-
Notifications
You must be signed in to change notification settings - Fork 2
/
authenticator_assertion_response.go
98 lines (90 loc) · 3.71 KB
/
authenticator_assertion_response.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package webauthn
import (
"crypto/sha256"
"encoding/json"
)
// The AuthenticatorAssertionResponse represents an authenticator's response to a client’s request for generation
// of a new authentication assertion given the WebAuthn Relying Party's challenge and OPTIONAL list of credentials
// it is aware of. This response contains a cryptographic signature proving possession of the credential private
// key, and optionally evidence of user consent to a specific transaction.
type AuthenticatorAssertionResponse struct {
// ClientDataJSON contains the JSON-compatible serialization of client data passed to the authenticator by the
// client in order to generate this assertion. The exact JSON serialization MUST be preserved, as the hash of
// the serialized client data has been computed over it.
ClientDataJSON []byte `json:"clientDataJSON"`
// AuthenticatorData contains the authenticator data returned by the authenticator.
AuthenticatorData []byte `json:"authenticatorData"`
// Signature contains the raw signature returned from the authenticator.
Signature []byte `json:"signature"`
// UserHandle contains the user handle returned from the authenticator, or nil if the authenticator did not
// return a user handle.
UserHandle []byte `json:"userHandle"`
}
// GetClientDataJSONHash returns the SHA-256 hash of the clientDataJSON data.
func (response *AuthenticatorAssertionResponse) GetClientDataJSONHash() ClientDataJSONHash {
return sha256.Sum256(response.ClientDataJSON)
}
// UnmarshalAuthenticatorData unmarshals the authenticator data.
func (response *AuthenticatorAssertionResponse) UnmarshalAuthenticatorData() (*AuthenticatorData, error) {
data, _, err := UnmarshalAuthenticatorData(response.AuthenticatorData)
return data, err
}
// UnmarshalClientData unmarshals the client data.
func (response *AuthenticatorAssertionResponse) UnmarshalClientData() (*CollectedClientData, error) {
var data CollectedClientData
err := json.Unmarshal(response.ClientDataJSON, &data)
if err != nil {
return nil, err
}
return &data, nil
}
// MarshalJSON marshals the AuthenticatorAssertionResponse as JSON.
func (response AuthenticatorAssertionResponse) MarshalJSON() ([]byte, error) {
type Override AuthenticatorAssertionResponse
return json.Marshal(struct {
Override
ClientDataJSON string `json:"clientDataJSON"`
AuthenticatorData string `json:"authenticatorData"`
Signature string `json:"signature"`
UserHandle *string `json:"userHandle"`
}{
Override: Override(response),
ClientDataJSON: toBase64URL(response.ClientDataJSON),
AuthenticatorData: toBase64URL(response.AuthenticatorData),
Signature: toBase64URL(response.Signature),
UserHandle: toNullableBase64URL(response.UserHandle),
})
}
// UnmarshalJSON unmarshals the AuthenticatorAssertionResponse from JSON.
func (response *AuthenticatorAssertionResponse) UnmarshalJSON(raw []byte) error {
type Override AuthenticatorAssertionResponse
var override struct {
Override
ClientDataJSON string `json:"clientDataJSON"`
AuthenticatorData string `json:"authenticatorData"`
Signature string `json:"signature"`
UserHandle *string `json:"userHandle"`
}
err := json.Unmarshal(raw, &override)
if err != nil {
return err
}
*response = AuthenticatorAssertionResponse(override.Override)
response.ClientDataJSON, err = fromBase64URL(override.ClientDataJSON)
if err != nil {
return err
}
response.AuthenticatorData, err = fromBase64URL(override.AuthenticatorData)
if err != nil {
return err
}
response.Signature, err = fromBase64URL(override.Signature)
if err != nil {
return err
}
response.UserHandle, err = fromNullableBase64URL(override.UserHandle)
if err != nil {
return err
}
return nil
}