Translate ECDSA keys to X.509 instead of using COSE-Java

At this point this is the only thing we really use the COSE-Java library for. At
the cost of this small bit of extra code we can eliminate the dependency, one
benefit of which is that downstream security review gets easier.

Author: emlun

webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java

@@ -25,7 +25,6 @@
 package com.yubico.webauthn;
 
 import COSE.CoseException;
-import COSE.OneKey;
 import com.google.common.primitives.Bytes;
 import com.upokecenter.cbor.CBORObject;
 import com.yubico.webauthn.data.ByteArray;
@@ -46,6 +45,19 @@
 
 final class WebAuthnCodecs {
 
+  private static final ByteArray EC_PUBLIC_KEY_OID =
+      new ByteArray(
+          new byte[] {
+            0x2A, -122, 0x48, -50, 0x3D, 0x02, 0x01
+          }); // OID 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
+  private static final ByteArray P256_CURVE_OID =
+      new ByteArray(
+          new byte[] {0x2A, -122, 0x48, -50, 0x3D, 0x03, 0x01, 7}); // OID 1.2.840.10045.3.1.7
+  private static final ByteArray P384_CURVE_OID =
+      new ByteArray(new byte[] {0x2B, -127, 0x04, 0, 34}); // OID 1.3.132.0.34
+  private static final ByteArray P512_CURVE_OID =
+      new ByteArray(new byte[] {0x2B, -127, 0x04, 0, 35}); // OID 1.3.132.0.35
+
   private static final ByteArray ED25519_CURVE_OID =
       new ByteArray(new byte[] {0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70});
 
@@ -130,7 +142,7 @@ static PublicKey importCosePublicKey(ByteArray key)
         // additional dependency to parse EdDSA keys via the OneKey constructor
         return importCoseEdDsaPublicKey(cose);
       case 2:
-        return importCoseP256PublicKey(cose);
+        return importCoseEcdsaPublicKey(cose);
       case 3:
         // COSE-JAVA supports RSA in v1.1.0 but not in v1.0.0
         return importCoseRsaPublicKey(cose);
@@ -148,8 +160,43 @@ private static PublicKey importCoseRsaPublicKey(CBORObject cose)
     return KeyFactory.getInstance("RSA").generatePublic(spec);
   }
 
-  private static ECPublicKey importCoseP256PublicKey(CBORObject cose) throws CoseException {
-    return (ECPublicKey) new OneKey(cose).AsPublicKey();
+  private static PublicKey importCoseEcdsaPublicKey(CBORObject cose)
+      throws NoSuchAlgorithmException, InvalidKeySpecException {
+    final int crv = cose.get(CBORObject.FromObject(-1)).AsInt32Value();
+    final ByteArray x = new ByteArray(cose.get(CBORObject.FromObject(-2)).GetByteString());
+    final ByteArray y = new ByteArray(cose.get(CBORObject.FromObject(-3)).GetByteString());
+
+    final ByteArray curveOid;
+    switch (crv) {
+      case 1:
+        curveOid = P256_CURVE_OID;
+        break;
+
+      case 2:
+        curveOid = P384_CURVE_OID;
+        break;
+
+      case 3:
+        curveOid = P512_CURVE_OID;
+        break;
+
+      default:
+        throw new IllegalArgumentException("Unknown COSE EC2 curve: " + crv);
+    }
+
+    final ByteArray algId =
+        encodeDerSequence(encodeDerObjectId(EC_PUBLIC_KEY_OID), encodeDerObjectId(curveOid));
+
+    final ByteArray rawKey =
+        encodeDerBitStringWithZeroUnused(
+            new ByteArray(new byte[] {0x04}) // Raw EC public key with x and y
+                .concat(x)
+                .concat(y));
+
+    final ByteArray x509Key = encodeDerSequence(algId, rawKey);
+
+    KeyFactory kFact = KeyFactory.getInstance("EC");
+    return kFact.generatePublic(new X509EncodedKeySpec(x509Key.getBytes()));
   }
 
   private static ByteArray encodeDerLength(final int length) {
@@ -166,6 +213,10 @@ private static ByteArray encodeDerLength(final int length) {
     }
   }
 
+  private static ByteArray encodeDerObjectId(final ByteArray oid) {
+    return new ByteArray(new byte[] {0x06, (byte) oid.size()}).concat(oid);
+  }
+
   private static ByteArray encodeDerBitStringWithZeroUnused(final ByteArray content) {
     return new ByteArray(new byte[] {0x03})
         .concat(encodeDerLength(1 + content.size()))