Skip to content

Commit

Permalink
Good Bye WebAuthnLite.CBOR1
Browse files Browse the repository at this point in the history
  • Loading branch information
@ritou
ritou committed Dec 3, 2023
1 parent a104819 commit 6110d45
Show file tree
Hide file tree
Showing 6 changed files with 55 additions and 167 deletions.
14 changes: 7 additions & 7 deletions lib/web_authn_lite/attestation_object.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,20 @@ defmodule WebAuthnLite.AttestationObject do
def decode(base64_url_encoded_attestation_object) do
try do
with raw <- base64_url_encoded_attestation_object |> Base.url_decode64!(padding: false),
%{
"authData" => %CBOR.Tag{tag: :bytes, value: auth_data_binary},
"fmt" => fmt,
"attStmt" => att_stmt
} <-
raw |> WebAuthnLite.CBOR.decode!(),
{:ok,
%{
"authData" => %CBOR.Tag{tag: :bytes, value: auth_data_binary},
"fmt" => fmt,
"attStmt" => att_stmt
}, _} <- raw |> CBOR.decode(),
{:ok, auth_data} <-
auth_data_binary
|> WebAuthnLite.AuthenticatorData.from_binary() do
# TODO: handling attestation statement
{:ok, %__MODULE__{auth_data: auth_data, fmt: fmt, att_stmt: att_stmt, raw: raw}}
else
# cbor decode error
{:error, :invalid_trailing_data} -> @rounded_error
{:error, :cbor_function_clause_error} -> @rounded_error
{:error, _} = error -> error
_ -> @rounded_error
end
Expand Down
32 changes: 25 additions & 7 deletions lib/web_authn_lite/attested_credential_data.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,16 @@ defmodule WebAuthnLite.AttestedCredentialData do
https://www.w3.org/TR/webauthn/#sec-attested-credential-data
"""

alias WebAuthnLite.{CredentialPublicKey, CBOR}
alias WebAuthnLite.CredentialPublicKey

defstruct [:aaguid, :authenticator_name, :credential_id, :credential_public_key, :raw]
defstruct [
:aaguid,
:authenticator_name,
:credential_id,
:credential_public_key,
:raw,
:extensions
]

@min_size_of_attested_credential_data 18

Expand All @@ -16,7 +23,8 @@ defmodule WebAuthnLite.AttestedCredentialData do
authenticator_name: String.t(),
credential_id: String.t(),
credential_public_key: term,
raw: binary
raw: binary,
extensions: map | nil
}

@rounded_error {:error, :invalid_attested_credential_data}
Expand Down Expand Up @@ -52,21 +60,22 @@ defmodule WebAuthnLite.AttestedCredentialData do
attested_credential_data
|> :binary.part(18, credential_id_length)
|> Base.url_encode64(padding: false),
credential_public_key <-
{:ok, decoded, extensions} <-
attested_credential_data
|> :binary.part(
18 + credential_id_length,
byte_size(attested_credential_data) - credential_id_length - 18
)
|> CBOR.decode!()
|> CredentialPublicKey.from_cbor_map() do
|> CBOR.decode(),
credential_public_key <- decoded |> CredentialPublicKey.from_cbor_map() do
{:ok,
%__MODULE__{
aaguid: aaguid,
authenticator_name: authenticator_name,
credential_id: credential_id,
credential_public_key: credential_public_key,
raw: attested_credential_data
raw: attested_credential_data,
extensions: parse_extensions(extensions)
}}
else
{:error, _} = error -> error
Expand Down Expand Up @@ -102,4 +111,13 @@ defmodule WebAuthnLite.AttestedCredentialData do
true -> nil
end
end

defp parse_extensions(""), do: nil

defp parse_extensions(bytes) do
case CBOR.decode(bytes) do
{:ok, decoded, _} -> decoded
_ -> nil
end
end
end
37 changes: 22 additions & 15 deletions lib/web_authn_lite/authenticator_data.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ defmodule WebAuthnLite.AuthenticatorData do
sign_count: Integer.t(),
raw: String.t(),
attested_credential_data: binary,
extensions: binary
extensions: map | nil
}

@min_size_of_authenticator_data 37
Expand All @@ -38,27 +38,34 @@ defmodule WebAuthnLite.AuthenticatorData do
true <- raw |> byte_size() >= @min_size_of_authenticator_data,
rp_id_hash <- raw |> :binary.part(0, 32),
flags <- raw |> :binary.part(32, 1) |> Flags.from_binary() |> elem(1),
sign_count <- raw |> :binary.part(33, 4) |> :binary.decode_unsigned() do
attested_credential_data =
if flags.at && !flags.ed,
do:
raw
|> :binary.part(37, byte_size(raw) - 37)
|> AttestedCredentialData.from_binary()
|> elem(1),
else: nil

extensions =
if !flags.at && flags.ed, do: raw |> :binary.part(37, byte_size(raw) - 37), else: nil

sign_count <- raw |> :binary.part(33, 4) |> :binary.decode_unsigned(),
{:ok, attested_credential_data} <-
(if flags.at do
raw
|> :binary.part(37, byte_size(raw) - 37)
|> AttestedCredentialData.from_binary()
else
{:ok, nil}
end),
{:ok, extensions, _} <-
(if !flags.at && flags.ed do
raw |> :binary.part(37, byte_size(raw) - 37) |> CBOR.decode()
else
{:ok, nil, nil}
end) do
{:ok,
%__MODULE__{
rp_id_hash: rp_id_hash |> Base.url_encode64(padding: false),
flags: flags,
sign_count: sign_count,
raw: raw,
attested_credential_data: attested_credential_data,
extensions: extensions
extensions:
if attested_credential_data do
attested_credential_data.extensions
else
extensions
end
}}
else
{:error, _} = error -> error
Expand Down
29 changes: 0 additions & 29 deletions lib/web_authn_lite/cbor.ex
View file

This file was deleted.

2 changes: 1 addition & 1 deletion test/lib/web_authn_lite/authenticator_data_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ defmodule WebAuthnLite.ClientDataJSONTest do
assert {:ok, authenticator_data} =
AuthenticatorData.decode(@encoded_authenticator_data_with_at_and_ed_flags)

refute is_nil(authenticator_data.attested_credential_data)
assert authenticator_data.extensions == %{"credProtect" => 2}
end

test "valid_rp_id_hash?" do
Expand Down
108 changes: 0 additions & 108 deletions test/lib/web_authn_lite/cbor_test.exs
View file

This file was deleted.

0 comments on commit 6110d45

Please sign in to comment.