Merge pull request #349 from Yubico/eliminate-cose-java

emlun · emlun · commit ca9b2f6f998f · 2024-02-15T17:05:35.000+01:00
Eliminate COSE-Java dependency
diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java
@@ -47,29 +47,31 @@ final class WebAuthnCodecs {
   private static final ByteArray EC_PUBLIC_KEY_OID =
       new ByteArray(
           new byte[] {
-            0x2A, -122, 0x48, -50, 0x3D, 0x02, 0x01
+            0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 2, 1
           }); // OID 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type)
   private static final ByteArray P256_CURVE_OID =
       new ByteArray(
-          new byte[] {0x2A, -122, 0x48, -50, 0x3D, 0x03, 0x01, 7}); // OID 1.2.840.10045.3.1.7
+          new byte[] {
+            0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 3, 1, 7 // OID 1.2.840.10045.3.1.7
+          });
   private static final ByteArray P384_CURVE_OID =
-      new ByteArray(new byte[] {0x2B, -127, 0x04, 0, 34}); // OID 1.3.132.0.34
+      new ByteArray(new byte[] {0x2B, (byte) 0x81, 0x04, 0, 34}); // OID 1.3.132.0.34
   private static final ByteArray P512_CURVE_OID =
-      new ByteArray(new byte[] {0x2B, -127, 0x04, 0, 35}); // OID 1.3.132.0.35
+      new ByteArray(new byte[] {0x2B, (byte) 0x81, 0x04, 0, 35}); // OID 1.3.132.0.35
 
   private static final ByteArray ED25519_ALG_ID =
       new ByteArray(
           new byte[] {
             // SEQUENCE (5 bytes)
             0x30,
-            0x05,
+            5,
             // OID (3 bytes)
             0x06,
-            0x03,
+            3,
             // OID 1.3.101.112
             0x2B,
-            0x65,
-            0x70
+            101,
+            112
           });
 
   static ByteArray ecPublicKeyToRaw(ECPublicKey key) {
@@ -149,13 +151,10 @@ static PublicKey importCosePublicKey(ByteArray key)
     final int kty = cose.get(CBORObject.FromObject(1)).AsInt32();
     switch (kty) {
       case 1:
-        // COSE-JAVA is hardcoded to ed25519-java provider ("EdDSA") which would require an
-        // additional dependency to parse EdDSA keys via the OneKey constructor
         return importCoseEdDsaPublicKey(cose);
       case 2:
         return importCoseEcdsaPublicKey(cose);
       case 3:
-        // COSE-JAVA supports RSA in v1.1.0 but not in v1.0.0
         return importCoseRsaPublicKey(cose);
       default:
         throw new IllegalArgumentException("Unsupported key type: " + kty);
