-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathAuthenticatorAttestationResponse.swift
91 lines (76 loc) · 3.55 KB
/
AuthenticatorAttestationResponse.swift
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
//===----------------------------------------------------------------------===//
//
// This source file is part of the Swift WebAuthn open source project
//
// Copyright (c) 2022 the Swift WebAuthn project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//
import Foundation
import SwiftCBOR
/// The response from the authenticator device for the creation of a new public key credential.
///
/// When decoding using `Decodable`, `clientDataJSON` and `attestationObject` are decoded from base64url to bytes.
public struct AuthenticatorAttestationResponse: Sendable {
/// The client data that was passed to the authenticator during the creation ceremony.
///
/// When decoding using `Decodable`, this is decoded from base64url to bytes.
public let clientDataJSON: [UInt8]
/// Contains both attestation data and attestation statement.
///
/// When decoding using `Decodable`, this is decoded from base64url to bytes.
public let attestationObject: [UInt8]
}
extension AuthenticatorAttestationResponse: Codable {
public init(from decoder: Decoder) throws {
let container = try decoder.container(keyedBy: CodingKeys.self)
clientDataJSON = try container.decodeBytesFromURLEncodedBase64(forKey: .clientDataJSON)
attestationObject = try container.decodeBytesFromURLEncodedBase64(forKey: .attestationObject)
}
public func encode(to encoder: Encoder) throws {
var container = encoder.container(keyedBy: CodingKeys.self)
try container.encode(clientDataJSON.base64URLEncodedString(), forKey: .clientDataJSON)
try container.encode(attestationObject.base64URLEncodedString(), forKey: .attestationObject)
}
private enum CodingKeys: String, CodingKey {
case clientDataJSON
case attestationObject
}
}
/// A parsed version of `AuthenticatorAttestationResponse`
struct ParsedAuthenticatorAttestationResponse {
let clientData: CollectedClientData
let attestationObject: AttestationObject
init(from rawResponse: AuthenticatorAttestationResponse) throws {
// assembling clientData
let clientData = try JSONDecoder().decode(CollectedClientData.self, from: Data(rawResponse.clientDataJSON))
self.clientData = clientData
// Step 11. (assembling attestationObject)
let attestationObjectData = Data(rawResponse.attestationObject)
guard let decodedAttestationObject = try? CBOR.decode([UInt8](attestationObjectData), options: CBOROptions(maximumDepth: 16)) else {
throw WebAuthnError.invalidAttestationObject
}
guard let authData = decodedAttestationObject["authData"],
case let .byteString(authDataBytes) = authData else {
throw WebAuthnError.invalidAuthData
}
guard let formatCBOR = decodedAttestationObject["fmt"],
case let .utf8String(format) = formatCBOR,
let attestationFormat = AttestationFormat(rawValue: format) else {
throw WebAuthnError.invalidFmt
}
guard let attestationStatement = decodedAttestationObject["attStmt"] else {
throw WebAuthnError.missingAttStmt
}
attestationObject = AttestationObject(
authenticatorData: try AuthenticatorData(bytes: authDataBytes),
rawAuthenticatorData: authDataBytes,
format: attestationFormat,
attestationStatement: attestationStatement
)
}
}