web_authn 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 784513f8a1a80761ffa9558612eab5eacaef353b57b6776dcb5f0032f4419258
4
- data.tar.gz: a5c88010f0994e656368cc728e1adc275252df6f4e7bbc52ff66f077102789f9
2
+ SHA1:
3
+ metadata.gz: f927ccba375bfe84ed554363fbfed46e00de82ec
4
+ data.tar.gz: 1bd39fa9d390134bb1e454de1c416d42b48bce02
5
5
  SHA512:
6
- metadata.gz: bd1c7a275db5675cc95bb2f3c8bbda9316dbcdd16a4d8c20ba0f1deb6ff2cc9e9f7ccf6227cf8ffe40f6c8e6a0aef59bbb938ab7b9c2986ef8dd126e702cb3bf
7
- data.tar.gz: 10fcb7862d202e0e8b920386d5d07ec444690cd22e8c6a76bbf579d27cea92c0a856ade5d0dee951ebdce8654e7690ac3bccfef7c696f16e7d49377c997ac042
6
+ metadata.gz: 89142065e44b732f310c51405b50b93fbb22b5399897aee01e0912ea7b1ebf8612bae025e85703dbbc49ac29fc93fdfd74c1961178cb18dad08050389be9eaa1
7
+ data.tar.gz: 68277376ecc0fe3b03ed44b898e66235727381837d2ec001788555d18669229b94f98d99feb3822b5b839faf9e9ee575a3097fb910343526d1dbf49617d8e1d3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.5
1
+ 0.0.6
@@ -1,15 +1,16 @@
1
1
  module WebAuthn
2
2
  class AuthenticatorData
3
- attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data
3
+ attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data, :raw
4
4
 
5
5
  %i(credential_id public_key).each do |method|
6
6
  delegate method, to: :attested_credential_data, allow_nil: true
7
7
  end
8
8
 
9
- def initialize(rp_id_hash:, flags:, sign_count:, attested_credential_data: nil)
9
+ def initialize(rp_id_hash:, flags:, sign_count:, raw:, attested_credential_data: nil)
10
10
  self.rp_id_hash = rp_id_hash
11
11
  self.flags = flags
12
12
  self.sign_count = sign_count
13
+ self.raw = raw
13
14
  self.attested_credential_data = attested_credential_data
14
15
  end
15
16
 
@@ -37,7 +38,8 @@ module WebAuthn
37
38
  rp_id_hash: Base64.urlsafe_encode64(rp_id_hash, padding: false),
38
39
  flags: flags,
39
40
  sign_count: sign_count.unpack('N1').first,
40
- attested_credential_data: attested_credential_data
41
+ attested_credential_data: attested_credential_data,
42
+ raw: auth_data
41
43
  )
42
44
  end
43
45
  end
@@ -13,31 +13,36 @@ module WebAuthn
13
13
  end
14
14
 
15
15
  def verify!(encoded_authenticator_data, public_key:, sign_count:, signature:)
16
- raw_authenticator_data = Base64.urlsafe_decode64 encoded_authenticator_data
17
16
  self.authenticator_data = AuthenticatorData.decode(
18
- raw_authenticator_data
17
+ Base64.urlsafe_decode64 encoded_authenticator_data
19
18
  )
20
- verify_sign_count!(sign_count, authenticator_data.sign_count)
21
- verify_signature!(raw_authenticator_data, client_data_json.raw, public_key, signature)
19
+ verify_flags!
20
+ verify_sign_count!(sign_count)
21
+ verify_signature!(public_key, signature)
22
22
  self
23
23
  end
24
24
 
25
25
  private
26
26
 
27
- def verify_sign_count!(before, current)
28
- if before == 0 && current == 0
27
+ def verify_flags!
28
+ super
29
+ raise InvalidAssertion, 'Unexpected Flag: "at"' if flags.at?
30
+ end
31
+
32
+ def verify_sign_count!(before)
33
+ if before == 0 && sign_count == 0
29
34
  self # NOTE: no counter supported on the authenticator
30
- elsif before < current
35
+ elsif before < sign_count
31
36
  self
32
37
  else
33
38
  raise InvalidAssertion, 'Invalid Sign Count'
34
39
  end
35
40
  end
36
41
 
37
- def verify_signature!(raw_authenticator_data, raw_client_data_json, public_key, signature)
42
+ def verify_signature!(public_key, signature)
38
43
  signature_base_string = [
39
- raw_authenticator_data,
40
- OpenSSL::Digest::SHA256.digest(raw_client_data_json)
44
+ authenticator_data.raw,
45
+ OpenSSL::Digest::SHA256.digest(client_data_json.raw)
41
46
  ].join
42
47
  result = public_key.verify(
43
48
  OpenSSL::Digest::SHA256.new,
@@ -16,8 +16,16 @@ module WebAuthn
16
16
  self.attestation_object = AttestationObject.decode(
17
17
  encoded_attestation_object
18
18
  )
19
+ verify_flags!
19
20
  self
20
21
  end
22
+
23
+ private
24
+
25
+ def verify_flags!
26
+ super
27
+ raise InvalidAssertion, 'Missing Flag: "at"' unless flags.at?
28
+ end
21
29
  end
22
30
  end
23
31
  end
@@ -24,6 +24,12 @@ module WebAuthn
24
24
  false
25
25
  end
26
26
 
27
+ def verify_flags!
28
+ unless flags.uv? || flags.up?
29
+ raise InvalidAssertion, 'Missing Flag: uv" nor "up"'
30
+ end
31
+ end
32
+
27
33
  class << self
28
34
  def for(encoded_client_data_json, origin:, challenge:)
29
35
  client_data_json = ClientDataJSON.decode encoded_client_data_json
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web_authn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
@@ -162,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
162
162
  version: '0'
163
163
  requirements: []
164
164
  rubyforge_project:
165
- rubygems_version: 2.7.6
165
+ rubygems_version: 2.6.11
166
166
  signing_key:
167
167
  specification_version: 4
168
168
  summary: W3C WebAuthn (a.k.a. FIDO2) RP library in Ruby