inabajunmr

cbor = Dissector.get("cbor")
iso7816 = Dissector.get("iso7816")
ctap_proto = Proto("ctaphid","ctap hid")
-- Field Extractor
direction_fe = Field.new("usb.endpoint_address.direction")
udp_srcport_fe = Field.new("udp.srcport")

CTAPHID_COMMAND_CODE = {
    [0x03]='CTAPHID_MSG',
    [0x10]='CTAPHID_CBOR',

inabajunmr

https://datatracker.ietf.org/doc/html/rfc8446

1. Introduction

• TLS は 2 つのピア間の通信にセキュアなチャンネルを提供する
• 下の層の通信には信頼できる、順序の正しいストリームだけが要求される
  • (TCP であることは前提ではない？)
• セキュアなチャンネルが提供するもの
  • 認証
• サーバーサイドは必須、クライアントサイドはオプション

inabajunmr

name	OAuth 2.0 https://www.rfc-editor.org/rfc/rfc7591	OIDC https://openid.net/specs/openid-connect-registration-1_0.html
redirect_uris	Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows. As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value.	REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] (Simple String Comparison).
token_endpoint_auth_method	String indicator of the requested authentication method for the token

inabajunmr

paramter	OAuth 2.0	OIDC
issuer	REQUIRED. The authorization server's issuer identifier, which isa URL that uses the "https" scheme and has no query or fragmentcomponents. Authorization server metadata is published at alocation that is ".well-known" according to RFC 5785 [RFC5785]derived from this issuer identifier, as described in Section 3.The issuer identifier is used to prevent authorization server mix-up attacks, as described in "OAuth 2.0 Mix-Up Mitigation"[MIX-UP].	REQUIRED. URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. If Issuer discovery is supported (see Section 2), this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.
authorization_endpoint	URL of the authorization server's authorization endpoint[RFC6749]. This is REQUIRED unless no grant types are supportedthat use the authorization endpoint.	REQUIRED. URL

inabajunmr

Web Authentication: An API for accessing Public Key Credentials Level 3

Editor’s Draft, 6 April 2022

5. Web Authentication API

5.4. Options for Credential Creation (dictionary PublicKeyCredentialCreationOptions)

dictionary PublicKeyCredentialCreationOptions {

inabajunmr

//reference https://qiita.com/phenan/items/df157fef2fea590e3fa9

function shuntingYard2(input: string): string {
  let i = 0;
  const stack = ['$'];
  let output = '';
  while (input.length >= i) {
    const c = input.charAt(i)
    if (stackPriority(stack[stack.length - 1]) > inputPriority(c)) {
      let s = stack.pop();

inabajunmr

//reference https://qiita.com/phenan/items/df157fef2fea590e3fa9

function shuntingYard1(input: string): string {
  let i = 0;
  const stack = ['$'];
  let output = '';
  while (input.length >= i) {
    const c = input.charAt(i)
    if (priority(stack[stack.length - 1]) > priority(c)) {
      output = output + stack.pop();

inabajunmr

Web Authentication: An API for accessing Public Key Credentials Level 3

Editor’s Draft, 6 April 2022

7. WebAuthn Relying Party Operations

A registration or authentication ceremony begins with the WebAuthn Relying Party creating a PublicKeyCredentialCreationOptions or PublicKeyCredentialRequestOptions object, respectively, which encodes the parameters for the ceremony. The Relying Party SHOULD take care to not leak sensitive information during this stage; see § 14.6.2 Username Enumeration for details.

登録や認証セレモニーは WebAuthn Relying Party が PublicKeyCredentialCreationOptions もしくは PublicKeyCredentialRequestOptions を作成し、それぞれ[セレモニー](https://w3c.github

inabajunmr

Pairwise Testing in Real World

http://www.pairwise.org/docs/pnsqc2006/PNSQC%20140%20-%20Jacek%20Czerwonka%20-%20Pairwise%20Testing%20-%20BW.pdf

ABSTRACT

Pairwise testing has become an indispensable tool in a software tester’s toolbox. The technique has been known for almost twenty years [22] but it is the last five years that we have seen a tremendous increase in its popularity.

ペアワイズテスティングはソフトウェアテスターにとって欠かせないツールとなりました。この手法はここほぼ20年のうちによく知られるようになりましたが、特に最近の5年でものすごく人気になりました。

inabajunmr

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;

public class Main {

    private final static String base64chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

    public static void main(String[] args) {