diff --git a/webauthn-server-attestation/src/test/scala/com/yubico/fido/metadata/FidoMds3Spec.scala b/webauthn-server-attestation/src/test/scala/com/yubico/fido/metadata/FidoMds3Spec.scala index 871c2ce4e..069b548a9 100644 --- a/webauthn-server-attestation/src/test/scala/com/yubico/fido/metadata/FidoMds3Spec.scala +++ b/webauthn-server-attestation/src/test/scala/com/yubico/fido/metadata/FidoMds3Spec.scala @@ -1038,21 +1038,12 @@ class FidoMds3Spec extends AnyFunSpec with Matchers { } describe("The notRetired filter") { - val attestationRoot = TestAuthenticator.generateAttestationCaCertificate() - val rootCertBase64 = new ByteArray(attestationRoot._1.getEncoded).getBase64 - - val (goodCert, _) = TestAuthenticator.generateAttestationCertificate( - name = new X500Name("CN=Good cert"), - caCertAndKey = Some(attestationRoot), - ) - - val goodCertKeyIdentifier = new ByteArray( - CertificateParser.computeSubjectKeyIdentifier(goodCert) - ).getHex - val aaguidRetired = new AAGUID(ByteArray.fromHex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")) + val aaguidNotRetired = + new AAGUID(ByteArray.fromHex("bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb")) + val blob: MetadataBLOBPayload = JacksonCodecs.jsonWithDefaultEnums.readValue( s"""{ @@ -1062,16 +1053,13 @@ class FidoMds3Spec extends AnyFunSpec with Matchers { "entries": [ { "aaguid": "${aaguidRetired.asGuidString()}", - "attestationCertificateKeyIdentifiers": ["${goodCertKeyIdentifier}"], + "attestationCertificateKeyIdentifiers": [], "metadataStatement": { "aaguid": "${aaguidRetired.asGuidString()}", - "attestationCertificateKeyIdentifiers": ["${goodCertKeyIdentifier}"], "authenticatorVersion": 1, - "attachmentHint" : ["internal"], - "attestationRootCertificates": ["${rootCertBase64}"], + "attestationRootCertificates": [], "attestationTypes" : ["basic_full"], "authenticationAlgorithms" : ["secp256r1_ecdsa_sha256_raw"], - "description" : "Test authenticator", "keyProtection" : ["software"], "matcherProtection" : ["software"], "protocolFamily" : "u2f", @@ -1085,6 +1073,27 @@ class FidoMds3Spec extends AnyFunSpec with Matchers { { "status": "RETIRED", "effectiveDate": "2022-02-01" } ], "timeOfLastStatusChange": "2022-02-15" + }, + { + "aaguid": "${aaguidNotRetired.asGuidString()}", + "attestationCertificateKeyIdentifiers": [], + "metadataStatement": { + "aaguid": "${aaguidNotRetired.asGuidString()}", + "authenticatorVersion": 1, + "attestationRootCertificates": [], + "attestationTypes" : ["basic_full"], + "authenticationAlgorithms" : ["secp256r1_ecdsa_sha256_raw"], + "keyProtection" : ["software"], + "matcherProtection" : ["software"], + "protocolFamily" : "u2f", + "publicKeyAlgAndEncodings" : ["ecc_x962_raw"], + "schema" : 3, + "tcDisplay" : [], + "upv" : [{ "major" : 1, "minor" : 1 }], + "userVerificationDetails" : [[{ "userVerificationMethod" : "presence_internal" }]] + }, + "statusReports": [], + "timeOfLastStatusChange": "2022-02-15" } ] }""".stripMargin, @@ -1095,11 +1104,10 @@ class FidoMds3Spec extends AnyFunSpec with Matchers { val mds = FidoMetadataService.builder().useBlob(blob).build() mds - .findTrustRoots( - List(goodCert).asJava, - Some(aaguidRetired.asBytes).toJava, - ) - .getTrustRoots + .findEntries(aaguidRetired) + .asScala should not be empty + mds + .findEntries(aaguidNotRetired) .asScala should not be empty } @@ -1111,12 +1119,11 @@ class FidoMds3Spec extends AnyFunSpec with Matchers { .build() mds - .findTrustRoots( - List(goodCert).asJava, - Some(aaguidRetired.asBytes).toJava, - ) - .getTrustRoots + .findEntries(aaguidRetired) .asScala shouldBe empty + mds + .findEntries(aaguidNotRetired) + .asScala should not be empty } }