webauthn 1.5.0 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.rspec +0 -1
- data/CHANGELOG.md +7 -0
- data/lib/webauthn/fake_authenticator.rb +156 -0
- data/lib/webauthn/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 25e0a04470e52f5f6640aacc66c9653792ea8b5dc9fc7639d6d876b0fdd8921a
|
|
4
|
+
data.tar.gz: 4291b2831b3cee590445af283f7979b98d0da02950e5ffd161f14aad9754b4e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3681ac63ac7bab1629e23010e93641fc3f522ada0ee2b5259f933465bb3dd6b8bdfa4b726bb803759fbb452e137c6624bad4bd52b4e86c31f9fd789edde6537c
|
|
7
|
+
data.tar.gz: bf4aa5c49e3421b7f112de0ce638d0fe18465040ebf258e51b12c7d379ba624e2f72d3ad4400cf1f782e440a6605f60180622be8a01c74b3ab8658f16293152f
|
data/.rspec
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [v1.6.0] - 2018-11-01
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
|
|
7
|
+
- `FakeAuthenticator` object is now exposed to help you test your WebAuthn implementation
|
|
8
|
+
|
|
3
9
|
## [v1.5.0] - 2018-10-23
|
|
4
10
|
|
|
5
11
|
### Added
|
|
@@ -91,6 +97,7 @@ Note: Both additions should help making it compatible with Chrome for Android 70
|
|
|
91
97
|
- `WebAuthn::AuthenticatorAttestationResponse.valid?` can be used to validate fido-u2f attestations returned by the browser
|
|
92
98
|
- Works with ruby 2.5
|
|
93
99
|
|
|
100
|
+
[v1.6.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.5.0...v1.6.0/
|
|
94
101
|
[v1.5.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.4.0...v1.5.0/
|
|
95
102
|
[v1.4.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.3.0...v1.4.0/
|
|
96
103
|
[v1.3.0]: https://github.com/cedarcode/webauthn-ruby/compare/v1.2.0...v1.3.0/
|
|
@@ -0,0 +1,156 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require "cbor"
|
|
4
|
+
require "openssl"
|
|
5
|
+
require "securerandom"
|
|
6
|
+
|
|
7
|
+
module WebAuthn
|
|
8
|
+
class FakeAuthenticator
|
|
9
|
+
class Base
|
|
10
|
+
def initialize(challenge: fake_challenge, rp_id: "localhost", sign_count: 0, context: {})
|
|
11
|
+
@challenge = challenge
|
|
12
|
+
@rp_id = rp_id
|
|
13
|
+
@sign_count = sign_count
|
|
14
|
+
@context = context
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def authenticator_data
|
|
18
|
+
@authenticator_data ||= rp_id_hash + raw_flags + raw_sign_count + attested_credential_data
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def client_data_json
|
|
22
|
+
@client_data_json ||= { challenge: encode(challenge), origin: origin, type: type }.to_json
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def credential_key
|
|
26
|
+
@credential_key ||= OpenSSL::PKey::EC.new("prime256v1").generate_key
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def credential_id
|
|
30
|
+
@credential_id ||= SecureRandom.random_bytes(16)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def rp_id_hash
|
|
34
|
+
OpenSSL::Digest::SHA256.digest(rp_id)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
private
|
|
38
|
+
|
|
39
|
+
attr_reader :challenge, :context, :rp_id
|
|
40
|
+
|
|
41
|
+
def raw_flags
|
|
42
|
+
["#{bit(:user_present)}0#{bit(:user_verified)}000#{attested_credential_data_present_bit}0"].pack("b*")
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def attested_credential_data_present_bit
|
|
46
|
+
if attested_credential_data.empty?
|
|
47
|
+
"0"
|
|
48
|
+
else
|
|
49
|
+
"1"
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def attested_credential_data
|
|
54
|
+
""
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def raw_sign_count
|
|
58
|
+
[@sign_count].pack('L>')
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def bit(flag)
|
|
62
|
+
if context[flag].nil? || context[flag]
|
|
63
|
+
"1"
|
|
64
|
+
else
|
|
65
|
+
"0"
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def origin
|
|
70
|
+
@origin ||= context[:origin] || fake_origin
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def encode(bytes)
|
|
74
|
+
Base64.urlsafe_encode64(bytes, padding: false)
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
def fake_challenge
|
|
78
|
+
SecureRandom.random_bytes(32)
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def fake_origin
|
|
82
|
+
"http://localhost"
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
class Create < Base
|
|
87
|
+
def attestation_object
|
|
88
|
+
CBOR.encode(
|
|
89
|
+
"fmt" => "none",
|
|
90
|
+
"attStmt" => {},
|
|
91
|
+
"authData" => authenticator_data
|
|
92
|
+
)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
private
|
|
96
|
+
|
|
97
|
+
def attested_credential_data
|
|
98
|
+
aaguid + [credential_id.length].pack("n*") + credential_id + cose_credential_public_key
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
def aaguid
|
|
102
|
+
@aaguid ||= SecureRandom.random_bytes(16)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def cose_credential_public_key
|
|
106
|
+
fake_cose_credential_key(
|
|
107
|
+
x_coordinate: key_bytes(credential_key.public_key)[1..32],
|
|
108
|
+
y_coordinate: key_bytes(credential_key.public_key)[33..64]
|
|
109
|
+
)
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
def type
|
|
113
|
+
"webauthn.create"
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
def fake_cose_credential_key(algorithm: nil, x_coordinate: nil, y_coordinate: nil)
|
|
117
|
+
kty_label = 1
|
|
118
|
+
alg_label = 3
|
|
119
|
+
crv_label = -1
|
|
120
|
+
x_label = -2
|
|
121
|
+
y_label = -3
|
|
122
|
+
|
|
123
|
+
kty_ec2 = 2
|
|
124
|
+
alg_es256 = -7
|
|
125
|
+
crv_p256 = 1
|
|
126
|
+
|
|
127
|
+
CBOR.encode(
|
|
128
|
+
kty_label => kty_ec2,
|
|
129
|
+
alg_label => algorithm || alg_es256,
|
|
130
|
+
crv_label => crv_p256,
|
|
131
|
+
x_label => x_coordinate || SecureRandom.random_bytes(32),
|
|
132
|
+
y_label => y_coordinate || SecureRandom.random_bytes(32)
|
|
133
|
+
)
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def key_bytes(public_key)
|
|
137
|
+
public_key.to_bn.to_s(2)
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
class Get < Base
|
|
142
|
+
def signature
|
|
143
|
+
@signature ||= credential_key.sign(
|
|
144
|
+
"SHA256",
|
|
145
|
+
authenticator_data + OpenSSL::Digest::SHA256.digest(client_data_json)
|
|
146
|
+
)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
private
|
|
150
|
+
|
|
151
|
+
def type
|
|
152
|
+
"webauthn.get"
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
end
|
|
156
|
+
end
|
data/lib/webauthn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: webauthn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gonzalo Rodriguez
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-
|
|
12
|
+
date: 2018-11-01 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: cbor
|
|
@@ -177,6 +177,7 @@ files:
|
|
|
177
177
|
- lib/webauthn/authenticator_data/attested_credential_data/public_key_u2f.rb
|
|
178
178
|
- lib/webauthn/authenticator_response.rb
|
|
179
179
|
- lib/webauthn/client_data.rb
|
|
180
|
+
- lib/webauthn/fake_authenticator.rb
|
|
180
181
|
- lib/webauthn/version.rb
|
|
181
182
|
- webauthn.gemspec
|
|
182
183
|
homepage: https://github.com/cedarcode/webauthn-ruby
|
|
@@ -202,7 +203,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
202
203
|
version: '0'
|
|
203
204
|
requirements: []
|
|
204
205
|
rubyforge_project:
|
|
205
|
-
rubygems_version: 2.
|
|
206
|
+
rubygems_version: 2.7.6
|
|
206
207
|
signing_key:
|
|
207
208
|
specification_version: 4
|
|
208
209
|
summary: WebAuthn in ruby ― Ruby implementation of a WebAuthn Relying Party
|