Use BinaryUtil.concat instead of ByteArray.concat where appropriate

emlun · emlun · commit e60862a51909 · 2024-12-12T19:51:43.000+01:00
diff --git a/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/AAGUID.java b/webauthn-server-attestation/src/main/java/com/yubico/fido/metadata/AAGUID.java
@@ -2,9 +2,9 @@
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonValue;
+import com.yubico.internal.util.BinaryUtil;
 import com.yubico.internal.util.ExceptionUtil;
 import com.yubico.webauthn.data.ByteArray;
-import com.yubico.webauthn.data.exception.HexException;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import lombok.AccessLevel;
@@ -105,12 +105,14 @@ private static ByteArray parse(String value) {
     Matcher matcher = AAGUID_PATTERN.matcher(value);
     if (matcher.find()) {
       try {
-        return ByteArray.fromHex(matcher.group(1))
-            .concat(ByteArray.fromHex(matcher.group(2)))
-            .concat(ByteArray.fromHex(matcher.group(3)))
-            .concat(ByteArray.fromHex(matcher.group(4)))
-            .concat(ByteArray.fromHex(matcher.group(5)));
-      } catch (HexException e) {
+        return new ByteArray(
+            BinaryUtil.concat(
+                BinaryUtil.fromHex(matcher.group(1)),
+                BinaryUtil.fromHex(matcher.group(2)),
+                BinaryUtil.fromHex(matcher.group(3)),
+                BinaryUtil.fromHex(matcher.group(4)),
+                BinaryUtil.fromHex(matcher.group(5))));
+      } catch (Exception e) {
         throw new RuntimeException(
             "This exception should be impossible, please file a bug report.", e);
       }
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyAssertionSpec.scala
@@ -29,6 +29,7 @@ import com.fasterxml.jackson.databind.node.JsonNodeFactory
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.databind.node.TextNode
 import com.upokecenter.cbor.CBORObject
+import com.yubico.internal.util.BinaryUtil
 import com.yubico.internal.util.JacksonCodecs
 import com.yubico.webauthn.data.AssertionExtensionInputs
 import com.yubico.webauthn.data.AuthenticatorAssertionResponse
@@ -2419,13 +2420,14 @@ class RelyingPartyAssertionSpec
 
       it("a U2F-formatted public key.") {
         val testData = RealExamples.YubiKeyNeo.asRegistrationTestData
-        val x = ByteArray.fromHex(
+        val x = BinaryUtil.fromHex(
           "39C94FBBDDC694A925E6F8657C66916CFE84CD0222EDFCF281B21F5CDC347923"
         )
-        val y = ByteArray.fromHex(
+        val y = BinaryUtil.fromHex(
           "D6B0D2021CFE1724A6FE81E3568C4FFAE339298216A30AFC18C0B975F2E2A891"
         )
-        val u2fPubkey = ByteArray.fromHex("04").concat(x).concat(y)
+        val u2fPubkey =
+          new ByteArray(BinaryUtil.concat(BinaryUtil.fromHex("04"), x, y))
 
         val cred1 = RegisteredCredential
           .builder()
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyRegistrationSpec.scala
@@ -1745,18 +1745,15 @@ class RelyingPartyRegistrationSpec
                         key,
                         COSEAlgorithmIdentifier.RS256,
                       )
-                      new ByteArray(
+                      BinaryUtil.concat(
                         java.util.Arrays.copyOfRange(
                           authDataBytes,
                           0,
                           32 + 1 + 4 + 16 + 2,
-                        )
+                        ),
+                        authData.getAttestedCredentialData.get.getCredentialId.getBytes,
+                        reencodedKey.getBytes,
                       )
-                        .concat(
-                          authData.getAttestedCredentialData.get.getCredentialId
-                        )
-                        .concat(reencodedKey)
-                        .getBytes
                     }
 
                     def modifyAttobjPubkeyAlg(attObjBytes: ByteArray)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2AssertionSpec.scala
@@ -29,6 +29,7 @@ import com.fasterxml.jackson.databind.node.JsonNodeFactory
 import com.fasterxml.jackson.databind.node.ObjectNode
 import com.fasterxml.jackson.databind.node.TextNode
 import com.upokecenter.cbor.CBORObject
+import com.yubico.internal.util.BinaryUtil
 import com.yubico.internal.util.JacksonCodecs
 import com.yubico.webauthn.data.AssertionExtensionInputs
 import com.yubico.webauthn.data.AuthenticatorAssertionResponse
@@ -2511,13 +2512,14 @@ class RelyingPartyV2AssertionSpec
 
       it("a U2F-formatted public key.") {
         val testData = RealExamples.YubiKeyNeo.asRegistrationTestData
-        val x = ByteArray.fromHex(
+        val x = BinaryUtil.fromHex(
           "39C94FBBDDC694A925E6F8657C66916CFE84CD0222EDFCF281B21F5CDC347923"
         )
-        val y = ByteArray.fromHex(
+        val y = BinaryUtil.fromHex(
           "D6B0D2021CFE1724A6FE81E3568C4FFAE339298216A30AFC18C0B975F2E2A891"
         )
-        val u2fPubkey = ByteArray.fromHex("04").concat(x).concat(y)
+        val u2fPubkey =
+          new ByteArray(BinaryUtil.concat(BinaryUtil.fromHex("04"), x, y))
 
         val rp = RelyingParty
           .builder()
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2RegistrationSpec.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/RelyingPartyV2RegistrationSpec.scala
@@ -1736,18 +1736,15 @@ class RelyingPartyV2RegistrationSpec
                         key,
                         COSEAlgorithmIdentifier.RS256,
                       )
-                      new ByteArray(
+                      BinaryUtil.concat(
                         java.util.Arrays.copyOfRange(
                           authDataBytes,
                           0,
                           32 + 1 + 4 + 16 + 2,
-                        )
+                        ),
+                        authData.getAttestedCredentialData.get.getCredentialId.getBytes,
+                        reencodedKey.getBytes,
                       )
-                        .concat(
-                          authData.getAttestedCredentialData.get.getCredentialId
-                        )
-                        .concat(reencodedKey)
-                        .getBytes
                     }
 
                     def modifyAttobjPubkeyAlg(attObjBytes: ByteArray)
diff --git a/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala b/webauthn-server-core/src/test/scala/com/yubico/webauthn/TestAuthenticator.scala
@@ -930,105 +930,92 @@ object TestAuthenticator {
       case 3 => { // RSA
         val cose = CBORObject.DecodeFromBytes(cosePubkey.getBytes)
         (
-          new ByteArray(BinaryUtil.encodeUint16(symmetric getOrElse 0x0010))
-            .concat(
-              new ByteArray(
-                BinaryUtil.encodeUint16(scheme getOrElse TpmRsaScheme.RSASSA)
-              )
-            )
-            .concat(
-              new ByteArray(BinaryUtil.encodeUint16(RsaKeySizeBits))
-            ) // key_bits
-            .concat(
-              new ByteArray(
-                BinaryUtil.encodeUint32(
-                  new BigInteger(1, cose.get(-2).GetByteString()).longValue()
-                )
-              )
-            ) // exponent
-          ,
-          new ByteArray(
-            BinaryUtil.encodeUint16(cose.get(-1).GetByteString().length)
-          ).concat(new ByteArray(cose.get(-1).GetByteString())), // modulus
+          BinaryUtil.concat(
+            BinaryUtil.encodeUint16(symmetric getOrElse 0x0010),
+            BinaryUtil.encodeUint16(scheme getOrElse TpmRsaScheme.RSASSA),
+            // key_bits
+            BinaryUtil.encodeUint16(RsaKeySizeBits),
+            // exponent
+            BinaryUtil.encodeUint32(
+              new BigInteger(1, cose.get(-2).GetByteString()).longValue()
+            ),
+          ),
+          BinaryUtil.concat(
+            BinaryUtil.encodeUint16(cose.get(-1).GetByteString().length),
+            // modulus
+            cose.get(-1).GetByteString(),
+          ),
         )
       }
       case 2 => { // EC
         val pubkey = WebAuthnCodecs
           .importCosePublicKey(cosePubkey)
           .asInstanceOf[ECPublicKey]
         (
-          new ByteArray(BinaryUtil.encodeUint16(symmetric getOrElse 0x0010))
-            .concat(
-              new ByteArray(BinaryUtil.encodeUint16(scheme getOrElse 0x0010))
-            )
-            .concat(
-              new ByteArray(BinaryUtil.encodeUint16(coseKeyAlg match {
-                case COSEAlgorithmIdentifier.ES256 => 0x0003
-                case COSEAlgorithmIdentifier.ES384 => 0x0004
-                case COSEAlgorithmIdentifier.ES512 => 0x0005
-                case COSEAlgorithmIdentifier.RS1 |
-                    COSEAlgorithmIdentifier.RS256 |
-                    COSEAlgorithmIdentifier.RS384 |
-                    COSEAlgorithmIdentifier.RS512 |
-                    COSEAlgorithmIdentifier.EdDSA =>
-                  ???
-              }))
-            )
-            .concat(
-              new ByteArray(BinaryUtil.encodeUint16(0x0010))
-            ) // kdf_scheme: ??? (unused?)
-          ,
-          new ByteArray(
-            BinaryUtil.encodeUint16(pubkey.getW.getAffineX.toByteArray.length)
-          )
-            .concat(new ByteArray(pubkey.getW.getAffineX.toByteArray))
-            .concat(
-              new ByteArray(
-                BinaryUtil.encodeUint16(
-                  pubkey.getW.getAffineY.toByteArray.length
-                )
-              )
-            )
-            .concat(new ByteArray(pubkey.getW.getAffineY.toByteArray)),
+          BinaryUtil.concat(
+            BinaryUtil.encodeUint16(symmetric getOrElse 0x0010),
+            BinaryUtil.encodeUint16(scheme getOrElse 0x0010),
+            BinaryUtil.encodeUint16(coseKeyAlg match {
+              case COSEAlgorithmIdentifier.ES256 => 0x0003
+              case COSEAlgorithmIdentifier.ES384 => 0x0004
+              case COSEAlgorithmIdentifier.ES512 => 0x0005
+              case COSEAlgorithmIdentifier.RS1 | COSEAlgorithmIdentifier.RS256 |
+                  COSEAlgorithmIdentifier.RS384 |
+                  COSEAlgorithmIdentifier.RS512 |
+                  COSEAlgorithmIdentifier.EdDSA =>
+                ???
+            }),
+            // kdf_scheme: ??? (unused?)
+            BinaryUtil.encodeUint16(0x0010),
+          ),
+          BinaryUtil.concat(
+            BinaryUtil.encodeUint16(pubkey.getW.getAffineX.toByteArray.length),
+            pubkey.getW.getAffineX.toByteArray,
+            BinaryUtil.encodeUint16(
+              pubkey.getW.getAffineY.toByteArray.length
+            ),
+            pubkey.getW.getAffineY.toByteArray,
+          ),
         )
       }
     }
-    val pubArea = new ByteArray(BinaryUtil.encodeUint16(signAlg))
-      .concat(new ByteArray(BinaryUtil.encodeUint16(hashId)))
-      .concat(
-        new ByteArray(
-          BinaryUtil.encodeUint32(attributes getOrElse Attributes.SIGN_ENCRYPT)
-        )
+    val pubArea = new ByteArray(
+      BinaryUtil.concat(
+        BinaryUtil.encodeUint16(signAlg),
+        BinaryUtil.encodeUint16(hashId),
+        BinaryUtil.encodeUint32(attributes getOrElse Attributes.SIGN_ENCRYPT),
+        // authPolicy is ignored by TpmAttestationStatementVerifier
+        BinaryUtil.encodeUint16(0),
+        parameters,
+        unique,
       )
-      .concat(
-        new ByteArray(BinaryUtil.encodeUint16(0))
-      ) // authPolicy is ignored by TpmAttestationStatementVerifier
-      .concat(parameters)
-      .concat(unique)
-
-    val qualifiedSigner = ByteArray.fromHex("")
-    val clockInfo = ByteArray.fromHex("0000000000000000111111112222222233")
-    val firmwareVersion = ByteArray.fromHex("0000000000000000")
+    )
+
+    val qualifiedSigner = BinaryUtil.fromHex("")
+    val clockInfo = BinaryUtil.fromHex("0000000000000000111111112222222233")
+    val firmwareVersion = BinaryUtil.fromHex("0000000000000000")
     val attestedName =
       modifyAttestedName(
         new ByteArray(BinaryUtil.encodeUint16(hashId)).concat(hashFunc(pubArea))
       )
-    val attestedQualifiedName = ByteArray.fromHex("")
-
-    val certInfo = magic
-      .concat(`type`)
-      .concat(new ByteArray(BinaryUtil.encodeUint16(qualifiedSigner.size)))
-      .concat(qualifiedSigner)
-      .concat(new ByteArray(BinaryUtil.encodeUint16(extraData.size)))
-      .concat(extraData)
-      .concat(clockInfo)
-      .concat(firmwareVersion)
-      .concat(new ByteArray(BinaryUtil.encodeUint16(attestedName.size)))
-      .concat(attestedName)
-      .concat(
-        new ByteArray(BinaryUtil.encodeUint16(attestedQualifiedName.size))
+    val attestedQualifiedName = BinaryUtil.fromHex("")
+
+    val certInfo = new ByteArray(
+      BinaryUtil.concat(
+        magic.getBytes,
+        `type`.getBytes,
+        BinaryUtil.encodeUint16(qualifiedSigner.length),
+        qualifiedSigner,
+        BinaryUtil.encodeUint16(extraData.size),
+        extraData.getBytes,
+        clockInfo,
+        firmwareVersion,
+        BinaryUtil.encodeUint16(attestedName.size),
+        attestedName.getBytes,
+        BinaryUtil.encodeUint16(attestedQualifiedName.length),
+        attestedQualifiedName,
       )
-      .concat(attestedQualifiedName)
+    )
 
     val sig = sign(certInfo, cert.key, cert.alg)
 
