Merge pull request #299 from iaik-jheher/feature/expose-public-key

Expose credential public key as a PublicKey object

Author: emlun

.gitignore

@@ -11,6 +11,9 @@ out/
 *.iws
 .attach_pid*
 
+# VS Code
+.vscode/
+
 # Mac
 .DS_Store
 

NEWS

@@ -1,3 +1,11 @@
+== Version 2.6.0 (unreleased) ==
+
+* Added method `getParsedPublicKey(): java.security.PublicKey` to
+  `RegistrationResult` and `RegisteredCredential`.
+ ** Thanks to Jakob Heher (A-SIT) for the contribution, see
+    https://github.com/Yubico/java-webauthn-server/pull/299
+
+
 == Version 2.5.0 (unreleased) ==
 
 `webauthn-server-core`:

webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java

@@ -24,8 +24,10 @@
 
 package com.yubico.webauthn;
 
+import COSE.CoseException;
 import com.fasterxml.jackson.annotation.JsonAlias;
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.yubico.webauthn.data.AttestedCredentialData;
 import com.yubico.webauthn.data.AuthenticatorAssertionResponse;
@@ -34,6 +36,10 @@
 import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
 import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
 import com.yubico.webauthn.data.UserIdentity;
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
 import java.util.Optional;
 import lombok.AccessLevel;
 import lombok.Builder;
@@ -84,6 +90,19 @@ public final class RegisteredCredential {
    */
   @NonNull private final ByteArray publicKeyCose;
 
+  /**
+   * The public key of the credential, parsed as a {@link PublicKey} object.
+   *
+   * @see #getPublicKeyCose()
+   * @see RegistrationResult#getParsedPublicKey()
+   */
+  @NonNull
+  @JsonIgnore
+  public PublicKey getParsedPublicKey()
+      throws InvalidKeySpecException, NoSuchAlgorithmException, CoseException, IOException {
+    return WebAuthnCodecs.importCosePublicKey(getPublicKeyCose());
+  }
+
   /**
    * The stored <a href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#signcount">signature
    * count</a> of the credential.

webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java

@@ -24,6 +24,7 @@
 
 package com.yubico.webauthn;
 
+import COSE.CoseException;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
@@ -41,9 +42,13 @@
 import com.yubico.webauthn.data.ClientRegistrationExtensionOutputs;
 import com.yubico.webauthn.data.PublicKeyCredential;
 import com.yubico.webauthn.data.PublicKeyCredentialDescriptor;
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -285,6 +290,19 @@ public ByteArray getPublicKeyCose() {
         .getCredentialPublicKey();
   }
 
+  /**
+   * The public key of the created credential, parsed as a {@link PublicKey} object.
+   *
+   * @see #getPublicKeyCose()
+   * @see RegisteredCredential#getParsedPublicKey()
+   */
+  @NonNull
+  @JsonIgnore
+  public PublicKey getParsedPublicKey()
+      throws InvalidKeySpecException, NoSuchAlgorithmException, CoseException, IOException {
+    return WebAuthnCodecs.importCosePublicKey(getPublicKeyCose());
+  }
+
   /**
    * The <a
    * href="https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#client-extension-output">client