Seperate type for base64 data

Author: adam-fowler

Sources/WebAuthn/Ceremonies/Authentication/PublicKeyCredentialRequestOptions.swift

@@ -16,7 +16,7 @@ import Foundation
 
 /// The `PublicKeyCredentialRequestOptions` gets passed to the WebAuthn API (`navigator.credentials.get()`)
 public struct PublicKeyCredentialRequestOptions: Codable {
-    public let challenge: String
+    public let challenge: EncodedBase64
     public let timeout: TimeInterval?
     public let rpId: String?
     public let allowCredentials: [PublicKeyCredentialDescriptor]?

Sources/WebAuthn/Ceremonies/Registration/RegistrationCredential.swift

@@ -72,7 +72,7 @@ struct ParsedCredentialCreationResponse {
         )
 
         // Step 10.
-        guard let clientData = raw.clientDataJSON.data(using: .utf8) else {
+        guard let clientData = raw.clientDataJSON.string.data(using: .utf8) else {
             throw WebAuthnError.invalidClientDataJSON
         }
         let hash = SHA256.hash(data: clientData)

Sources/WebAuthn/Helpers/Base64Utilities.swift

@@ -15,53 +15,103 @@
 import Foundation
 import Logging
 
-public typealias URLEncodedBase64 = String
-public typealias EncodedBase64 = String
+/// Container for URL encoded base64 data
+public struct URLEncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
+    let string: String
+
+    public init(_ string: String) {
+        self.string = string
+    }
+
+    public init(stringLiteral value: StringLiteralType) {
+        self.init(value)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        self.string = try container.decode(String.self)
+    }
+
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.singleValueContainer()
+        try container.encode(self.string)
+    }
+}
+
+/// Container for base64 encoded data
+public struct EncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
+    let string: String
+
+    public init(_ string: String) {
+        self.string = string
+    }
+
+    public init(stringLiteral value: StringLiteralType) {
+        self.init(value)
+    }
+
+    public init(from decoder: Decoder) throws {
+        let container = try decoder.singleValueContainer()
+        self.string = try container.decode(String.self)
+    }
+
+    public func encode(to encoder: Encoder) throws {
+        var container = encoder.singleValueContainer()
+        try container.encode(self.string)
+    }
+}
+
+//public typealias URLEncodedBase64 = String
+//public typealias EncodedBase64 = String
 
 extension Array where Element == UInt8 {
     /// Encodes an array of bytes into a base64url-encoded string
     /// - Returns: A base64url-encoded string
-    public func base64URLEncodedString() -> String {
+    public func base64URLEncodedString() -> URLEncodedBase64 {
         let base64String = Data(bytes: self, count: self.count).base64EncodedString()
-        return String.base64URL(fromBase64: base64String)
+        return String.base64URL(fromBase64: .init(base64String))
     }
 
     /// Encodes an array of bytes into a base64 string
     /// - Returns: A base64-encoded string
-    public func base64EncodedString() -> String {
-        return Data(bytes: self, count: self.count).base64EncodedString()
+    public func base64EncodedString() -> EncodedBase64 {
+        return .init(Data(bytes: self, count: self.count).base64EncodedString())
     }
 }
 
 extension Data {
     /// Encodes data into a base64url-encoded string
     /// - Returns: A base64url-encoded string
-    public func base64URLEncodedString() -> String {
+    public func base64URLEncodedString() -> URLEncodedBase64 {
         return [UInt8](self).base64URLEncodedString()
     }
 }
 
 extension String {
     /// Decode a base64url-encoded `String` to a base64 `String`
     /// - Returns: A base64-encoded `String`
-    public static func base64(fromBase64URLEncoded base64URLEncoded: String) -> Self {
-        return base64URLEncoded.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
+    public static func base64(fromBase64URLEncoded base64URLEncoded: URLEncodedBase64) -> EncodedBase64 {
+        return .init(
+            base64URLEncoded.string.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
+        )
     }
 
-    public static func base64URL(fromBase64 base64Encoded: String) -> Self {
-        return base64Encoded.replacingOccurrences(of: "+", with: "-")
-            .replacingOccurrences(of: "/", with: "_")
-            .replacingOccurrences(of: "=", with: "")
+    public static func base64URL(fromBase64 base64Encoded: EncodedBase64) -> URLEncodedBase64 {
+        return .init(
+            base64Encoded.string.replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+                .replacingOccurrences(of: "=", with: "")
+        )
     }
 
-    func toBase64() -> String {
-        return Data(self.utf8).base64EncodedString()
+    func toBase64() -> EncodedBase64 {
+        return .init(Data(self.utf8).base64EncodedString())
     }
 }
 
-extension String {
+extension URLEncodedBase64 {
     public var base64URLDecodedData: Data? {
-        var result = self.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
+        var result = self.string.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
         while result.count % 4 != 0 {
             result = result.appending("=")
         }

Sources/WebAuthn/WebAuthnManager.swift

@@ -104,7 +104,7 @@ public struct WebAuthnManager {
     }
 
     public func beginAuthentication(
-        challenge: String? = nil,
+        challenge: EncodedBase64? = nil,
         timeout: TimeInterval?,
         allowCredentials: [PublicKeyCredentialDescriptor]? = nil,
         userVerification: UserVerificationRequirement = .preferred,

Tests/WebAuthnTests/HelpersTests.swift

@@ -11,7 +11,14 @@ final class HelpersTests: XCTestCase {
         let base64Encoded = input.base64EncodedString()
         let base64URLEncoded = input.base64URLEncodedString()
 
-        XCTAssertEqual(expectedBase64, base64Encoded)
-        XCTAssertEqual(expectedBase64URL, base64URLEncoded)
+        XCTAssertEqual(expectedBase64, base64Encoded.string)
+        XCTAssertEqual(expectedBase64URL, base64URLEncoded.string)
+    }
+
+    func testEncodeBase64Codable() throws {
+        let base64 = EncodedBase64("AQABAAEBAAEAAQEAAAABAA==")
+        let json = try JSONEncoder().encode(base64)
+        let decodedBase64 = try JSONDecoder().decode(EncodedBase64.self, from: json)
+        XCTAssertEqual(base64, decodedBase64)
     }
 }

Tests/WebAuthnTests/WebAuthnManagerTests.swift

@@ -49,7 +49,7 @@ final class WebAuthnManagerTests: XCTestCase {
         XCTAssertEqual(options.relyingParty.id, relyingPartyID)
         XCTAssertEqual(options.relyingParty.name, relyingPartyDisplayName)
         XCTAssertEqual(options.timeout, timeout)
-        XCTAssertEqual(options.user.id, user.userID.toBase64())
+        XCTAssertEqual(options.user.id, user.userID.toBase64().string)
         XCTAssertEqual(options.user.displayName, user.displayName)
         XCTAssertEqual(options.user.name, user.name)
         XCTAssertEqual(options.publicKeyCredentialParameters, [publicKeyCredentialParameter])
@@ -340,18 +340,18 @@ final class WebAuthnManagerTests: XCTestCase {
 
     func testFinishRegistrationFailsIfRawIDIsTooLong() async throws {
         try await assertThrowsError(
-            await finishRegistration(rawID: [UInt8](repeating: 0, count: 1024).base64EncodedString()),
+            await finishRegistration(rawID: String.base64URL(fromBase64: [UInt8](repeating: 0, count: 1024).base64EncodedString())),
             expect: WebAuthnError.credentialRawIDTooLong
         )
     }
 
     private func finishRegistration(
         challenge: EncodedBase64 = "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
-        id: EncodedBase64 = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
+        id: String = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
         type: String = "public-key",
-        rawID: EncodedBase64 = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
-        clientDataJSON: String = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImNyb3NzT3JpZ2luIjpmYWxzZSwib3RoZXJfa2V5c19jYW5fYmVfYWRkZWRfaGVyZSI6ImRvIG5vdCBjb21wYXJlIGNsaWVudERhdGFKU09OIGFnYWluc3QgYSB0ZW1wbGF0ZS4gU2VlIGh0dHBzOi8vZ29vLmdsL3lhYlBleCJ9",
-        attestationObject: String = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVg5o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdBAAAAAKN5pvbur7mlXjeMEYA04nUAAQAA",
+        rawID: URLEncodedBase64 = "4PrJNQUJ9xdI2DeCzK9rTBRixhXHDiVdoTROQIh8j80",
+        clientDataJSON: URLEncodedBase64 = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiY21GdVpHOXRVM1J5YVc1blJuSnZiVk5sY25abGNnIiwib3JpZ2luIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImNyb3NzT3JpZ2luIjpmYWxzZSwib3RoZXJfa2V5c19jYW5fYmVfYWRkZWRfaGVyZSI6ImRvIG5vdCBjb21wYXJlIGNsaWVudERhdGFKU09OIGFnYWluc3QgYSB0ZW1wbGF0ZS4gU2VlIGh0dHBzOi8vZ29vLmdsL3lhYlBleCJ9",
+        attestationObject: URLEncodedBase64 = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVg5o3mm9u6vuaVeN4wRgDTidR5oL6ufLTCrE9ISVYbOGUdBAAAAAKN5pvbur7mlXjeMEYA04nUAAQAA",
         requireUserVerification: Bool = false,
         confirmCredentialIDNotRegisteredYet: (String) async throws -> Bool = { _ in true }
     ) async throws -> Credential {