class WebAuthn::AttestationStatement::Apple

Constants

NONCE_EXTENSION_OID
ROOT_CERTIFICATE

Source: www.apple.com/certificateauthority/private/

Public Instance Methods

valid?(authenticator_data, client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 30
def valid?(authenticator_data, client_data_hash)
  valid_nonce?(authenticator_data, client_data_hash) &&
    matching_public_key?(authenticator_data) &&
    trustworthy? &&
    [attestation_type, attestation_trust_path]
end

Private Instance Methods

attestation_type() click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 52
def attestation_type
  WebAuthn::AttestationStatement::ATTESTATION_TYPE_ANONCA
end
cred_cert() click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 56
def cred_cert
  attestation_certificate
end
default_root_certificates() click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 60
def default_root_certificates
  [ROOT_CERTIFICATE]
end
valid_nonce?(authenticator_data, client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/apple.rb, line 39
def valid_nonce?(authenticator_data, client_data_hash)
  extension = cred_cert&.extensions&.detect { |ext| ext.oid == NONCE_EXTENSION_OID }

  if extension
    sequence = OpenSSL::ASN1.decode(OpenSSL::ASN1.decode(extension.to_der).value[1].value)

    sequence.tag == OpenSSL::ASN1::SEQUENCE &&
      sequence.value.size == 1 &&
      sequence.value[0].value[0].value ==
        OpenSSL::Digest::SHA256.digest(authenticator_data.data + client_data_hash)
  end
end