class WebAuthn::AttestationStatement::Apple
Constants
- NONCE_EXTENSION_OID
- ROOT_CERTIFICATE
Public Instance Methods
valid?(authenticator_data, client_data_hash)
click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 30 def valid?(authenticator_data, client_data_hash) valid_nonce?(authenticator_data, client_data_hash) && matching_public_key?(authenticator_data) && trustworthy? && [attestation_type, attestation_trust_path] end
Private Instance Methods
attestation_type()
click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 52 def attestation_type WebAuthn::AttestationStatement::ATTESTATION_TYPE_ANONCA end
cred_cert()
click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 56 def cred_cert attestation_certificate end
default_root_certificates()
click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 60 def default_root_certificates [ROOT_CERTIFICATE] end
valid_nonce?(authenticator_data, client_data_hash)
click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 39 def valid_nonce?(authenticator_data, client_data_hash) extension = cred_cert&.extensions&.detect { |ext| ext.oid == NONCE_EXTENSION_OID } if extension sequence = OpenSSL::ASN1.decode(OpenSSL::ASN1.decode(extension.to_der).value[1].value) sequence.tag == OpenSSL::ASN1::SEQUENCE && sequence.value.size == 1 && sequence.value[0].value[0].value == OpenSSL::Digest::SHA256.digest(authenticator_data.data + client_data_hash) end end