class WebAuthn::PublicKey

Attributes

cose_key[R]

Public Class Methods

deserialize(public_key) click to toggle source
# File lib/webauthn/public_key.rb, line 13
def self.deserialize(public_key)
  cose_key =
    if WebAuthn::AttestationStatement::FidoU2f::PublicKey.uncompressed_point?(public_key)
      # Gem version v1.11.0 and lower, used to behave so that Credential#public_key
      # returned an EC P-256 uncompressed point.
      #
      # Because of https://github.com/cedarcode/webauthn-ruby/issues/137 this was changed
      # and Credential#public_key started returning the unchanged COSE_Key formatted
      # credentialPublicKey (as in https://www.w3.org/TR/webauthn/#credentialpublickey).
      #
      # Given that the credential public key is expected to be stored long-term by the gem
      # user and later be passed as the public_key argument in the
      # AuthenticatorAssertionResponse.verify call, we then need to support the two formats.
      COSE::Key::EC2.new(
        alg: COSE::Algorithm.by_name("ES256").id,
        crv: 1,
        x: public_key[1..32],
        y: public_key[33..-1]
      )
    else
      COSE::Key.deserialize(public_key)
    end

  new(cose_key: cose_key)
end
new(cose_key:) click to toggle source
# File lib/webauthn/public_key.rb, line 41
def initialize(cose_key:)
  @cose_key = cose_key
end

Public Instance Methods

alg() click to toggle source
# File lib/webauthn/public_key.rb, line 49
def alg
  @cose_key.alg
end
pkey() click to toggle source
# File lib/webauthn/public_key.rb, line 45
def pkey
  @cose_key.to_pkey
end
verify(signature, verification_data) click to toggle source
# File lib/webauthn/public_key.rb, line 53
def verify(signature, verification_data)
  cose_algorithm.verify(pkey, signature, verification_data)
rescue COSE::Error
  false
end

Private Instance Methods

cose_algorithm() click to toggle source
# File lib/webauthn/public_key.rb, line 61
def cose_algorithm
  @cose_algorithm ||= COSE::Algorithm.find(alg) || raise(
    UnsupportedAlgorithm,
    "The public key algorithm #{alg} is not among the available COSE algorithms"
  )
end