private string convertCOSEtoPEM(byte[] cose)
{
// COSE形式の公開鍵をPEM形式に変換する
// 1-1.26byteのメタデータを追加
// 1-2.0x04を追加
// 1-3.COSEデータのxとyを追加
// 2-1.Base64エンコード
// 2-2.64文字ごとに改行コードをいれる
// 2-3.ヘッダとフッタを入れる
string pemdata = "";
try {
// Phase-1
var pubkey = new List <byte>();
var metaheader = Common.HexStringToBytes("3059301306072a8648ce3d020106082a8648ce3d030107034200");
pubkey.AddRange(metaheader);
pubkey.Add(0x04);
var cbor = PeterO.Cbor.CBORObject.DecodeFromBytes(cose, PeterO.Cbor.CBOREncodeOptions.Default);
foreach (var key in cbor.Keys)
{
if (key.Type == CBORType.Integer)
{
var keyVal = key.ToObject <Int16>();
if (keyVal == -2)
{
var x = cbor[key].GetByteString();
pubkey.AddRange(x);
}
else if (keyVal == -3)
{
var y = cbor[key].GetByteString();
pubkey.AddRange(y);
}
}
}
// Phase-2
pemdata = DerConverter.ToPemPublicKey(pubkey.ToArray());
} catch (Exception) {
}
return(pemdata);
}
protected Result Verify(byte[] challenge, Attestation att)
{
var result = new Result();
// Verifyの結果によらず | Regardless of the result of Verify
{
var decAuthdata = new DecodedAuthData();
decAuthdata.Decode(att.AuthData);
result.CredentialID = decAuthdata.CredentialId;
result.PublicKeyPem = decAuthdata.PublicKeyPem;
}
//If an x5c certificate is used for attestation (attCA)
if (att.AttStmtX5c != null)
{
var cert = DerConverter.ToPemCertificate(att.AttStmtX5c);
var publicKeyforVerify = CryptoBC.GetPublicKeyPEMfromCert(cert);
if (!string.IsNullOrEmpty(publicKeyforVerify))
{
result.IsSuccess = VerifyPublicKey(publicKeyforVerify, challenge, att.AuthData, att.AttStmtSig);
}
}
//Self attestation (signature uses credential keypair instead of attestation keypair)
else if (att.AttStmtAlg != 0 && att.AttStmtSig != null)
{
if (!string.IsNullOrEmpty(result.PublicKeyPem))
{
result.IsSuccess = VerifyPublicKey(result.PublicKeyPem, challenge, att.AuthData, att.AttStmtSig);
}
}
//TODO: Implement check for ECDAA attestation
//8.2 https://www.w3.org/TR/webauthn/#packed-attestation
return(result);
}
