[EC-598] feat: add general error handling for attestation

2025-01-31 22:51:28 +01:00 · 2023-03-30 10:59:19 +02:00 · 2023-03-30 10:59:19 +02:00 · e7454501ea
commit e7454501ea
parent b3d5ab4472
2 changed files with 41 additions and 28 deletions
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.spec.ts
@ -724,6 +724,15 @@ describe("FidoAuthenticatorService", () => {
          // Signatures are non-deterministic, and webcrypto can't verify DER signature format
          // expect(result.signature).toMatchSnapshot();
        });
+
+        /** Spec: If any error occurred while generating the assertion signature, return an error code equivalent to "UnknownError" and terminate the operation. */
+        it("should throw unkown error if creation fails", async () => {
+          cipherService.updateWithServer.mockRejectedValue(new Error("Internal error"));
+
+          const result = async () => await authenticator.getAssertion(params);
+
+          await expect(result).rejects.toThrowError(Fido2AutenticatorErrorCode.Unknown);
+        });
      });
    }

--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@ -173,38 +173,42 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
    }

-    const selectedCredentialId =
-      params.allowCredentialDescriptorList?.length > 0
-        ? selectedCipher.fido2Key.nonDiscoverableId
-        : selectedCipher.id;
+    try {
+      const selectedCredentialId =
+        params.allowCredentialDescriptorList?.length > 0
+          ? selectedCipher.fido2Key.nonDiscoverableId
+          : selectedCipher.id;

-    ++selectedCipher.fido2Key.counter;
-    selectedCipher.localData.lastUsedDate = new Date().getTime();
-    const encrypted = await this.cipherService.encrypt(selectedCipher);
-    await this.cipherService.updateWithServer(encrypted);
+      ++selectedCipher.fido2Key.counter;
+      selectedCipher.localData.lastUsedDate = new Date().getTime();
+      const encrypted = await this.cipherService.encrypt(selectedCipher);
+      await this.cipherService.updateWithServer(encrypted);

-    const authenticatorData = await generateAuthData({
-      rpId: selectedCipher.fido2Key.rpId,
-      credentialId: selectedCredentialId,
-      counter: selectedCipher.fido2Key.counter,
-      userPresence: true,
-      userVerification: false,
-    });
+      const authenticatorData = await generateAuthData({
+        rpId: selectedCipher.fido2Key.rpId,
+        credentialId: selectedCredentialId,
+        counter: selectedCipher.fido2Key.counter,
+        userPresence: true,
+        userVerification: false,
+      });

-    const signature = await generateSignature({
-      authData: authenticatorData,
-      clientData: params.hash,
-      privateKey: await getPrivateKeyFromCipher(selectedCipher),
-    });
+      const signature = await generateSignature({
+        authData: authenticatorData,
+        clientData: params.hash,
+        privateKey: await getPrivateKeyFromCipher(selectedCipher),
+      });

-    return {
-      authenticatorData,
-      selectedCredential: {
-        id: selectedCredentialId,
-        userHandle: Fido2Utils.stringToBuffer(selectedCipher.fido2Key.userHandle),
-      },
-      signature,
-    };
+      return {
+        authenticatorData,
+        selectedCredential: {
+          id: selectedCredentialId,
+          userHandle: Fido2Utils.stringToBuffer(selectedCipher.fido2Key.userHandle),
+        },
+        signature,
+      };
+    } catch {
+      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
+    }
  }

  private async vaultContainsCredentials(