Update to support metadata service v3 (#33)

Resolved #11

Author: kj84park

README.md

@@ -149,7 +149,13 @@ jar {
   }
 }
 ```
-
+- If Fido2StarterDemoApplication doesn't work well, try commenting on this part in build.gradle.
+```groovy
+task dockerBuild() {
+  jar.enabled = false
+  dependsOn(bootJar)
+}
+```
 ## API Guides
 After running the applications, you can view API guide documents at the link below.
 

build.gradle

@@ -1,6 +1,17 @@
 /*
- * Copyright (c) 2018 LINE Corporation. All rights reserved.
- * LINE Corporation PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
  */
 
 group 'com.linecorp.line.auth.fido.fido2'

common/build.gradle

@@ -1,6 +1,17 @@
 /*
- * Copyright (c) 2018 LINE Corporation. All rights reserved.
- * LINE Corporation PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
  */
 
 plugins {

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/AuthenticatorGetInfo.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3;
+
+import com.linecorp.line.auth.fido.fido2.common.PublicKeyCredentialParameters;
+import lombok.Data;
+
+import java.math.BigInteger;
+import java.util.List;
+import java.util.Map;
+
+@Data
+public class AuthenticatorGetInfo {
+    private List<String> versions;
+    private List<String> extensions;
+    private String aaguid;
+    private Map options;
+    private BigInteger maxMsgSize;
+
+    private List<Long> pinUvAuthProtocols;
+    private BigInteger maxCredentialCountInList;
+    private BigInteger maxCredentialIdLength;
+    private List<String> transports;
+    private List<PublicKeyCredentialParameters> algorithms;
+
+    private BigInteger maxSerializedLargeBlobArray;
+    private Boolean forcePINChange;
+    private BigInteger minPINLength;
+    private BigInteger firmwareVersion;
+    private BigInteger maxCredBlobLength;
+
+    private BigInteger maxRPIDsForSetMinPINLength;
+    private BigInteger preferredPlatformUvAttempts;
+    private BigInteger uvModality;
+    private Map certifications;
+    private BigInteger remainingDiscoverableCredentials;
+
+    private List<BigInteger> vendorPrototypeConfigCommands;
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/AuthenticatorStatus.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3;
+
+public enum AuthenticatorStatus {
+    NOT_FIDO_CERTIFIED,
+    FIDO_CERTIFIED,
+    USER_VERIFICATION_BYPASS,
+    ATTESTATION_KEY_COMPROMISE,
+    USER_KEY_REMOTE_COMPROMISE,
+    USER_KEY_PHYSICAL_COMPROMISE,
+    UPDATE_AVAILABLE,
+    REVOKED,
+    SELF_ASSERTION_SUBMITTED,
+    FIDO_CERTIFIED_L1,
+    FIDO_CERTIFIED_L1plus,
+    FIDO_CERTIFIED_L2,
+    FIDO_CERTIFIED_L2plus,
+    FIDO_CERTIFIED_L3,
+    FIDO_CERTIFIED_L3plus
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/MetadataBLOBPayload.java

@@ -0,0 +1,28 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3;
+
+import lombok.Data;
+
+import java.util.List;
+@Data
+public class MetadataBLOBPayload {
+    private String legalHeader;
+    private Long no;
+    private String nextUpdate;
+    private List<MetadataBLOBPayloadEntry> entries;
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/MetadataBLOBPayloadEntry.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3;
+
+import com.linecorp.line.auth.fido.fido2.common.mdsv3.metadata.BiometricStatusReport;
+import com.linecorp.line.auth.fido.fido2.common.mdsv3.metadata.MetadataStatement;
+import lombok.Data;
+
+import java.util.List;
+
+@Data
+public class MetadataBLOBPayloadEntry {
+    private String aaid;
+    private String aaguid;
+    private List<String> attestationCertificateKeyIdentifiers;
+    private MetadataStatement metadataStatement;
+    private List<BiometricStatusReport> biometricStatusReports;
+
+    private List<StatusReport> statusReports;
+    private String timeOfLastStatusChange;
+    private String rogueListURL;
+    private StringBuilder rogueListHash;
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/StatusReport.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3;
+
+import lombok.Data;
+
+@Data
+public class StatusReport {
+    private AuthenticatorStatus status;
+    private Long authenticatorVersion;
+    private String effectiveDate;
+    private String certificate;
+    private String url;
+    private String certificationDescriptor;
+    private String certificateNumber;
+    private String certificationPolicyVersion;
+    private String certificationRequirementsVersion;
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/metadata/BiometricAccuracyDescriptor.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3.metadata;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
+public class BiometricAccuracyDescriptor {
+    private Double selfAttestedFRR;
+    private Double selfAttestedFAR;
+    private Integer maxTemplates;
+    private Integer maxRetries;
+    private Integer blockSlowdown;
+}

common/src/main/java/com/linecorp/line/auth/fido/fido2/common/mdsv3/metadata/BiometricStatusReport.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright 2022 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+package com.linecorp.line.auth.fido.fido2.common.mdsv3.metadata;
+
+import lombok.Data;
+
+@Data
+public class BiometricStatusReport {
+    Integer certLevel;
+    String  modality;
+    String  effectiveDate;
+    String  certificationDescriptor;
+    String  certificateNumber;
+    String  certificationPolicyVersion;
+    String  certificationRequirementsVersion;
+}