-
Notifications
You must be signed in to change notification settings - Fork 280
/
device_type.go
76 lines (69 loc) · 2.49 KB
/
device_type.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
package webauthnutil
import (
"context"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/proto"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/grpc/databroker"
"github.com/pomerium/pomerium/pkg/grpc/device"
"github.com/pomerium/webauthn/cose"
)
// DefaultDeviceType is the default device type when none is specified.
const DefaultDeviceType = urlutil.DefaultDeviceType
var supportedPublicKeyCredentialParameters = []*device.WebAuthnOptions_PublicKeyCredentialParameters{
{Type: device.WebAuthnOptions_PUBLIC_KEY, Alg: int64(cose.AlgorithmES256)},
{Type: device.WebAuthnOptions_PUBLIC_KEY, Alg: int64(cose.AlgorithmRS256)},
{Type: device.WebAuthnOptions_PUBLIC_KEY, Alg: int64(cose.AlgorithmRS1)},
}
var predefinedDeviceTypes = map[string]*device.Type{
"any": {
Id: "any",
Name: "Any",
Specifier: &device.Type_Webauthn{
Webauthn: &device.Type_WebAuthn{
Options: &device.WebAuthnOptions{
Attestation: device.WebAuthnOptions_DIRECT.Enum(),
AuthenticatorSelection: &device.WebAuthnOptions_AuthenticatorSelectionCriteria{
UserVerification: device.WebAuthnOptions_USER_VERIFICATION_PREFERRED.Enum(),
},
PubKeyCredParams: supportedPublicKeyCredentialParameters,
},
},
},
},
"enclave_only": {
Id: "enclave_only",
Name: "Secure Enclave Only",
Specifier: &device.Type_Webauthn{
Webauthn: &device.Type_WebAuthn{
Options: &device.WebAuthnOptions{
Attestation: device.WebAuthnOptions_DIRECT.Enum(),
AuthenticatorSelection: &device.WebAuthnOptions_AuthenticatorSelectionCriteria{
UserVerification: device.WebAuthnOptions_USER_VERIFICATION_PREFERRED.Enum(),
RequireResidentKey: proto.Bool(true),
AuthenticatorAttachment: device.WebAuthnOptions_PLATFORM.Enum(),
},
PubKeyCredParams: supportedPublicKeyCredentialParameters,
},
},
},
},
}
// GetDeviceType gets the device type from the databroker. If the device type does not exist in the databroker
// a pre-defined device type may be returned.
func GetDeviceType(
ctx context.Context,
client databroker.DataBrokerServiceClient,
deviceTypeID string,
) *device.Type {
deviceType, err := device.GetType(ctx, client, deviceTypeID)
if status.Code(err) == codes.NotFound {
deviceType = predefinedDeviceTypes[deviceTypeID]
}
if deviceType == nil {
deviceType = proto.Clone(predefinedDeviceTypes[DefaultDeviceType]).(*device.Type)
deviceType.Id = deviceTypeID
}
return deviceType
}