Merge branch 'master' into owner_exec

fido-device-onboard · Nov 13, 2023 · c9904e9 · c9904e9
2 parents 9fffa64 + 4ed3e24
commit c9904e9
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 4 deletions.
diff --git a/component-samples/demo/reseller/service.yml b/component-samples/demo/reseller/service.yml
@@ -53,7 +53,7 @@ http-server:
 
 owner:
    keystore: 
-     path: owner.p12
+     path: reseller.p12
      store-type: PKCS12
      password: $(encrypt_password)
 

diff --git a/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java b/protocol/src/main/java/org/fidoalliance/fdo/protocol/VoucherUtils.java
@@ -19,6 +19,7 @@
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import java.security.spec.ECParameterSpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
@@ -49,6 +50,7 @@
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherEntries;
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherEntryPayload;
 import org.fidoalliance.fdo.protocol.message.OwnershipVoucherHeader;
+import org.fidoalliance.fdo.protocol.message.PublicKeyType;
 import org.fidoalliance.fdo.protocol.message.RendezvousDirective;
 import org.fidoalliance.fdo.protocol.message.RendezvousInfo;
 import org.fidoalliance.fdo.protocol.message.RendezvousInstruction;
@@ -112,9 +114,10 @@ public static OwnershipVoucher extend(OwnershipVoucher voucher,
     entryPayload.setHeaderHash(hdrHash);
     entryPayload.setExtra(Config.getWorker(ExtraInfoSupplier.class).get());
 
-    OwnerPublicKey nextOwnerKey = cs.encodeKey(prevOwnerPubKey.getType(),
-        prevOwnerPubKey.getEnc(),
-        nextChain);
+    OwnerPublicKey nextOwnerKey = cs.encodeKey(getCertificateKeyType(
+            nextChain[nextChain.length - 1]),
+            prevOwnerPubKey.getEnc(),
+            nextChain);
 
     //assume owner is encoded same a
     entryPayload.setOwnerPublicKey(nextOwnerKey);
@@ -341,6 +344,37 @@ public static String getPublicKeyAlias(OwnershipVoucher voucher) throws IOExcept
         new AlgorithmFinder().getKeySizeType(publicKey));
   }
 
+  private static PublicKeyType getCertificateKeyType(Certificate certificate) throws IOException {
+    PublicKey publicKey = certificate.getPublicKey();
+
+    if (publicKey instanceof RSAPublicKey) {
+      RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
+      int keySize = rsaPublicKey.getModulus().bitLength();
+
+      if (keySize == 2048) {
+        return PublicKeyType.RSA2048RESTR;
+      } else {
+        String algorithm = rsaPublicKey.getAlgorithm();
+        if ("RSA".equalsIgnoreCase(algorithm)) {
+          return PublicKeyType.RSAPKCS;
+        }
+      }
+    } else if (publicKey instanceof ECPublicKey) {
+      ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
+      ECParameterSpec params = ecPublicKey.getParams();
+
+      if (params != null) {
+        int keySize = params.getOrder().bitLength();
+        if (keySize == 256) {
+          return PublicKeyType.SECP256R1;
+        } else if (keySize == 384) {
+          return PublicKeyType.SECP384R1;
+        }
+      }
+    }
+    throw new IOException("Invalid Certificate type");
+  }
+
   private static CertPath getCertPath(List<Certificate> chain) throws IOException {
 
     final CertificateFactory cf;