Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add support for Apple App Attestation statement decoding
See original GitHub issueIs your feature request related to a problem? Please describe.
Apple started to use WebAuthentication for their new App Attestation service:
Apple DeviceCheck documentation
Describe the solution you’d like
I got basic parsing to work by registering my own attestation statement format, and adding some overwrites to use a modified object converter. So it seems a first nice step would be to have the format as part of the library.
There are still some kinks and very deep details on how to validate the attestations and assertions, as a start parsing support would be a great addition for everyone looking to use this.
import java.util.Objects;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonTypeName;
import com.webauthn4j.data.attestation.statement.AttestationCertificatePath;
import com.webauthn4j.data.attestation.statement.CertificateBaseAttestationStatement;
import com.webauthn4j.validator.exception.ConstraintViolationException;
@JsonIgnoreProperties(value = "format")
@JsonTypeName(AppleAppAttestationStatement.FORMAT)
public class AppleAppAttestationStatement implements CertificateBaseAttestationStatement {
public static final String FORMAT = "apple-appattest";
@JsonProperty
private final AttestationCertificatePath x5c;
@JsonCreator
public AppleAppAttestationStatement(
@JsonProperty("x5c") AttestationCertificatePath x5c) {
this.x5c = x5c;
}
@Override
public AttestationCertificatePath getX5c() {
return x5c;
}
@Override
public String getFormat() {
return FORMAT;
}
@Override
public void validate() {
if (x5c == null) {
throw new ConstraintViolationException("x5c must not be null");
}
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o == null || getClass() != o.getClass()) {
return false;
}
AppleAppAttestationStatement that = (AppleAppAttestationStatement) o;
return Objects.equals(x5c, that.x5c);
}
@Override
public int hashCode() {
int result = Objects.hash(x5c);
return result;
}
}
Overwrites to make this currently work:
cborMapper = new ObjectMapper(new CBORFactory());
// We added our own attestation type that is not yet part of the standard library
cborMapper.registerSubtypes(new NamedType(AppleAppAttestationStatement.class, AppleAppAttestationStatement.FORMAT));
authObjConverter = new ObjectConverter(new ObjectMapper(), cborMapper);
webAuthnManager = new WebAuthnManager(
Arrays.asList(
new AppleAppAttestationStatementValidator()
),
new NullCertPathTrustworthinessValidator(),
new NullSelfAttestationTrustworthinessValidator(),
authObjConverter
);
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:9 (6 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I will try to get you an example with all these details tomorrow.
Apple App Attest attestation support is now merged into master. https://github.com/webauthn4j/webauthn4j/pull/329