wip

Author: marius-se

Sources/WebAuthn/Authenticator/AttestationObject/AttestationFormat.swift

@@ -1,44 +1,4 @@
-public enum AttestationFormat: RawRepresentable {
-    case iana(IANAAttestationFormat)
-    case custom(String)
-
-    public var rawValue: String {
-        switch self {
-        case let .iana(format): return format.rawValue
-        case let .custom(custom): return custom
-        }
-    }
-
-    public init(rawValue: String) {
-        if let ianaFormat = IANAAttestationFormat(rawValue: rawValue) {
-            self = .iana(ianaFormat)
-        } else {
-            self = .custom(rawValue)
-        }
-    }
-
-    // init(from decoder: Decoder) throws {
-    //     let container = try decoder.singleValueContainer()
-
-    //     let value = try container.decode(String.self)
-    //     if let ianaFormat = IANAAttestationFormat(rawValue: value) {
-    //         self = .iana(ianaFormat)
-    //     } else {
-    //         self = .custom(value)
-    //     }
-    // }
-
-    public func encode(to encoder: Encoder) throws {
-        var container = encoder.singleValueContainer()
-
-        switch self {
-        case let .iana(format): try container.encode(format)
-        case let .custom(custom): try container.encode(custom)
-        }
-    }
-}
-
-public enum IANAAttestationFormat: String, Codable {
+public enum AttestationFormat: String, RawRepresentable {
     case packed
     case tpm
     case androidKey = "android-key"

Sources/WebAuthn/Authenticator/AttestationObject/AttestationObject.swift

@@ -36,10 +36,21 @@ struct AttestationObject {
             fatalError("Not implemented yet")
         }
 
-        if format == .iana(.none) {
-            guard attestationStatement.isEmpty else {
-                throw WebAuthnError.attestationStatementMissing
-            }
-        }
+        // Step 17. happening somewhere else (maybe we can move it here?)
+
+        // Attestation format already determined. Skipping step 19.
+
+        // Step 20.
+        // TODO: Implement case .packed first! fatalError the rest
+        // switch format {
+        // case .androidKey:
+        // case .androidSafetynet:
+        // case .apple:
+        // case .fidoU2F:
+        // case .packed:
+        // case .tpm:
+        // case .none:
+        //     guard attestationStatement.isEmpty else { throw WebAuthnError.attestationStatementMissing }
+        // }
     }
 }

Sources/WebAuthn/Authenticator/AuthenticatorAttestationResponse.swift

@@ -37,10 +37,14 @@ struct ParsedAuthenticatorAttestationResponse {
         }
         let attestationStatement = decodedAttestationObject["attStmt"]
 
+        guard let attestationFormat = AttestationFormat(rawValue: format) else {
+            throw WebAuthnError.unsupportedAttestationFormat
+        }
+
         attestationObject = AttestationObject(
             authenticatorData: try ParsedAuthenticatorAttestationResponse.parseAuthenticatorData(authDataBytes),
             rawAuthenticatorData: authDataBytes,
-            format: AttestationFormat(rawValue: format),
+            format: attestationFormat,
             attestationStatement: [:]
         )
     }

Sources/WebAuthn/WebAuthnError.swift

@@ -38,4 +38,5 @@ public enum WebAuthnError: Error {
 
     case unsupportedCOSEAlgorithm
     case unsupportedCredentialPublicKeyAlgorithm
+    case unsupportedAttestationFormat
 }

Sources/WebAuthn/WebAuthnManager.swift

@@ -84,8 +84,6 @@ public struct WebAuthnManager {
         let credentialPublicKey = try CredentialPublicKey(fromPublicKeyBytes: attestedData.publicKey)
         try credentialPublicKey.verify(supportedPublicKeyAlgorithms: supportedPublicKeyAlgorithms)
 
-        // TODO: Verify attStmt
-
         return Credential(
             id: attestedData.credentialID.base64URLEncodedString(),
             publicKey: attestedData.publicKey,