getKeyId();
        if (keyId != null)
            sb.append("CREDENTIAL_PUBLIC_KEY.key_id = ")
              .append(Base64.encodeBytes(keyId))
              .append(",");
        sb.append("CREDENTIAL_PUBLIC_KEY.algorithm = ")
          .append(String.valueOf(credPubKey.getAlgorithm().getValue()))
          .append(",");
        sb.append("CREDENTIAL_PUBLIC_KEY.key_type = ")
          .append(credPubKey.getKeyType().name())
          .append(",");
    }
    if (authenticationRequest != null) {
        // only set on Authentication
        sb.append("Credential Id = ")
          .append(Base64.encodeBytes(authenticationRequest.getCredentialId()))
          .append(",");
    }
    if (sb.length() > 0)
        sb.deleteCharAt(sb.lastIndexOf(","));
    return sb.toString();
}
 

public COSEKey convertToEntityAttribute(String s) {
    return cborConverter.readValue(Base64Url.decode(s), COSEKey.class);
}
 

public String convertToDatabaseColumn(COSEKey credentialPublicKey) {
    return Base64Url.encode(cborConverter.writeValueAsBytes(credentialPublicKey));
}
 

public static void validate(COSEKey coseKey) {
    if (coseKey == null) {
        throw new ConstraintViolationException("coseKey must not be null");
    }
    coseKey.validate();
}
 

public COSEKey getCOSEKey() {
    return coseKey;
}
 

COSEKeyEnvelope(COSEKey coseKey, int length) {
    this.coseKey = coseKey;
    this.length = length;
}
 

byte[] convert(COSEKey coseKey) {
    return cborConverter.writeValueAsBytes(coseKey);
}
 

@Override
public COSEKey convertToEntityAttribute(String dbData) {
    byte[] data = Base64UrlUtil.decode(dbData);
    return cborConverter.readValue(data, COSEKey.class);
}
 

@Override
public String convertToDatabaseColumn(COSEKey attribute) {
    return Base64UrlUtil.encodeToString(cborConverter.writeValueAsBytes(attribute));
}
 

@Override
public String convertToDatabaseColumn(COSEKey attribute) {
    return Base64UrlUtil.encodeToString(cborConverter.writeValueAsBytes(attribute));
}
 

/**
 * Convert WebAuthnCredentialModel, which was usually retrieved from DB, to the CredentialInput, which contains data in the webauthn4j specific format
 */
private WebAuthnCredentialModelInput getCredentialInputFromCredentialModel(CredentialModel credential) {
    WebAuthnCredentialModel webAuthnCredential = getCredentialFromModel(credential);

    WebAuthnCredentialData credData = webAuthnCredential.getWebAuthnCredentialData();

    WebAuthnCredentialModelInput auth = new WebAuthnCredentialModelInput(getType());

    byte[] credentialId = null;
    try {
        credentialId = Base64.decode(credData.getCredentialId());
    } catch (IOException ioe) {
        // NOP
    }

    AAGUID aaguid = new AAGUID(credData.getAaguid());

    COSEKey pubKey = credentialPublicKeyConverter.convertToEntityAttribute(credData.getCredentialPublicKey());

    AttestedCredentialData attrCredData = new AttestedCredentialData(aaguid, credentialId, pubKey);

    auth.setAttestedCredentialData(attrCredData);

    long count = credData.getCounter();
    auth.setCount(count);

    auth.setCredentialDBId(credential.getId());

    auth.setAttestationStatementFormat(credData.getAttestationStatementFormat());

    return auth;
}