web_authn 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/VERSION +1 -1
- data/lib/web_authn/authenticator_data.rb +5 -3
- data/lib/web_authn/context/authentication.rb +15 -10
- data/lib/web_authn/context/registration.rb +8 -0
- data/lib/web_authn/context.rb +6 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f927ccba375bfe84ed554363fbfed46e00de82ec
|
4
|
+
data.tar.gz: 1bd39fa9d390134bb1e454de1c416d42b48bce02
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 89142065e44b732f310c51405b50b93fbb22b5399897aee01e0912ea7b1ebf8612bae025e85703dbbc49ac29fc93fdfd74c1961178cb18dad08050389be9eaa1
|
7
|
+
data.tar.gz: 68277376ecc0fe3b03ed44b898e66235727381837d2ec001788555d18669229b94f98d99feb3822b5b839faf9e9ee575a3097fb910343526d1dbf49617d8e1d3
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.6
|
@@ -1,15 +1,16 @@
|
|
1
1
|
module WebAuthn
|
2
2
|
class AuthenticatorData
|
3
|
-
attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data
|
3
|
+
attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data, :raw
|
4
4
|
|
5
5
|
%i(credential_id public_key).each do |method|
|
6
6
|
delegate method, to: :attested_credential_data, allow_nil: true
|
7
7
|
end
|
8
8
|
|
9
|
-
def initialize(rp_id_hash:, flags:, sign_count:, attested_credential_data: nil)
|
9
|
+
def initialize(rp_id_hash:, flags:, sign_count:, raw:, attested_credential_data: nil)
|
10
10
|
self.rp_id_hash = rp_id_hash
|
11
11
|
self.flags = flags
|
12
12
|
self.sign_count = sign_count
|
13
|
+
self.raw = raw
|
13
14
|
self.attested_credential_data = attested_credential_data
|
14
15
|
end
|
15
16
|
|
@@ -37,7 +38,8 @@ module WebAuthn
|
|
37
38
|
rp_id_hash: Base64.urlsafe_encode64(rp_id_hash, padding: false),
|
38
39
|
flags: flags,
|
39
40
|
sign_count: sign_count.unpack('N1').first,
|
40
|
-
attested_credential_data: attested_credential_data
|
41
|
+
attested_credential_data: attested_credential_data,
|
42
|
+
raw: auth_data
|
41
43
|
)
|
42
44
|
end
|
43
45
|
end
|
@@ -13,31 +13,36 @@ module WebAuthn
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def verify!(encoded_authenticator_data, public_key:, sign_count:, signature:)
|
16
|
-
raw_authenticator_data = Base64.urlsafe_decode64 encoded_authenticator_data
|
17
16
|
self.authenticator_data = AuthenticatorData.decode(
|
18
|
-
|
17
|
+
Base64.urlsafe_decode64 encoded_authenticator_data
|
19
18
|
)
|
20
|
-
|
21
|
-
|
19
|
+
verify_flags!
|
20
|
+
verify_sign_count!(sign_count)
|
21
|
+
verify_signature!(public_key, signature)
|
22
22
|
self
|
23
23
|
end
|
24
24
|
|
25
25
|
private
|
26
26
|
|
27
|
-
def
|
28
|
-
|
27
|
+
def verify_flags!
|
28
|
+
super
|
29
|
+
raise InvalidAssertion, 'Unexpected Flag: "at"' if flags.at?
|
30
|
+
end
|
31
|
+
|
32
|
+
def verify_sign_count!(before)
|
33
|
+
if before == 0 && sign_count == 0
|
29
34
|
self # NOTE: no counter supported on the authenticator
|
30
|
-
elsif before <
|
35
|
+
elsif before < sign_count
|
31
36
|
self
|
32
37
|
else
|
33
38
|
raise InvalidAssertion, 'Invalid Sign Count'
|
34
39
|
end
|
35
40
|
end
|
36
41
|
|
37
|
-
def verify_signature!(
|
42
|
+
def verify_signature!(public_key, signature)
|
38
43
|
signature_base_string = [
|
39
|
-
|
40
|
-
OpenSSL::Digest::SHA256.digest(
|
44
|
+
authenticator_data.raw,
|
45
|
+
OpenSSL::Digest::SHA256.digest(client_data_json.raw)
|
41
46
|
].join
|
42
47
|
result = public_key.verify(
|
43
48
|
OpenSSL::Digest::SHA256.new,
|
@@ -16,8 +16,16 @@ module WebAuthn
|
|
16
16
|
self.attestation_object = AttestationObject.decode(
|
17
17
|
encoded_attestation_object
|
18
18
|
)
|
19
|
+
verify_flags!
|
19
20
|
self
|
20
21
|
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
def verify_flags!
|
26
|
+
super
|
27
|
+
raise InvalidAssertion, 'Missing Flag: "at"' unless flags.at?
|
28
|
+
end
|
21
29
|
end
|
22
30
|
end
|
23
31
|
end
|
data/lib/web_authn/context.rb
CHANGED
@@ -24,6 +24,12 @@ module WebAuthn
|
|
24
24
|
false
|
25
25
|
end
|
26
26
|
|
27
|
+
def verify_flags!
|
28
|
+
unless flags.uv? || flags.up?
|
29
|
+
raise InvalidAssertion, 'Missing Flag: uv" nor "up"'
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
27
33
|
class << self
|
28
34
|
def for(encoded_client_data_json, origin:, challenge:)
|
29
35
|
client_data_json = ClientDataJSON.decode encoded_client_data_json
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: web_authn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
@@ -162,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
162
162
|
version: '0'
|
163
163
|
requirements: []
|
164
164
|
rubyforge_project:
|
165
|
-
rubygems_version: 2.
|
165
|
+
rubygems_version: 2.6.11
|
166
166
|
signing_key:
|
167
167
|
specification_version: 4
|
168
168
|
summary: W3C WebAuthn (a.k.a. FIDO2) RP library in Ruby
|