github.com/greenpau/go-authcrunch@v1.1.4/pkg/identity/webauthn.go

github.com/greenpau/go-authcrunch@v1.1.4/pkg/identity/webauthn.go (about)

     1  // Copyright 2022 Paul Greenberg greenpau@outlook.com
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package identity
    16  
    17  import (
    18  	"encoding/base64"
    19  	"encoding/json"
    20  	"github.com/greenpau/go-authcrunch/pkg/errors"
    21  )
    22  
    23  // WebAuthnAuthenticateRequest represents Webauthn Authentication request.
    24  type WebAuthnAuthenticateRequest struct {
    25  	ID                string      `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
    26  	Type              string      `json:"type,omitempty" xml:"type,omitempty" yaml:"type,omitempty"`
    27  	AuthData          *AuthData   `json:"auth_data,omitempty" xml:"auth_data,omitempty" yaml:"auth_data,omitempty"`
    28  	AuthDataEncoded   string      `json:"auth_data_encoded,omitempty" xml:"auth_data_encoded,omitempty" yaml:"auth_data_encoded,omitempty"`
    29  	ClientData        *ClientData `json:"client_data,omitempty" xml:"client_data,omitempty" yaml:"client_data,omitempty"`
    30  	ClientDataEncoded string      `json:"client_data_encoded,omitempty" xml:"client_data_encoded,omitempty" yaml:"client_data_encoded,omitempty"`
    31  	Signature         string      `json:"signature,omitempty" xml:"signature,omitempty" yaml:"signature,omitempty"`
    32  	SignatureEncoded  string      `json:"signature_encoded,omitempty" xml:"signature_encoded,omitempty" yaml:"signature_encoded,omitempty"`
    33  	clientDataBytes   []byte
    34  	signatureBytes    []byte
    35  	authDataBytes     []byte
    36  }
    37  
    38  // WebAuthnRegisterRequest is Webauthn Register request.
    39  type WebAuthnRegisterRequest struct {
    40  	ID                string             `json:"id,omitempty" xml:"id,omitempty" yaml:"id,omitempty"`
    41  	Type              string             `json:"type,omitempty" xml:"type,omitempty" yaml:"type,omitempty"`
    42  	Transports        []string           `json:"transports,omitempty" xml:"transports,omitempty" yaml:"transports,omitempty"`
    43  	Success           bool               `json:"success,omitempty" xml:"success,omitempty" yaml:"success,omitempty"`
    44  	AttestationObject *AttestationObject `json:"attestationObject,omitempty" xml:"attestationObject,omitempty" yaml:"attestationObject,omitempty"`
    45  	ClientData        *ClientData        `json:"clientData,omitempty" xml:"clientData,omitempty" yaml:"clientData,omitempty"`
    46  	Device            *Device            `json:"device,omitempty" xml:"device,omitempty" yaml:"device,omitempty"`
    47  }
    48  
    49  // AttestationObject is Webauthn AttestationObject.
    50  type AttestationObject struct {
    51  	AttestationStatement *AttestationStatement `json:"attStmt,omitempty" xml:"attStmt,omitempty" yaml:"attStmt,omitempty"`
    52  	AuthData             *AuthData             `json:"authData,omitempty" xml:"authData,omitempty" yaml:"authData,omitempty"`
    53  	Format               string                `json:"fmt,omitempty" xml:"fmt,omitempty" yaml:"fmt,omitempty"`
    54  }
    55  
    56  // AttestationStatement is AttestationStatement of the Webauthn AttestationObject.
    57  type AttestationStatement struct {
    58  	Algorithm int64  `json:"alg,omitempty" xml:"alg,omitempty" yaml:"alg,omitempty"`
    59  	Signature string `json:"sig,omitempty" xml:"sig,omitempty" yaml:"sig,omitempty"`
    60  	// The string in the first element of the slice contains the certificate associates
    61  	// with the authenticaing device. The following commands allow the viewing of the
    62  	// cerificate. The Subject contains the serial number associated with the device.
    63  	// 1. `echo -n "base64 encoded value" | base64 -d > key.crt`
    64  	// 2. `openssl x509 -in key.crt -inform der -text`
    65  	Certificates []string `json:"x5c,omitempty" xml:"x5c,omitempty" yaml:"x5c,omitempty"`
    66  }
    67  
    68  // AuthData is AuthData of the Webauthn AttestationObject.
    69  type AuthData struct {
    70  	RelyingPartyID   string          `json:"rpIdHash,omitempty" xml:"rpIdHash,omitempty" yaml:"rpIdHash,omitempty"`
    71  	Flags            map[string]bool `json:"flags,omitempty" xml:"flags,omitempty" yaml:"flags,omitempty"`
    72  	SignatureCounter uint32          `json:"signatureCounter,omitempty" xml:"signatureCounter,omitempty" yaml:"signatureCounter,omitempty"`
    73  	Extensions       interface{}     `json:"extensions,omitempty" xml:"extensions,omitempty" yaml:"extensions,omitempty"`
    74  	CredentialData   *CredentialData `json:"credentialData,omitempty" xml:"credentialData,omitempty" yaml:"credentialData,omitempty"`
    75  }
    76  
    77  // CredentialData is attested credential data. It is a variable-length byte array
    78  // added to the authenticator data when generating an attestation object for
    79  // a given credential.
    80  type CredentialData struct {
    81  	// The AAGUID of the authenticator.
    82  	AAGUID string `json:"aaguid,omitempty" xml:"aaguid,omitempty" yaml:"aaguid,omitempty"`
    83  	// A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions.
    84  	CredentialID string `json:"credentialId,omitempty" xml:"credentialId,omitempty" yaml:"credentialId,omitempty"`
    85  	// The credential public key encoded in COSE Key format
    86  	PublicKey map[string]interface{} `json:"publicKey,omitempty" xml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
    87  }
    88  
    89  // ClientData represents the contextual bindings of both the WebAuthn Relying Party and the client.
    90  // It is a key-value mapping whose keys are strings. Values can be any type that has a valid
    91  // encoding in JSON. Its structure is defined by the following Web IDL.
    92  type ClientData struct {
    93  	Challenge   string `json:"challenge,omitempty" xml:"challenge,omitempty" yaml:"challenge,omitempty"`
    94  	CrossOrigin bool   `json:"crossOrigin,omitempty" xml:"crossOrigin,omitempty" yaml:"crossOrigin,omitempty"`
    95  	Origin      string `json:"origin,omitempty" xml:"origin,omitempty" yaml:"origin,omitempty"`
    96  	Type        string `json:"type,omitempty" xml:"type,omitempty" yaml:"type,omitempty"`
    97  }
    98  
    99  // Device is the hardware device on which the WebAuthn Client runs, for example a smartphone, a
   100  // laptop computer or a desktop computer, and the operating system running on that hardware.
   101  type Device struct {
   102  	Name string `json:"name,omitempty" xml:"name,omitempty" yaml:"name,omitempty"`
   103  	Type string `json:"type,omitempty" xml:"type,omitempty" yaml:"type,omitempty"`
   104  }
   105  
   106  func unpackWebAuthnRequest(s string) (*WebAuthnAuthenticateRequest, error) {
   107  	decoded, err := base64.StdEncoding.DecodeString(s)
   108  	if err != nil {
   109  		return nil, errors.ErrWebAuthnParse.WithArgs(err)
   110  	}
   111  	r := &WebAuthnAuthenticateRequest{}
   112  	if err := json.Unmarshal([]byte(decoded), r); err != nil {
   113  		return nil, errors.ErrWebAuthnParse.WithArgs(err)
   114  	}
   115  	return r, nil
   116  }