Add function CredentialRecord.cosePublicKeyFromEs256Raw(ByteArray)

emlun · emlun · commit 57c977013fcf · 2023-11-08T17:11:23.000+01:00
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRecord.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/CredentialRecord.java
@@ -197,4 +197,29 @@ default PublicKeyCredentialDescriptor toPublicKeyCredentialDescriptor() {
         .transports(getTransports())
         .build();
   }
+
+  /**
+   * Convert a credential public key from U2F format to COSE_Key format.
+   *
+   * <p>The U2F JavaScript API encoded credential public keys in <code>ALG_KEY_ECC_X962_RAW</code>
+   * format as specified in <a
+   * href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#public-key-representation-formats">FIDO
+   * Registry §3.6.2 Public Key Representation Formats</a>. If your database has credential public
+   * keys stored in this format, those public keys need to be converted to COSE_Key format before
+   * they can be used by a {@link CredentialRecord} instance. This function performs the conversion.
+   *
+   * <p>If your application has only used the <code>navigator.credentials.create()</code> API to
+   * register credentials, you likely do not need this function.
+   *
+   * @param es256RawKey a credential public key in <code>ALG_KEY_ECC_X962_RAW</code> format as
+   *     specified in <a
+   *     href="https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-registry-v2.0-id-20180227.html#public-key-representation-formats">FIDO
+   *     Registry §3.6.2 Public Key Representation Formats</a>.
+   * @return a credential public key in COSE_Key format, suitable to be returned by {@link
+   *     CredentialRecord#getPublicKeyCose()}.
+   * @see RegisteredCredential.RegisteredCredentialBuilder#publicKeyEs256Raw(ByteArray)
+   */
+  static ByteArray cosePublicKeyFromEs256Raw(final ByteArray es256RawKey) {
+    return WebAuthnCodecs.rawEcKeyToCose(es256RawKey);
+  }
 }
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala
@@ -2525,7 +2525,8 @@ class RelyingPartyV2AssertionSpec
             Helpers.CredentialRepositoryV2.withUser(
               testData.userId,
               credentialId = testData.assertion.get.response.getId,
-              publicKeyCose = WebAuthnCodecs.rawEcKeyToCose(u2fPubkey),
+              publicKeyCose =
+                CredentialRecord.cosePublicKeyFromEs256Raw(u2fPubkey),
             )
           )
           .usernameRepository(

Original file line number	Diff line number	Diff line change
`@@ -2525,7 +2525,8 @@ class RelyingPartyV2AssertionSpec`
`2525`	`2525`	`Helpers.CredentialRepositoryV2.withUser(`
`2526`	`2526`	`testData.userId,`
`2527`	`2527`	`credentialId = testData.assertion.get.response.getId,`
`2528`		`- publicKeyCose = WebAuthnCodecs.rawEcKeyToCose(u2fPubkey),`
	`2528`	`+ publicKeyCose =`
	`2529`	`+ CredentialRecord.cosePublicKeyFromEs256Raw(u2fPubkey),`
`2529`	`2530`	`)`
`2530`	`2531`	`)`
`2531`	`2532`	`.usernameRepository(`