io.vertx.ext.auth.webauthn.impl.attestation

Interface Attestation

All Known Implementing Classes:

AndroidKeyAttestation, AndroidSafetynetAttestation, AppleAttestation, FidoU2fAttestation, NoneAttestation, PackedAttestation, TPMAttestation

public interface Attestation

Method Summary

Modifier and Type	Method and Description
String	fmt() The unique identifier for the attestation
static byte[]	hash(String algorithm, byte[] data) Returns SHA-256 digest of the given data.
static List<X509Certificate>	parseX5c(JsonArray x5c) Parses a JsonArray of certificates to a X509Certificate list
void	validate(WebAuthnOptions options, MetaData metadata, byte[] clientDataJSON, JsonObject attestation, AuthData authData) The implementation of the Attestation verification.
static void	verifySignature(PublicKeyCredential publicKeyCredential, X509Certificate certificate, byte[] signature, byte[] data) Verify if the data provider matches the signature based of the given certificate.

Method Detail

fmt

String fmt()

The unique identifier for the attestation

Returns:

String

validate

void validate(WebAuthnOptions options,
              MetaData metadata,
              byte[] clientDataJSON,
              JsonObject attestation,
              AuthData authData)
       throws AttestationException

The implementation of the Attestation verification.

Parameters:

options - the runtime configuration options

metadata - the Metadata holder to perform MDS queries

clientDataJSON - the binary client data json

attestation - the JSON representation of the attestation

authData - the authenticator data

Throws:

AttestationException - if the validation fails

hash

static byte[] hash(String algorithm,
                   byte[] data)
            throws AttestationException,
                   NoSuchAlgorithmException

Returns SHA-256 digest of the given data.

Parameters:

data - - data to hash

Returns:

the hash

Throws:

AttestationException

NoSuchAlgorithmException

verifySignature

static void verifySignature(PublicKeyCredential publicKeyCredential,
                            X509Certificate certificate,
                            byte[] signature,
                            byte[] data)
                     throws AttestationException,
                            InvalidKeyException,
                            SignatureException,
                            InvalidAlgorithmParameterException,
                            NoSuchAlgorithmException

Verify if the data provider matches the signature based of the given certificate.

Parameters:

certificate - - origin certificate

signature - - received signature

data - - data to verify

Throws:

AttestationException

InvalidKeyException

SignatureException

InvalidAlgorithmParameterException

NoSuchAlgorithmException

parseX5c

static List<X509Certificate> parseX5c(JsonArray x5c)
                               throws CertificateException

Parses a JsonArray of certificates to a X509Certificate list

Parameters:

x5c - the json array

Returns:

list of X509Certificates

Throws:

CertificateException