From def0015188a15b009190781c009b0cc0d14a1201 Mon Sep 17 00:00:00 2001 From: Andreas Coroiu Date: Fri, 18 Nov 2022 17:01:36 +0100 Subject: [PATCH] [EC-598] feat: half-implemented params mapping --- apps/browser/src/browser/webauthn-utils.ts | 47 +++++++++++++++++++ .../src/content/webauthn/page-script.ts | 8 ++-- .../src/abstractions/fido2/fido2-utils.ts | 9 ++++ .../fido2/fido2.service.abstraction.ts | 29 ++++++++++++ .../src/services/fido2/fido2.service.ts | 2 +- 5 files changed, 89 insertions(+), 6 deletions(-) create mode 100644 apps/browser/src/browser/webauthn-utils.ts create mode 100644 libs/common/src/abstractions/fido2/fido2-utils.ts diff --git a/apps/browser/src/browser/webauthn-utils.ts b/apps/browser/src/browser/webauthn-utils.ts new file mode 100644 index 0000000000..5c6fb55f27 --- /dev/null +++ b/apps/browser/src/browser/webauthn-utils.ts @@ -0,0 +1,47 @@ +import { Fido2Utils } from "@bitwarden/common/abstractions/fido2/fido2-utils"; +import { CredentialRegistrationParams } from "@bitwarden/common/abstractions/fido2/fido2.service.abstraction"; + +export class WebauthnUtils { + static mapCredentialCreationOptions( + options: CredentialCreationOptions, + origin: string + ): CredentialRegistrationParams { + const keyOptions = options.publicKey; + + if (keyOptions == undefined) { + throw new Error("Public-key options not found"); + } + + return { + origin, + attestation: keyOptions.attestation, + authenticatorSelection: { + requireResidentKey: keyOptions.authenticatorSelection?.requireResidentKey, + residentKey: keyOptions.authenticatorSelection?.residentKey, + userVerification: keyOptions.authenticatorSelection?.userVerification, + }, + challenge: Fido2Utils.bufferToString(keyOptions.challenge), + excludeCredentials: keyOptions.excludeCredentials?.map((credential) => ({ + id: Fido2Utils.bufferToString(credential.id), + transports: credential.transports, + })), + extensions: { + appid: keyOptions.extensions?.appid, + appidExclude: keyOptions.extensions?.appidExclude, + credProps: keyOptions.extensions?.credProps, + uvm: keyOptions.extensions?.uvm, + }, + pubKeyCredParams: keyOptions.pubKeyCredParams.map((params) => ({ + alg: params.alg, + })), + rp: { + id: keyOptions.rp.id, + name: keyOptions.rp.name, + }, + user: { + id: Fido2Utils.bufferToString(keyOptions.user.id), + displayName: keyOptions.user.displayName, + }, + }; + } +} diff --git a/apps/browser/src/content/webauthn/page-script.ts b/apps/browser/src/content/webauthn/page-script.ts index e34a0720f4..8155e3d5a4 100644 --- a/apps/browser/src/content/webauthn/page-script.ts +++ b/apps/browser/src/content/webauthn/page-script.ts @@ -1,3 +1,5 @@ +import { WebauthnUtils } from "../../browser/webauthn-utils"; + import { MessageType } from "./messaging/message"; import { Messenger } from "./messaging/messenger"; @@ -14,11 +16,7 @@ const messenger = Messenger.forDOMCommunication(window); navigator.credentials.create = async (options?: CredentialCreationOptions): Promise => { await messenger.request({ type: MessageType.CredentialCreationRequest, - data: { - rp: { - id: options.publicKey.rp.id, - }, - }, + data: WebauthnUtils.mapCredentialCreationOptions(options, window.location.origin), }); return await browserCredentials.create(options); diff --git a/libs/common/src/abstractions/fido2/fido2-utils.ts b/libs/common/src/abstractions/fido2/fido2-utils.ts new file mode 100644 index 0000000000..0dfae4ab9f --- /dev/null +++ b/libs/common/src/abstractions/fido2/fido2-utils.ts @@ -0,0 +1,9 @@ +export class Fido2Utils { + static bufferToString(buffer: BufferSource): string { + return ""; + } + + static stringToBuffer(str: string): Uint8Array { + return new Uint8Array(0); + } +} diff --git a/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts b/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts index 6e70a9e5de..767925915d 100644 --- a/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts +++ b/libs/common/src/abstractions/fido2/fido2.service.abstraction.ts @@ -1,6 +1,35 @@ export interface CredentialRegistrationParams { + origin: string; + attestation?: "direct" | "enterprise" | "indirect" | "none"; + authenticatorSelection?: { + // authenticatorAttachment?: AuthenticatorAttachment; // not used + requireResidentKey?: boolean; + residentKey?: "discouraged" | "preferred" | "required"; + userVerification?: "discouraged" | "preferred" | "required"; + }; + challenge: string; // b64 encoded + excludeCredentials?: { + id: string; // b64 encoded + transports?: ("ble" | "internal" | "nfc" | "usb")[]; + // type: "public-key"; // not used + }[]; + extensions?: { + appid?: string; + appidExclude?: string; + credProps?: boolean; + uvm?: boolean; + }; + pubKeyCredParams: { + alg: number; + // type: "public-key"; // not used + }[]; rp: { id?: string; + name: string; + }; + user: { + id: string; // b64 encoded + displayName: string; }; } diff --git a/libs/common/src/services/fido2/fido2.service.ts b/libs/common/src/services/fido2/fido2.service.ts index 7b765d1bc5..38aef54891 100644 --- a/libs/common/src/services/fido2/fido2.service.ts +++ b/libs/common/src/services/fido2/fido2.service.ts @@ -6,7 +6,7 @@ import { export class Fido2Service implements Fido2ServiceAbstraction { createCredential(params: CredentialRegistrationParams): unknown { // eslint-disable-next-line no-console - console.log("Fido2Service.registerCredential"); + console.log("Fido2Service.registerCredential", params); return "createCredential response"; }