web-eid · SanderKondratjevNortal · Jun 20, 2025
diff --git a/src/main/java/eu/webeid/security/authtoken/SupportedSignatureAlgorithm.java b/src/main/java/eu/webeid/security/authtoken/SupportedSignatureAlgorithm.java
@@ -0,0 +1,31 @@
+package eu.webeid.security.authtoken;
+
+public class SupportedSignatureAlgorithm {
+    private String cryptoAlgorithm;
+    private String hashFunction;
+    private String paddingScheme;
+
+    public String getCryptoAlgorithm() {
+        return cryptoAlgorithm;
+    }
+
+    public void setCryptoAlgorithm(String cryptoAlgorithm) {
+        this.cryptoAlgorithm = cryptoAlgorithm;
+    }
+
+    public String getHashFunction() {
+        return hashFunction;
+    }
+
+    public void setHashFunction(String hashFunction) {
+        this.hashFunction = hashFunction;
+    }
+
+    public String getPaddingScheme() {
+        return paddingScheme;
+    }
+
+    public void setPaddingScheme(String paddingScheme) {
+        this.paddingScheme = paddingScheme;
+    }
+}
diff --git a/src/main/java/eu/webeid/security/authtoken/WebEidAuthToken.java b/src/main/java/eu/webeid/security/authtoken/WebEidAuthToken.java
@@ -24,6 +24,8 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 
+import java.util.List;
+
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class WebEidAuthToken {
 
@@ -32,6 +34,10 @@ public class WebEidAuthToken {
     private String algorithm;
     private String format;
 
+    // NFC-specific fields
+    private String unverifiedSigningCertificate;
+    private List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms;
+
     public String getUnverifiedCertificate() {
         return unverifiedCertificate;
     }
@@ -64,4 +70,19 @@ public void setFormat(String format) {
         this.format = format;
     }
 
+    public String getUnverifiedSigningCertificate() {
+        return unverifiedSigningCertificate;
+    }
+
+    public void setUnverifiedSigningCertificate(String unverifiedSigningCertificate) {
+        this.unverifiedSigningCertificate = unverifiedSigningCertificate;
+    }
+
+    public List<SupportedSignatureAlgorithm> getSupportedSignatureAlgorithms() {
+        return supportedSignatureAlgorithms;
+    }
+
+    public void setSupportedSignatureAlgorithms(List<SupportedSignatureAlgorithm> supportedSignatureAlgorithms) {
+        this.supportedSignatureAlgorithms = supportedSignatureAlgorithms;
+    }
 }
diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidator.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidator.java
@@ -35,6 +35,7 @@
 public interface AuthTokenValidator {
 
     String CURRENT_TOKEN_FORMAT_VERSION = "web-eid:1";
+    String CURRENT_NFC_TOKEN_FORMAT_VERSION = "web-eid:1.1";
 
     /**
      * Parses the Web eID authentication token signed by the subject.

diff --git a/src/main/java/eu/webeid/security/validator/AuthTokenValidatorImpl.java b/src/main/java/eu/webeid/security/validator/AuthTokenValidatorImpl.java
@@ -68,6 +68,7 @@ final class AuthTokenValidatorImpl implements AuthTokenValidator {
     private OcspClient ocspClient;
     private OcspServiceProvider ocspServiceProvider;
     private final AuthTokenSignatureValidator authTokenSignatureValidator;
+    private final NfcAuthTokenValidator nfcAuthTokenValidator;
 
     /**
      * @param configuration configuration parameters for the token validator
@@ -86,6 +87,11 @@ final class AuthTokenValidatorImpl implements AuthTokenValidator {
             new SubjectCertificatePolicyValidator(configuration.getDisallowedSubjectCertificatePolicies())::validateCertificatePolicies
         );
 
+        this.nfcAuthTokenValidator = new NfcAuthTokenValidator(
+            simpleSubjectCertificateValidators,
+            getCertTrustValidators()
+        );
+
         if (configuration.isUserCertificateRevocationCheckWithOcspEnabled()) {
             // The OCSP client may be provided by the API consumer.
             this.ocspClient = Objects.requireNonNull(ocspClient, "OCSP client must not be null when OCSP check is enabled");
@@ -155,6 +161,10 @@ private X509Certificate validateToken(WebEidAuthToken token, String currentChall
         }
         final X509Certificate subjectCertificate = CertificateLoader.decodeCertificateFromBase64(token.getUnverifiedCertificate());
 
+        if (token.getFormat().startsWith(CURRENT_NFC_TOKEN_FORMAT_VERSION)) {
+            nfcAuthTokenValidator.validate(token, subjectCertificate);
+        }
+
         simpleSubjectCertificateValidators.executeFor(subjectCertificate);
         getCertTrustValidators().executeFor(subjectCertificate);
 

diff --git a/src/main/java/eu/webeid/security/validator/NfcAuthTokenValidator.java b/src/main/java/eu/webeid/security/validator/NfcAuthTokenValidator.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2020-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.security.validator;
+
+import eu.webeid.security.authtoken.SupportedSignatureAlgorithm;
+import eu.webeid.security.authtoken.WebEidAuthToken;
+import eu.webeid.security.certificate.CertificateLoader;
+import eu.webeid.security.exceptions.AuthTokenException;
+import eu.webeid.security.exceptions.AuthTokenParseException;
+import eu.webeid.security.validator.certvalidators.SubjectCertificateValidatorBatch;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Set;
+
+import static eu.webeid.security.util.Strings.isNullOrEmpty;
+
+public class NfcAuthTokenValidator {
+
+    private final SubjectCertificateValidatorBatch simpleSubjectCertificateValidators;
+    private final SubjectCertificateValidatorBatch certTrustValidators;
+
+    NfcAuthTokenValidator(
+        SubjectCertificateValidatorBatch simpleSubjectCertificateValidators,
+        SubjectCertificateValidatorBatch certTrustValidators
+    ) {
+        this.simpleSubjectCertificateValidators = simpleSubjectCertificateValidators;
+        this.certTrustValidators = certTrustValidators;
+    }
+
+    void validate(WebEidAuthToken token, X509Certificate subjectCertificate) throws AuthTokenException {
+        if (isNullOrEmpty(token.getUnverifiedSigningCertificate())) {
+            throw new AuthTokenParseException("'unverifiedSigningCertificate' field is missing, null or empty for format 'web-eid:1.1'");
+        }
+
+        if (token.getSupportedSignatureAlgorithms() == null || token.getSupportedSignatureAlgorithms().isEmpty()) {
+            throw new AuthTokenParseException("'supportedSignatureAlgorithms' field is missing");
+        }
+
+        validateSupportedSignatureAlgorithms(token.getSupportedSignatureAlgorithms());
+
+        final X509Certificate signingCertificate = CertificateLoader.decodeCertificateFromBase64(token.getUnverifiedSigningCertificate());
+
+        if (!subjectCertificate.getSubjectX500Principal().equals(signingCertificate.getSubjectX500Principal())) {
+            throw new AuthTokenParseException("Signing certificate subject does not match authentication certificate subject");
+        }
+
+        simpleSubjectCertificateValidators.executeFor(signingCertificate);
+        certTrustValidators.executeFor(signingCertificate);
+    }
+
+    private static void validateSupportedSignatureAlgorithms(List<SupportedSignatureAlgorithm> algorithms) throws AuthTokenParseException {
+        boolean hasInvalid = algorithms.stream().anyMatch(supportedSignatureAlgorithm ->
+                   !isValidCryptoAlgorithm(supportedSignatureAlgorithm.getCryptoAlgorithm())
+                || !isValidHashFunction(supportedSignatureAlgorithm.getHashFunction())
+                || !isValidPaddingScheme(supportedSignatureAlgorithm.getPaddingScheme())
+        );
+
+        if (hasInvalid) {
+            throw new AuthTokenParseException("Unsupported signature algorithm");
+        }
+    }
+
+    private static boolean isValidCryptoAlgorithm(String value) {
+        return "RSA".equals(value) || "ECC".equals(value);
+    }
+
+    private static boolean isValidHashFunction(String value) {
+        return Set.of(
+            "SHA-224", "SHA-256", "SHA-384", "SHA-512",
+            "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"
+        ).contains(value);
+    }
+
+    private static boolean isValidPaddingScheme(String value) {
+        return "NONE".equals(value) || "PKCS1.5".equals(value) || "PSS".equals(value);
+    }
+}
diff --git a/src/test/java/eu/webeid/security/testutil/AbstractTestWithValidator.java b/src/test/java/eu/webeid/security/testutil/AbstractTestWithValidator.java
@@ -22,6 +22,8 @@
 
 package eu.webeid.security.testutil;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
 import org.junit.jupiter.api.BeforeEach;
 import eu.webeid.security.authtoken.WebEidAuthToken;
 import eu.webeid.security.exceptions.AuthTokenException;
@@ -30,11 +32,9 @@
 import java.io.IOException;
 import java.security.cert.CertificateException;
 
-import static eu.webeid.security.testutil.AuthTokenValidators.getAuthTokenValidator;
-
 public abstract class AbstractTestWithValidator {
 
-    /* 
+    /*
      * notBefore Time UTCTime 2021-07-22 12:43:08 UTC
      *  notAfter Time UTCTime 2026-07-09 21:59:59 UTC
      */
@@ -43,16 +43,26 @@ public abstract class AbstractTestWithValidator {
         "\"appVersion\":\"https://web-eid.eu/web-eid-app/releases/2.5.0+0\"," +
         "\"signature\":\"0Ov7ME6pTY1K2GXMj8Wxov/o2fGIMEds8OMY5dKdkB0nrqQX7fG1E5mnsbvyHpMDecMUH6Yg+p1HXdgB/lLqOcFZjt/OVXPjAAApC5d1YgRYATDcxsR1zqQwiNcHdmWn\"," +
         "\"format\":\"web-eid:1.0\"}";
+
+    public static final String VALID_NFC_AUTH_TOKEN = "{\"algorithm\":\"ES384\"," +
+        "\"unverifiedCertificate\":\"MIIEBDCCA2WgAwIBAgIQY5OGshxoPMFg+Wfc0gFEaTAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTIxMDcyMjEyNDMwOFoXDTI2MDcwOTIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQmwEKsJTjaMHSaZj19hb9EJaJlwbKc5VFzmlGMFSJVk4dDy+eUxa5KOA7tWXqzcmhh5SYdv+MxcaQKlKWLMa36pfgv20FpEDb03GCtLqjLTRZ7649PugAQ5EmAqIic29CjggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFPlp/ceABC52itoqppEmbf71TJz6MGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgDCAgybz0u3W+tGI+AX+PiI5CrE9ptEHO5eezR1Jo4j7iGaO0i39xTGUB+NSC7P6AQbyE/ywqJjA1a62jTLcS9GHAJCARxN4NO4eVdWU3zVohCXm8WN3DWA7XUcn9TZiLGQ29P4xfQZOXJi/z4PNRRsR4plvSNB3dfyBvZn31HhC7my8woi\"," +
+        "\"unverifiedSigningCertificate\":\"MIIEBDCCA2WgAwIBAgIQY5OGshxoPMFg+Wfc0gFEaTAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTIxMDcyMjEyNDMwOFoXDTI2MDcwOTIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQmwEKsJTjaMHSaZj19hb9EJaJlwbKc5VFzmlGMFSJVk4dDy+eUxa5KOA7tWXqzcmhh5SYdv+MxcaQKlKWLMa36pfgv20FpEDb03GCtLqjLTRZ7649PugAQ5EmAqIic29CjggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFPlp/ceABC52itoqppEmbf71TJz6MGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgDCAgybz0u3W+tGI+AX+PiI5CrE9ptEHO5eezR1Jo4j7iGaO0i39xTGUB+NSC7P6AQbyE/ywqJjA1a62jTLcS9GHAJCARxN4NO4eVdWU3zVohCXm8WN3DWA7XUcn9TZiLGQ29P4xfQZOXJi/z4PNRRsR4plvSNB3dfyBvZn31HhC7my8woi\"," +
+        "\"supportedSignatureAlgorithms\":[{\"cryptoAlgorithm\":\"RSA\",\"hashFunction\":\"SHA-256\",\"paddingScheme\":\"PKCS1.5\"}]," +
+        "\"appVersion\":\"https://web-eid.eu/web-eid-mobile-app/releases/v1.0.0\"," +
+        "\"signature\":\"0Ov7ME6pTY1K2GXMj8Wxov/o2fGIMEds8OMY5dKdkB0nrqQX7fG1E5mnsbvyHpMDecMUH6Yg+p1HXdgB/lLqOcFZjt/OVXPjAAApC5d1YgRYATDcxsR1zqQwiNcHdmWn\"," +
+        "\"format\":\"web-eid:1.1\"}";
     public static final String VALID_CHALLENGE_NONCE = "12345678123456781234567812345678912356789123";
 
     protected AuthTokenValidator validator;
     protected WebEidAuthToken validAuthToken;
+    protected WebEidAuthToken validNfcAuthToken;
 
     @BeforeEach
     protected void setup() {
         try {
             validator = AuthTokenValidators.getAuthTokenValidator();
             validAuthToken = validator.parse(VALID_AUTH_TOKEN);
+            validNfcAuthToken = validator.parse(VALID_NFC_AUTH_TOKEN);
         } catch (CertificateException | IOException | AuthTokenException e) {
             throw new RuntimeException(e);
         }
@@ -62,4 +72,11 @@ protected WebEidAuthToken replaceTokenField(String token, String field, String v
         final String tokenWithReplacedAlgorithm = token.replace(field, value);
         return validator.parse(tokenWithReplacedAlgorithm);
     }
+
+    protected WebEidAuthToken removeJsonField() throws Exception {
+        ObjectMapper mapper = new ObjectMapper();
+        ObjectNode node = (ObjectNode) mapper.readTree(AbstractTestWithValidator.VALID_NFC_AUTH_TOKEN);
+        node.remove("supportedSignatureAlgorithms");
+        return validator.parse(mapper.writeValueAsString(node));
+    }
 }
diff --git a/src/test/java/eu/webeid/security/validator/AuthTokenAlgorithmTest.java b/src/test/java/eu/webeid/security/validator/AuthTokenAlgorithmTest.java
@@ -59,4 +59,65 @@ void whenAlgorithmInvalid_thenParsingFails() throws AuthTokenException {
             .hasMessage("Unsupported signature algorithm");
     }
 
+    @Test
+    void whenNfcTokenMissingSupportedAlgorithms_thenValidationFails() throws Exception {
+        final WebEidAuthToken token = removeJsonField();
+
+        assertThatThrownBy(() -> validator.validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .hasMessageContaining("'supportedSignatureAlgorithms' field is missing");
+    }
+
+    @Test
+    void whenNfcTokenHasInvalidCryptoAlgorithm_thenValidationFails() throws Exception {
+        final WebEidAuthToken token = replaceTokenField(
+            VALID_NFC_AUTH_TOKEN,
+            "\"cryptoAlgorithm\":\"RSA\"",
+            "\"cryptoAlgorithm\":\"INVALID\""
+        );
+
+        assertThatThrownBy(() -> validator.validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .hasMessage("Unsupported signature algorithm");
+    }
+
+    @Test
+    void whenNfcTokenHasInvalidHashFunction_thenValidationFails() throws Exception {
+        final WebEidAuthToken token = replaceTokenField(
+            VALID_NFC_AUTH_TOKEN,
+            "\"hashFunction\":\"SHA-256\"",
+            "\"hashFunction\":\"NOT_A_HASH\""
+        );
+
+        assertThatThrownBy(() -> validator.validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .hasMessage("Unsupported signature algorithm");
+    }
+
+    @Test
+    void whenNfcTokenHasInvalidPaddingScheme_thenValidationFails() throws Exception {
+        final WebEidAuthToken token = replaceTokenField(
+            VALID_NFC_AUTH_TOKEN,
+            "\"paddingScheme\":\"PKCS1.5\"",
+            "\"paddingScheme\":\"BAD_PADDING\""
+        );
+
+        assertThatThrownBy(() -> validator.validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .hasMessage("Unsupported signature algorithm");
+    }
+
+    @Test
+    void whenNfcTokenHasEmptySupportedAlgorithms_thenValidationFails() throws Exception {
+        final WebEidAuthToken token = replaceTokenField(
+            VALID_NFC_AUTH_TOKEN,
+            "\"supportedSignatureAlgorithms\":[{\"cryptoAlgorithm\":\"RSA\",\"hashFunction\":\"SHA-256\",\"paddingScheme\":\"PKCS1.5\"}]",
+            "\"supportedSignatureAlgorithms\":[]"
+        );
+
+        assertThatThrownBy(() -> validator.validate(token, VALID_CHALLENGE_NONCE))
+            .isInstanceOf(AuthTokenParseException.class)
+            .hasMessage("'supportedSignatureAlgorithms' field is missing");
+    }
+
 }