clientDataJSON is Base64URL encoded

0xTim · 0xTim · commit acb7a813397b · 2022-07-25T11:08:40.000+01:00
diff --git a/Sources/WebAuthn/String+Base64URL.swift b/Sources/WebAuthn/String+Base64URL.swift
@@ -0,0 +1,25 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the WebAuthn Swift open source project
+//
+// Copyright (c) 2022 the WebAuthn Swift project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of WebAuthn Swift project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+import Foundation
+
+extension String {
+    var base64URLDecodedData: Data? {
+        var result = self.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
+        while result.count % 4 != 0 {
+            result = result.appending("=")
+        }
+        return Data(base64Encoded: result)
+    }
+}
diff --git a/Sources/WebAuthn/WebAuthn.swift b/Sources/WebAuthn/WebAuthn.swift
@@ -19,7 +19,7 @@ import Foundation
 
 public enum WebAuthn {
     public static func validateAssertion(_ data: AssertionCredential, challengeProvided: String, publicKey: P256.Signing.PublicKey, logger: Logger) throws {
-        guard let clientObjectData = Data(base64Encoded: data.response.clientDataJSON) else {
+        guard let clientObjectData = data.response.clientDataJSON.base64URLDecodedData else {
             throw WebAuthnError.badRequestData
         }
         let clientObject = try JSONDecoder().decode(ClientDataObject.self, from: clientObjectData)
@@ -28,20 +28,12 @@ public enum WebAuthn {
         }
         let clientDataJSONHash = SHA256.hash(data: clientObjectData)
         
-        var base64AssertionString = data.response.authenticatorData.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
-        while base64AssertionString.count % 4 != 0 {
-            base64AssertionString = base64AssertionString.appending("=")
-        }
-        guard let authenticatorData = Data(base64Encoded: base64AssertionString) else {
+        guard let authenticatorData = data.response.authenticatorData.base64URLDecodedData else {
             throw WebAuthnError.badRequestData
         }
         let signedData = authenticatorData + clientDataJSONHash
         
-        var base64SignatureString = data.response.signature.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
-        while base64SignatureString.count % 4 != 0 {
-            base64SignatureString = base64SignatureString.appending("=")
-        }
-        guard let signatureData = Data(base64Encoded: base64SignatureString) else {
+        guard let signatureData = data.response.signature.base64URLDecodedData else {
             throw WebAuthnError.badRequestData
         }
         let signature = try P256.Signing.ECDSASignature(derRepresentation: signatureData)
@@ -51,7 +43,7 @@ public enum WebAuthn {
     }
     
     public static func parseRegisterCredentials(_ data: RegisterWebAuthnCredentialData, challengeProvided: String, origin: String, logger: Logger) throws -> Credential {
-        guard let clientObjectData = Data(base64Encoded: data.response.clientDataJSON) else {
+        guard let clientObjectData = data.response.clientDataJSON.base64URLDecodedData else {
             throw WebAuthnError.badRequestData
         }
         let clientObject = try JSONDecoder().decode(ClientDataObject.self, from: clientObjectData)
@@ -64,11 +56,8 @@ public enum WebAuthn {
         guard origin == clientObject.origin else {
             throw WebAuthnError.validationError
         }
-        var base64AttestationString = data.response.attestationObject.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
-        while base64AttestationString.count % 4 != 0 {
-            base64AttestationString = base64AttestationString.appending("=")
-        }
-        guard let attestationData = Data(base64Encoded: base64AttestationString) else {
+
+        guard let attestationData = data.response.attestationObject.base64URLDecodedData else {
             throw WebAuthnError.badRequestData
         }
         guard let decodedAttestationObject = try CBOR.decode([UInt8](attestationData)) else {
@@ -184,4 +173,4 @@ public enum WebAuthn {
         }
         return credentialsData
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ import Foundation`
`19`	`19`
`20`	`20`	`public enum WebAuthn {`
`21`	`21`	`public static func validateAssertion(_ data: AssertionCredential, challengeProvided: String, publicKey: P256.Signing.PublicKey, logger: Logger) throws {`
`22`		`- guard let clientObjectData = Data(base64Encoded: data.response.clientDataJSON) else {`
	`22`	`+ guard let clientObjectData = data.response.clientDataJSON.base64URLDecodedData else {`
`23`	`23`	`throw WebAuthnError.badRequestData`
`24`	`24`	`}`
`25`	`25`	`let clientObject = try JSONDecoder().decode(ClientDataObject.self, from: clientObjectData)`
`@@ -28,20 +28,12 @@ public enum WebAuthn {`
`28`	`28`	`}`
`29`	`29`	`let clientDataJSONHash = SHA256.hash(data: clientObjectData)`
`30`	`30`
`31`		`- var base64AssertionString = data.response.authenticatorData.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")`
`32`		`- while base64AssertionString.count % 4 != 0 {`
`33`		`- base64AssertionString = base64AssertionString.appending("=")`
`34`		`- }`
`35`		`- guard let authenticatorData = Data(base64Encoded: base64AssertionString) else {`
	`31`	`+ guard let authenticatorData = data.response.authenticatorData.base64URLDecodedData else {`
`36`	`32`	`throw WebAuthnError.badRequestData`
`37`	`33`	`}`
`38`	`34`	`let signedData = authenticatorData + clientDataJSONHash`
`39`	`35`
`40`		`- var base64SignatureString = data.response.signature.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")`
`41`		`- while base64SignatureString.count % 4 != 0 {`
`42`		`- base64SignatureString = base64SignatureString.appending("=")`
`43`		`- }`
`44`		`- guard let signatureData = Data(base64Encoded: base64SignatureString) else {`
	`36`	`+ guard let signatureData = data.response.signature.base64URLDecodedData else {`
`45`	`37`	`throw WebAuthnError.badRequestData`
`46`	`38`	`}`
`47`	`39`	`let signature = try P256.Signing.ECDSASignature(derRepresentation: signatureData)`
`@@ -51,7 +43,7 @@ public enum WebAuthn {`
`51`	`43`	`}`
`52`	`44`
`53`	`45`	`public static func parseRegisterCredentials(_ data: RegisterWebAuthnCredentialData, challengeProvided: String, origin: String, logger: Logger) throws -> Credential {`
`54`		`- guard let clientObjectData = Data(base64Encoded: data.response.clientDataJSON) else {`
	`46`	`+ guard let clientObjectData = data.response.clientDataJSON.base64URLDecodedData else {`
`55`	`47`	`throw WebAuthnError.badRequestData`
`56`	`48`	`}`
`57`	`49`	`let clientObject = try JSONDecoder().decode(ClientDataObject.self, from: clientObjectData)`
`@@ -64,11 +56,8 @@ public enum WebAuthn {`
`64`	`56`	`guard origin == clientObject.origin else {`
`65`	`57`	`throw WebAuthnError.validationError`
`66`	`58`	`}`
`67`		`- var base64AttestationString = data.response.attestationObject.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")`
`68`		`- while base64AttestationString.count % 4 != 0 {`
`69`		`- base64AttestationString = base64AttestationString.appending("=")`
`70`		`- }`
`71`		`- guard let attestationData = Data(base64Encoded: base64AttestationString) else {`
	`59`	`+`
	`60`	`+ guard let attestationData = data.response.attestationObject.base64URLDecodedData else {`
`72`	`61`	`throw WebAuthnError.badRequestData`
`73`	`62`	`}`
`74`	`63`	`guard let decodedAttestationObject = try CBOR.decode([UInt8](attestationData)) else {`
`@@ -184,4 +173,4 @@ public enum WebAuthn {`
`184`	`173`	`}`
`185`	`174`	`return credentialsData`
`186`	`175`	`}`
`187`		`-}`
	`176`	`+}`