class WebAuthn::U2fMigrator
Public Class Methods
new(app_id:, certificate:, key_handle:, public_key:, counter:)
click to toggle source
# File lib/webauthn/u2f_migrator.rb, line 8 def initialize(app_id:, certificate:, key_handle:, public_key:, counter:) @app_id = app_id @certificate = certificate @key_handle = key_handle @public_key = public_key @counter = counter end
Public Instance Methods
attestation_trust_path()
click to toggle source
# File lib/webauthn/u2f_migrator.rb, line 42 def attestation_trust_path @attestation_trust_path ||= [OpenSSL::X509::Certificate.new(Base64.strict_decode64(@certificate))] end
attestation_type()
click to toggle source
# File lib/webauthn/u2f_migrator.rb, line 38 def attestation_type WebAuthn::AttestationStatement::ATTESTATION_TYPE_BASIC_OR_ATTCA end
authenticator_data()
click to toggle source
# File lib/webauthn/u2f_migrator.rb, line 16 def authenticator_data @authenticator_data ||= WebAuthn::FakeAuthenticator::AuthenticatorData.new( rp_id_hash: OpenSSL::Digest::SHA256.digest(@app_id.to_s), credential: { id: credential_id, public_key: credential_cose_key }, sign_count: @counter, user_present: true, user_verified: false, aaguid: WebAuthn::AuthenticatorData::AttestedCredentialData::ZEROED_AAGUID ) end
credential()
click to toggle source
# File lib/webauthn/u2f_migrator.rb, line 30 def credential @credential ||= begin hash = authenticator_data.send(:credential) WebAuthn::AuthenticatorData::AttestedCredentialData::Credential.new(hash[:id], hash[:public_key].serialize) end end
Private Instance Methods
credential_cose_key()
click to toggle source
Let x9encodedUserPublicKey be the user public key returned in the U2F registration response message [U2FRawMsgs]. Let coseEncodedCredentialPublicKey be the result of converting x9encodedUserPublicKey’s value from ANS X9.62 / Sec-1 v2 uncompressed curve point representation [SEC1V2] to COSE_Key representation ([RFC8152] Section 7).
# File lib/webauthn/u2f_migrator.rb, line 57 def credential_cose_key decoded_public_key = Base64.strict_decode64(@public_key) if WebAuthn::AttestationStatement::FidoU2f::PublicKey.uncompressed_point?(decoded_public_key) COSE::Key::EC2.new( alg: COSE::Algorithm.by_name("ES256").id, crv: 1, x: decoded_public_key[1..32], y: decoded_public_key[33..-1] ) else raise "expected U2F public key to be in uncompressed point format" end end
credential_id()
click to toggle source
fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#u2f-authenticatorMakeCredential-interoperability Let credentialId be a credentialIdLength byte array initialized with CTAP1/U2F response key handle bytes.
# File lib/webauthn/u2f_migrator.rb, line 50 def credential_id Base64.urlsafe_decode64(@key_handle) end