Cleanup base64 conversions

Add EncodedBase64.urlEncoded
Add EncodedBase64.decoded
Add URLEncodedBase64.urlDecoded

Author: adam-fowler

Sources/WebAuthn/Ceremonies/Registration/AuthenticatorAttestationResponse.swift

@@ -28,14 +28,14 @@ struct ParsedAuthenticatorAttestationResponse {
 
     init(from rawResponse: AuthenticatorAttestationResponse) throws {
         // assembling clientData
-        guard let clientDataJSONData = rawResponse.clientDataJSON.base64URLDecodedData else {
+        guard let clientDataJSONData = rawResponse.clientDataJSON.urlDecoded.decoded else {
             throw WebAuthnError.invalidClientDataJSON
         }
         let clientData = try JSONDecoder().decode(CollectedClientData.self, from: clientDataJSONData)
         self.clientData = clientData
 
         // Step 11. (assembling attestationObject)
-        guard let attestationObjectData = rawResponse.attestationObject.base64URLDecodedData,
+        guard let attestationObjectData = rawResponse.attestationObject.urlDecoded.decoded,
             let decodedAttestationObject = try CBOR.decode([UInt8](attestationObjectData)) else {
             throw WebAuthnError.invalidAttestationObject
         }

Sources/WebAuthn/Ceremonies/Registration/RegistrationCredential.swift

@@ -44,7 +44,7 @@ struct ParsedCredentialCreationResponse {
     init(from rawResponse: RegistrationCredential) throws {
         id = rawResponse.id
 
-        guard let decodedRawID = rawResponse.rawID.base64URLDecodedData else {
+        guard let decodedRawID = rawResponse.rawID.urlDecoded.decoded else {
             throw WebAuthnError.invalidRawID
         }
         rawID = decodedRawID
@@ -72,7 +72,7 @@ struct ParsedCredentialCreationResponse {
         )
 
         // Step 10.
-        guard let clientData = raw.clientDataJSON.string.data(using: .utf8) else {
+        guard let clientData = raw.clientDataJSON.asData() else {
             throw WebAuthnError.invalidClientDataJSON
         }
         let hash = SHA256.hash(data: clientData)

Sources/WebAuthn/Helpers/Base64Utilities.swift

@@ -15,12 +15,12 @@
 import Foundation
 import Logging
 
-/// Container for URL encoded base64 data
-public struct URLEncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
-    let string: String
+/// Container for base64 encoded data
+public struct EncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
+    private let base64: String
 
     public init(_ string: String) {
-        self.string = string
+        self.base64 = string
     }
 
     public init(stringLiteral value: StringLiteralType) {
@@ -29,21 +29,45 @@ public struct URLEncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
 
     public init(from decoder: Decoder) throws {
         let container = try decoder.singleValueContainer()
-        self.string = try container.decode(String.self)
+        self.base64 = try container.decode(String.self)
     }
 
     public func encode(to encoder: Encoder) throws {
         var container = encoder.singleValueContainer()
-        try container.encode(self.string)
+        try container.encode(self.base64)
+    }
+
+    /// Return as URL encoded base64
+    public var urlEncoded: URLEncodedBase64 {
+        return .init(
+            self.base64.replacingOccurrences(of: "+", with: "-")
+                .replacingOccurrences(of: "/", with: "_")
+                .replacingOccurrences(of: "=", with: "")
+        )
+    }
+
+    /// Return base64 decoded data
+    public var decoded: Data? {
+        return Data(base64Encoded: self.base64)
+    }
+
+    /// return Base64 data as a String
+    public func asString() -> String {
+        return self.base64
+    }
+
+    /// return Base64 data as Data
+    public func asData() -> Data? {
+        return self.base64.data(using: .utf8)
     }
 }
 
-/// Container for base64 encoded data
-public struct EncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
-    let string: String
+/// Container for URL encoded base64 data
+public struct URLEncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
+    let base64: String
 
     public init(_ string: String) {
-        self.string = string
+        self.base64 = string
     }
 
     public init(stringLiteral value: StringLiteralType) {
@@ -52,24 +76,40 @@ public struct EncodedBase64: ExpressibleByStringLiteral, Codable, Hashable {
 
     public init(from decoder: Decoder) throws {
         let container = try decoder.singleValueContainer()
-        self.string = try container.decode(String.self)
+        self.base64 = try container.decode(String.self)
     }
 
     public func encode(to encoder: Encoder) throws {
         var container = encoder.singleValueContainer()
-        try container.encode(self.string)
+        try container.encode(self.base64)
+    }
+
+    /// Return URL decoded Base64 data
+    public var urlDecoded: EncodedBase64 {
+        var result = self.base64.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
+        while result.count % 4 != 0 {
+            result = result.appending("=")
+        }
+        return .init(result)
     }
-}
 
-//public typealias URLEncodedBase64 = String
-//public typealias EncodedBase64 = String
+    /// return Base64 data as a String
+    public func asString() -> String {
+        return self.base64
+    }
+
+    /// return Base64 data as Data
+    public func asData() -> Data? {
+        return self.base64.data(using: .utf8)
+    }
+}
 
 extension Array where Element == UInt8 {
     /// Encodes an array of bytes into a base64url-encoded string
     /// - Returns: A base64url-encoded string
     public func base64URLEncodedString() -> URLEncodedBase64 {
         let base64String = Data(bytes: self, count: self.count).base64EncodedString()
-        return String.base64URL(fromBase64: .init(base64String))
+        return EncodedBase64(base64String).urlEncoded
     }
 
     /// Encodes an array of bytes into a base64 string
@@ -88,33 +128,7 @@ extension Data {
 }
 
 extension String {
-    /// Decode a base64url-encoded `String` to a base64 `String`
-    /// - Returns: A base64-encoded `String`
-    public static func base64(fromBase64URLEncoded base64URLEncoded: URLEncodedBase64) -> EncodedBase64 {
-        return .init(
-            base64URLEncoded.string.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
-        )
-    }
-
-    public static func base64URL(fromBase64 base64Encoded: EncodedBase64) -> URLEncodedBase64 {
-        return .init(
-            base64Encoded.string.replacingOccurrences(of: "+", with: "-")
-                .replacingOccurrences(of: "/", with: "_")
-                .replacingOccurrences(of: "=", with: "")
-        )
-    }
-
     func toBase64() -> EncodedBase64 {
         return .init(Data(self.utf8).base64EncodedString())
     }
 }
-
-extension URLEncodedBase64 {
-    public var base64URLDecodedData: Data? {
-        var result = self.string.replacingOccurrences(of: "-", with: "+").replacingOccurrences(of: "_", with: "/")
-        while result.count % 4 != 0 {
-            result = result.appending("=")
-        }
-        return Data(base64Encoded: result)
-    }
-}

Sources/WebAuthn/WebAuthnManager.swift

@@ -67,7 +67,7 @@ public struct WebAuthnManager {
         // Step 3. - 16.
         let parsedData = try ParsedCredentialCreationResponse(from: credentialCreationData)
         try parsedData.verify(
-            storedChallenge: String.base64URL(fromBase64: challenge),
+            storedChallenge: challenge.urlEncoded,
             verifyUser: requireUserVerification,
             relyingPartyID: config.relyingPartyID,
             relyingPartyOrigin: config.relyingPartyOrigin
@@ -136,7 +136,7 @@ public struct WebAuthnManager {
 
         let response = credential.response
 
-        guard let clientDataData = response.clientDataJSON.base64URLDecodedData else {
+        guard let clientDataData = response.clientDataJSON.urlDecoded.decoded else {
             throw WebAuthnError.invalidClientDataJSON
         }
         let clientData = try JSONDecoder().decode(CollectedClientData.self, from: clientDataData)
@@ -147,7 +147,7 @@ public struct WebAuthnManager {
         )
         // TODO: - Verify token binding
 
-        guard let authenticatorDataBytes = response.authenticatorData.base64URLDecodedData else {
+        guard let authenticatorDataBytes = response.authenticatorData.urlDecoded.decoded else {
             throw WebAuthnError.invalidAuthenticatorData
         }
         let authenticatorData = try AuthenticatorData(bytes: authenticatorDataBytes)
@@ -175,7 +175,7 @@ public struct WebAuthnManager {
         let signatureBase = authenticatorDataBytes + clientDataHash
 
         let credentialPublicKey = try CredentialPublicKey(publicKeyBytes: credentialPublicKey)
-        guard let signatureData = response.signature.base64URLDecodedData else { throw WebAuthnError.invalidSignature }
+        guard let signatureData = response.signature.urlDecoded.decoded else { throw WebAuthnError.invalidSignature }
         try credentialPublicKey.verify(signature: signatureData, data: signatureBase)
 
         return VerifiedAuthentication(

Tests/WebAuthnTests/HelpersTests.swift

@@ -11,8 +11,8 @@ final class HelpersTests: XCTestCase {
         let base64Encoded = input.base64EncodedString()
         let base64URLEncoded = input.base64URLEncodedString()
 
-        XCTAssertEqual(expectedBase64, base64Encoded.string)
-        XCTAssertEqual(expectedBase64URL, base64URLEncoded.string)
+        XCTAssertEqual(expectedBase64, base64Encoded.asString())
+        XCTAssertEqual(expectedBase64URL, base64URLEncoded.asString())
     }
 
     func testEncodeBase64Codable() throws {

Tests/WebAuthnTests/WebAuthnManagerTests.swift

@@ -49,7 +49,7 @@ final class WebAuthnManagerTests: XCTestCase {
         XCTAssertEqual(options.relyingParty.id, relyingPartyID)
         XCTAssertEqual(options.relyingParty.name, relyingPartyDisplayName)
         XCTAssertEqual(options.timeout, timeout)
-        XCTAssertEqual(options.user.id, user.userID.toBase64().string)
+        XCTAssertEqual(options.user.id, user.userID.toBase64().asString())
         XCTAssertEqual(options.user.displayName, user.displayName)
         XCTAssertEqual(options.user.name, user.name)
         XCTAssertEqual(options.publicKeyCredentialParameters, [publicKeyCredentialParameter])
@@ -211,31 +211,31 @@ final class WebAuthnManagerTests: XCTestCase {
     }
 
     func testFinishRegistrationFailsIfCeremonyTypeDoesNotMatch() async throws {
-        let clientDataJSONWrongCeremonyType = String.base64URL(fromBase64: """
+        let clientDataJSONWrongCeremonyType = """
         {
             "type": "webauthn.get",
             "challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
             "origin": "http://localhost:8080",
             "crossOrigin": false,
             "other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
         }
-        """.toBase64())
+        """.toBase64().urlEncoded
         try await assertThrowsError(
             await finishRegistration(clientDataJSON: clientDataJSONWrongCeremonyType),
             expect: CollectedClientData.CollectedClientDataVerifyError.ceremonyTypeDoesNotMatch
         )
     }
 
     func testFinishRegistrationFailsIfChallengeDoesNotMatch() async throws {
-        let clientDataJSONWrongChallenge = String.base64URL(fromBase64: """
+        let clientDataJSONWrongChallenge = """
         {
             "type": "webauthn.create",
             "challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
             "origin": "http://localhost:8080",
             "crossOrigin": false,
             "other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
         }
-        """.toBase64())
+        """.toBase64().urlEncoded
         try await assertThrowsError(
             await finishRegistration(
                 challenge: "definitelyAnotherChallenge",
@@ -246,15 +246,15 @@ final class WebAuthnManagerTests: XCTestCase {
     }
 
     func testFinishRegistrationFailsIfOriginDoesNotMatch() async throws {
-        let clientDataJSONWrongOrigin: URLEncodedBase64 = String.base64URL(fromBase64: """
+        let clientDataJSONWrongOrigin: URLEncodedBase64 = """
         {
             "type": "webauthn.create",
             "challenge": "cmFuZG9tU3RyaW5nRnJvbVNlcnZlcg",
             "origin": "http://johndoe.com",
             "crossOrigin": false,
             "other_keys_can_be_added_here": "do not compare clientDataJSON against a template. See https://goo.gl/yabPex"
         }
-        """.toBase64())
+        """.toBase64().urlEncoded
         // `webAuthnManager` is configured with origin = https://example.com
         try await assertThrowsError(
             await finishRegistration(
@@ -340,7 +340,7 @@ final class WebAuthnManagerTests: XCTestCase {
 
     func testFinishRegistrationFailsIfRawIDIsTooLong() async throws {
         try await assertThrowsError(
-            await finishRegistration(rawID: String.base64URL(fromBase64: [UInt8](repeating: 0, count: 1024).base64EncodedString())),
+            await finishRegistration(rawID: [UInt8](repeating: 0, count: 1024).base64EncodedString().urlEncoded),
             expect: WebAuthnError.credentialRawIDTooLong
         )
     }