https://datatracker.ietf.org/doc/html/rfc8446
- TLS は 2 つのピア間の通信にセキュアなチャンネルを提供する
- 下の層の通信には信頼できる、順序の正しいストリームだけが要求される
- (TCP であることは前提ではない?)
- セキュアなチャンネルが提供するもの
- 認証
- サーバーサイドは必須、クライアントサイドはオプション
cbor = Dissector.get("cbor") | |
iso7816 = Dissector.get("iso7816") | |
ctap_proto = Proto("ctaphid","ctap hid") | |
-- Field Extractor | |
direction_fe = Field.new("usb.endpoint_address.direction") | |
udp_srcport_fe = Field.new("udp.srcport") | |
CTAPHID_COMMAND_CODE = { | |
[0x03]='CTAPHID_MSG', | |
[0x10]='CTAPHID_CBOR', |
https://datatracker.ietf.org/doc/html/rfc8446
name | OAuth 2.0 https://www.rfc-editor.org/rfc/rfc7591 |
OIDC https://openid.net/specs/openid-connect-registration-1_0.html |
---|---|---|
redirect_uris | Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value. |
REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison). |
token_endpoint_auth_method | String indicator of the requested authentication method for the token |
paramter | OAuth 2.0 | OIDC |
---|---|---|
issuer | REQUIRED. The authorization server's issuer identifier, which isa URL that uses the "https" scheme and has no query or fragmentcomponents. Authorization server metadata is published at alocation that is ".well-known" according to RFC 5785 [RFC5785]derived from this issuer identifier, as described in Section 3.The issuer identifier is used to prevent authorization server mix-up attacks, as described in "OAuth 2.0 Mix-Up Mitigation"[MIX-UP]. | REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer. |
authorization_endpoint | URL of the authorization server's authorization endpoint[RFC6749]. This is REQUIRED unless no grant types are supportedthat use the authorization endpoint. | REQUIRED. URL |
Web Authentication: An API for accessing Public Key Credentials Level 3
Editor’s Draft, 6 April 2022
dictionary PublicKeyCredentialCreationOptions {
//reference https://qiita.com/phenan/items/df157fef2fea590e3fa9 | |
function shuntingYard2(input: string): string { | |
let i = 0; | |
const stack = ['$']; | |
let output = ''; | |
while (input.length >= i) { | |
const c = input.charAt(i) | |
if (stackPriority(stack[stack.length - 1]) > inputPriority(c)) { | |
let s = stack.pop(); |
//reference https://qiita.com/phenan/items/df157fef2fea590e3fa9 | |
function shuntingYard1(input: string): string { | |
let i = 0; | |
const stack = ['$']; | |
let output = ''; | |
while (input.length >= i) { | |
const c = input.charAt(i) | |
if (priority(stack[stack.length - 1]) > priority(c)) { | |
output = output + stack.pop(); |
Web Authentication: An API for accessing Public Key Credentials Level 3
Editor’s Draft, 6 April 2022
A registration or authentication ceremony begins with the WebAuthn Relying Party creating a PublicKeyCredentialCreationOptions or PublicKeyCredentialRequestOptions object, respectively, which encodes the parameters for the ceremony. The Relying Party SHOULD take care to not leak sensitive information during this stage; see § 14.6.2 Username Enumeration for details.
登録や認証セレモニーは WebAuthn Relying Party が PublicKeyCredentialCreationOptions もしくは PublicKeyCredentialRequestOptions を作成し、それぞれ[セレモニー](https://w3c.github
Pairwise testing has become an indispensable tool in a software tester’s toolbox. The technique has been known for almost twenty years [22] but it is the last five years that we have seen a tremendous increase in its popularity.
ペアワイズテスティングはソフトウェアテスターにとって欠かせないツールとなりました。この手法はここほぼ20年のうちによく知られるようになりましたが、特に最近の5年でものすごく人気になりました。
import java.util.ArrayList; | |
import java.util.Arrays; | |
import java.util.Base64; | |
import java.util.List; | |
public class Main { | |
private final static String base64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; | |
public static void main(String[] args) { |