add beginRegistration method

Author: marius-se

Sources/WebAuthn/Credential.swift

@@ -18,7 +18,7 @@ import Crypto
 public struct Credential {
     /// base64 encoded String of the credential ID bytes
     public let credentialID: String
-    
+
     /// The public key for this certificate
     public let publicKey: P256.Signing.PublicKey
 }

Sources/WebAuthn/Entities.swift

@@ -0,0 +1,25 @@
+/// From §5.4.1 (https://www.w3.org/TR/webauthn/#dictionary-pkcredentialentity).
+/// `PublicKeyCredentialEntity`` describes a user account, or a WebAuthn Relying Party,
+/// with which a public key credential is associated.
+public protocol PublicKeyCredentialEntity: Codable {
+    var name: String { get }
+}
+
+/// From §5.4.2 (https://www.w3.org/TR/webauthn/#sctn-rp-credential-params).
+/// The PublicKeyCredentialRpEntity dictionary is used to supply additional Relying Party attributes when creating a
+/// new credential.
+public struct PublicKeyCredentialRpEntity: PublicKeyCredentialEntity, Codable {
+    public let name: String
+
+    public let id: String
+}
+
+/// From §5.4.3 (https://www.w3.org/TR/webauthn/#dictionary-user-credential-params)
+/// The PublicKeyCredentialUserEntity dictionary is used to supply additional user account attributes when creating a
+/// new credential.
+public struct PublicKeyCredentialUserEntity: PublicKeyCredentialEntity, Codable {
+    public let name: String
+
+    public let id: String
+    public let displayName: String
+}

Sources/WebAuthn/Helpers/WebAuthn+generateChallenge.swift

@@ -1,7 +1,7 @@
 import Foundation
 import Logging
 
-extension WebAuthn {
+extension WebAuthnManager {
     struct ChallengeGeneratorError: Error {}
     /// Generate a suitably random value to be used as an attestation or assertion challenge
     /// - Throws: An error if something went wrong while generating random byte
@@ -17,12 +17,18 @@ extension WebAuthn {
 extension Array where Element == UInt8 {
     /// Encodes an array of bytes into a base64url-encoded string
     /// - Returns: A base64url-encoded string
-    public func base64URLEncode() -> String {
+    public func base64URLEncodedString() -> String {
         let base64String = Data(bytes: self, count: self.count).base64EncodedString()
         return base64String.replacingOccurrences(of: "+", with: "-")
             .replacingOccurrences(of: "/", with: "_")
             .replacingOccurrences(of: "=", with: "")
     }
+
+    /// Encodes an array of bytes into a base64 string
+    /// - Returns: A base64-encoded string
+    public func base64EncodedString() -> String {
+        return Data(bytes: self, count: self.count).base64EncodedString()
+    }
 }
 
 extension String {

Sources/WebAuthn/PublicKeyCredentialCreationOptions.swift

@@ -0,0 +1,8 @@
+/// See §5.4. https://www.w3.org/TR/webauthn/#dictionary-makecredentialoptions
+/// Contains a PublicKeyCredentialCreationOptions object specifying the desired attributes of the
+/// to-be-created public key credential.
+public struct PublicKeyCredentialCreationOptions: Codable {
+    public let challenge: String
+    public let user: PublicKeyCredentialUserEntity
+    public let relyingParty: PublicKeyCredentialRpEntity
+}

Sources/WebAuthn/SessionData.swift

@@ -0,0 +1,6 @@
+/// SessionData is the data that should be stored by the Relying Party for the duration of the web authentication
+/// ceremony
+public struct SessionData {
+    public let challenge: String
+    public let userID: String
+}

Sources/WebAuthn/User.swift

@@ -0,0 +1,11 @@
+public struct User {
+    public let id: String
+    public let name: String
+    public let displayName: String
+
+    public init(id: String, name: String, displayName: String) {
+        self.id = id
+        self.name = name
+        self.displayName = displayName
+    }
+}

Sources/WebAuthn/WebAuthnConfig.swift

@@ -0,0 +1,11 @@
+public struct Config {
+    public let relyingPartyDisplayName: String
+    public let relyingPartyID: String
+
+    public init(relyingPartyDisplayName: String, relyingPartyID: String) {
+        self.relyingPartyDisplayName = relyingPartyDisplayName
+        self.relyingPartyID = relyingPartyID
+    }
+}
+
+public var config: Config!

Sources/WebAuthn/WebAuthn.swift renamed to Sources/WebAuthn/WebAuthnManager.swift

@@ -17,7 +17,24 @@ import Crypto
 import Logging
 import Foundation
 
-public enum WebAuthn {
+public enum WebAuthnManager {
+    /// Generate a new set of registration data to be sent to the client and authenticator.
+    public static func beginRegistration(user: User) throws -> (PublicKeyCredentialCreationOptions, SessionData) {
+        let userEntity = PublicKeyCredentialUserEntity(name: user.name, id: user.id, displayName: user.displayName)
+        let relyingParty = PublicKeyCredentialRpEntity(name: config.relyingPartyDisplayName, id: config.relyingPartyID)
+
+        let challenge = try generateChallenge()
+
+        let options = PublicKeyCredentialCreationOptions(
+            challenge: challenge.base64EncodedString(),
+            user: userEntity,
+            relyingParty: relyingParty
+        )
+        let sessionData = SessionData(challenge: challenge.base64URLEncodedString(), userID: user.id)
+
+        return (options, sessionData)
+    }
+
     /// Verify that the user has legitimately completed the login process
     ///
     /// - Parameters:

Tests/WebAuthnTests/HelpersTests.swift

@@ -0,0 +1,22 @@
+import XCTest
+@testable import WebAuthn
+
+final class HelpersTests: XCTestCase {
+    func testGenerateChallengeReturnsRandomBytes() throws {
+        let challenge1 = try WebAuthnManager.generateChallenge()
+        let challenge2 = try WebAuthnManager.generateChallenge()
+
+        XCTAssertNotEqual(challenge1, challenge2)
+    }
+
+    func testBase64URLEncodeReturnsCorrectString() {
+        let input: [UInt8] = [1, 0, 1, 0, 1, 1]
+        let expectedBase64 = Data(bytes: input, count: input.count).base64EncodedString()
+
+        let base64URLEncoded = input.base64URLEncodedString()
+        let base64Encoded = base64URLEncoded.replacingOccurrences(of: "-", with: "+")
+            .replacingOccurrences(of: "_", with: "/")
+
+        XCTAssertEqual(expectedBase64, base64Encoded)
+    }
+}