forked from go-webauthn/webauthn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
credential.go
77 lines (63 loc) · 2.98 KB
/
credential.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package webauthn
import (
"github.com/flaviup/webauthn/protocol"
)
// Credential contains all needed information about a WebAuthn credential for storage.
type Credential struct {
// A probabilistically-unique byte sequence identifying a public key credential source and its authentication assertions.
ID []byte
// The public key portion of a Relying Party-specific credential key pair, generated by an authenticator and returned to
// a Relying Party at registration time (see also public key credential). The private key portion of the credential key
// pair is known as the credential private key. Note that in the case of self attestation, the credential key pair is also
// used as the attestation key pair, see self attestation for details.
PublicKey []byte
// The attestation format used (if any) by the authenticator when creating the credential.
AttestationType string
// The transport types the authenticator supports.
Transport []protocol.AuthenticatorTransport
// The commonly stored flags.
Flags CredentialFlags
// The Authenticator information for a given certificate.
Authenticator Authenticator
}
type CredentialFlags struct {
// Flag UP indicates the users presence.
UserPresent bool
// Flag UV indicates the user performed verification.
UserVerified bool
// Flag BE indicates the credential is able to be backed up and/or sync'd between devices. This should NEVER change.
BackupEligible bool
// Flag BS indicates the credential has been backed up and/or sync'd. This value can change but it's recommended
// that RP's keep track of this value.
BackupState bool
}
// Descriptor converts a Credential into a protocol.CredentialDescriptor.
func (c Credential) Descriptor() (descriptor protocol.CredentialDescriptor) {
return protocol.CredentialDescriptor{
Type: protocol.PublicKeyCredentialType,
CredentialID: c.ID,
Transport: c.Transport,
AttestationType: c.AttestationType,
}
}
// MakeNewCredential will return a credential pointer on successful validation of a registration response.
func MakeNewCredential(c *protocol.ParsedCredentialCreationData) (*Credential, error) {
newCredential := &Credential{
ID: c.Response.AttestationObject.AuthData.AttData.CredentialID,
PublicKey: c.Response.AttestationObject.AuthData.AttData.CredentialPublicKey,
AttestationType: c.Response.AttestationObject.Format,
Transport: c.Response.Transports,
Flags: CredentialFlags{
UserPresent: c.Response.AttestationObject.AuthData.Flags.HasUserPresent(),
UserVerified: c.Response.AttestationObject.AuthData.Flags.HasUserVerified(),
BackupEligible: c.Response.AttestationObject.AuthData.Flags.HasBackupEligible(),
BackupState: c.Response.AttestationObject.AuthData.Flags.HasBackupState(),
},
Authenticator: Authenticator{
AAGUID: c.Response.AttestationObject.AuthData.AttData.AAGUID,
SignCount: c.Response.AttestationObject.AuthData.Counter,
Attachment: c.AuthenticatorAttachment,
},
}
return newCredential, nil
}