Merge pull request #15 from swift-server/refactor3

Add initial set of tests

Author: marius-se

.gitignore

@@ -1,90 +1,6 @@
-# Xcode
-#
-# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
-
-## User settings
-xcuserdata/
-
-## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
-*.xcscmblueprint
-*.xccheckout
-
-## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
-build/
-DerivedData/
-*.moved-aside
-*.pbxuser
-!default.pbxuser
-*.mode1v3
-!default.mode1v3
-*.mode2v3
-!default.mode2v3
-*.perspectivev3
-!default.perspectivev3
-
-## Obj-C/Swift specific
-*.hmap
-
-## App packaging
-*.ipa
-*.dSYM.zip
-*.dSYM
-
-## Playgrounds
-timeline.xctimeline
-playground.xcworkspace
-
-# Swift Package Manager
-#
-# Add this line if you want to avoid checking in source code from Swift Package Manager dependencies.
-# Packages/
-# Package.pins
 Package.resolved
-# *.xcodeproj
-#
-# Xcode automatically generates this directory with a .xcworkspacedata file and xcuserdata
-# hence it is not needed unless you have added a package configuration file to your project
-# .swiftpm
-
 .build/
-
-# CocoaPods
-#
-# We recommend against adding the Pods directory to your .gitignore. However
-# you should judge for yourself, the pros and cons are mentioned at:
-# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
-#
-# Pods/
-#
-# Add this line if you want to avoid checking in source code from the Xcode workspace
-# *.xcworkspace
-
-# Carthage
-#
-# Add this line if you want to avoid checking in source code from Carthage dependencies.
-# Carthage/Checkouts
-
-Carthage/Build/
-
-# Accio dependency management
-Dependencies/
-.accio/
-
-# fastlane
-#
-# It is recommended to not store the screenshots in the git repo.
-# Instead, use fastlane to re-generate the screenshots whenever they are needed.
-# For more information about the recommended setup visit:
-# https://docs.fastlane.tools/best-practices/source-control/#source-control
-
-fastlane/report.xml
-fastlane/Preview.html
-fastlane/screenshots/**/*.png
-fastlane/test_output
-
-# Code Injection
-#
-# After new code Injection tools there's a generated folder /iOSInjectionProject
-# https://github.com/johnno1962/injectionforxcode
-
-iOSInjectionProject/
+*.xcodeproj
+DerivedData
+.DS_Store
+.swiftpm/

Sources/WebAuthn/Ceremonies/Registration/AttestationFormat.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-public enum AttestationFormat: String, RawRepresentable {
+public enum AttestationFormat: String, RawRepresentable, Equatable {
     case packed
     case tpm
     case androidKey = "android-key"

Sources/WebAuthn/Ceremonies/Registration/AttestationObject.swift

@@ -16,7 +16,7 @@ import Crypto
 import SwiftCBOR
 
 /// Contains the cryptographic attestation that a new key pair was created by that authenticator.
-public struct AttestationObject {
+public struct AttestationObject: Equatable {
     let authenticatorData: AuthenticatorData
     let rawAuthenticatorData: [UInt8]
     let format: AttestationFormat
@@ -43,7 +43,7 @@ public struct AttestationObject {
         case .none:
             // if format is `none` statement must be empty
             guard attestationStatement == .map([:]) else {
-                throw WebAuthnError.attestationStatementMissing
+                throw WebAuthnError.attestationStatementMustBeEmpty
             }
         default:
             throw WebAuthnError.attestationVerificationNotSupported

Sources/WebAuthn/Ceremonies/Registration/AttestedCredentialData.swift

@@ -13,7 +13,7 @@
 //===----------------------------------------------------------------------===//
 
 // Contains the new public key created by the authenticator.
-struct AttestedCredentialData: Codable {
+struct AttestedCredentialData: Codable, Equatable {
     let aaguid: [UInt8]
     let credentialID: [UInt8]
     let publicKey: [UInt8]

Sources/WebAuthn/Ceremonies/Registration/AuthenticatorAttestationResponse.swift

@@ -18,7 +18,7 @@ import SwiftCBOR
 /// The response from the authenticator device for the creation of a new public key credential.
 public struct AuthenticatorAttestationResponse: Codable {
     public let clientDataJSON: URLEncodedBase64
-    public let attestationObject: String
+    public let attestationObject: URLEncodedBase64
 }
 
 /// A parsed version of `AuthenticatorAttestationResponse`
@@ -35,9 +35,9 @@ struct ParsedAuthenticatorAttestationResponse {
         self.clientData = clientData
 
         // Step 11. (assembling attestationObject)
-        guard let attestationData = rawResponse.attestationObject.base64URLDecodedData,
-            let decodedAttestationObject = try CBOR.decode([UInt8](attestationData)) else {
-            throw WebAuthnError.invalidAttestationData
+        guard let attestationObjectData = rawResponse.attestationObject.base64URLDecodedData,
+            let decodedAttestationObject = try CBOR.decode([UInt8](attestationObjectData)) else {
+            throw WebAuthnError.invalidAttestationObject
         }
 
         guard let authData = decodedAttestationObject["authData"],
@@ -51,7 +51,7 @@ struct ParsedAuthenticatorAttestationResponse {
         }
 
         guard let attestationStatement = decodedAttestationObject["attStmt"] else {
-            throw WebAuthnError.invalidAttStmt
+            throw WebAuthnError.missingAttStmt
         }
 
         attestationObject = AttestationObject(

Sources/WebAuthn/Ceremonies/Registration/RegistrationCredential.swift

@@ -88,7 +88,7 @@ struct ParsedCredentialCreationResponse {
 
         // Step 23.
         guard rawID.count <= 1023 else {
-            throw WebAuthnError.credentialRawIDTooBig
+            throw WebAuthnError.credentialRawIDTooLong
         }
     }
 }

Sources/WebAuthn/Ceremonies/Shared/AuthenticatorData.swift

@@ -17,7 +17,7 @@ import Crypto
 
 /// Data created and/ or used by the authenticator during authentication/ registration.
 /// The data contains, for example, whether a user was present or verified.
-struct AuthenticatorData {
+struct AuthenticatorData: Equatable {
     let relyingPartyIDHash: [UInt8]
     let flags: AuthenticatorFlags
     let counter: UInt32
@@ -89,6 +89,9 @@ extension AuthenticatorData {
         let idLength: UInt16 = idLengthData.toInteger(endian: .big)
         let credentialIDEndIndex = Int(idLength) + 55
 
+        guard data.count >= credentialIDEndIndex else {
+            throw WebAuthnError.credentialIDTooShort
+        }
         let credentialID = data[55..<credentialIDEndIndex]
         let publicKeyBytes = data[credentialIDEndIndex...]
 

Sources/WebAuthn/Ceremonies/Shared/AuthenticatorFlags.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-struct AuthenticatorFlags {
+struct AuthenticatorFlags: Equatable {
 
     /**
      Taken from https://w3c.github.io/webauthn/#sctn-authenticator-data
@@ -40,6 +40,12 @@ struct AuthenticatorFlags {
     let attestedCredentialData: Bool
     let extensionDataIncluded: Bool
 
+    static func isFlagSet(on byte: UInt8, at position: Bit) -> Bool {
+        (byte & (1 << position.rawValue)) != 0
+    }
+}
+
+extension AuthenticatorFlags {
     init(_ byte: UInt8) {
         userPresent = Self.isFlagSet(on: byte, at: .userPresent)
         userVerified = Self.isFlagSet(on: byte, at: .userVerified)
@@ -48,8 +54,4 @@ struct AuthenticatorFlags {
         attestedCredentialData = Self.isFlagSet(on: byte, at: .attestedCredentialDataIncluded)
         extensionDataIncluded = Self.isFlagSet(on: byte, at: .extensionDataIncluded)
     }
-
-    static func isFlagSet(on byte: UInt8, at position: Bit) -> Bool {
-        (byte & (1 << position.rawValue)) != 0
-    }
 }

Sources/WebAuthn/WebAuthnError.swift

@@ -12,7 +12,7 @@
 //
 //===----------------------------------------------------------------------===//
 
-public enum WebAuthnError: Error {
+public enum WebAuthnError: Error, Equatable {
     // MARK: Shared
     case invalidClientDataJSON
     case attestedCredentialDataMissing
@@ -22,7 +22,7 @@ public enum WebAuthnError: Error {
 
     // MARK: AttestationObject
     case userVerificationRequiredButFlagNotSet
-    case attestationStatementMissing
+    case attestationStatementMustBeEmpty
     case attestationVerificationNotSupported
 
     // MARK: WebAuthnManager
@@ -36,22 +36,23 @@ public enum WebAuthnError: Error {
     case invalidAssertionCredentialType
 
     // MARK: ParsedAuthenticatorAttestationResponse
-    case invalidAttestationData
+    case invalidAttestationObject
     case invalidAuthData
     case invalidFmt
-    case invalidAttStmt
+    case missingAttStmt
     case attestationFormatNotSupported
 
     // MARK: ParsedCredentialCreationResponse
     case invalidRawID
     case invalidCredentialCreationType
-    case credentialRawIDTooBig
+    case credentialRawIDTooLong
 
     // MARK: AuthenticatorData
     case authDataTooShort
     case attestedCredentialFlagNotSet
     case extensionDataMissing
     case leftOverBytesInAuthenticatorData
+    case credentialIDTooShort
 
     // MARK: CredentialPublicKey
     case badPublicKeyBytes

Tests/WebAuthnTests/Utils/Hexadecimal.swift

@@ -0,0 +1,27 @@
+import Foundation
+
+extension String {
+    /// Create `[UInt8]` from hexadecimal string representation
+    var hexadecimal: [UInt8]? {
+        let hex = self
+        guard hex.count.isMultiple(of: 2) else {
+            return nil
+        }
+
+        let chars = hex.map { $0 }
+        let bytes = stride(from: 0, to: chars.count, by: 2)
+            .map { String(chars[$0]) + String(chars[$0 + 1]) }
+            .compactMap { UInt8($0, radix: 16) }
+
+        guard hex.count / bytes.count == 2 else { return nil }
+
+        return bytes
+    }
+}
+
+extension Data {
+    var hexadecimal: String {
+        return map { String(format: "%02x", $0) }
+            .joined()
+    }
+}