Hi Forum

Do any of you have a working solution using WebAuthn4j, where you override the PackedAuthenticator to be able to use your own implementation to eg. store the credentials in a repository? Any help is appreciated.

I have a setup, where I use the Yubico library for "real" WebAuthn handling and WebAuthn4j for simulating WebAuthn.
I have a solution, that runs (works) on 0.14.1 of WebAuthn, where the PublicKeyCredentialSource.setPrivateKey takes a "regular" PrivateKey.

But since 0.16.1, this was changed to COSEKey instead. When upgrading to the most recent version of WebAuthn4j, I have tried replacing the privateKey with EC2COSEKey.create((ECPrivateKey) privateKey)

When calling the Yubico library to finish the assertion, I get
AssertionFailedException: java.lang.IllegalArgumentException: Invalid assertion signature.

Old code:
private PublicKeyCredentialSource getValue(Credential credential) {
PrivateKey privateKey;
try {
privateKey = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(credential.getPrivateKey()));
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new IllegalStateException(e);
}

    PublicKeyCredentialSource publicKeyCredentialSource = new PublicKeyCredentialSource();
    publicKeyCredentialSource.setType(PublicKeyCredentialType.create(credential.getType()));
    publicKeyCredentialSource.setId(credential.getCredentialId());
    **publicKeyCredentialSource.setPrivateKey(privateKey);**
    publicKeyCredentialSource.setRpId(credential.getRpId());
    publicKeyCredentialSource.setUserHandle(credential.getUserHandle());

    return publicKeyCredentialSource;
}