update CredentialKeyData struct

marius-se · marius-se · commit 027b74e4b2b9 · 2022-12-17T20:42:29.000+01:00
diff --git a/Sources/WebAuthn/Authenticator/AttestationObject/AttestationObject.swift b/Sources/WebAuthn/Authenticator/AttestationObject/AttestationObject.swift
@@ -15,7 +15,7 @@
 import Crypto
 import SwiftCBOR
 
-struct AttestationObject {
+public struct AttestationObject {
     let authenticatorData: AuthenticatorData
     let rawAuthenticatorData: [UInt8]
     let format: AttestationFormat
diff --git a/Sources/WebAuthn/Authenticator/AuthenticatorAttestationResponse.swift b/Sources/WebAuthn/Authenticator/AuthenticatorAttestationResponse.swift
@@ -37,7 +37,7 @@ struct ParsedAuthenticatorAttestationResponse {
         let clientData = try JSONDecoder().decode(CollectedClientData.self, from: clientDataJSONData)
         self.clientData = clientData
 
-        // assembling attestationObject
+        // Step 11. (assembling attestationObject)
         guard let attestationData = rawResponse.attestationObject.base64URLDecodedData,
             let decodedAttestationObject = try CBOR.decode([UInt8](attestationData)) else {
             throw WebAuthnError.cborDecodingAttestationDataFailed
@@ -54,8 +54,6 @@ struct ParsedAuthenticatorAttestationResponse {
             throw WebAuthnError.missingAttestationFormat
         }
 
-        // use `format` to decode attestationStatement
-
         guard let attestationFormat = AttestationFormat(rawValue: format) else {
             throw WebAuthnError.unsupportedAttestationFormat
         }
diff --git a/Sources/WebAuthn/Authenticator/CollectedClientData.swift b/Sources/WebAuthn/Authenticator/CollectedClientData.swift
@@ -16,14 +16,17 @@ import Foundation
 
 /// https://www.w3.org/TR/webauthn/#dictionary-client-data
 /// The client data represents the contextual bindings of both the WebAuthn Relying Party and the client.
-struct CollectedClientData: Codable, Hashable {
+public struct CollectedClientData: Codable, Hashable {
     enum CollectedClientDataVerifyError: Error {
         case ceremonyTypeDoesNotMatch
         case challengeDoesNotMatch
         case originDoesNotMatch
     }
 
+    /// Contains the string "webauthn.create" when creating new credentials,
+    /// and "webauthn.get" when getting an assertion from an existing credential
     let type: CeremonyType
+    /// Contains the base64url encoding of the challenge provided by the Relying Party
     let challenge: String
     let origin: String
     // TODO: Token binding
diff --git a/Sources/WebAuthn/Ceremonies/Registration/CredentialCreationResponse.swift b/Sources/WebAuthn/Ceremonies/Registration/CredentialCreationResponse.swift
@@ -47,6 +47,4 @@ public struct CredentialCreationResponse {
     }
 }
 
-extension CredentialCreationResponse: Codable {
-
-}
+extension CredentialCreationResponse: Codable {}
diff --git a/Sources/WebAuthn/Credential.swift b/Sources/WebAuthn/Credential.swift
@@ -16,15 +16,31 @@ import Foundation
 
 /// Credential contains all needed information about a WebAuthn credential for storage
 public struct Credential {
+    /// Value will always be "public-key" (for now)
+    public let type: String
+
     /// base64 encoded String of the credential ID bytes
     public let id: String
 
     /// The public key for this certificate
     public let publicKey: [UInt8]
 
-    /// The attestation format used (if any) by the authenticator when creating the credential.
-    public let attestationType: AttestationFormat
+    /// How often the authenticator says the credential was used
+    /// If this is not implemented by the authenticator this value will always be zero.
+    public let signCount: UInt32
+
+    /// Wether the public key is allowed to be backed up.
+    /// If a public key is considered backup eligible it is referred to as a multi-device credential (the
+    /// opposite being single-device credential)
+    public let backupEligible: Bool
+
+    /// If the public key is currently backed up (using another authenticator than the one that generated
+    /// the credential)
+    public let isBackedUp: Bool
+
+    // MARK: Optional content
+
+    public let attestationObject: AttestationObject
 
-    /// The Authenticator information for a given certificate
-    public let authenticator: Authenticator
+    public let attestationClientDataJSON: CollectedClientData
 }
diff --git a/Sources/WebAuthn/CredentialPublicKey.swift b/Sources/WebAuthn/CredentialPublicKey.swift
@@ -20,7 +20,7 @@ protocol PublicKey {
     func getString() throws -> String
 }
 
-struct CredentialPublicKey {
+struct ParsedPublicKeyData {
     /// The type of key created. Should be OKP, EC2, or RSA.
     let keyType: COSEKeyType
     /// A COSEAlgorithmIdentifier for the algorithm used to derive the key signature.
diff --git a/Sources/WebAuthn/Helpers/Base64Utilities.swift b/Sources/WebAuthn/Helpers/Base64Utilities.swift
@@ -43,7 +43,7 @@ extension String {
 }
 
 extension String {
-    var base64URLDecodedData: Data? {
+    public var base64URLDecodedData: Data? {
         var result = self.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
         while result.count % 4 != 0 {
             result = result.appending("=")
diff --git a/Sources/WebAuthn/WebAuthnManager.swift b/Sources/WebAuthn/WebAuthnManager.swift
@@ -81,17 +81,19 @@ public struct WebAuthnManager {
             throw WebAuthnError.missingAttestedCredentialData
         }
 
-        let credentialPublicKey = try CredentialPublicKey(fromPublicKeyBytes: attestedData.publicKey)
-        try credentialPublicKey.verify(supportedPublicKeyAlgorithms: supportedPublicKeyAlgorithms)
+        let parsedPublicKeyData = try ParsedPublicKeyData(fromPublicKeyBytes: attestedData.publicKey)
+        try parsedPublicKeyData.verify(supportedPublicKeyAlgorithms: supportedPublicKeyAlgorithms)
 
+        // Return a new credential record (based on step 25.)
         return Credential(
-            id: attestedData.credentialID.base64URLEncodedString(),
+            type: parsedData.type,
+            id: parsedData.id,
             publicKey: attestedData.publicKey,
-            attestationType: parsedData.response.attestationObject.format,
-            authenticator: Authenticator(
-                aaguid: attestedData.aaguid,
-                signCount: parsedData.response.attestationObject.authenticatorData.counter
-            )
+            signCount: parsedData.response.attestationObject.authenticatorData.counter,
+            backupEligible: parsedData.response.attestationObject.authenticatorData.flags.isBackupEligible,
+            isBackedUp: parsedData.response.attestationObject.authenticatorData.flags.isCurrentlyBackedUp,
+            attestationObject: parsedData.response.attestationObject,
+            attestationClientDataJSON: parsedData.response.clientData
         )
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,4 @@ public struct CredentialCreationResponse {`
`47`	`47`	`}`
`48`	`48`	`}`
`49`	`49`
`50`		`-extension CredentialCreationResponse: Codable {`
`51`		`-`
`52`		`-}`
	`50`	`+extension CredentialCreationResponse: Codable {}`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ protocol PublicKey {`
`20`	`20`	`func getString() throws -> String`
`21`	`21`	`}`
`22`	`22`
`23`		`-struct CredentialPublicKey {`
	`23`	`+struct ParsedPublicKeyData {`
`24`	`24`	`/// The type of key created. Should be OKP, EC2, or RSA.`
`25`	`25`	`let keyType: COSEKeyType`
`26`	`26`	`/// A COSEAlgorithmIdentifier for the algorithm used to derive the key signature.`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ extension String {`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`extension String {`
`46`		`- var base64URLDecodedData: Data? {`
	`46`	`+ public var base64URLDecodedData: Data? {`
`47`	`47`	`var result = self.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")`
`48`	`48`	`while result.count % 4 != 0 {`
`49`	`49`	`result = result.appending("=")`