diff --git a/COPYING b/COPYING
index a565986ed..90728f964 100644
--- a/COPYING
+++ b/COPYING
@@ -1,11 +1,26 @@
-Copyright (c) 2014, Yubico AB
+Copyright (c) 2014-2018, Yubico AB
All rights reserved.
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
-Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+1. Redistributions of source code must retain the above copyright notice, this
+ list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------
diff --git a/NEWS b/NEWS
index 0ed283e55..aa6437a47 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,33 @@
+== Version 0.5.0 ==
+
+=== `webauthn-server-core` ===
+
+New features:
+
+* `PackedAttestationStatementVerifier` now supports SHA256WithRSA signatures
+
+Bug fixes:
+
+* `PublicKeyCredentialDescriptor.compareTo` is now consistent with equals
+* `AuthenticatorData` constructor should now throw more descriptive exceptions
+ instead of raw `ArrayIndexOutOfBoundsException`s
+
+
+=== `webauthn-server-attestation` ===
+
+Breaking changes:
+
+* Interface `MetadataResolver` replaced with interfaces `AttestationResolver`
+ and `TrustResolver`
+ ** Class `SimpleResolver` split into `SimpleAttestationResolver` and
+ `SimpleTrustResolver`
+ *** Both of these classes now take the metadata as a constructor parameter
+ instead of exposing `addMetadata` methods
+ ** Class `CompositeResolver` split into `CompositeAttestationResolver` and
+ `CompositeTrustResolver`
+* Class `StandardMetadataService` overhauled
+
+
== Version 0.4.0 ==
Breaking changes:
diff --git a/README b/README
index 6469ca280..5f055c3f3 100644
--- a/README
+++ b/README
@@ -14,6 +14,13 @@ for a server to support Web Authentication. This includes registering
authenticators and authenticating registered authenticators.
+=== Planned breaking changes
+
+* Update spec version from Candidate Recommendation 2018-03-20 to Proposed
+ Recommendation 2018-11-??. This will involve renaming a couple of classes
+ and methods.
+
+
=== Example Usage
See link:webauthn-server-demo[`webauthn-server-demo`] for a complete demo
diff --git a/build.gradle b/build.gradle
index b555a6a0e..ea6d3bcce 100644
--- a/build.gradle
+++ b/build.gradle
@@ -29,8 +29,8 @@ if (publishEnabled) {
}
}
-task wrapper(type: Wrapper) {
- gradleVersion = '4.8'
+wrapper {
+ gradleVersion = '4.10'
}
allprojects {
@@ -50,6 +50,10 @@ allprojects {
options.encoding = 'UTF-8'
}
+ tasks.withType(AbstractArchiveTask) {
+ from(rootProject.file('COPYING'))
+ }
+
repositories {
mavenLocal()
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index 1948b9074..28861d273 100644
Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index d2c45a4b2..115e6ac0a 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.10-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
diff --git a/webauthn-server-attestation/build.gradle b/webauthn-server-attestation/build.gradle
index 835fd12e8..a67f1f2cb 100644
--- a/webauthn-server-attestation/build.gradle
+++ b/webauthn-server-attestation/build.gradle
@@ -1,6 +1,6 @@
description = 'Yubico WebAuthn attestation subsystem'
-apply plugin: 'java'
+apply plugin: 'scala'
project.ext.publishMe = true
@@ -13,9 +13,14 @@ dependencies {
)
testCompile(
+ project(':webauthn-server-core').sourceSets.test.output,
+ project(':yubico-util-scala'),
+ 'commons-io:commons-io:2.5',
'org.mockito:mockito-core:2.10.0',
+ 'org.scala-lang:scala-library:2.11.3',
+ 'org.scalacheck:scalacheck_2.11:1.13.5',
+ 'org.scalatest:scalatest_2.11:3.0.4',
)
-
}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/AttestationResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/AttestationResolver.java
new file mode 100644
index 000000000..fb0d622a0
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/AttestationResolver.java
@@ -0,0 +1,44 @@
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+
+public interface AttestationResolver {
+
+ /**
+ * Alias of resolve(attestationCertificate, Collections.emptyList()).
+ */
+ default Optional resolve(X509Certificate attestationCertificate) {
+ return resolve(attestationCertificate, Collections.emptyList());
+ }
+
+ Optional resolve(X509Certificate attestationCertificate, List certificateChain);
+ Attestation untrustedFromCertificate(X509Certificate attestationCertificate);
+
+}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/DeviceMatcher.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/DeviceMatcher.java
index 2d3ca038c..163ebc14d 100644
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/DeviceMatcher.java
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/DeviceMatcher.java
@@ -1,4 +1,26 @@
-/* Copyright 2015 Yubico */
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.attestation;
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java
deleted file mode 100644
index 98b8f92c4..000000000
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/MetadataResolver.java
+++ /dev/null
@@ -1,10 +0,0 @@
-/* Copyright 2015 Yubico */
-
-package com.yubico.webauthn.attestation;
-
-import java.security.cert.X509Certificate;
-import java.util.Optional;
-
-public interface MetadataResolver {
- Optional resolve(X509Certificate attestationCertificate);
-}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/StandardMetadataService.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/StandardMetadataService.java
index 43fb5aa75..f7e603048 100644
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/StandardMetadataService.java
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/StandardMetadataService.java
@@ -1,33 +1,40 @@
-/* Copyright 2015 Yubico */
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.attestation;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.google.common.base.Charsets;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
import com.google.common.hash.Hashing;
-import com.google.common.io.CharStreams;
-import com.google.common.io.Closeables;
import com.yubico.internal.util.ExceptionUtil;
-import com.yubico.webauthn.attestation.matcher.ExtensionMatcher;
-import com.yubico.webauthn.attestation.matcher.FingerprintMatcher;
-import com.yubico.webauthn.attestation.resolver.SimpleResolver;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
+import com.yubico.webauthn.attestation.resolver.SimpleAttestationResolver;
+import com.yubico.webauthn.attestation.resolver.SimpleTrustResolver;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Optional;
import java.util.concurrent.ExecutionException;
import lombok.NonNull;
import org.slf4j.Logger;
@@ -36,101 +43,75 @@
public class StandardMetadataService implements MetadataService {
private static final Logger logger = LoggerFactory.getLogger(StandardMetadataService.class);
- private static final String SELECTORS = "selectors";
- private static final String SELECTOR_TYPE = "type";
- private static final String SELECTOR_PARAMETERS = "parameters";
-
- private static final String TRANSPORTS = "transports";
- private static final String TRANSPORTS_EXT_OID = "1.3.6.1.4.1.45724.2.1.1";
-
- private static final Map DEFAULT_DEVICE_MATCHERS = ImmutableMap.of(
- ExtensionMatcher.SELECTOR_TYPE, new ExtensionMatcher(),
- FingerprintMatcher.SELECTOR_TYPE, new FingerprintMatcher()
- );
-
- public static MetadataResolver createDefaultMetadataResolver() {
- SimpleResolver resolver = new SimpleResolver();
- InputStream is = null;
- try {
- is = StandardMetadataService.class.getResourceAsStream("/metadata.json");
- resolver.addMetadata(CharStreams.toString(new InputStreamReader(is, Charsets.UTF_8)));
- } catch (IOException | CertificateException e) {
- logger.error("createDefaultMetadataResolver failed", e);
- } finally {
- Closeables.closeQuietly(is);
- }
- return resolver;
- }
-
private final Attestation unknownAttestation = Attestation.builder(false).build();
- private final MetadataResolver resolver;
- private final Map matchers;
+ private final AttestationResolver attestationResolver;
private final Cache cache;
- public StandardMetadataService(
+ private StandardMetadataService(
@NonNull
- MetadataResolver resolver,
+ AttestationResolver attestationResolver,
@NonNull
- Cache cache,
- @NonNull
- Map matchers
+ Cache cache
) {
- this.resolver = resolver;
+ this.attestationResolver = attestationResolver;
this.cache = cache;
- this.matchers = Collections.unmodifiableMap(matchers);
}
- public StandardMetadataService() {
- this(createDefaultMetadataResolver());
+ public StandardMetadataService(AttestationResolver attestationResolver) {
+ this(
+ attestationResolver,
+ CacheBuilder.newBuilder().build()
+ );
}
- public StandardMetadataService(MetadataResolver resolver) {
- this(
- resolver,
- CacheBuilder.newBuilder().build(),
- DEFAULT_DEVICE_MATCHERS
+ public StandardMetadataService() throws CertificateException {
+ this(createDefaultAttestationResolver());
+ }
+
+ public static TrustResolver createDefaultTrustResolver() throws CertificateException {
+ return SimpleTrustResolver.fromMetadata(Collections.singleton(MetadataObject.readDefault()));
+ }
+
+ public static AttestationResolver createDefaultAttestationResolver(TrustResolver trustResolver) throws CertificateException {
+ return new SimpleAttestationResolver(
+ Collections.singleton(MetadataObject.readDefault()),
+ trustResolver
);
}
- private boolean deviceMatches(
- JsonNode selectors,
- @NonNull X509Certificate attestationCertificate
- ) {
- if (selectors == null || selectors.isNull()) {
- return true;
- } else {
- for (JsonNode selector : selectors) {
- DeviceMatcher matcher = matchers.get(selector.get(SELECTOR_TYPE).asText());
- if (matcher != null && matcher.matches(attestationCertificate, selector.get(SELECTOR_PARAMETERS))) {
- return true;
- }
- }
- return false;
- }
+ public static AttestationResolver createDefaultAttestationResolver() throws CertificateException {
+ return createDefaultAttestationResolver(createDefaultTrustResolver());
}
public Attestation getCachedAttestation(String attestationCertificateFingerprint) {
return cache.getIfPresent(attestationCertificateFingerprint);
}
- public Attestation getAttestation(@NonNull final X509Certificate attestationCertificate) throws CertificateEncodingException {
- try {
- final String fingerprint = Hashing.sha1().hashBytes(attestationCertificate.getEncoded()).toString();
- return cache.get(fingerprint, () -> lookupAttestation(attestationCertificate));
- } catch (ExecutionException e) {
- throw ExceptionUtil.wrapAndLog(logger, "Failed to look up attestation information for certificate: " + attestationCertificate, e);
- }
- }
-
/**
* Attempt to look up attestation for a chain of certificates
*
*
- * This method will return the first non-unknown result, if any, of calling
- * {@link #getAttestation(X509Certificate)} with each of the certificates
- * in attestationCertificateChain in order, while also
- * verifying that the next attempted certificate has signed the previous
- * certificate.
+ * If there is a signature path from any trusted certificate to the first
+ * certificate in attestationCertificateChain, then the first
+ * certificate in attestationCertificateChain is matched
+ * against the metadata registry to look up metadata for the device.
+ *
+ *
+ *
+ * If the certificate chain is trusted but no metadata exists in the
+ * registry, the method returns a trusted attestation populated with
+ * information found embedded in the attestation certificate.
+ *
+ *
+ *
+ * If the certificate chain is not trusted, the method returns an untrusted
+ * attestation populated with transports information found embedded in the
+ * attestation certificate.
+ *
+ *
+ *
+ * If the certificate chain is empty, an untrusted empty attestation is
+ * returned.
*
*
* @param attestationCertificateChain a certificate chain, where each
@@ -140,112 +121,28 @@ public Attestation getAttestation(@NonNull final X509Certificate attestationCert
* fails for any element of attestationCertificateChain that
* needs to be inspected
*
- * @return The first non-unknown result, if any, of calling {@link
- * #getAttestation(X509Certificate)} for each of the certificates
- * in the attestationCertificateChain. If the chain
- * of signatures is broken before finding such a result, an
- * unknown attestation is returned.
+ * @return An attestation as described above.
*/
@Override
- public Attestation getAttestation(List attestationCertificateChain) throws CertificateEncodingException {
-
+ public Attestation getAttestation(@NonNull List attestationCertificateChain) throws CertificateEncodingException {
if (attestationCertificateChain.isEmpty()) {
return unknownAttestation;
}
- Iterator it = attestationCertificateChain.iterator();
- X509Certificate cert = it.next();
- Attestation resolvedInitial = getAttestation(cert);
-
- if (resolvedInitial.isTrusted()) {
- return resolvedInitial;
- } else {
- while (it.hasNext()) {
- Attestation resolved = getAttestation(cert);
+ X509Certificate attestationCertificate = attestationCertificateChain.get(0);
+ List certificateChain = attestationCertificateChain.subList(1, attestationCertificateChain.size());
- if (resolved.isTrusted()) {
- return resolved;
- } else {
- logger.trace("Could not look up trusted attestation for certificate [{}] - trying next element in certificate chain.", cert);
-
- X509Certificate signingCert = it.next();
-
- try {
- cert.verify(signingCert.getPublicKey());
- } catch (Exception e) {
- logger.debug("Failed to verify that certificate [{}] was signed by certificate [{}].", cert, signingCert, e);
- return resolvedInitial;
- }
- }
- }
-
- return resolvedInitial;
+ try {
+ final String fingerprint = Hashing.sha1().hashBytes(attestationCertificate.getEncoded()).toString();
+ return cache.get(
+ fingerprint,
+ () ->
+ attestationResolver.resolve(attestationCertificate, certificateChain)
+ .orElseGet(() -> attestationResolver.untrustedFromCertificate(attestationCertificate))
+ );
+ } catch (ExecutionException e) {
+ throw ExceptionUtil.wrapAndLog(logger, "Failed to look up attestation information for certificate: " + attestationCertificate, e);
}
}
- private Attestation lookupAttestation(X509Certificate attestationCertificate) {
- final int certTransports = get_transports(attestationCertificate.getExtensionValue(TRANSPORTS_EXT_OID));
-
- return resolver.resolve(attestationCertificate).map(metadata -> {
- Map vendorProperties;
- Map deviceProperties = null;
- String identifier;
- int metadataTransports = 0;
-
- identifier = metadata.getIdentifier();
- vendorProperties = Maps.filterValues(metadata.getVendorInfo(), Objects::nonNull);
- for (JsonNode device : metadata.getDevices()) {
- if (deviceMatches(device.get(SELECTORS), attestationCertificate)) {
- JsonNode transportNode = device.get(TRANSPORTS);
- if(transportNode != null) {
- metadataTransports |= transportNode.asInt(0);
- }
- ImmutableMap.Builder devicePropertiesBuilder = ImmutableMap.builder();
- for (Map.Entry deviceEntry : Lists.newArrayList(device.fields())) {
- JsonNode value = deviceEntry.getValue();
- if (value.isTextual()) {
- devicePropertiesBuilder.put(deviceEntry.getKey(), value.asText());
- }
- }
- deviceProperties = devicePropertiesBuilder.build();
- break;
- }
- }
-
- return Attestation.builder(true)
- .metadataIdentifier(Optional.ofNullable(identifier))
- .vendorProperties(Optional.of(vendorProperties))
- .deviceProperties(Optional.ofNullable(deviceProperties))
- .transports(Optional.of(Transport.fromInt(certTransports | metadataTransports)))
- .build();
- }).orElseGet(() ->
- Attestation.builder(false)
- .transports(Optional.of(Transport.fromInt(certTransports)))
- .build()
- );
- }
-
- private int get_transports(byte[] extensionValue) {
- if(extensionValue == null) {
- return 0;
- }
-
- // Mask out unused bits (shouldn't be needed as they should already be 0).
- int unusedBitMask = 0xff;
- for(int i=0; i < extensionValue[3]; i++) {
- unusedBitMask <<= 1;
- }
- extensionValue[extensionValue.length-1] &= unusedBitMask;
-
- int transports = 0;
- for(int i=extensionValue.length - 1; i >= 5; i--) {
- byte b = extensionValue[i];
- for(int bi=0; bi < 8; bi++) {
- transports = (transports << 1) | (b & 1);
- b >>= 1;
- }
- }
-
- return transports;
- }
}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/TrustResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/TrustResolver.java
new file mode 100644
index 000000000..5a6b62c0d
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/TrustResolver.java
@@ -0,0 +1,55 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+
+public interface TrustResolver {
+
+ /**
+ * Alias of resolveTrustAnchor(attestationCertificate, Collections.emptyList()).
+ *
+ * @see #resolveTrustAnchor(X509Certificate, List)
+ */
+ default Optional resolveTrustAnchor(X509Certificate attestationCertificate) {
+ return resolveTrustAnchor(attestationCertificate, Collections.emptyList());
+ }
+
+ /**
+ * Resolve a trusted root anchor for the given attestation certificate and certificate chain
+ *
+ * @param attestationCertificate The attestation certificate
+ * @param caCertificateChain Zero or more certificates, of which the first
+ * has signed attestationCertificate and each of the
+ * rest has signed the previous in order
+ * @return A trusted root certificate from which there exists a signature
+ * path to attestationCertificate, if one exists.
+ */
+ Optional resolveTrustAnchor(X509Certificate attestationCertificate, List caCertificateChain);
+
+}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/ExtensionMatcher.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/ExtensionMatcher.java
index ae361f5e2..03cf42e36 100644
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/ExtensionMatcher.java
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/ExtensionMatcher.java
@@ -1,4 +1,26 @@
-/* Copyright 2015 Yubico */
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.attestation.matcher;
@@ -34,7 +56,6 @@ public boolean matches(X509Certificate attestationCertificate, JsonNode paramete
if (matchValue == null) {
return true;
} else {
- //TODO: Handle long lengths? Verify length?
try {
final ASN1Primitive value = ASN1Primitive.fromByteArray(extensionValue);
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcher.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcher.java
index ce93df4a6..ef3daaaf6 100644
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcher.java
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcher.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation.matcher;
import com.fasterxml.jackson.databind.JsonNode;
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeAttestationResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeAttestationResolver.java
new file mode 100644
index 000000000..ded8699c1
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeAttestationResolver.java
@@ -0,0 +1,71 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.yubico.webauthn.attestation.Attestation;
+import com.yubico.webauthn.attestation.AttestationResolver;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * An {@link AttestationResolver} whose {@link #resolve(X509Certificate, List)}
+ * method calls {@link AttestationResolver#resolve(X509Certificate, List)} on
+ * each of the subordinate {@link AttestationResolver}s in turn, and returns
+ * the first non-null result.
+ */
+public class CompositeAttestationResolver implements AttestationResolver {
+
+ private final List resolvers;
+
+ public CompositeAttestationResolver(List resolvers) {
+ this.resolvers = Collections.unmodifiableList(resolvers);
+ }
+
+ @Override
+ public Optional resolve(X509Certificate attestationCertificate, List certificateChain) {
+ for (AttestationResolver resolver : resolvers) {
+ Optional result = resolver.resolve(attestationCertificate, certificateChain);
+ if (result.isPresent()) {
+ return result;
+ }
+ }
+ return Optional.empty();
+ }
+
+ /**
+ * Delegates to the first subordinate resolver, or throws an exception if there is none.
+ */
+ @Override
+ public Attestation untrustedFromCertificate(X509Certificate attestationCertificate) {
+ if (resolvers.isEmpty()) {
+ throw new UnsupportedOperationException("Cannot do this without any sub-resolver.");
+ } else {
+ return resolvers.get(0).untrustedFromCertificate(attestationCertificate);
+ }
+ }
+
+}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeResolver.java
deleted file mode 100644
index 9f489ffb5..000000000
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeResolver.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package com.yubico.webauthn.attestation.resolver;
-
-import com.yubico.webauthn.attestation.MetadataObject;
-import com.yubico.webauthn.attestation.MetadataResolver;
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.List;
-import java.util.Optional;
-
-/**
- * A {@link MetadataResolver} whose {@link #resolve(X509Certificate)} method
- * calls {@link MetadataResolver#resolve(X509Certificate)} on each of the
- * subordinate {@link MetadataResolver}s in turn, and returns the first
- * non-null result.
- */
-public class CompositeResolver implements MetadataResolver {
-
- private final List resolvers;
-
- public CompositeResolver(List resolvers) {
- this.resolvers = Collections.unmodifiableList(resolvers);
- }
-
- @Override
- public Optional resolve(X509Certificate attestationCertificate) {
- for (MetadataResolver resolver : resolvers) {
- Optional result = resolver.resolve(attestationCertificate);
- if (result.isPresent()) {
- return result;
- }
- }
- return Optional.empty();
- }
-
-}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeTrustResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeTrustResolver.java
new file mode 100644
index 000000000..bdb755c2e
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/CompositeTrustResolver.java
@@ -0,0 +1,57 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.yubico.webauthn.attestation.TrustResolver;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * A {@link TrustResolver} whose {@link #resolveTrustAnchor(X509Certificate,
+ * List)} method calls {@link TrustResolver#resolveTrustAnchor(X509Certificate,
+ * List)} on each of the subordinate {@link TrustResolver}s in turn, and
+ * returns the first non-null result.
+ */
+public class CompositeTrustResolver implements TrustResolver {
+
+ private final List resolvers;
+
+ public CompositeTrustResolver(List resolvers) {
+ this.resolvers = Collections.unmodifiableList(resolvers);
+ }
+
+ @Override
+ public Optional resolveTrustAnchor(X509Certificate attestationCertificate, List certificateChain) {
+ for (TrustResolver resolver : resolvers) {
+ Optional result = resolver.resolveTrustAnchor(attestationCertificate, certificateChain);
+ if (result.isPresent()) {
+ return result;
+ }
+ }
+ return Optional.empty();
+ }
+}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolver.java
new file mode 100644
index 000000000..2bd676873
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolver.java
@@ -0,0 +1,190 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.yubico.internal.util.CertificateParser;
+import com.yubico.internal.util.ExceptionUtil;
+import com.yubico.webauthn.attestation.Attestation;
+import com.yubico.webauthn.attestation.AttestationResolver;
+import com.yubico.webauthn.attestation.DeviceMatcher;
+import com.yubico.webauthn.attestation.MetadataObject;
+import com.yubico.webauthn.attestation.Transport;
+import com.yubico.webauthn.attestation.TrustResolver;
+import com.yubico.webauthn.attestation.matcher.ExtensionMatcher;
+import com.yubico.webauthn.attestation.matcher.FingerprintMatcher;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import lombok.NonNull;
+
+
+public class SimpleAttestationResolver implements AttestationResolver {
+
+ private static final String SELECTORS = "selectors";
+ private static final String SELECTOR_TYPE = "type";
+ private static final String SELECTOR_PARAMETERS = "parameters";
+
+ private static final String TRANSPORTS = "transports";
+ private static final String TRANSPORTS_EXT_OID = "1.3.6.1.4.1.45724.2.1.1";
+
+ private static final Map DEFAULT_DEVICE_MATCHERS = ImmutableMap.of(
+ ExtensionMatcher.SELECTOR_TYPE, new ExtensionMatcher(),
+ FingerprintMatcher.SELECTOR_TYPE, new FingerprintMatcher()
+ );
+
+ private final Map metadata = new HashMap<>();
+ private final TrustResolver trustResolver;
+ private final Map matchers;
+
+ public SimpleAttestationResolver(
+ @NonNull Collection objects,
+ @NonNull TrustResolver trustResolver,
+ @NonNull Map matchers
+ ) throws CertificateException {
+ for (MetadataObject object : objects) {
+ for (String caPem : object.getTrustedCertificates()) {
+ X509Certificate trustAnchor = CertificateParser.parsePem(caPem);
+ metadata.put(trustAnchor, object);
+ }
+ }
+
+ this.trustResolver = trustResolver;
+ this.matchers = Collections.unmodifiableMap(matchers);
+ }
+
+ public SimpleAttestationResolver(Collection objects, TrustResolver trustResolver) throws CertificateException {
+ this(objects, trustResolver, DEFAULT_DEVICE_MATCHERS);
+ }
+
+ private Optional lookupTrustAnchor(X509Certificate trustAnchor) {
+ return Optional.ofNullable(metadata.get(trustAnchor));
+ }
+
+ @Override
+ public Optional resolve(X509Certificate attestationCertificate, List certificateChain) {
+ Optional trustAnchor = trustResolver.resolveTrustAnchor(attestationCertificate, certificateChain);
+
+ return trustAnchor.flatMap(this::lookupTrustAnchor).map(metadata -> {
+ Map vendorProperties;
+ Map deviceProperties = null;
+ String identifier;
+ int metadataTransports = 0;
+
+ identifier = metadata.getIdentifier();
+ vendorProperties = Maps.filterValues(metadata.getVendorInfo(), Objects::nonNull);
+ for (JsonNode device : metadata.getDevices()) {
+ if (deviceMatches(device.get(SELECTORS), attestationCertificate)) {
+ JsonNode transportNode = device.get(TRANSPORTS);
+ if (transportNode != null) {
+ metadataTransports |= transportNode.asInt(0);
+ }
+ ImmutableMap.Builder devicePropertiesBuilder = ImmutableMap.builder();
+ for (Map.Entry deviceEntry : Lists.newArrayList(device.fields())) {
+ JsonNode value = deviceEntry.getValue();
+ if (value.isTextual()) {
+ devicePropertiesBuilder.put(deviceEntry.getKey(), value.asText());
+ }
+ }
+ deviceProperties = devicePropertiesBuilder.build();
+ break;
+ }
+ }
+
+ return Attestation.builder(true)
+ .metadataIdentifier(Optional.ofNullable(identifier))
+ .vendorProperties(Optional.of(vendorProperties))
+ .deviceProperties(Optional.ofNullable(deviceProperties))
+ .transports(Optional.of(Transport.fromInt(getTransports(attestationCertificate) | metadataTransports)))
+ .build();
+ });
+ }
+
+ private boolean deviceMatches(
+ JsonNode selectors,
+ @NonNull X509Certificate attestationCertificate
+ ) {
+ if (selectors == null || selectors.isNull()) {
+ return true;
+ } else {
+ for (JsonNode selector : selectors) {
+ DeviceMatcher matcher = matchers.get(selector.get(SELECTOR_TYPE).asText());
+ if (matcher != null && matcher.matches(attestationCertificate, selector.get(SELECTOR_PARAMETERS))) {
+ return true;
+ }
+ }
+ return false;
+ }
+ }
+
+ private static int getTransports(X509Certificate cert) {
+ byte[] extensionValue = cert.getExtensionValue(TRANSPORTS_EXT_OID);
+
+ if(extensionValue == null) {
+ return 0;
+ }
+
+ ExceptionUtil.assure(
+ extensionValue.length >= 4,
+ "Transports extension value must be at least 4 bytes (2 bytes octet string header, 2 bytes bit string header), was: %d",
+ extensionValue.length
+ );
+
+ // Mask out unused bits (shouldn't be needed as they should already be 0).
+ int unusedBitMask = 0xff;
+ for(int i=0; i < extensionValue[3]; i++) {
+ unusedBitMask <<= 1;
+ }
+ extensionValue[extensionValue.length-1] &= unusedBitMask;
+
+ int transports = 0;
+ for(int i=extensionValue.length - 1; i >= 5; i--) {
+ byte b = extensionValue[i];
+ for(int bi=0; bi < 8; bi++) {
+ transports = (transports << 1) | (b & 1);
+ b >>= 1;
+ }
+ }
+
+ return transports;
+ }
+
+ @Override
+ public Attestation untrustedFromCertificate(X509Certificate attestationCertificate) {
+ return Attestation.builder(false)
+ .transports(Optional.of(Transport.fromInt(getTransports(attestationCertificate))))
+ .build();
+ }
+
+}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolver.java
deleted file mode 100644
index 040818ab9..000000000
--- a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolver.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/* Copyright 2015 Yubico */
-
-package com.yubico.webauthn.attestation.resolver;
-
-import com.google.common.collect.ArrayListMultimap;
-import com.google.common.collect.Multimap;
-import com.yubico.internal.util.CertificateParser;
-import com.yubico.internal.util.WebAuthnCodecs;
-import com.yubico.webauthn.attestation.MetadataObject;
-import com.yubico.webauthn.attestation.MetadataResolver;
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Optional;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Resolves a metadata object whose associated certificate has signed the
- * argument certificate.
- */
-public class SimpleResolver implements MetadataResolver {
- private static final Logger logger = LoggerFactory.getLogger(SimpleResolver.class);
-
- final Multimap certs = ArrayListMultimap.create();
- final Map metadata = new HashMap<>();
-
- public void addMetadata(String jsonData) throws CertificateException, IOException {
- addMetadata(WebAuthnCodecs.json().readValue(jsonData, MetadataObject.class));
- }
-
- public void addMetadata(MetadataObject object) throws CertificateException {
- for (String caPem : object.getTrustedCertificates()) {
- X509Certificate caCert = CertificateParser.parsePem(caPem);
- certs.put(caCert.getSubjectDN().getName(), caCert);
- metadata.put(caCert, object);
- }
- }
-
- @Override
- public Optional resolve(X509Certificate attestationCertificate) {
- String issuer = attestationCertificate.getIssuerDN().getName();
- for (X509Certificate cert : certs.get(issuer)) {
- try {
- attestationCertificate.verify(cert.getPublicKey());
- return Optional.ofNullable(metadata.get(cert));
- } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException e) {
- logger.error("Resolve failed", e);
- throw new RuntimeException("Resolve failed", e);
- } catch (SignatureException e) {
- // Signature verification failed
- }
- }
-
- return Optional.empty();
- }
-}
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolver.java b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolver.java
new file mode 100644
index 000000000..959b3a7cb
--- /dev/null
+++ b/webauthn-server-attestation/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolver.java
@@ -0,0 +1,124 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.google.common.collect.ArrayListMultimap;
+import com.google.common.collect.Multimap;
+import com.yubico.internal.util.CertificateParser;
+import com.yubico.internal.util.WebAuthnCodecs;
+import com.yubico.webauthn.attestation.MetadataObject;
+import com.yubico.webauthn.attestation.TrustResolver;
+import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * Assesses whether an argument certificate can be trusted, and if so, by what
+ * trusted root certificate.
+ */
+public class SimpleTrustResolver implements TrustResolver {
+
+ private static final Logger logger = LoggerFactory.getLogger(SimpleTrustResolver.class);
+
+ private final Multimap trustedCerts = ArrayListMultimap.create();
+
+ public SimpleTrustResolver(Iterable trustedCertificates) {
+ for (X509Certificate cert : trustedCertificates) {
+ trustedCerts.put(cert.getSubjectDN().getName(), cert);
+ }
+ }
+
+ public static SimpleTrustResolver fromMetadata(Iterable metadataObjects) throws CertificateException {
+ Set certs = new HashSet<>();
+ for (MetadataObject metadata : metadataObjects) {
+ for (String encodedCert : metadata.getTrustedCertificates()) {
+ certs.add(CertificateParser.parsePem(encodedCert));
+ }
+ }
+ return new SimpleTrustResolver(certs);
+ }
+
+ public static SimpleTrustResolver fromMetadataJson(String metadataObjectJson) throws IOException, CertificateException {
+ return fromMetadata(Collections.singleton(WebAuthnCodecs.json().readValue(metadataObjectJson, MetadataObject.class)));
+ }
+
+ @Override
+ public Optional resolveTrustAnchor(X509Certificate attestationCertificate, List caCertificateChain) {
+ final List certChain = new ArrayList<>();
+ certChain.add(attestationCertificate);
+ certChain.addAll(caCertificateChain);
+
+ X509Certificate lastTriedCert = null;
+
+ for (X509Certificate untrustedCert : certChain) {
+ if (lastTriedCert != null) {
+ logger.trace("No trusted certificate has signed certificate [{}] - trying next element in certificate chain.", lastTriedCert);
+
+ try {
+ lastTriedCert.verify(untrustedCert.getPublicKey());
+ } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException e) {
+ logger.error("Failed to verify that certificate [{}] was signed by [{}]", lastTriedCert, untrustedCert, e);
+ throw new RuntimeException("Resolve failed", e);
+ } catch (SignatureException e) {
+ logger.debug("Certificate chain broken - certificate [{}] was not signed by certificate [{}]", lastTriedCert, untrustedCert);
+ return Optional.empty();
+ }
+ }
+
+ final String issuer = untrustedCert.getIssuerDN().getName();
+ for (X509Certificate trustedCert : trustedCerts.get(issuer)) {
+ try {
+ untrustedCert.verify(trustedCert.getPublicKey());
+ logger.debug("Found signature from trusted certificate [{}]", trustedCert);
+ return Optional.of(trustedCert);
+ } catch (CertificateException | NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException e) {
+ logger.error("Resolve failed", e);
+ throw new RuntimeException("Resolve failed", e);
+ } catch (SignatureException e) {
+ // Not signed by the trusted cert
+ }
+ }
+
+ lastTriedCert = untrustedCert;
+ }
+
+ logger.debug("No trusted certificate has signed certificate chain {}", certChain);
+ return Optional.empty();
+ }
+
+}
diff --git a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/StandardMetadataServiceTest.java b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/StandardMetadataServiceTest.java
index 0a19e8c09..6582a848e 100644
--- a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/StandardMetadataServiceTest.java
+++ b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/StandardMetadataServiceTest.java
@@ -1,26 +1,41 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.google.common.collect.ImmutableList;
import com.google.common.hash.Hashing;
import com.yubico.internal.util.CertificateParser;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Optional;
import org.junit.Test;
-import org.mockito.ArgumentMatchers;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
public class StandardMetadataServiceTest {
private static final String ATTESTATION_CERT = "MIICGzCCAQWgAwIBAgIEdaP2dTALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMCoxKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDE5NzM2Nzk3MzMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZo35Damtpl81YdmcbhEuXKAr7xDcQzAy5n3ftAAhtBbu8EeGU4ynfSgLonckqX6J2uXLBppTNE3v2bt+Yf8MLoxIwEDAOBgorBgEEAYLECgECBAAwCwYJKoZIhvcNAQELA4IBAQG9LbiNPgs0sQYOHAJcg+lMk+HCsiWRlYVnbT4I/5lnqU907vY17XYAORd432bU3Nnhsbkvjz76kQJGXeNAF4DPANGGlz8JU+LNEVE2PWPGgEM0GXgB7mZN5Sinfy1AoOdO+3c3bfdJQuXlUxHbo+nDpxxKpzq9gr++RbokF1+0JBkMbaA/qLYL4WdhY5NvaOyMvYpO3sBxlzn6FcP67hlotGH1wU7qhCeh+uur7zDeAWVh7c4QtJOXHkLJQfV3Z7ZMvhkIA6jZJAX99hisABU/SSa5DtgX7AfsHwa04h69AAAWDUzSk3HgOXbUd1FaSOPdlVFkG2N2JllFHykyO3zO";
@@ -32,7 +47,7 @@ public void testGetAttestation_x509extension_key() throws Exception {
StandardMetadataService service = new StandardMetadataService();
X509Certificate attestationCert = CertificateParser.parsePem(ATTESTATION_CERT);
- Attestation attestation = service.getAttestation(attestationCert);
+ Attestation attestation = service.getAttestation(Collections.singletonList(attestationCert));
assertTrue(attestation.isTrusted());
assertEquals("Yubico", attestation.getVendorProperties().get().get("name"));
@@ -44,7 +59,7 @@ public void testGetAttestation_x509extension_key_value() throws Exception {
StandardMetadataService service = new StandardMetadataService();
X509Certificate attestationCert = CertificateParser.parsePem(ATTESTATION_CERT2);
- Attestation attestation = service.getAttestation(attestationCert);
+ Attestation attestation = service.getAttestation(Collections.singletonList(attestationCert));
assertTrue(attestation.isTrusted());
assertEquals("Yubico", attestation.getVendorProperties().get().get("name"));
@@ -53,10 +68,10 @@ public void testGetAttestation_x509extension_key_value() throws Exception {
@Test
public void testGetTransportsFromCertificate() throws CertificateException {
- StandardMetadataService service = new StandardMetadataService(mock(MetadataResolver.class));
+ StandardMetadataService service = new StandardMetadataService();
X509Certificate attestationCert = CertificateParser.parsePem(ATTESTATION_CERT_WITH_TRANSPORTS);
- Attestation attestation = service.getAttestation(attestationCert);
+ Attestation attestation = service.getAttestation(Collections.singletonList(attestationCert));
assertEquals(Optional.of(EnumSet.of(Transport.USB, Transport.NFC)), attestation.getTransports());
}
@@ -66,7 +81,7 @@ public void testGetTransportsFromMetadata() throws CertificateException {
StandardMetadataService service = new StandardMetadataService();
X509Certificate attestationCert = CertificateParser.parsePem(ATTESTATION_CERT2);
- Attestation attestation = service.getAttestation(attestationCert);
+ Attestation attestation = service.getAttestation(Collections.singletonList(attestationCert));
assertEquals(Optional.of(EnumSet.of(Transport.USB)), attestation.getTransports());
}
@@ -80,7 +95,7 @@ public void getCachedAttestationReturnsCertIfPresent() throws Exception {
assertNull(service.getCachedAttestation(certFingerprint));
- service.getAttestation(attestationCert);
+ service.getAttestation(Collections.singletonList(attestationCert));
Attestation attestation = service.getCachedAttestation(certFingerprint);
@@ -89,34 +104,4 @@ public void getCachedAttestationReturnsCertIfPresent() throws Exception {
assertEquals("1.3.6.1.4.1.41482.1.2", attestation.getDeviceProperties().get().get("deviceId"));
}
- @Test(expected = CertificateEncodingException.class)
- public void getAttestationThrowsIfFingerprintEncodingFails() throws Exception {
- StandardMetadataService service = new StandardMetadataService();
-
- final X509Certificate attestationCert = mock(X509Certificate.class);
- when(attestationCert.getEncoded()).thenThrow(new CertificateEncodingException("Forced failure"));
-
- Attestation attestation = service.getAttestation(attestationCert);
-
- assertFalse(attestation.isTrusted());
- }
-
- @Test
- public void deviceMatchesReturnsTrueIfNoSelectorsAreGiven() throws Exception {
- MetadataResolver resolver = mock(MetadataResolver.class);
- JsonNode device = mock(JsonNode.class);
- when(device.fields()).thenReturn(Collections.emptyIterator());
- MetadataObject metadata = mock(MetadataObject.class);
- when(metadata.getDevices()).thenReturn(ImmutableList.of(device));
- when(resolver.resolve(ArgumentMatchers.any())).thenReturn(Optional.of(metadata));
-
- StandardMetadataService service = new StandardMetadataService(resolver);
-
- final X509Certificate attestationCert = CertificateParser.parsePem(ATTESTATION_CERT);
-
- Attestation attestation = service.getAttestation(attestationCert);
-
- verify(device, times(1)).get("transports");
- }
-
}
diff --git a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcherTest.java b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcherTest.java
index 64d7ec7fb..abfe9be42 100644
--- a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcherTest.java
+++ b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/matcher/FingerprintMatcherTest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation.matcher;
import com.fasterxml.jackson.databind.JsonNode;
diff --git a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolverTest.java b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolverTest.java
new file mode 100644
index 000000000..ecf52d176
--- /dev/null
+++ b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleAttestationResolverTest.java
@@ -0,0 +1,79 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.yubico.internal.util.CertificateParser;
+import com.yubico.internal.util.WebAuthnCodecs;
+import com.yubico.webauthn.attestation.Attestation;
+import com.yubico.webauthn.attestation.MetadataObject;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Optional;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+
+public class SimpleAttestationResolverTest {
+
+ private static final String METADATA_JSON = "{\"identifier\":\"foobar\",\"version\":1,\"trustedCertificates\":[\"-----BEGIN CERTIFICATE-----\\nMIIDHjCCAgagAwIBAgIEG1BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ\\ndWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw\\nMDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290\\nIENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\\nAoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk\\n5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep\\n8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbw\\nnebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT\\n9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXw\\nLvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJ\\nhjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAN\\nBgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4\\nMYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kt\\nhX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2k\\nLVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1U\\nsG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqc\\nU9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw==\\n-----END CERTIFICATE-----\"],\"vendorInfo\":{\"name\":\"Yubico\",\"url\":\"https://yubico.com\",\"imageUrl\":\"https://developers.yubico.com/U2F/Images/yubico.png\"},\"devices\":[{\"displayName\":\"YubiKey NEO/NEO-n\",\"deviceId\":\"1.3.6.1.4.1.41482.1.2\",\"deviceUrl\":\"https://www.yubico.com/products/yubikey-hardware/yubikey-neo/\",\"imageUrl\":\"https://developers.yubico.com/U2F/Images/NEO.png\",\"selectors\":[{\"type\":\"x509Extension\",\"parameters\":{\"key\":\"1.3.6.1.4.1.41482.1.2\"}}]}] }";
+ private static final String ATTESTATION_CERT = "MIICGzCCAQWgAwIBAgIEdaP2dTALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMCoxKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDE5NzM2Nzk3MzMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZo35Damtpl81YdmcbhEuXKAr7xDcQzAy5n3ftAAhtBbu8EeGU4ynfSgLonckqX6J2uXLBppTNE3v2bt+Yf8MLoxIwEDAOBgorBgEEAYLECgECBAAwCwYJKoZIhvcNAQELA4IBAQG9LbiNPgs0sQYOHAJcg+lMk+HCsiWRlYVnbT4I/5lnqU907vY17XYAORd432bU3Nnhsbkvjz76kQJGXeNAF4DPANGGlz8JU+LNEVE2PWPGgEM0GXgB7mZN5Sinfy1AoOdO+3c3bfdJQuXlUxHbo+nDpxxKpzq9gr++RbokF1+0JBkMbaA/qLYL4WdhY5NvaOyMvYpO3sBxlzn6FcP67hlotGH1wU7qhCeh+uur7zDeAWVh7c4QtJOXHkLJQfV3Z7ZMvhkIA6jZJAX99hisABU/SSa5DtgX7AfsHwa04h69AAAWDUzSk3HgOXbUd1FaSOPdlVFkG2N2JllFHykyO3zO";
+
+ private final MetadataObject metadata = WebAuthnCodecs.json().readValue(METADATA_JSON, MetadataObject.class);
+ private final X509Certificate attestationCertificate = CertificateParser.parseDer(ATTESTATION_CERT);
+
+ public SimpleAttestationResolverTest() throws IOException, CertificateException {
+ }
+
+ private static SimpleAttestationResolver createAttestationResolver(MetadataObject metadata) throws CertificateException {
+ return new SimpleAttestationResolver(
+ Collections.singleton(metadata),
+ SimpleTrustResolver.fromMetadata(Collections.singleton(metadata))
+ );
+ }
+
+ @Test
+ public void testResolve() throws Exception {
+ final SimpleAttestationResolver resolver = createAttestationResolver(metadata);
+ Attestation metadata = resolver.resolve(attestationCertificate).orElse(null);
+
+ assertNotNull(metadata);
+ assertEquals("foobar", metadata.getMetadataIdentifier().get());
+ }
+
+ @Test
+ public void resolveReturnsEmptyOnUntrustedSignature() throws Exception {
+ final SimpleAttestationResolver resolver = new SimpleAttestationResolver(
+ Collections.singletonList(metadata),
+ SimpleTrustResolver.fromMetadata(Collections.emptyList())
+ );
+
+ assertEquals(Optional.empty(), resolver.resolve(attestationCertificate));
+ }
+
+}
diff --git a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleResolverTest.java b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverTest.java
similarity index 71%
rename from webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleResolverTest.java
rename to webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverTest.java
index df0b75b4a..f84119ed6 100644
--- a/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleResolverTest.java
+++ b/webauthn-server-attestation/src/test/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverTest.java
@@ -1,7 +1,31 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation.resolver;
-import com.yubico.webauthn.attestation.MetadataObject;
import com.yubico.internal.util.CertificateParser;
+import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
@@ -14,54 +38,50 @@
import org.mockito.ArgumentMatchers;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
-public class SimpleResolverTest {
+public class SimpleTrustResolverTest {
private static final String METADATA_JSON = "{\"identifier\":\"foobar\",\"version\":1,\"trustedCertificates\":[\"-----BEGIN CERTIFICATE-----\\nMIIDHjCCAgagAwIBAgIEG1BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ\\ndWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw\\nMDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290\\nIENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\\nAoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk\\n5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep\\n8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbw\\nnebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT\\n9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXw\\nLvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJ\\nhjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAN\\nBgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4\\nMYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kt\\nhX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2k\\nLVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1U\\nsG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqc\\nU9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw==\\n-----END CERTIFICATE-----\"],\"vendorInfo\":{\"name\":\"Yubico\",\"url\":\"https://yubico.com\",\"imageUrl\":\"https://developers.yubico.com/U2F/Images/yubico.png\"},\"devices\":[{\"displayName\":\"YubiKey NEO/NEO-n\",\"deviceId\":\"1.3.6.1.4.1.41482.1.2\",\"deviceUrl\":\"https://www.yubico.com/products/yubikey-hardware/yubikey-neo/\",\"imageUrl\":\"https://developers.yubico.com/U2F/Images/NEO.png\",\"selectors\":[{\"type\":\"x509Extension\",\"parameters\":{\"key\":\"1.3.6.1.4.1.41482.1.2\"}}]}] }";
private static final String ATTESTATION_CERT = "MIICGzCCAQWgAwIBAgIEdaP2dTALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBaMCoxKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDE5NzM2Nzk3MzMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZo35Damtpl81YdmcbhEuXKAr7xDcQzAy5n3ftAAhtBbu8EeGU4ynfSgLonckqX6J2uXLBppTNE3v2bt+Yf8MLoxIwEDAOBgorBgEEAYLECgECBAAwCwYJKoZIhvcNAQELA4IBAQG9LbiNPgs0sQYOHAJcg+lMk+HCsiWRlYVnbT4I/5lnqU907vY17XYAORd432bU3Nnhsbkvjz76kQJGXeNAF4DPANGGlz8JU+LNEVE2PWPGgEM0GXgB7mZN5Sinfy1AoOdO+3c3bfdJQuXlUxHbo+nDpxxKpzq9gr++RbokF1+0JBkMbaA/qLYL4WdhY5NvaOyMvYpO3sBxlzn6FcP67hlotGH1wU7qhCeh+uur7zDeAWVh7c4QtJOXHkLJQfV3Z7ZMvhkIA6jZJAX99hisABU/SSa5DtgX7AfsHwa04h69AAAWDUzSk3HgOXbUd1FaSOPdlVFkG2N2JllFHykyO3zO";
+ private final SimpleTrustResolver resolver = SimpleTrustResolver.fromMetadataJson(METADATA_JSON);
+
+ public SimpleTrustResolverTest() throws IOException, CertificateException {
+ }
+
@Test
public void testResolve() throws Exception {
- SimpleResolver resolver = new SimpleResolver();
-
- resolver.addMetadata(METADATA_JSON);
X509Certificate certificate = CertificateParser.parseDer(ATTESTATION_CERT);
- MetadataObject metadata = resolver.resolve(certificate).orElse(null);
+ Optional trustAnchor = resolver.resolveTrustAnchor(certificate);
- assertNotNull(metadata);
- assertEquals("foobar", metadata.getIdentifier());
+ assertTrue(trustAnchor.isPresent());
+ assertEquals("CN=Yubico U2F Root CA Serial 457200631", trustAnchor.get().getSubjectDN().getName());
}
@Test
public void resolveReturnsEmptyOnUntrustedSignature() throws Exception {
- SimpleResolver resolver = new SimpleResolver();
- resolver.addMetadata(METADATA_JSON);
-
X509Certificate cert = mock(X509Certificate.class);
doThrow(new SignatureException("Forced failure")).when(cert).verify(ArgumentMatchers.any());
Principal issuerDN = mock(Principal.class);
when(issuerDN.getName()).thenReturn("CN=Yubico U2F Root CA Serial 457200631");
when(cert.getIssuerDN()).thenReturn(issuerDN);
- assertEquals(Optional.empty(), resolver.resolve(cert));
+ assertEquals(Optional.empty(), resolver.resolveTrustAnchor(cert));
}
private void resolveThrowsExceptionOnUnexpectedError(Exception thrownException) throws Exception {
- SimpleResolver resolver = new SimpleResolver();
- resolver.addMetadata(METADATA_JSON);
-
X509Certificate cert = mock(X509Certificate.class);
doThrow(thrownException).when(cert).verify(ArgumentMatchers.any());
Principal issuerDN = mock(Principal.class);
when(issuerDN.getName()).thenReturn("CN=Yubico U2F Root CA Serial 457200631");
when(cert.getIssuerDN()).thenReturn(issuerDN);
- resolver.resolve(cert);
+ resolver.resolveTrustAnchor(cert);
}
@Test(expected = RuntimeException.class)
diff --git a/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala
new file mode 100644
index 000000000..c3fc75e78
--- /dev/null
+++ b/webauthn-server-attestation/src/test/scala/com/yubico/webauthn/attestation/StandardMetadataServiceSpec.scala
@@ -0,0 +1,251 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation
+
+import java.util.Collections
+
+import com.fasterxml.jackson.databind.node.JsonNodeFactory
+import com.yubico.internal.util.WebAuthnCodecs
+import com.yubico.internal.util.scala.JavaConverters._
+import com.yubico.webauthn.TestAuthenticator
+import com.yubico.webauthn.attestation.resolver.SimpleAttestationResolver
+import com.yubico.webauthn.attestation.resolver.SimpleTrustResolver
+import org.bouncycastle.asn1.DEROctetString
+import org.bouncycastle.asn1.DERBitString
+import org.bouncycastle.asn1.x500.X500Name
+import org.junit.runner.RunWith
+import org.scalatest.Matchers
+import org.scalatest.FunSpec
+import org.scalatest.junit.JUnitRunner
+
+import scala.collection.JavaConverters._
+
+
+@RunWith(classOf[JUnitRunner])
+class StandardMetadataServiceSpec extends FunSpec with Matchers {
+
+ private def jsonFactory: JsonNodeFactory = JsonNodeFactory.instance
+
+ private val TRANSPORTS_EXT_OID = "1.3.6.1.4.1.45724.2.1.1"
+
+ private val ooidA = "1.3.6.1.4.1.41482.1.1"
+ private val ooidB = "1.3.6.1.4.1.41482.1.2"
+
+ def metadataService(metadataJson: String): StandardMetadataService = {
+ val metadata = Collections.singleton(WebAuthnCodecs.json().readValue(metadataJson, classOf[MetadataObject]))
+ new StandardMetadataService(
+ new SimpleAttestationResolver(metadata, SimpleTrustResolver.fromMetadata(metadata))
+ )
+ }
+
+ describe("StandardMetadataService") {
+
+ describe("has a getAttestation method which") {
+
+ val cacaca = TestAuthenticator.generateAttestationCaCertificate(
+ name = new X500Name("CN=CA CA CA"),
+ extensions = List((ooidB, false, new DEROctetString(Array[Byte]())))
+ )
+ val caca = TestAuthenticator.generateAttestationCaCertificate(
+ name = new X500Name("CN=CA CA"),
+ superCa = Some(cacaca),
+ extensions = List((ooidB, false, new DEROctetString(Array[Byte]())))
+ )
+ val (caCert, caKey) = TestAuthenticator.generateAttestationCaCertificate(
+ name = new X500Name("CN=CA"),
+ superCa = Some(caca),
+ extensions = List((ooidB, false, new DEROctetString(Array[Byte]())))
+ )
+
+ val (certA, _) = TestAuthenticator.generateAttestationCertificate(
+ name = new X500Name("CN=Cert A"),
+ caCertAndKey = Some((caCert, caKey)),
+ extensions = List(
+ (ooidA, false, new DEROctetString(Array[Byte]())),
+ (TRANSPORTS_EXT_OID, false, new DERBitString(Array[Byte](0x60)))
+ )
+ )
+ val (certB, _) = TestAuthenticator.generateAttestationCertificate(
+ name = new X500Name("CN=Cert B"),
+ caCertAndKey = Some((caCert, caKey)),
+ extensions = List((ooidB, false, new DEROctetString(Array[Byte]())))
+ )
+ val (unknownCert, _) = TestAuthenticator.generateAttestationCertificate(
+ name = new X500Name("CN=Unknown Cert"),
+ extensions = List((ooidA, false, new DEROctetString(Array[Byte]())))
+ )
+
+ val metadataJson =
+ s"""{
+ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
+ "version": 1,
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "vendorInfo": {},
+ "devices": [
+ {
+ "deviceId": "DevA",
+ "displayName": "Device A",
+ "selectors": [
+ {
+ "type": "x509Extension",
+ "parameters": {
+ "key": "${ooidA}"
+ }
+ }
+ ]
+ },
+ {
+ "deviceId": "DevB",
+ "displayName": "Device B",
+ "selectors": [
+ {
+ "type": "x509Extension",
+ "parameters": {
+ "key": "${ooidB}"
+ }
+ }
+ ]
+ }
+ ]
+ }"""
+ val service = metadataService(metadataJson)
+
+ it("returns the trusted attestation matching the single cert passed, if it is signed by a trusted certificate.") {
+ val attestationA: Attestation = service.getAttestation(List(certA).asJava)
+ val attestationB: Attestation = service.getAttestation(List(certB).asJava)
+
+ attestationA.isTrusted should be (true)
+ attestationA.getDeviceProperties.get.get("deviceId") should be ("DevA")
+
+ attestationB.isTrusted should be (true)
+ attestationB.getDeviceProperties.get.get("deviceId") should be ("DevB")
+ }
+
+ it("returns the trusted attestation matching the first cert in the chain if it is signed by a trusted certificate.") {
+ val attestationA: Attestation = service.getAttestation(List(certA, certB).asJava)
+ val attestationB: Attestation = service.getAttestation(List(certB, certA).asJava)
+
+ attestationA.isTrusted should be (true)
+ attestationA.getDeviceProperties.get.get("deviceId") should be ("DevA")
+
+ attestationB.isTrusted should be (true)
+ attestationB.getDeviceProperties.get.get("deviceId") should be ("DevB")
+ }
+
+ it("returns a trusted best-effort attestation if the certificate is trusted but matches no known metadata.") {
+ val metadataJson =
+ s"""{
+ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
+ "version": 1,
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "vendorInfo": {},
+ "devices": []
+ }"""
+ val service = metadataService(metadataJson)
+
+ val attestation: Attestation = service.getAttestation(List(certA).asJava)
+
+ attestation.isTrusted should be (true)
+ attestation.getDeviceProperties.asScala shouldBe empty
+ attestation.getTransports.get.asScala should equal (Set(Transport.BLE, Transport.USB))
+ }
+
+ it("returns an untrusted attestation with transports if the certificate is not trusted.") {
+ val metadataJson =
+ s"""{
+ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
+ "version": 1,
+ "trustedCertificates": [],
+ "vendorInfo": {},
+ "devices": []
+ }"""
+ val service = metadataService(metadataJson)
+
+ val attestation: Attestation = service.getAttestation(List(certA).asJava)
+
+ attestation.isTrusted should be (false)
+ attestation.getMetadataIdentifier.asScala shouldBe empty
+ attestation.getVendorProperties.asScala shouldBe empty
+ attestation.getDeviceProperties.asScala shouldBe empty
+ attestation.getTransports.get.asScala should equal (Set(Transport.BLE, Transport.USB))
+ }
+
+ it("returns the trusted attestation matching the first cert in the chain if the chain resolves to a trusted certificate.") {
+ val metadataJson =
+ s"""{
+ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
+ "version": 1,
+ "trustedCertificates": ["${TestAuthenticator.toPem(cacaca._1).lines.mkString(raw"\n")}"],
+ "vendorInfo": {},
+ "devices": [
+ {
+ "deviceId": "DevA",
+ "displayName": "Device A",
+ "selectors": [
+ {
+ "type": "x509Extension",
+ "parameters": {
+ "key": "${ooidA}"
+ }
+ }
+ ]
+ }
+ ]
+ }"""
+ val service = metadataService(metadataJson)
+
+ val attestation: Attestation = service.getAttestation(List(certA, caCert, caca._1).asJava)
+
+ attestation.isTrusted should be (true)
+ attestation.getDeviceProperties.get.get("deviceId") should be ("DevA")
+ }
+
+ it("matches any certificate to a device with no selectors.") {
+ val metadataJson =
+ s"""{
+ "identifier": "44c87ead-4455-423e-88eb-9248e0ebe847",
+ "version": 1,
+ "trustedCertificates": ["${TestAuthenticator.toPem(caCert).lines.mkString(raw"\n")}"],
+ "vendorInfo": {},
+ "devices": [
+ {
+ "deviceId": "DevA",
+ "displayName": "Device A"
+ }
+ ]
+ }"""
+ val service = metadataService(metadataJson)
+
+ val resultA = service.getAttestation(List(certA).asJava)
+ val resultB = service.getAttestation(List(certB).asJava)
+ resultA.getDeviceProperties.get.get("deviceId") should be ("DevA")
+ resultB.getDeviceProperties.get.get("deviceId") should be ("DevA")
+ }
+
+ }
+
+ }
+
+}
diff --git a/webauthn-server-core/src/main/java/com/yubico/internal/util/WebAuthnCodecs.java b/webauthn-server-core/src/main/java/com/yubico/internal/util/WebAuthnCodecs.java
index c5ea4a81a..60814177a 100644
--- a/webauthn-server-core/src/main/java/com/yubico/internal/util/WebAuthnCodecs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/internal/util/WebAuthnCodecs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.internal.util;
import COSE.CoseException;
@@ -14,6 +38,7 @@
import com.yubico.webauthn.data.ByteArray;
import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
import java.io.IOException;
+import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.HashMap;
@@ -102,4 +127,12 @@ public static ECPublicKey importCoseP256PublicKey(ByteArray key) throws CoseExce
return new COSE.ECPublicKey(new OneKey(CBORObject.DecodeFromBytes(key.getBytes())));
}
+ public static String getSignatureAlgorithmName(PublicKey key) {
+ if (key.getAlgorithm().equals("EC")) {
+ return "ECDSA";
+ } else {
+ return key.getAlgorithm();
+ }
+ }
+
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java
index 8ce4ffff6..3c1e18f31 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import COSE.CoseException;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationTrustResolver.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationTrustResolver.java
index 0b35fa878..69a6d4d0e 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationTrustResolver.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationTrustResolver.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.attestation.Attestation;
@@ -7,6 +31,6 @@
interface AttestationTrustResolver {
- Attestation resolveTrustAnchor(AttestationObject attestationObject) throws CertificateEncodingException;
+ Attestation resolveTrustAnchor(AttestationObject attestationObject) throws CertificateEncodingException;
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/BouncyCastleCrypto.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/BouncyCastleCrypto.java
index 6c65afdf2..14f59be91 100755
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/BouncyCastleCrypto.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/BouncyCastleCrypto.java
@@ -1,11 +1,31 @@
-/*
- * Copyright 2014 Yubico.
- * Copyright 2014 Google Inc. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file or at
- * https://developers.google.com/open-source/licenses/bsd
- */
+// Copyright (c) 2014-2018, Yubico AB
+// Copyright (c) 2014, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Google Inc. nor the names of its contributors may be
+// used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/ChallengeGenerator.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/ChallengeGenerator.java
index 875aaf187..556678b37 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/ChallengeGenerator.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/ChallengeGenerator.java
@@ -1,11 +1,31 @@
-/*
- * Copyright 2014 Yubico.
- * Copyright 2014 Google Inc. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file or at
- * https://developers.google.com/open-source/licenses/bsd
- */
+// Copyright (c) 2014-2018, Yubico AB
+// Copyright (c) 2014, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Google Inc. nor the names of its contributors may be
+// used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepository.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepository.java
index 0ef6e509e..9c863661c 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepository.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRepository.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.ByteArray;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/Crypto.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/Crypto.java
index e61af34e8..1cbfd5504 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/Crypto.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/Crypto.java
@@ -1,11 +1,31 @@
-/*
- * Copyright 2014 Yubico.
- * Copyright 2014 Google Inc. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file or at
- * https://developers.google.com/open-source/licenses/bsd
- */
+// Copyright (c) 2014-2018, Yubico AB
+// Copyright (c) 2014, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Google Inc. nor the names of its contributors may be
+// used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/ExtensionsValidation.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/ExtensionsValidation.java
index 271862f1b..641a1f4b6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/ExtensionsValidation.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/ExtensionsValidation.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.upokecenter.cbor.CBORObject;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java
index c8899e5c7..ff3db5f77 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import COSE.CoseException;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionOptions.java
index 309993255..491ea95d6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.AssertionRequest;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
index 4d94239b3..17cc742ef 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationOptions.java
index 6280df240..d846ad0d6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.AuthenticatorAttestationResponse;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
index 0b1494ce7..1130215b6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import COSE.CoseException;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/KnownX509TrustAnchorsTrustResolver.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/KnownX509TrustAnchorsTrustResolver.java
index 9b71270b7..0d72d40fb 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/KnownX509TrustAnchorsTrustResolver.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/KnownX509TrustAnchorsTrustResolver.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.internal.util.CertificateParser;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/NoneAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/NoneAttestationStatementVerifier.java
index 39153f824..4853369ea 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/NoneAttestationStatementVerifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/NoneAttestationStatementVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.AttestationObject;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java
index fdf6f7ae8..f44f114c5 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import javax.naming.InvalidNameException;
@@ -42,7 +66,7 @@ class PackedAttestationStatementVerifier implements AttestationStatementVerifier
@Override
public AttestationType getAttestationType(AttestationObject attestation) {
if (attestation.getAttestationStatement().hasNonNull("x5c")) {
- return AttestationType.BASIC; // TODO or Privacy CA
+ return AttestationType.BASIC;
} else if (attestation.getAttestationStatement().hasNonNull("ecdaaKeyId")) {
return AttestationType.ECDAA;
} else {
@@ -139,26 +163,26 @@ private boolean verifyX5cSignature(AttestationObject attestationObject, ByteArra
ByteArray signedData = attestationObject.getAuthenticatorData().getBytes().concat(clientDataHash);
- // TODO support other signature algorithms
- Signature ecdsaSignature;
+ final String signatureAlgorithmName = "SHA256with" + WebAuthnCodecs.getSignatureAlgorithmName(attestationCertificate.getPublicKey());
+ Signature signatureVerifier;
try {
- ecdsaSignature = Signature.getInstance("SHA256withECDSA", crypto.getProvider());
+ signatureVerifier = Signature.getInstance(signatureAlgorithmName, crypto.getProvider());
} catch (NoSuchAlgorithmException e) {
- throw ExceptionUtil.wrapAndLog(log, "Failed to get a Signature instance for SHA256withECDSA", e);
+ throw ExceptionUtil.wrapAndLog(log, "Failed to get a Signature instance for " + signatureAlgorithmName, e);
}
try {
- ecdsaSignature.initVerify(attestationCertificate.getPublicKey());
+ signatureVerifier.initVerify(attestationCertificate.getPublicKey());
} catch (InvalidKeyException e) {
throw ExceptionUtil.wrapAndLog(log, "Attestation key is invalid: " + attestationCertificate, e);
}
try {
- ecdsaSignature.update(signedData.getBytes());
+ signatureVerifier.update(signedData.getBytes());
} catch (SignatureException e) {
- throw ExceptionUtil.wrapAndLog(log, "Signature object in invalid state: " + ecdsaSignature, e);
+ throw ExceptionUtil.wrapAndLog(log, "Signature object in invalid state: " + signatureVerifier, e);
}
try {
- return (ecdsaSignature.verify(signature.getBytes())
+ return (signatureVerifier.verify(signature.getBytes())
&& verifyX5cRequirements(attestationCertificate, attestationObject.getAuthenticatorData().getAttestationData().get().getAaguid())
);
} catch (SignatureException e) {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RandomChallengeGenerator.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RandomChallengeGenerator.java
index 5e3dc041d..d2271959b 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RandomChallengeGenerator.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RandomChallengeGenerator.java
@@ -1,11 +1,31 @@
-/*
- * Copyright 2014 Yubico.
- * Copyright 2014 Google Inc. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file or at
- * https://developers.google.com/open-source/licenses/bsd
- */
+// Copyright (c) 2014-2018, Yubico AB
+// Copyright (c) 2014, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Google Inc. nor the names of its contributors may be
+// used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java
index ee3ee2782..c5f7c76ae 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.ByteArray;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
index a6ecb72bb..f355ea4a9 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.attestation.MetadataService;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
index 4e3835304..5aa0951d0 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartAssertionOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.AssertionExtensionInputs;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
index d9eaf0381..60fcd5bf5 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/StartRegistrationOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.AuthenticatorSelectionCriteria;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/TokenBindingValidator.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/TokenBindingValidator.java
index 81085208b..5bc309314 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/TokenBindingValidator.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/TokenBindingValidator.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.yubico.webauthn.data.ByteArray;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/U2fRawRegisterResponse.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/U2fRawRegisterResponse.java
index 269383cab..0905538d1 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/U2fRawRegisterResponse.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/U2fRawRegisterResponse.java
@@ -1,11 +1,31 @@
-/*
- * Copyright 2014 Yubico.
- * Copyright 2014 Google Inc. All rights reserved.
- *
- * Use of this source code is governed by a BSD-style
- * license that can be found in the LICENSE file or at
- * https://developers.google.com/open-source/licenses/bsd
- */
+// Copyright (c) 2014-2018, Yubico AB
+// Copyright (c) 2014, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Google Inc. nor the names of its contributors may be
+// used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/X5cAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/X5cAttestationStatementVerifier.java
index 9ffc61648..44d88748f 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/X5cAttestationStatementVerifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/X5cAttestationStatementVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.fasterxml.jackson.databind.JsonNode;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Attestation.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Attestation.java
index 961fe35a5..366c5f5b5 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Attestation.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Attestation.java
@@ -1,4 +1,26 @@
-/* Copyright 2015 Yubico */
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.attestation;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataObject.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataObject.java
index 39a372dab..a1d12af1a 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataObject.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataObject.java
@@ -1,20 +1,52 @@
-/* Copyright 2015 Yubico */
+// Copyright (c) 2015-2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.yubico.webauthn.attestation;
import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.MoreObjects;
import com.google.common.collect.ImmutableList;
+import com.google.common.io.Closeables;
+import com.yubico.internal.util.CertificateParser;
+import com.yubico.internal.util.ExceptionUtil;
import com.yubico.internal.util.WebAuthnCodecs;
import java.io.IOException;
+import java.io.InputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import lombok.EqualsAndHashCode;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
@JsonIgnoreProperties(ignoreUnknown = true)
@EqualsAndHashCode(of = { "data" }, callSuper = false)
public class MetadataObject {
@@ -50,6 +82,17 @@ public MetadataObject(JsonNode data) {
version = data.get("version").asLong();
}
+ public static MetadataObject readDefault() {
+ InputStream is = MetadataObject.class.getResourceAsStream("/metadata.json");
+ try {
+ return WebAuthnCodecs.json().readValue(is, MetadataObject.class);
+ } catch (IOException e) {
+ throw ExceptionUtil.wrapAndLog(log, "Failed to read default metadata", e);
+ } finally {
+ Closeables.closeQuietly(is);
+ }
+ }
+
public String getIdentifier() {
return identifier;
}
@@ -66,6 +109,16 @@ public List getTrustedCertificates() {
return trustedCertificates;
}
+ @JsonIgnore
+ public List getParsedTrustedCertificates() throws CertificateException {
+ List list = new ArrayList<>();
+ for (String trustedCertificate : trustedCertificates) {
+ X509Certificate x509Certificate = CertificateParser.parsePem(trustedCertificate);
+ list.add(x509Certificate);
+ }
+ return list;
+ }
+
public List getDevices() {
return MoreObjects.firstNonNull(devices, ImmutableList.of());
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataService.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataService.java
index 4c087ea97..ca3cd201d 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataService.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/MetadataService.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation;
import java.security.cert.CertificateEncodingException;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Transport.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Transport.java
index cd0fd78e5..51458ac8d 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Transport.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/attestation/Transport.java
@@ -1,12 +1,33 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Set;
-/**
- * Created by Dain on 2016-02-18.
- */
public enum Transport {
BT_CLASSIC(1),
BLE(2),
@@ -41,4 +62,5 @@ public static int toInt(Iterable transports) {
public static int toInt(Transport...transports) {
return toInt(Arrays.asList(transports));
}
+
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java
index 222458c8c..fa663dc29 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionExtensionInputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionRequest.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionRequest.java
index e10b81edc..b5b40fbc5 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionRequest.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionRequest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionResult.java
index 781cd5dcb..826270299 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionResult.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AssertionResult.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
index aba49df51..1d36008ae 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationConveyancePreference.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationData.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationData.java
index 2a8576b59..ea3e2fc3e 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationData.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationData.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationObject.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationObject.java
index f45ca5d28..8a45ca7dc 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationObject.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationObject.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
index 7cc6bfd27..d8fa561b7 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AttestationType.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticationDataFlags.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticationDataFlags.java
index 747247626..9b1480a42 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticationDataFlags.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticationDataFlags.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAssertionResponse.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAssertionResponse.java
index 9b8c1591a..a6d42aba6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAssertionResponse.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAssertionResponse.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
index 361ceb288..e0e292fcf 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttachment.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttestationResponse.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttestationResponse.java
index fced7ff10..c94d7c740 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttestationResponse.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorAttestationResponse.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorData.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorData.java
index 53df80f4a..5cc5aedf0 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorData.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorData.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
@@ -47,18 +71,24 @@ public class AuthenticatorData {
@NonNull
private final transient Optional extensions;
- private static final int RpIdHashLength = 32;
- private static final int FlagsLength = 1;
- private static final int CounterLength = 4;
- private static final int FixedLengthPartEndIndex = RpIdHashLength + FlagsLength + CounterLength;
+ private static final int RP_ID_HASH_INDEX = 0;
+ private static final int RP_ID_HASH_END = RP_ID_HASH_INDEX + 32;
+
+ private static final int FLAGS_INDEX = RP_ID_HASH_END;
+ private static final int FLAGS_END = FLAGS_INDEX + 1;
+
+ private static final int COUNTER_INDEX = FLAGS_END;
+ private static final int COUNTER_END = COUNTER_INDEX + 4;
+
+ private static final int FIXED_LENGTH_PART_END_INDEX = COUNTER_END;
@JsonCreator
public AuthenticatorData(@NonNull ByteArray bytes) {
ExceptionUtil.assure(
- bytes.size() >= FixedLengthPartEndIndex,
+ bytes.size() >= FIXED_LENGTH_PART_END_INDEX,
"%s byte array must be at least %d bytes, was %d: %s",
AuthenticatorData.class.getSimpleName(),
- FixedLengthPartEndIndex,
+ FIXED_LENGTH_PART_END_INDEX,
bytes.size(),
bytes.getBase64Url()
);
@@ -67,18 +97,18 @@ public AuthenticatorData(@NonNull ByteArray bytes) {
final byte[] rawBytes = bytes.getBytes();
- this.flags = new AuthenticationDataFlags(rawBytes[32]);
+ this.flags = new AuthenticationDataFlags(rawBytes[FLAGS_INDEX]);
if (flags.AT) {
VariableLengthParseResult parseResult = parseAttestationData(
flags,
- Arrays.copyOfRange(rawBytes, FixedLengthPartEndIndex, rawBytes.length)
+ Arrays.copyOfRange(rawBytes, FIXED_LENGTH_PART_END_INDEX, rawBytes.length)
);
attestationData = parseResult.getAttestationData();
extensions = parseResult.getExtensions();
} else if (flags.ED) {
attestationData = Optional.empty();
- extensions = Optional.of(parseExtensions(Arrays.copyOfRange(rawBytes, FixedLengthPartEndIndex, rawBytes.length)));
+ extensions = Optional.of(parseExtensions(Arrays.copyOfRange(rawBytes, FIXED_LENGTH_PART_END_INDEX, rawBytes.length)));
} else {
attestationData = Optional.empty();
extensions = Optional.empty();
@@ -90,20 +120,32 @@ public AuthenticatorData(@NonNull ByteArray bytes) {
*/
@JsonProperty("rpIdHash")
public ByteArray getRpIdHash() {
- return new ByteArray(Arrays.copyOfRange(bytes.getBytes(), 0, RpIdHashLength));
+ return new ByteArray(Arrays.copyOfRange(bytes.getBytes(), RP_ID_HASH_INDEX, RP_ID_HASH_END));
}
/**
* The 32-bit unsigned signature counter.
*/
public long getSignatureCounter() {
- final int start = RpIdHashLength + FlagsLength;
- final int end = start + CounterLength;
- return BinaryUtil.getUint32(Arrays.copyOfRange(bytes.getBytes(), start, end));
+ return BinaryUtil.getUint32(Arrays.copyOfRange(bytes.getBytes(), COUNTER_INDEX, COUNTER_END));
}
private static VariableLengthParseResult parseAttestationData(AuthenticationDataFlags flags, byte[] bytes) {
- byte[] credentialIdLengthBytes = Arrays.copyOfRange(bytes, 16, 16 + 2);
+ final int AAGUID_INDEX = 0;
+ final int AAGUID_END = AAGUID_INDEX + 16;
+
+ final int CREDENTIAL_ID_LENGTH_INDEX = AAGUID_END;
+ final int CREDENTIAL_ID_LENGTH_END = CREDENTIAL_ID_LENGTH_INDEX + 2;
+
+ ExceptionUtil.assure(
+ bytes.length >= CREDENTIAL_ID_LENGTH_END,
+ "Attestation data must contain at least %d bytes, was %d: %s",
+ CREDENTIAL_ID_LENGTH_END,
+ bytes.length,
+ new ByteArray(bytes).getHex()
+ );
+
+ byte[] credentialIdLengthBytes = Arrays.copyOfRange(bytes, CREDENTIAL_ID_LENGTH_INDEX, CREDENTIAL_ID_LENGTH_END);
final int L;
try {
@@ -112,8 +154,22 @@ private static VariableLengthParseResult parseAttestationData(AuthenticationData
throw new IllegalArgumentException("Invalid credential ID length bytes: " + Arrays.asList(credentialIdLengthBytes), e);
}
+ final int CREDENTIAL_ID_INDEX = CREDENTIAL_ID_LENGTH_END;
+ final int CREDENTIAL_ID_END = CREDENTIAL_ID_INDEX + L;
+
+ final int CREDENTIAL_PUBLIC_KEY_INDEX = CREDENTIAL_ID_END;
+ final int CREDENTIAL_PUBLIC_KEY_AND_EXTENSION_DATA_END = bytes.length;
+
+ ExceptionUtil.assure(
+ bytes.length >= CREDENTIAL_ID_END,
+ "Expected credential ID of length %d, but attestation data and extension data is only %d bytes: %s",
+ CREDENTIAL_ID_END,
+ bytes.length,
+ new ByteArray(bytes).getHex()
+ );
+
ByteArrayInputStream indefiniteLengthBytes = new ByteArrayInputStream(
- Arrays.copyOfRange(bytes, 16 + 2 + L, bytes.length)
+ Arrays.copyOfRange(bytes, CREDENTIAL_PUBLIC_KEY_INDEX, CREDENTIAL_PUBLIC_KEY_AND_EXTENSION_DATA_END)
);
final CBORObject credentialPublicKey = CBORObject.Read(indefiniteLengthBytes);
@@ -140,8 +196,8 @@ private static VariableLengthParseResult parseAttestationData(AuthenticationData
return new VariableLengthParseResult(
Optional.of(AttestationData.builder()
- .aaguid(new ByteArray(Arrays.copyOfRange(bytes, 0, 16)))
- .credentialId(new ByteArray(Arrays.copyOfRange(bytes, 16 + 2, 16 + 2 + L)))
+ .aaguid(new ByteArray(Arrays.copyOfRange(bytes, AAGUID_INDEX, AAGUID_END)))
+ .credentialId(new ByteArray(Arrays.copyOfRange(bytes, CREDENTIAL_ID_INDEX, CREDENTIAL_ID_END)))
.credentialPublicKey(new ByteArray(credentialPublicKey.EncodeToBytes()))
.build()),
extensions
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorResponse.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorResponse.java
index cbdbb5851..c5089b7bc 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorResponse.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorResponse.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonIgnore;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorSelectionCriteria.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorSelectionCriteria.java
index e71a9cd11..b4041551b 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorSelectionCriteria.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorSelectionCriteria.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
index ef523778b..5586d5cfc 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorTransport.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
index 0627d5c7d..cbab7050c 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ByteArray.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
index 6e4ccac18..00d4c64b4 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/COSEAlgorithmIdentifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java
index a20342938..1e8637381 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientAssertionExtensionOutputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientExtensionOutputs.java
index f0b8c9aa9..d8e8ba7ec 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientExtensionOutputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientExtensionOutputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonIgnore;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java
index 4fed63a3a..aae2cc03d 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ClientRegistrationExtensionOutputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import java.util.Collections;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/CollectedClientData.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/CollectedClientData.java
index fcb90adde..2a77f3523 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/CollectedClientData.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/CollectedClientData.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Credential.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Credential.java
index c07b261ce..4213688a4 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Credential.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/Credential.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
public interface Credential {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionInputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionInputs.java
index 46d287a3f..f629d4383 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionInputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/ExtensionInputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonIgnore;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java
index e27ce2d34..76b140eb1 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredential.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java
index b0eb2928e..6b85be2c8 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialCreationOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialDescriptor.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialDescriptor.java
index a6bd9bdc7..7adccacf2 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialDescriptor.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialDescriptor.java
@@ -1,11 +1,35 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonProperty;
+import com.yubico.internal.util.EnumUtil;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
-import java.util.SortedSet;
import java.util.TreeSet;
import lombok.Builder;
import lombok.NonNull;
@@ -67,6 +91,18 @@ public int compareTo(PublicKeyCredentialDescriptor other) {
return type.compareTo(other.type);
}
- return hashCode() - other.hashCode();
+ if (!transports.isPresent() && other.transports.isPresent()) {
+ return -1;
+ } else if (transports.isPresent() && !other.transports.isPresent()) {
+ return 1;
+ } else if (transports.isPresent() && other.transports.isPresent()){
+ int transportsComparison = EnumUtil.compareSets(transports.get(), other.transports.get(), AuthenticatorTransport.class);
+ if (transportsComparison != 0) {
+ return transportsComparison;
+ }
+ }
+
+ return 0;
}
+
}
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialEntity.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialEntity.java
index 42274b4e3..c29704f2f 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialEntity.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialEntity.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import java.net.URL;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java
index 165c8ad6e..dcc2d5575 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialParameters.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonProperty;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialRequestOptions.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialRequestOptions.java
index cab3b2895..9a2eba7e0 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialRequestOptions.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialRequestOptions.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
index ae91c719d..2eb3c7567 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/PublicKeyCredentialType.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java
index dd2d6fb96..c03b56388 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationExtensionInputs.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import java.util.Collections;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationResult.java
index 08013225c..9923c5c33 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationResult.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RegistrationResult.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RelyingPartyIdentity.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RelyingPartyIdentity.java
index 1ae41f672..c038d54bb 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RelyingPartyIdentity.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/RelyingPartyIdentity.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingInfo.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingInfo.java
index a6c741a63..5e1e2777c 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingInfo.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingInfo.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
index 6716c0dfc..f544d0a3f 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/TokenBindingStatus.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserIdentity.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserIdentity.java
index f8d16f458..a4a5fac41 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserIdentity.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserIdentity.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
index a63c84103..b3ff08fa6 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/UserVerificationRequirement.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/Base64UrlException.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/Base64UrlException.java
index 534031c4c..999ea87aa 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/Base64UrlException.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/Base64UrlException.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data.exception;
public class Base64UrlException extends Exception {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/HexException.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/HexException.java
index 1644af3c9..181e89981 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/HexException.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/data/exception/HexException.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data.exception;
public class HexException extends Exception {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/AssertionFailedException.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/AssertionFailedException.java
index e8d344598..d8fb0c457 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/AssertionFailedException.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/AssertionFailedException.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.exception;
public class AssertionFailedException extends Exception {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/RegistrationFailedException.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/RegistrationFailedException.java
index c193a2c24..1e92c42fb 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/RegistrationFailedException.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/exception/RegistrationFailedException.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.exception;
public class RegistrationFailedException extends Exception {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/AppId.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/AppId.java
index 27436e63d..d34ba979d 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/AppId.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/AppId.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.extension.appid;
import com.fasterxml.jackson.annotation.JsonCreator;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/InvalidAppIdException.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/InvalidAppIdException.java
index f357fb949..97c4c74ac 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/InvalidAppIdException.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/extension/appid/InvalidAppIdException.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.extension.appid;
public class InvalidAppIdException extends Exception {
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
index e6ff2a3b7..9e6f45321 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/DocumentStatus.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.meta;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Implementation.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Implementation.java
index 19fc612e5..05164e717 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Implementation.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Implementation.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.meta;
import java.net.URL;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Specification.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Specification.java
index f2dae4cbf..2491bf26f 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Specification.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/Specification.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.meta;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/VersionInfo.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/VersionInfo.java
index e0caea0c9..985e7df10 100644
--- a/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/VersionInfo.java
+++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/meta/VersionInfo.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.meta;
import com.yubico.internal.util.ExceptionUtil;
diff --git a/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/MetadataObjectTest.java b/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/MetadataObjectTest.java
index b75a850d8..b761bfe94 100644
--- a/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/MetadataObjectTest.java
+++ b/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/MetadataObjectTest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation;
import com.fasterxml.jackson.databind.ObjectMapper;
diff --git a/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/TransportTest.java b/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/TransportTest.java
index ce3eb2762..0ca10e1ba 100644
--- a/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/TransportTest.java
+++ b/webauthn-server-core/src/test/java/com/yubico/webauthn/attestation/TransportTest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation;
import java.util.EnumSet;
@@ -5,9 +29,6 @@
import static org.junit.Assert.assertEquals;
-/**
- * Created by Dain on 2016-02-18.
- */
public class TransportTest {
@Test
diff --git a/webauthn-server-core/src/test/java/com/yubico/webauthn/data/ByteArrayTest.java b/webauthn-server-core/src/test/java/com/yubico/webauthn/data/ByteArrayTest.java
index ad661a89f..dfae1324a 100644
--- a/webauthn-server-core/src/test/java/com/yubico/webauthn/data/ByteArrayTest.java
+++ b/webauthn-server-core/src/test/java/com/yubico/webauthn/data/ByteArrayTest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data;
import com.yubico.webauthn.data.exception.Base64UrlException;
diff --git a/webauthn-server-core/src/test/java/com/yubico/webauthn/extension/appid/AppIdTest.java b/webauthn-server-core/src/test/java/com/yubico/webauthn/extension/appid/AppIdTest.java
index 92da28964..06ce522c8 100644
--- a/webauthn-server-core/src/test/java/com/yubico/webauthn/extension/appid/AppIdTest.java
+++ b/webauthn-server-core/src/test/java/com/yubico/webauthn/extension/appid/AppIdTest.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.extension.appid;
import org.junit.Test;
diff --git a/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JacksonGenerators.scala b/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JacksonGenerators.scala
index 209bf704c..ee300e009 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JacksonGenerators.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JacksonGenerators.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.scalacheck.gen
import com.fasterxml.jackson.databind.JsonNode
diff --git a/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JavaGenerators.scala b/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JavaGenerators.scala
index 0658ecf64..05a40929b 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JavaGenerators.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/scalacheck/gen/JavaGenerators.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.scalacheck.gen
import java.net.URL
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/AppIdExtensionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/AppIdExtensionSpec.scala
deleted file mode 100644
index 682838b99..000000000
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/AppIdExtensionSpec.scala
+++ /dev/null
@@ -1,31 +0,0 @@
-package com.yubico.webauthn
-
-import com.yubico.webauthn.data.RegistrationExtensionInputs
-import org.scalatest.Matchers
-import org.scalatest.FunSpec
-
-
-class AppIdExtensionSpec extends FunSpec with Matchers {
-
- describe("19. If the attestation statement attStmt successfully verified but is not trustworthy per step 16 above, the Relying Party SHOULD fail the registration ceremony.") {
- it("The test case with self attestation succeeds, but reports attestation is not trusted.") {
-
- val extensions = RegistrationExtensionInputs.builder()
-
-
- // val testData = RegistrationTestData.FidoU2f.SelfAttestation
- // val steps = finishRegistration(
- // testData = testData,
- // allowUntrustedAttestation = true,
- // credentialRepository = Some(emptyCredentialRepository)
- // )
- // steps.run.getKeyId.getId should be (testData.response.getId)
- // steps.run.isAttestationTrusted should be (false)
- }
-
- describe("NOTE: However, if permitted by policy, the Relying Party MAY register the credential ID and credential public key but treat the credential as one with self attestation (see §6.3.3 Attestation Types). If doing so, the Relying Party is asserting there is no cryptographic proof that the public key credential has been generated by a particular authenticator model. See [FIDOSecRef] and [UAFProtocol] for a more detailed discussion.") {
- it("Nothing to test.") {}
- }
- }
-
-}
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/PackedAttestationStatementVerifierSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/PackedAttestationStatementVerifierSpec.scala
index 593c91b21..68a1810a7 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/PackedAttestationStatementVerifierSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/PackedAttestationStatementVerifierSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import com.yubico.webauthn.data.ByteArray
@@ -16,16 +40,54 @@ class PackedAttestationStatementVerifierSpec extends FunSpec with Matchers {
val verifier = new PackedAttestationStatementVerifier
- describe("The X.509 certificate requirements") {
+ describe("PackedAttestationStatementVerifier") {
+
+ describe("verify the X.509 certificate requirements") {
+
+ it("which pass Klas's attestation certificate.") {
+
+ val cert = Util.importCertFromPem(getClass.getResourceAsStream("klas-cert.pem"))
+
+ val result = Try(verifier.verifyX5cRequirements(cert, ByteArray.fromHex("F8A011F38C0A4D15800617111F9EDC7D")))
+
+ result shouldBe a [Success[_]]
+ result.get should be (true)
+ }
+
+ }
+
+ describe("supports attestation certificates with the algorithm") {
+ it ("ECDSA.") {
+ val (cert, key) = TestAuthenticator.generateAttestationCertificate()
+ val (credential, _) = TestAuthenticator.createBasicAttestedCredential(
+ attestationCertAndKey = Some((cert, key)),
+ attestationStatementFormat = "packed"
+ )
+
+ val result = verifier.verifyAttestationSignature(
+ credential.getResponse.getAttestation,
+ new BouncyCastleCrypto().hash(credential.getResponse.getClientDataJSON)
+ )
- it("pass Klas's attestation certificate.") {
+ key.getAlgorithm should be ("ECDSA")
+ result should be (true)
+ }
- val cert = Util.importCertFromPem(getClass.getResourceAsStream("klas-cert.pem"))
+ it ("RSA.") {
+ val (cert, key) = TestAuthenticator.generateRsaCertificate()
+ val (credential, _) = TestAuthenticator.createBasicAttestedCredential(
+ attestationCertAndKey = Some((cert, key)),
+ attestationStatementFormat = "packed"
+ )
- val result = Try(verifier.verifyX5cRequirements(cert, ByteArray.fromHex("F8A011F38C0A4D15800617111F9EDC7D")))
+ val result = verifier.verifyAttestationSignature(
+ credential.getResponse.getAttestation,
+ new BouncyCastleCrypto().hash(credential.getResponse.getClientDataJSON)
+ )
- result shouldBe a [Success[_]]
- result.get should be (true)
+ key.getAlgorithm should be ("RSA")
+ result should be (true)
+ }
}
}
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala
index 9d70b2bb9..2ab51c293 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RegistrationTestData.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.security.cert.X509Certificate
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
index 76f0b183c..0964674d3 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.io.IOException
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
index 44c10fe50..b878d14be 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.io.IOException
@@ -28,6 +52,7 @@ import com.yubico.webauthn.data.RegistrationExtensionInputs
import com.yubico.webauthn.data.Generators._
import com.yubico.webauthn.test.Util.toStepWithUtilities
import javax.security.auth.x500.X500Principal
+import org.bouncycastle.asn1.DEROctetString
import org.bouncycastle.asn1.x500.X500Name
import org.junit.runner.RunWith
import org.mockito.Mockito
@@ -1150,8 +1175,8 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
verifier.verifyX5cRequirements(testDataBase.packedAttestationCert, testDataBase.aaguid) should equal(true)
}
- it("Subject-CN: No stipulation.") {
- // Nothing to test
+ describe("Subject-CN: No stipulation.") {
+ it("Nothing to test") {}
}
}
@@ -1160,7 +1185,7 @@ class RelyingPartyRegistrationSpec extends FunSpec with Matchers with GeneratorD
val badCert: X509Certificate = TestAuthenticator.generateAttestationCertificate(
name = new X500Name("O=Yubico, C=SE, OU=Authenticator Attestation"),
- extensions = List((idFidoGenCeAaguid, false, new ByteArray(Array(0, 1, 2, 3))))
+ extensions = List((idFidoGenCeAaguid, false, new DEROctetString(Array[Byte](0, 1, 2, 3))))
)._1
val result = Try(verifier.verifyX5cRequirements(badCert, testDataBase.aaguid))
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
index 614d22bbf..f4ff7d71c 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyStartOperationSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.util.Optional
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyUserIdentificationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyUserIdentificationSpec.scala
index 3beef940a..106394d5f 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyUserIdentificationSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyUserIdentificationSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.security.KeyPair
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala
index 2056892bc..4d9572b54 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.io.InputStream
@@ -44,6 +68,7 @@ import com.yubico.webauthn.data.ClientAssertionExtensionOutputs
import com.yubico.webauthn.test.Util
import org.bouncycastle.asn1.ASN1ObjectIdentifier
import org.bouncycastle.asn1.DEROctetString
+import org.bouncycastle.asn1.ASN1Primitive
import org.bouncycastle.asn1.x500.X500Name
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo
import org.bouncycastle.asn1.x509.BasicConstraints
@@ -514,15 +539,18 @@ object TestAuthenticator {
def generateAttestationCaCertificate(
keypair: KeyPair = generateEcKeypair(),
- name: X500Name = new X500Name("CN=Yubico WebAuthn unit tests CA, O=Yubico, OU=Authenticator Attestation, C=SE")
+ name: X500Name = new X500Name("CN=Yubico WebAuthn unit tests CA, O=Yubico, OU=Authenticator Attestation, C=SE"),
+ superCa: Option[(X509Certificate, PrivateKey)] = None,
+ extensions: Iterable[(String, Boolean, ASN1Primitive)] = Nil
): (X509Certificate, PrivateKey) = {
(
buildCertificate(
publicKey = keypair.getPublic,
- issuerName = name,
+ issuerName = superCa map (_._1) map JcaX500NameUtil.getSubject getOrElse name,
subjectName = name,
- signingKey = keypair.getPrivate,
- isCa = true
+ signingKey = superCa map (_._2) getOrElse keypair.getPrivate,
+ isCa = true,
+ extensions = extensions
),
keypair.getPrivate
)
@@ -531,7 +559,7 @@ object TestAuthenticator {
def generateAttestationCertificate(
keypair: KeyPair = generateEcKeypair(),
name: X500Name = new X500Name("CN=Yubico WebAuthn unit tests, O=Yubico, OU=Authenticator Attestation, C=SE"),
- extensions: Iterable[(String, Boolean, ByteArray)] = List(("1.3.6.1.4.1.45724.1.1.4", false, Defaults.aaguid)),
+ extensions: Iterable[(String, Boolean, ASN1Primitive)] = List(("1.3.6.1.4.1.45724.1.1.4", false, new DEROctetString(Defaults.aaguid.getBytes))),
caCertAndKey: Option[(X509Certificate, PrivateKey)] = None
): (X509Certificate, PrivateKey) = {
(
@@ -553,7 +581,7 @@ object TestAuthenticator {
subjectName: X500Name,
signingKey: PrivateKey,
isCa: Boolean = false,
- extensions: Iterable[(String, Boolean, ByteArray)] = Nil
+ extensions: Iterable[(String, Boolean, ASN1Primitive)] = Nil
): X509Certificate = {
CertificateParser.parseDer({
val builder = new X509v3CertificateBuilder(
@@ -566,7 +594,7 @@ object TestAuthenticator {
)
for { (oid, critical, value) <- extensions } {
- builder.addExtension(new ASN1ObjectIdentifier(oid), critical, new DEROctetString(value.getBytes))
+ builder.addExtension(new ASN1ObjectIdentifier(oid), critical, value)
}
if (isCa) {
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnCodecsSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnCodecsSpec.scala
index 7b45c4d8c..93f7dc0f5 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnCodecsSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/WebAuthnCodecsSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn
import java.security.interfaces.ECPublicKey
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/attestation/Generators.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/attestation/Generators.scala
index b9c1d318c..e9a572c40 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/attestation/Generators.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/attestation/Generators.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.attestation
import java.util.Optional
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticationDataFlagsSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticationDataFlagsSpec.scala
index 7474bce1e..6508238ae 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticationDataFlagsSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticationDataFlagsSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import com.yubico.internal.util.BinaryUtil
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorAttestationResponseSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorAttestationResponseSpec.scala
index 171754c40..008bd54c1 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorAttestationResponseSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorAttestationResponseSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import org.junit.runner.RunWith
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorDataSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorDataSpec.scala
index e8ee29b6d..8e9a76400 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorDataSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/AuthenticatorDataSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import com.upokecenter.cbor.CBORObject
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/CollectedClientDataSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/CollectedClientDataSpec.scala
index 24eb0e86e..8f827b658 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/CollectedClientDataSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/CollectedClientDataSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import com.fasterxml.jackson.databind.JsonNode
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala
index 162512e99..1d6ac9ac3 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/Generators.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import java.net.URL
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala
index eab47aa2d..f229b3389 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/JsonIoSpec.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.data
import com.fasterxml.jackson.annotation.JsonInclude.Include
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala
new file mode 100644
index 000000000..3902246a9
--- /dev/null
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/data/PublicKeyCredentialDescriptorSpec.scala
@@ -0,0 +1,73 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.data
+
+import org.scalatest.Matchers
+import org.scalatest.FunSpec
+import org.scalatest.prop.GeneratorDrivenPropertyChecks
+import Generators._
+
+
+class PublicKeyCredentialDescriptorSpec extends FunSpec with Matchers with GeneratorDrivenPropertyChecks {
+
+ describe("PublicKeyCredentialDescriptor") {
+
+ describe("has a compareTo method") {
+
+ describe("which is consistent with") {
+
+ implicit val generatorDrivenConfig = PropertyCheckConfig(minSuccessful = 300)
+
+ it("equals.") {
+ forAll { (a: PublicKeyCredentialDescriptor, b: PublicKeyCredentialDescriptor) =>
+ val comparison = a.compareTo(b)
+
+ if (a == b) {
+ comparison should equal (0)
+ } else {
+ comparison should not equal 0
+ }
+ }
+ }
+
+ it("hashCode.") {
+ forAll { (a: PublicKeyCredentialDescriptor, b: PublicKeyCredentialDescriptor) =>
+ if (a.compareTo(b) == 0) {
+ a.hashCode() should equal (b.hashCode())
+ }
+
+ if (a.hashCode() != b.hashCode()) {
+ a.compareTo(b) should not be 0
+ }
+ }
+ }
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/extension/appid/Generators.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/extension/appid/Generators.scala
index 02dd3f896..dcab17666 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/extension/appid/Generators.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/extension/appid/Generators.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.extension.appid
import com.yubico.scalacheck.gen.JavaGenerators._
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Test.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Test.scala
index e9dccea8f..d44d97780 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Test.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Test.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.test
import java.util.Base64
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
index a96113876..94bdd78ba 100644
--- a/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
+++ b/webauthn-server-core/src/test/scala/com/yubico/webauthn/test/Util.scala
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn.test
import java.io.InputStream
diff --git a/webauthn-server-demo/src/main/java/com/yubico/util/Either.java b/webauthn-server-demo/src/main/java/com/yubico/util/Either.java
index 8201c3694..3dc7ed459 100644
--- a/webauthn-server-demo/src/main/java/com/yubico/util/Either.java
+++ b/webauthn-server-demo/src/main/java/com/yubico/util/Either.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.util;
diff --git a/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java b/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java
index 2b7220f35..199a36002 100644
--- a/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java
+++ b/webauthn-server-demo/src/main/java/com/yubico/webauthn/U2fVerifier.java
@@ -1,3 +1,27 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package com.yubico.webauthn;
import com.fasterxml.jackson.databind.JsonNode;
diff --git a/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolverWithEquality.java b/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolverWithEquality.java
deleted file mode 100644
index 46adc3f8c..000000000
--- a/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleResolverWithEquality.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package com.yubico.webauthn.attestation.resolver;
-
-import com.yubico.webauthn.attestation.MetadataObject;
-import java.security.cert.X509Certificate;
-import java.util.Optional;
-
-/**
- * Resolves a metadata object whose associated certificate has signed the
- * argument certificate, or is equal to the argument certificate.
- */
-public class SimpleResolverWithEquality extends SimpleResolver {
-
- @Override
- public Optional resolve(X509Certificate attestationCertificate) {
- Optional parentResult = super.resolve(attestationCertificate);
-
- if (parentResult.isPresent()) {
- return parentResult;
- } else {
- for (X509Certificate cert : certs.get(attestationCertificate.getSubjectDN().getName())) {
- if (cert.equals(attestationCertificate)) {
- return Optional.of(metadata.get(cert));
- }
- }
-
- return Optional.empty();
- }
- }
-
-}
diff --git a/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverWithEquality.java b/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverWithEquality.java
new file mode 100644
index 000000000..8bb5d8d12
--- /dev/null
+++ b/webauthn-server-demo/src/main/java/com/yubico/webauthn/attestation/resolver/SimpleTrustResolverWithEquality.java
@@ -0,0 +1,69 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package com.yubico.webauthn.attestation.resolver;
+
+import com.google.common.collect.ArrayListMultimap;
+import com.google.common.collect.Multimap;
+import com.yubico.webauthn.attestation.TrustResolver;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * Resolves a metadata object whose associated certificate has signed the
+ * argument certificate, or is equal to the argument certificate.
+ */
+public class SimpleTrustResolverWithEquality implements TrustResolver {
+
+ private final SimpleTrustResolver subresolver;
+ private final Multimap trustedCerts = ArrayListMultimap.create();
+
+ public SimpleTrustResolverWithEquality(Collection trustedCertificates) {
+ subresolver = new SimpleTrustResolver(trustedCertificates);
+
+ for (X509Certificate cert : trustedCertificates) {
+ trustedCerts.put(cert.getSubjectDN().getName(), cert);
+ }
+ }
+
+ @Override
+ public Optional resolveTrustAnchor(X509Certificate attestationCertificate, List caCertificateChain) {
+ Optional subResult = subresolver.resolveTrustAnchor(attestationCertificate, caCertificateChain);
+
+ if (subResult.isPresent()) {
+ return subResult;
+ } else {
+ for (X509Certificate cert : trustedCerts.get(attestationCertificate.getSubjectDN().getName())) {
+ if (cert.equals(attestationCertificate)) {
+ return Optional.of(cert);
+ }
+ }
+
+ return Optional.empty();
+ }
+ }
+
+}
diff --git a/webauthn-server-demo/src/main/java/demo/App.java b/webauthn-server-demo/src/main/java/demo/App.java
index f8361d956..8b3f4a8ae 100644
--- a/webauthn-server-demo/src/main/java/demo/App.java
+++ b/webauthn-server-demo/src/main/java/demo/App.java
@@ -1,9 +1,34 @@
+// Copyright (c) 2018, Yubico AB
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice, this
+// list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
package demo;
import javax.ws.rs.core.Application;
import com.yubico.webauthn.extension.appid.InvalidAppIdException;
import demo.webauthn.WebAuthnRestResource;
+import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
@@ -23,7 +48,7 @@ public Set