class WebAuthn::AttestationStatement::FidoU2f

Constants

VALID_ATTESTATION_CERTIFICATE_ALGORITHM
VALID_ATTESTATION_CERTIFICATE_COUNT
VALID_ATTESTATION_CERTIFICATE_KEY_CURVE

Public Instance Methods

valid?(authenticator_data, client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 15
def valid?(authenticator_data, client_data_hash)
  valid_format? &&
    valid_certificate_public_key? &&
    valid_credential_public_key?(authenticator_data.credential.public_key) &&
    valid_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) &&
    valid_signature?(authenticator_data, client_data_hash) &&
    trustworthy?(attestation_certificate_key_id: attestation_certificate_key_id) &&
    [attestation_type, attestation_trust_path]
end

Private Instance Methods

algorithm() click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 50
def algorithm
  VALID_ATTESTATION_CERTIFICATE_ALGORITHM.id
end
attestation_type() click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 66
def attestation_type
  WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA
end
certificate_public_key() click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 42
def certificate_public_key
  attestation_certificate.public_key
end
public_key_u2f(cose_key_data) click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 62
def public_key_u2f(cose_key_data)
  PublicKey.new(cose_key_data)
end
valid_aaguid?(attested_credential_data_aaguid) click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 46
def valid_aaguid?(attested_credential_data_aaguid)
  attested_credential_data_aaguid == WebAuthn::AuthenticatorData::AttestedCredentialData::ZEROED_AAGUID
end
valid_certificate_public_key?() click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 32
def valid_certificate_public_key?
  certificate_public_key.is_a?(OpenSSL::PKey::EC) &&
    certificate_public_key.group.curve_name == VALID_ATTESTATION_CERTIFICATE_KEY_CURVE.pkey_name &&
    certificate_public_key.check_key
end
valid_credential_public_key?(public_key_bytes) click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 38
def valid_credential_public_key?(public_key_bytes)
  public_key_u2f(public_key_bytes).valid?
end
valid_format?() click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 27
def valid_format?
  !!(raw_certificates && signature) &&
    raw_certificates.length == VALID_ATTESTATION_CERTIFICATE_COUNT
end
verification_data(authenticator_data, client_data_hash) click to toggle source
# File lib/webauthn/attestation_statement/fido_u2f.rb, line 54
def verification_data(authenticator_data, client_data_hash)
  "\x00" +
    authenticator_data.rp_id_hash +
    client_data_hash +
    authenticator_data.credential.id +
    public_key_u2f(authenticator_data.credential.public_key).to_uncompressed_point
end