Add Apple attestation #5165

Thumimku · 2023-11-15T08:47:05Z

Proposed changes in this pull request

Implementation of the ClientAttestationValidator interface specific to Apple attestation.
This class validates attestation responses from Apple devices, ensuring the integrity and authenticity of the attested information.
The validation process involves decoding the Base64-encoded attestation object, parsing the CBOR data, and performing various checks on the attestation statement and authentication data.
Additionally, it validates the certificate chain using the Apple Root CA and ensures that the reply party Id matches the configured Apple App ID.
This method developed using following documentation Validating Apps That Connect to Your Servers

Two additional config parameters added with this fix.

<AppleAttestationRootCertificatePath>
${carbon.home}/repository/resources/identity/apple/attestation/apple_attestation_root_ca.pem
</AppleAttestationRootCertificatePath>

In the context of PKIX (Public Key Infrastructure for X.509), revocation refers to the process of declaring a digital certificate as invalid before its natural expiration date. In Development this is not necessary, hence provide a config to configure revocation.
<AppleAttestationRevocationCheckEnabled>false</AppleAttestationRevocationCheckEnabled>

...o2/carbon/identity/client/attestation/mgt/internal/ClientAttestationMgtServiceComponent.java

...a/org/wso2/carbon/identity/client/attestation/mgt/services/ClientAttestationServiceImpl.java

...va/org/wso2/carbon/identity/client/attestation/mgt/validators/AppleAttestationValidator.java

jenkins-is-staging · 2023-11-15T09:22:32Z

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6875207565

jenkins-is-staging · 2023-11-15T12:32:12Z

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6875207565
Status: cancelled

jenkins-is-staging · 2023-11-15T12:33:03Z

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6877323899

jenkins-is-staging · 2023-11-15T18:34:03Z

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6877323899
Status: cancelled

jenkins-is-staging · 2023-11-15T18:43:30Z

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6881564107

jenkins-is-staging · 2023-11-16T00:44:40Z

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6881564107
Status: cancelled

jenkins-is-staging · 2023-11-16T04:39:11Z

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6886406037

jenkins-is-staging · 2023-11-16T06:36:56Z

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6886406037
Status: failure

jenkins-is-staging · 2023-11-16T07:36:38Z

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6887687116

jenkins-is-staging · 2023-11-16T09:10:19Z

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6887687116
Status: success

jenkins-is-staging

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/6887687116

Thumimku added 7 commits November 13, 2023 14:13

init

0675b3a

imporve apple validation

bc3d9de

compress

898ba1a

add apple attestation

bcd5e1f

add config for apple validation

48012ca

imporve methods

2b0ad60

imporve methods

ed7feb9