fix(jans-fido2): implement processAaidEntry to store AAID-keyed TOC e… by imran-ishaq · Pull Request #13993 · JanssenProject/jans (original) (raw)

Description

Implements processAaidEntry in TocService to store FIDO UAF authenticator metadata entries (identified by aaid) into tocEntries during MDS TOC parsing. Previously the aaid branch was a no-op TODO debug log, meaning all UAF authenticator entries were silently dropped at startup. The new method mirrors processAaguidEntry — it runs status verification, checks for metadataStatement, and inserts the entry keyed by AAID — making tocEntries consistent across all three identifier types (aaguid, aaid, attestationCertificateKeyIdentifiers).

Target issue

FIDO UAF authenticator entries in the MDS TOC blob carry an aaid field instead of aaguid. The processMetadataEntries method in TocService parsed all three identifier types but only stored entries for aaguid and attestationCertificateKeyIdentifiers. The aaid branch had a TODO comment and did nothing, causing all UAF authenticator metadata to be silently dropped and never available for future lookup. This is step 1 of full AAID support — storing the entries; a follow-up will wire up the downstream lookup path in MdsService and the relevant attestation processors.

closes #issue-number-here

Implementation Details

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #13994,

Summary by CodeRabbit

• Bug Fixes
  • Improved metadata processing for authenticators identified by AAID values, with proper status validation and error handling. Previously incomplete implementation now fully functional, mirroring the existing AAGUID handling flow.