diff options
author | Eran Messeri <eranm@google.com> | 2021-07-23 10:54:28 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-23 10:54:28 +0000 |
commit | d8b20aab73fa79f787fc493c076241c01bba969e (patch) | |
tree | 3b30fc7652eb39cffe49e7714cb6a196b9d01d75 | |
parent | 0d0a4cd3f759741080d210c3a9f0c9962a130342 (diff) | |
parent | c67d8aef21ecad80c4f83cc63da80534651c5c12 (diff) | |
download | android-key-attestation-d8b20aab73fa79f787fc493c076241c01bba969e.tar.gz |
Merge pull request #8 from veehaitch/set-of-user-auth-type
Change UserAuthType to Set of Enum
-rw-r--r-- | server/src/main/java/com/google/android/attestation/AuthorizationList.java | 35 | ||||
-rw-r--r-- | server/src/test/java/com/google/android/attestation/AuthorizationListTest.java | 14 |
2 files changed, 32 insertions, 17 deletions
diff --git a/server/src/main/java/com/google/android/attestation/AuthorizationList.java b/server/src/main/java/com/google/android/attestation/AuthorizationList.java index 9c6a515..c27e4bd 100644 --- a/server/src/main/java/com/google/android/attestation/AuthorizationList.java +++ b/server/src/main/java/com/google/android/attestation/AuthorizationList.java @@ -102,7 +102,7 @@ public class AuthorizationList { public final Optional<Instant> originationExpireDateTime; public final Optional<Instant> usageExpireDateTime; public final boolean noAuthRequired; - public final Optional<UserAuthType> userAuthType; + public final Optional<Set<UserAuthType>> userAuthType; public final Optional<Duration> authTimeout; public final boolean allowWhileOnBody; public final boolean trustedUserPresenceRequired; @@ -284,23 +284,34 @@ public class AuthorizationList { return Optional.ofNullable(entry).map(ASN1OctetString::getOctets); } - private static Optional<UserAuthType> findOptionalUserAuthType( + private static Optional<Set<UserAuthType>> findOptionalUserAuthType( Map<Integer, ASN1Primitive> authorizationMap, int tag) { Optional<Long> userAuthType = findOptionalLongAuthorizationListEntry(authorizationMap, tag); return userAuthType.map(AuthorizationList::userAuthTypeToEnum); } // Visible for testing. - static UserAuthType userAuthTypeToEnum(long userAuthType) { - if (userAuthType == 0L) { - return USER_AUTH_TYPE_NONE; - } else if (userAuthType == 1L) { - return PASSWORD; - } else if (userAuthType == 2L) { - return FINGERPRINT; - } else if (userAuthType == UINT32_MAX) { - return USER_AUTH_TYPE_ANY; + static Set<UserAuthType> userAuthTypeToEnum(long userAuthType) { + if (userAuthType == 0) { + return Set.of(USER_AUTH_TYPE_NONE); } - throw new IllegalArgumentException("Invalid User Auth Type."); + + Set<UserAuthType> result = new HashSet<>(); + + if ((userAuthType & 1L) == 1L) { + result.add(PASSWORD); + } + if ((userAuthType & 2L) == 2L) { + result.add(FINGERPRINT); + } + if (userAuthType == UINT32_MAX) { + result.add(USER_AUTH_TYPE_ANY); + } + + if (result.isEmpty()) { + throw new IllegalArgumentException("Invalid User Auth Type."); + } + + return result; } } diff --git a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java index 12fa97a..226203d 100644 --- a/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java +++ b/server/src/test/java/com/google/android/attestation/AuthorizationListTest.java @@ -28,6 +28,8 @@ import static org.junit.Assert.fail; import com.google.common.collect.ImmutableSet; import java.io.IOException; import java.time.Instant; +import java.util.Set; + import org.bouncycastle.asn1.ASN1Encodable; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.util.encoders.Base64; @@ -136,13 +138,15 @@ public class AuthorizationListTest { @Test public void testUserAuthTypeToEnum() { - assertThat(userAuthTypeToEnum(0L)).isEqualTo(USER_AUTH_TYPE_NONE); - assertThat(userAuthTypeToEnum(1L)).isEqualTo(PASSWORD); - assertThat(userAuthTypeToEnum(2L)).isEqualTo(FINGERPRINT); - assertThat(userAuthTypeToEnum(UINT32_MAX)).isEqualTo(USER_AUTH_TYPE_ANY); + assertThat(userAuthTypeToEnum(0L)).isEqualTo(Set.of(USER_AUTH_TYPE_NONE)); + assertThat(userAuthTypeToEnum(1L)).isEqualTo(Set.of(PASSWORD)); + assertThat(userAuthTypeToEnum(2L)).isEqualTo(Set.of(FINGERPRINT)); + assertThat(userAuthTypeToEnum(3L)).isEqualTo(Set.of(PASSWORD, FINGERPRINT)); + assertThat(userAuthTypeToEnum(UINT32_MAX)).isEqualTo(Set.of(PASSWORD, FINGERPRINT, USER_AUTH_TYPE_ANY)); + try { - userAuthTypeToEnum(3L); + userAuthTypeToEnum(4L); fail(); } catch (IllegalArgumentException expected) { assertThat(expected).hasMessageThat().contains("Invalid User Auth Type."); |