diff --git a/build.gradle b/build.gradle index d61a8e0bf..5bfbf93ac 100644 --- a/build.gradle +++ b/build.gradle @@ -34,7 +34,6 @@ dependencies { constraints { api(constraintLibs.bundles.jackson) api(constraintLibs.cbor) - api(constraintLibs.cose) api(constraintLibs.guava) api(constraintLibs.httpclient5) api(constraintLibs.slf4j) diff --git a/settings.gradle.kts b/settings.gradle.kts index 3cb500697..83a4d55e2 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -15,7 +15,6 @@ dependencyResolutionManagement { versionCatalogs { create("constraintLibs") { library("cbor", "com.upokecenter:cbor:[4.5.1,5)") - library("cose", "com.augustcellars.cose:cose-java:[1.0.0,2)") library("guava", "com.google.guava:guava:[24.1.1,33)") library("httpclient5", "org.apache.httpcomponents.client5:httpclient5:[5.0.0,6)") library("slf4j", "org.slf4j:slf4j-api:[1.7.25,3)") diff --git a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/build.gradle.kts b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/build.gradle.kts index 801446db1..3d5d07c94 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/build.gradle.kts +++ b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/build.gradle.kts @@ -12,9 +12,6 @@ dependencies { testImplementation("junit:junit:4.12") testImplementation("org.mockito:mockito-core:[2.27.0,3)") - // Runtime-only internal dependency of webauthn-server-core - testImplementation("com.augustcellars.cose:cose-java:[1.0.0,2)") - // Transitive dependencies from coreTestOutput testImplementation("org.scala-lang:scala-library:[2.13.1,3)") } diff --git a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java index e38997392..b789838d2 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java +++ b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java @@ -2,7 +2,6 @@ import static org.junit.Assert.assertTrue; -import COSE.CoseException; import com.yubico.webauthn.data.AttestationObject; import com.yubico.webauthn.data.RelyingPartyIdentity; import java.io.IOException; @@ -72,7 +71,7 @@ public void bouncyCastleProviderIsNotLoadedAfterInstantiatingRelyingParty() { @Test public void bouncyCastleProviderIsNotLoadedAfterAttemptingToLoadEddsaKey() - throws IOException, CoseException, InvalidKeySpecException { + throws IOException, InvalidKeySpecException { try { WebAuthnCodecs.importCosePublicKey( new AttestationObject( @@ -92,7 +91,7 @@ public void bouncyCastleProviderIsNotLoadedAfterAttemptingToLoadEddsaKey() @Test(expected = NoSuchAlgorithmException.class) public void doesNotFallBackToBouncyCastleAutomatically() - throws IOException, CoseException, InvalidKeySpecException, NoSuchAlgorithmException { + throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { for (Provider prov : Security.getProviders()) { Security.removeProvider(prov.getName()); } diff --git a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java index 78201c6a2..57cd1bcc3 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java +++ b/test-dependent-projects/java-dep-webauthn-server-core-and-bouncycastle/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java @@ -3,7 +3,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -import COSE.CoseException; import com.yubico.webauthn.data.AttestationObject; import com.yubico.webauthn.data.RelyingPartyIdentity; import java.io.IOException; @@ -47,7 +46,7 @@ public void tearDown() { @Test public void importRsa() - throws IOException, CoseException, NoSuchAlgorithmException, InvalidKeySpecException { + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { PublicKey key = WebAuthnCodecs.importCosePublicKey( new AttestationObject( @@ -61,7 +60,7 @@ public void importRsa() @Test public void importEcdsa() - throws IOException, CoseException, NoSuchAlgorithmException, InvalidKeySpecException { + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { PublicKey key = WebAuthnCodecs.importCosePublicKey( new AttestationObject( @@ -75,7 +74,7 @@ public void importEcdsa() @Test public void importEddsa() - throws IOException, CoseException, NoSuchAlgorithmException, InvalidKeySpecException { + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { PublicKey key = WebAuthnCodecs.importCosePublicKey( new AttestationObject( diff --git a/test-dependent-projects/java-dep-webauthn-server-core/build.gradle.kts b/test-dependent-projects/java-dep-webauthn-server-core/build.gradle.kts index 1e8977835..29f2ab537 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core/build.gradle.kts +++ b/test-dependent-projects/java-dep-webauthn-server-core/build.gradle.kts @@ -11,9 +11,6 @@ dependencies { testImplementation("junit:junit:4.12") testImplementation("org.mockito:mockito-core:[2.27.0,3)") - // Runtime-only internal dependency of webauthn-server-core - testImplementation("com.augustcellars.cose:cose-java:[1.0.0,2)") - // Transitive dependencies from coreTestOutput testImplementation("org.scala-lang:scala-library:[2.13.1,3)") } diff --git a/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java b/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java index 6ce756bbc..27c43e834 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java +++ b/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/BouncyCastleProviderPresenceTest.java @@ -2,7 +2,6 @@ import static org.junit.Assert.assertTrue; -import COSE.CoseException; import com.yubico.webauthn.data.AttestationObject; import com.yubico.webauthn.data.RelyingPartyIdentity; import java.io.IOException; @@ -51,7 +50,7 @@ public void bouncyCastleProviderIsNotLoadedAfterInstantiatingRelyingParty() { @Test public void bouncyCastleProviderIsNotLoadedAfterAttemptingToLoadEddsaKey() - throws IOException, CoseException, InvalidKeySpecException { + throws IOException, InvalidKeySpecException { try { WebAuthnCodecs.importCosePublicKey( new AttestationObject( diff --git a/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java b/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java index f35ce43ae..5a96dac81 100644 --- a/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java +++ b/test-dependent-projects/java-dep-webauthn-server-core/src/test/java/com/yubico/webauthn/CryptoAlgorithmsTest.java @@ -2,7 +2,6 @@ import static org.junit.Assert.assertEquals; -import COSE.CoseException; import com.yubico.webauthn.data.AttestationObject; import com.yubico.webauthn.data.RelyingPartyIdentity; import java.io.IOException; @@ -45,7 +44,7 @@ public void tearDown() { @Test public void importRsa() - throws IOException, CoseException, NoSuchAlgorithmException, InvalidKeySpecException { + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { PublicKey key = WebAuthnCodecs.importCosePublicKey( new AttestationObject( @@ -59,7 +58,7 @@ public void importRsa() @Test public void importEcdsa() - throws IOException, CoseException, NoSuchAlgorithmException, InvalidKeySpecException { + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { PublicKey key = WebAuthnCodecs.importCosePublicKey( new AttestationObject( diff --git a/webauthn-server-core/build.gradle.kts b/webauthn-server-core/build.gradle.kts index 79ed2a335..9bbd2bda8 100644 --- a/webauthn-server-core/build.gradle.kts +++ b/webauthn-server-core/build.gradle.kts @@ -16,7 +16,6 @@ dependencies { api(platform(rootProject)) implementation(project(":yubico-util")) - implementation("com.augustcellars.cose:cose-java") implementation("com.fasterxml.jackson.core:jackson-databind") implementation("com.google.guava:guava") implementation("com.upokecenter:cbor") diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java index a962164e3..b815aa320 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/AttestationStatementVerifier.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.yubico.webauthn.data.AttestationObject; import com.yubico.webauthn.data.AttestationType; import com.yubico.webauthn.data.ByteArray; @@ -34,7 +33,7 @@ interface AttestationStatementVerifier { AttestationType getAttestationType(AttestationObject attestation) - throws IOException, CoseException, CertificateException; + throws IOException, CertificateException; boolean verifyAttestationSignature( AttestationObject attestationObject, ByteArray clientDataJsonHash); diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java index ac3f1f2f1..5806222c2 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FidoU2fAttestationStatementVerifier.java @@ -26,7 +26,6 @@ import static com.yubico.webauthn.Crypto.isP256; -import COSE.CoseException; import com.fasterxml.jackson.databind.JsonNode; import com.yubico.internal.util.ExceptionUtil; import com.yubico.webauthn.data.AttestationObject; @@ -76,7 +75,7 @@ private static boolean validSelfSignature(X509Certificate cert) { } private static ByteArray getRawUserPublicKey(AttestationObject attestationObject) - throws IOException, CoseException { + throws IOException { final ByteArray pubkeyCose = attestationObject .getAuthenticatorData() @@ -102,7 +101,7 @@ private static ByteArray getRawUserPublicKey(AttestationObject attestationObject @Override public AttestationType getAttestationType(AttestationObject attestationObject) - throws CoseException, IOException, CertificateException { + throws IOException, CertificateException { X509Certificate attestationCertificate = getAttestationCertificate(attestationObject); if (attestationCertificate.getPublicKey() instanceof ECPublicKey @@ -153,7 +152,7 @@ && isP256(((ECPublicKey) attestationCertificate.getPublicKey()).getParams()))) { try { userPublicKey = getRawUserPublicKey(attestationObject); - } catch (IOException | CoseException e) { + } catch (IOException e) { RuntimeException err = new RuntimeException( String.format( diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java index 7c6821007..f80a90447 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishAssertionSteps.java @@ -26,7 +26,6 @@ import static com.yubico.internal.util.ExceptionUtil.assertTrue; -import COSE.CoseException; import com.yubico.internal.util.OptionalUtil; import com.yubico.webauthn.data.AuthenticatorAssertionResponse; import com.yubico.webauthn.data.ByteArray; @@ -508,7 +507,7 @@ public void validate() { try { key = WebAuthnCodecs.importCosePublicKey(cose); - } catch (CoseException | IOException | InvalidKeySpecException e) { + } catch (IOException | InvalidKeySpecException e) { throw new IllegalArgumentException( String.format( "Failed to decode public key: Credential ID: %s COSE: %s", diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java index ad6094e8a..65feaf623 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/FinishRegistrationSteps.java @@ -27,7 +27,6 @@ import static com.yubico.internal.util.ExceptionUtil.assertTrue; import static com.yubico.internal.util.ExceptionUtil.wrapAndLog; -import COSE.CoseException; import com.upokecenter.cbor.CBORObject; import com.yubico.internal.util.CertificateParser; import com.yubico.internal.util.OptionalUtil; @@ -345,7 +344,7 @@ public void validate() { .collect(Collectors.toList())); try { WebAuthnCodecs.importCosePublicKey(publicKeyCose); - } catch (CoseException | IOException | InvalidKeySpecException | NoSuchAlgorithmException e) { + } catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) { throw wrapAndLog(log, "Failed to parse credential public key", e); } } @@ -431,7 +430,7 @@ public AttestationType attestationType() { return AttestationType.UNKNOWN; } } - } catch (IOException | CoseException | CertificateException e) { + } catch (IOException | CertificateException e) { throw new IllegalArgumentException("Failed to resolve attestation type.", e); } } diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java index ed513dbb4..0e8a97bbe 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/PackedAttestationStatementVerifier.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.fasterxml.jackson.databind.JsonNode; import com.upokecenter.cbor.CBORObject; import com.yubico.internal.util.CertificateParser; @@ -95,7 +94,7 @@ private boolean verifySelfAttestationSignature( .getAttestedCredentialData() .get() .getCredentialPublicKey()); - } catch (IOException | CoseException | InvalidKeySpecException e) { + } catch (IOException | InvalidKeySpecException e) { throw ExceptionUtil.wrapAndLog( log, String.format( diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java index 38abf25f6..21246e5b2 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegisteredCredential.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.fasterxml.jackson.annotation.JsonAlias; import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonIgnore; @@ -99,7 +98,7 @@ public final class RegisteredCredential { @NonNull @JsonIgnore public PublicKey getParsedPublicKey() - throws InvalidKeySpecException, NoSuchAlgorithmException, CoseException, IOException { + throws InvalidKeySpecException, NoSuchAlgorithmException, IOException { return WebAuthnCodecs.importCosePublicKey(getPublicKeyCose()); } diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java index d0f815862..499003730 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/RegistrationResult.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.annotation.JsonProperty; @@ -299,7 +298,7 @@ public ByteArray getPublicKeyCose() { @NonNull @JsonIgnore public PublicKey getParsedPublicKey() - throws InvalidKeySpecException, NoSuchAlgorithmException, CoseException, IOException { + throws InvalidKeySpecException, NoSuchAlgorithmException, IOException { return WebAuthnCodecs.importCosePublicKey(getPublicKeyCose()); } diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java index ee051e770..fc91e4205 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/TpmAttestationStatementVerifier.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; import com.upokecenter.cbor.CBORObject; @@ -178,7 +177,7 @@ public boolean verifyAttestationSignature( // is identical to the credentialPublicKey in the attestedCredentialData in authenticatorData. try { verifyPublicKeysMatch(attestationObject, pubArea); - } catch (CoseException | IOException | InvalidKeySpecException | NoSuchAlgorithmException e) { + } catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) { throw new RuntimeException( "Failed to verify that public key in TPM attestation matches public key in authData.", e); } @@ -267,7 +266,7 @@ private void validateCertInfo( } private void verifyPublicKeysMatch(AttestationObject attestationObject, TpmtPublic pubArea) - throws CoseException, IOException, InvalidKeySpecException, NoSuchAlgorithmException { + throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { final PublicKey credentialPubKey = WebAuthnCodecs.importCosePublicKey( attestationObject diff --git a/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java b/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java index 6fd89dc9c..c335f3708 100644 --- a/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java +++ b/webauthn-server-core/src/main/java/com/yubico/webauthn/WebAuthnCodecs.java @@ -24,7 +24,6 @@ package com.yubico.webauthn; -import COSE.CoseException; import com.google.common.primitives.Bytes; import com.upokecenter.cbor.CBORObject; import com.yubico.webauthn.data.ByteArray; @@ -133,7 +132,7 @@ static ByteArray rawEcKeyToCose(ByteArray key) { } static PublicKey importCosePublicKey(ByteArray key) - throws CoseException, IOException, InvalidKeySpecException, NoSuchAlgorithmException { + throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { CBORObject cose = CBORObject.DecodeFromBytes(key.getBytes()); final int kty = cose.get(CBORObject.FromObject(1)).AsInt32(); switch (kty) {