Adds most logic needed for validating cert chain

Notes:
 * This is completely backward compatible to what U2F does now.
 * The registration request can now have more than one X.509
   certificate.  The chain must be DER encoded (basically, the X.509
   certs are DER encoded and then concatenated one after anoter.
 * As noted in many comments, the leaf is in the 0th element of the
   chain, followed by intermediary certs.
 * The current code does not yet ship with the final Android attestation
   root CA, so all Android attestations will have "chain validated:
   false"

Author: leshi

u2f-gae-demo/src/com/google/u2f/gaedemo/storage/TokenStorageData.java

@@ -12,16 +12,18 @@
 import com.google.u2f.server.data.SecurityKeyData;
 import com.google.u2f.server.data.SecurityKeyData.Transports;
 import com.google.u2f.server.impl.attestation.android.AndroidKeyStoreAttestation;
+import com.google.u2f.tools.X509Util;
 
 import org.apache.commons.codec.binary.Hex;
 
 import java.io.ByteArrayInputStream;
-import java.security.cert.CertificateEncodingException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
 
@@ -40,11 +42,7 @@ public TokenStorageData(SecurityKeyData tokenData) {
     this.enrollmentTime = tokenData.getEnrollmentTime();
     this.keyHandle = tokenData.getKeyHandle();
     this.publicKey = tokenData.getPublicKey();
-    try {
-      this.attestationCert = tokenData.getAttestationCertificate().getEncoded();
-    } catch (CertificateEncodingException e) {
-      throw new RuntimeException();
-    }
+    this.attestationCert = X509Util.encodeCertArray(tokenData.getAttestationCertificateChain());
     this.transports = tokenData.getTransports();
     this.counter = tokenData.getCounter();
   }
@@ -54,22 +52,24 @@ public void updateCounter(int newCounterValue) {
   }
 
   public SecurityKeyData getSecurityKeyData() {
-    X509Certificate x509cert = parseCertificate(attestationCert);
-    return new SecurityKeyData(enrollmentTime, transports, keyHandle, publicKey, x509cert, counter);
+    X509Certificate[] x509certChain = parseCertificateChain(attestationCert);
+    return new SecurityKeyData(
+        enrollmentTime, transports, keyHandle, publicKey, x509certChain, counter);
   }
 
   public JsonObject toJson() {
-    X509Certificate x509cert = getSecurityKeyData().getAttestationCertificate();
+    X509Certificate[] x509certChain = getSecurityKeyData().getAttestationCertificateChain();
     JsonObject json = new JsonObject();
     json.addProperty("enrollment_time", enrollmentTime);
     json.add("transports", getJsonTransports());
     json.addProperty("key_handle", Hex.encodeHexString(keyHandle));
     json.addProperty("public_key", Hex.encodeHexString(publicKey));
-    json.addProperty("issuer", x509cert.getIssuerX500Principal().getName());
+    json.addProperty("issuer", x509certChain[0].getIssuerX500Principal().getName());
 
     try {
+      // TODO(aczeskis): use the actual root ca cert when it's available
       AndroidKeyStoreAttestation androidKeyStoreAttestation =
-          AndroidKeyStoreAttestation.Parse(x509cert);
+          AndroidKeyStoreAttestation.Parse(x509certChain, null);
       if (androidKeyStoreAttestation != null) {
         json.add("android_attestation", androidKeyStoreAttestation.toJson());
       }
@@ -118,10 +118,12 @@ public boolean equals(Object obj) {
         && Arrays.equals(this.attestationCert, that.attestationCert);
   }
 
-  private static X509Certificate parseCertificate(byte[] encodedDerCertificate) {
+  private static X509Certificate[] parseCertificateChain(byte[] encodedDerCertificates) {
     try {
-      return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(
-          new ByteArrayInputStream(encodedDerCertificate));
+      Collection<? extends Certificate> certCollection =
+          CertificateFactory.getInstance("X.509").generateCertificates(
+              new ByteArrayInputStream(encodedDerCertificates));
+      return certCollection.toArray(new X509Certificate[0]);
     } catch (CertificateException e) {
       throw new RuntimeException(e);
     }

u2f-gae-demo/src/soy/card.soy

@@ -26,7 +26,7 @@
        <div class="androidAttestationLabel">Android Attestation <button class="toggleAttestationButton">show</button><br/></div>
        <div class="androidAttestation">
          <ul>
-           <li><span class="label">Cert Chain Verified: </span><span class="chainVerified">false</span><br/> 
+           <li><span class="label">Cert Chain Verified: </span><span class="chainVerified"></span><br/> 
            <li><span class="label">Keymaster Version: </span><span class="keymasterVersion">none</span><br/>
            <li><span class="label">Attestation Challenge: </span><span class="challenge">none</span><br/>
            <li><span class="label">Software Enforced: </span>

u2f-gae-demo/war/js/u2fdemo.js

@@ -28,10 +28,13 @@ function tokenToDom(token) {
   }
   if (token.android_attestation) {
     card.querySelector('.androidAttestationLabel').style.display = "inline";
+    
+    card.querySelector('.chainVerified').textContent = token.android_attestation.chain_validated;
+    
     card.querySelector('.keymasterVersion').textContent
         = token.android_attestation.keymaster_version;
     card.querySelector('.challenge').textContent
-        = token.android_attestation.attestation_challenge;
+        = "0x" + token.android_attestation.attestation_challenge;
 
     if (token.android_attestation.software_encoded.algorithm) {
       card.querySelector('.softwareEnforced .algorithm').textContent

u2f-ref-code/java/src/com/google/u2f/codec/RawMessageCodec.java

@@ -6,20 +6,20 @@
 
 package com.google.u2f.codec;
 
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
 import com.google.u2f.U2FException;
 import com.google.u2f.key.messages.AuthenticateRequest;
 import com.google.u2f.key.messages.AuthenticateResponse;
 import com.google.u2f.key.messages.RegisterRequest;
 import com.google.u2f.key.messages.RegisterResponse;
+import com.google.u2f.tools.X509Util;
+
+import org.bouncycastle.util.Arrays;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.cert.X509Certificate;
 
 /**
  * Raw message formats, as per FIDO U2F: Raw Message Formats - Draft 4
@@ -61,15 +61,11 @@ public static byte[] encodeRegisterResponse(RegisterResponse registerResponse)
       throws U2FException {
     byte[] userPublicKey = registerResponse.getUserPublicKey();
     byte[] keyHandle = registerResponse.getKeyHandle();
-    X509Certificate attestationCertificate = registerResponse.getAttestationCertificate();
+    X509Certificate[] attestationCertificateChain = registerResponse.getAttestationCertificateChain();
     byte[] signature = registerResponse.getSignature();
 
     byte[] attestationCertificateBytes;
-    try {
-      attestationCertificateBytes = attestationCertificate.getEncoded();
-    } catch (CertificateEncodingException e) {
-      throw new U2FException("Error when encoding attestation certificate.", e);
-    }
+    attestationCertificateBytes = X509Util.encodeCertArray(attestationCertificateChain);
 
     if (keyHandle.length > 255) {
       throw new U2FException("keyHandle length cannot be longer than 255 bytes!");
@@ -95,10 +91,14 @@ public static RegisterResponse decodeRegisterResponse(byte[] data) throws U2FExc
       inputStream.readFully(userPublicKey);
       byte[] keyHandle = new byte[inputStream.readUnsignedByte()];
       inputStream.readFully(keyHandle);
-      X509Certificate attestationCertificate = (X509Certificate) CertificateFactory.getInstance(
-          "X.509").generateCertificate(inputStream);
-      byte[] signature = new byte[inputStream.available()];
-      inputStream.readFully(signature);
+
+      // We don't know the length of the signature or cert chain, so we tread carefully
+      byte[] certsAndsig = new byte[inputStream.available()];
+      inputStream.readFully(certsAndsig);
+
+      X509Certificate[] attestationCertificateChain = X509Util.parseCertificateChain(certsAndsig);
+      byte[] signature = Arrays.copyOfRange(certsAndsig,
+          X509Util.encodeCertArray(attestationCertificateChain).length, certsAndsig.length);
 
       if (inputStream.available() != 0) {
         throw new U2FException("Message ends with unexpected data");
@@ -110,11 +110,9 @@ public static RegisterResponse decodeRegisterResponse(byte[] data) throws U2FExc
             REGISTRATION_RESERVED_BYTE_VALUE, reservedByte));
       }
 
-      return new RegisterResponse(userPublicKey, keyHandle, attestationCertificate, signature);
+      return new RegisterResponse(userPublicKey, keyHandle, attestationCertificateChain, signature);
     } catch (IOException e) {
       throw new U2FException("Error when parsing raw RegistrationResponse", e);
-    } catch (CertificateException e) {
-      throw new U2FException("Error when parsing attestation certificate", e);
     }
   }
 

u2f-ref-code/java/src/com/google/u2f/key/impl/U2FKeyReferenceImpl.java

@@ -6,13 +6,6 @@
 
 package com.google.u2f.key.impl;
 
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.logging.Logger;
-
-import org.apache.commons.codec.binary.Hex;
-
 import com.google.u2f.U2FException;
 import com.google.u2f.codec.RawMessageCodec;
 import com.google.u2f.key.Crypto;
@@ -26,21 +19,28 @@
 import com.google.u2f.key.messages.RegisterRequest;
 import com.google.u2f.key.messages.RegisterResponse;
 
+import org.apache.commons.codec.binary.Hex;
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.logging.Logger;
+
 public class U2FKeyReferenceImpl implements U2FKey {
   private static final Logger Log = Logger.getLogger(U2FKeyReferenceImpl.class.getName());
 
-  private final X509Certificate vendorCertificate;
+  private final X509Certificate[] vendorCertificateChain;
   private final PrivateKey certificatePrivateKey;
   private final KeyPairGenerator keyPairGenerator;
   private final KeyHandleGenerator keyHandleGenerator;
   private final DataStore dataStore;
   private final UserPresenceVerifier userPresenceVerifier;
   private final Crypto crypto;
 
-  public U2FKeyReferenceImpl(X509Certificate vendorCertificate, PrivateKey certificatePrivateKey,
+  public U2FKeyReferenceImpl(X509Certificate[] vendorCertificateChain, PrivateKey certificatePrivateKey,
       KeyPairGenerator keyPairGenerator, KeyHandleGenerator keyHandleGenerator,
       DataStore dataStore, UserPresenceVerifier userPresenceVerifier, Crypto crypto) {
-    this.vendorCertificate = vendorCertificate;
+    this.vendorCertificateChain = vendorCertificateChain;
     this.certificatePrivateKey = certificatePrivateKey;
     this.keyPairGenerator = keyPairGenerator;
     this.keyHandleGenerator = keyHandleGenerator;
@@ -81,12 +81,12 @@ public RegisterResponse register(RegisterRequest registerRequest) throws U2FExce
     Log.info(" -- Outputs --");
     Log.info("  userPublicKey: " + Hex.encodeHexString(userPublicKey));
     Log.info("  keyHandle: " + Hex.encodeHexString(keyHandle));
-    Log.info("  vendorCertificate: " + vendorCertificate);
+    Log.info("  vendorCertificate: " + vendorCertificateChain);
     Log.info("  signature: " + Hex.encodeHexString(signature));
 
     Log.info("<< register");
 
-    return new RegisterResponse(userPublicKey, keyHandle, vendorCertificate, signature);
+    return new RegisterResponse(userPublicKey, keyHandle, vendorCertificateChain, signature);
   }
 
   @Override

u2f-ref-code/java/src/com/google/u2f/key/messages/RegisterResponse.java

@@ -13,15 +13,15 @@
 public class RegisterResponse extends U2FResponse {
   private final byte[] userPublicKey;
   private final byte[] keyHandle;
-  private final X509Certificate attestationCertificate;
+  private final X509Certificate[] attestationCertificateChain;
   private final byte[] signature;
 
   public RegisterResponse(byte[] userPublicKey, byte[] keyHandle,
-      X509Certificate attestationCertificate, byte[] signature) {
+      X509Certificate[] attestationCertificateChain, byte[] signature) {
     super();
     this.userPublicKey = userPublicKey;
     this.keyHandle = keyHandle;
-    this.attestationCertificate = attestationCertificate;
+    this.attestationCertificateChain = attestationCertificateChain;
     this.signature = signature;
   }
 
@@ -43,10 +43,10 @@ public byte[] getKeyHandle() {
   }
 
   /**
-   * This is a X.509 certificate.
+   * This is a X.509 certificate chain.
    */
-  public X509Certificate getAttestationCertificate() {
-    return attestationCertificate;
+  public X509Certificate[] getAttestationCertificateChain() {
+    return attestationCertificateChain;
   }
 
   /** This is a ECDSA signature (on P-256) */
@@ -56,7 +56,7 @@ public byte[] getSignature() {
 
   @Override
   public int hashCode() {
-    return Objects.hash(userPublicKey, keyHandle, attestationCertificate, signature);
+    return Objects.hash(userPublicKey, keyHandle, attestationCertificateChain, signature);
   }
 
   @Override
@@ -71,6 +71,6 @@ public boolean equals(Object obj) {
     return Arrays.equals(userPublicKey, other.userPublicKey)
         && Arrays.equals(keyHandle, other.keyHandle)
         && Arrays.equals(signature, other.signature)
-        && Objects.equals(attestationCertificate, other.attestationCertificate);
+        && Objects.equals(attestationCertificateChain, other.attestationCertificateChain);
   }
 }

u2f-ref-code/java/src/com/google/u2f/server/data/SecurityKeyData.java

@@ -36,14 +36,14 @@ public String toString() {
   private final List<Transports> transports;
   private final byte[] keyHandle;
   private final byte[] publicKey;
-  private final X509Certificate attestationCert;
+  private final X509Certificate[] attestationCertChain;
   private int counter;
 
   public SecurityKeyData(
       long enrollmentTime,
       byte[] keyHandle,
       byte[] publicKey,
-      X509Certificate attestationCert,
+      X509Certificate[] attestationCert,
       int counter) {
     this(enrollmentTime, null /* transports */, keyHandle, publicKey, attestationCert, counter);
   }
@@ -53,13 +53,13 @@ public SecurityKeyData(
       List<Transports> transports,
       byte[] keyHandle,
       byte[] publicKey,
-      X509Certificate attestationCert,
+      X509Certificate[] attestationCertChain,
       int counter) {
     this.enrollmentTime = enrollmentTime;
     this.transports = transports;
     this.keyHandle = keyHandle;
     this.publicKey = publicKey;
-    this.attestationCert = attestationCert;
+    this.attestationCertChain = attestationCertChain;
     this.counter = counter;
   }
 
@@ -82,8 +82,8 @@ public byte[] getPublicKey() {
     return publicKey;
   }
 
-  public X509Certificate getAttestationCertificate() {
-    return attestationCert;
+  public X509Certificate[] getAttestationCertificateChain() {
+    return attestationCertChain;
   }
 
   public int getCounter() {
@@ -101,7 +101,7 @@ public int hashCode() {
         transports,
         keyHandle,
         publicKey,
-        attestationCert,
+        attestationCertChain,
         counter);
   }
 
@@ -115,7 +115,7 @@ public boolean equals(Object obj) {
         && (this.enrollmentTime == that.enrollmentTime)
         && containSameTransports(this.transports, that.transports)
         && Arrays.equals(this.publicKey, that.publicKey)
-        && Objects.equals(this.attestationCert, that.attestationCert)
+        && Arrays.equals(this.attestationCertChain, that.attestationCertChain)
         && Objects.equals(counter, counter);
   }
 
@@ -149,7 +149,8 @@ public String toString() {
       .append(counter)
       .append("\n")
       .append("attestation certificate:\n")
-      .append(attestationCert.toString())
+      .append(attestationCertChain.toString())
+      .append("\n")
       .append("transports: ")
       .append(transports)
       .append("\n")