Accept any policy tree in FidoMetadataService

emlun · emlun · commit a61bc6cc7fa7 · 2022-09-13T19:57:12.000+02:00
diff --git a/webauthn-server-attestation/src/integrationTest/scala/com/yubico/fido/metadata/FidoMetadataServiceIntegrationTest.scala b/webauthn-server-attestation/src/integrationTest/scala/com/yubico/fido/metadata/FidoMetadataServiceIntegrationTest.scala
@@ -2,6 +2,7 @@ package com.yubico.fido.metadata
 
 import com.fasterxml.jackson.databind.JsonNode
 import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_EXTERNAL
+import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_INTERNAL
 import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_NFC
 import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_WIRED
 import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_WIRELESS
@@ -267,6 +268,14 @@ class FidoMetadataServiceIntegrationTest
             attachmentHintsUsb,
           )
         }
+
+        it("a Windows Hello attestation.") {
+          check(
+            "Windows Hello.*",
+            RealExamples.WindowsHelloTpm,
+            Set(ATTACHMENT_HINT_INTERNAL),
+          )
+        }
       }
     }
   }
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataService.java b/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/FidoMetadataService.java
@@ -616,6 +616,7 @@ public TrustRootsResult findTrustRoots(
                 .collect(Collectors.toSet()))
         .certStore(certStore)
         .enableRevocationChecking(false)
+        .policyTreeValidator(policyNode -> true)
         .build();
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package com.yubico.fido.metadata`
`2`	`2`
`3`	`3`	`import com.fasterxml.jackson.databind.JsonNode`
`4`	`4`	`import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_EXTERNAL`
	`5`	`+import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_INTERNAL`
`5`	`6`	`import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_NFC`
`6`	`7`	`import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_WIRED`
`7`	`8`	`import com.yubico.fido.metadata.AttachmentHint.ATTACHMENT_HINT_WIRELESS`
`@@ -267,6 +268,14 @@ class FidoMetadataServiceIntegrationTest`
`267`	`268`	`attachmentHintsUsb,`
`268`	`269`	`)`
`269`	`270`	`}`
	`271`	`+`
	`272`	`+ it("a Windows Hello attestation.") {`
	`273`	`+ check(`
	`274`	`+ "Windows Hello.*",`
	`275`	`+ RealExamples.WindowsHelloTpm,`
	`276`	`+ Set(ATTACHMENT_HINT_INTERNAL),`
	`277`	`+ )`
	`278`	`+ }`
`270`	`279`	`}`
`271`	`280`	`}`
`272`	`281`	`}`
Original file line number	Diff line number	Diff line change
`@@ -616,6 +616,7 @@ public TrustRootsResult findTrustRoots(`
`616`	`616`	`.collect(Collectors.toSet()))`
`617`	`617`	`.certStore(certStore)`
`618`	`618`	`.enableRevocationChecking(false)`
	`619`	`+ .policyTreeValidator(policyNode -> true)`
`619`	`620`	`.build();`
`620`	`621`	`}`
`621`	`622`	`}`