Skip to content

Commit f207b27

Browse files
emlunemlun
committed
Simplify parsing of RSA COSE public keys
1 parent c15ab3e commit f207b27

File tree

1 file changed

+4
-18
lines changed

1 file changed

+4
-18
lines changed

webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java

Lines changed: 4 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -31,13 +31,11 @@
3131
import com.yubico.webauthn.data.ByteArray;
3232
import com.yubico.webauthn.data.COSEAlgorithmIdentifier;
3333
import java.io.IOException;
34-
import java.math.BigInteger;
3534
import java.security.KeyFactory;
3635
import java.security.NoSuchAlgorithmException;
3736
import java.security.PublicKey;
3837
import java.security.interfaces.ECPublicKey;
3938
import java.security.spec.InvalidKeySpecException;
40-
import java.security.spec.RSAPublicKeySpec;
4139
import java.security.spec.X509EncodedKeySpec;
4240
import java.util.Arrays;
4341
import java.util.HashMap;
@@ -125,29 +123,17 @@ static PublicKey importCosePublicKey(ByteArray key)
125123
final int kty = cose.get(CBORObject.FromObject(1)).AsInt32();
126124
switch (kty) {
127125
case 1:
126+
// COSE-JAVA is hardcoded to ed25519-java provider ("EdDSA") which would require an
127+
// additional dependency to parse EdDSA keys via the OneKey constructor
128128
return importCoseEdDsaPublicKey(cose);
129-
case 2:
130-
return importCoseP256PublicKey(cose);
129+
case 2: // Fall through
131130
case 3:
132-
return importCoseRsaPublicKey(cose);
131+
return new OneKey(cose).AsPublicKey();
133132
default:
134133
throw new IllegalArgumentException("Unsupported key type: " + kty);
135134
}
136135
}
137136

138-
private static PublicKey importCoseRsaPublicKey(CBORObject cose)
139-
throws NoSuchAlgorithmException, InvalidKeySpecException {
140-
RSAPublicKeySpec spec =
141-
new RSAPublicKeySpec(
142-
new BigInteger(1, cose.get(CBORObject.FromObject(-1)).GetByteString()),
143-
new BigInteger(1, cose.get(CBORObject.FromObject(-2)).GetByteString()));
144-
return KeyFactory.getInstance("RSA").generatePublic(spec);
145-
}
146-
147-
private static ECPublicKey importCoseP256PublicKey(CBORObject cose) throws CoseException {
148-
return (ECPublicKey) new OneKey(cose).AsPublicKey();
149-
}
150-
151137
private static PublicKey importCoseEdDsaPublicKey(CBORObject cose)
152138
throws InvalidKeySpecException, NoSuchAlgorithmException {
153139
final int curveId = cose.get(CBORObject.FromObject(-1)).AsInt32();

0 commit comments

Comments
 (0)