go/sonr
go/sonr
1
1
Fork 0
mirror of https://github.com/onsonr/sonr.git synced 2025-03-10 21:09:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
sonr/x/did/builder/constants.go
Prad Nukala 4f2d342649
feature/ipfs vault allocation (#8) 
* refactor: move constants to genesis.proto

* feat: add ipfs_active flag to genesis state

* feat: add IPFS connection initialization to keeper

* feat: add testnet process-compose

* refactor: rename sonr-testnet docker image to sonr-runner

* refactor: update docker-vm-release workflow to use 'latest' tag

* feat: add permission to workflows

* feat: add new service chain execution

* feat: add abstract vault class to pkl

* feat: use jetpackio/devbox image for runner

* feat: introduce dwn for local service worker

* refactor: remove unnecessary dockerfile layers

* refactor(deploy): Update Dockerfile to copy go.mod and go.sum from the parent directory

* build: move Dockerfile to root directory

* build: Add Dockerfile for deployment

* feat: Update Dockerfile to work with Go project in parent directory

* build: Update docker-compose.yaml to use relative paths

* feat: Update docker-compose to work with new image and parent git directory

* refactor: remove unnecessary test script

* <no value>

* feat: add test_node script for running node tests

* feat: add IPFS cluster to testnet

* feat: add docker image for sonr-runner

* fix: typo in export path

* feat(did): Add Localhost Registration Enabled Genesis Option

* feat: add support for Sqlite DB in vault

* feat: improve vault model JSON serialization

* feat: support querying HTMX endpoint for DID

* feat: Add primary key, unique, default, not null, auto increment, and foreign key field types

* feat: Add PublicKey model in pkl/vault.pkl

* feat: add frontend server

* refactor: move dwn.wasm to vfs directory

* feat(frontend): remove frontend server implementation

* feat: Add a frontend server and web auth protocol

* feat: implement new key types for MPC and ZK proofs

* fix: Update enum types and DefaultKeyInfos

* fix: correct typo in KeyAlgorithm enum

* feat(did): add attestation format validation

* feat: Add x/did/builder/extractor.go

* feat: Update JWK parsing in x/did/builder/extractor.go

* feat: Use github.com/onsonr/sonr/x/did/types package

* feat: Extract and format public keys from WebAuthn credentials

* feat: Introduce a new `mapToJWK` function to convert a map to a `types.JWK` struct

* feat: add support for extracting JWK public keys

* feat: remove VerificationMethod struct

* refactor: extract public key extraction logic

* feat: add helper functions to map COSECurveID to JWK curve names

* feat: pin initial vault
2024-09-07 18:12:58 -04:00

335 lines
13 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package builder
import (
"github.com/onsonr/sonr/x/did/types"
)
type (
AuthenticatorAttachment string
AuthenticatorTransport string
)
const (
// Platform represents a platform authenticator is attached using a client device-specific transport, called
// platform attachment, and is usually not removable from the client device. A public key credential bound to a
// platform authenticator is called a platform credential.
Platform AuthenticatorAttachment = "platform"
// CrossPlatform represents a roaming authenticator is attached using cross-platform transports, called
// cross-platform attachment. Authenticators of this class are removable from, and can "roam" among, client devices.
// A public key credential bound to a roaming authenticator is called a roaming credential.
CrossPlatform AuthenticatorAttachment = "cross-platform"
)
func ParseAuthenticatorAttachment(s string) AuthenticatorAttachment {
switch s {
case "platform":
return Platform
default:
return CrossPlatform
}
}
const (
// USB indicates the respective authenticator can be contacted over removable USB.
USB AuthenticatorTransport = "usb"
// NFC indicates the respective authenticator can be contacted over Near Field Communication (NFC).
NFC AuthenticatorTransport = "nfc"
// BLE indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).
BLE AuthenticatorTransport = "ble"
// SmartCard indicates the respective authenticator can be contacted over ISO/IEC 7816 smart card with contacts.
//
// WebAuthn Level 3.
SmartCard AuthenticatorTransport = "smart-card"
// Hybrid indicates the respective authenticator can be contacted using a combination of (often separate)
// data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using
// a smartphone.
//
// WebAuthn Level 3.
Hybrid AuthenticatorTransport = "hybrid"
// Internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it
// is a platform authenticator. These authenticators are not removable from the client device.
Internal AuthenticatorTransport = "internal"
)
func ParseAuthenticatorTransport(s string) AuthenticatorTransport {
switch s {
case "usb":
return USB
case "nfc":
return NFC
case "ble":
return BLE
case "smart-card":
return SmartCard
case "hybrid":
return Hybrid
default:
return Internal
}
}
type AuthenticatorFlags byte
const (
// FlagUserPresent Bit 00000001 in the byte sequence. Tells us if user is present. Also referred to as the UP flag.
FlagUserPresent AuthenticatorFlags = 1 << iota // Referred to as UP
// FlagRFU1 is a reserved for future use flag.
FlagRFU1
// FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified
// by the authenticator using a biometric or PIN. Also referred to as the UV flag.
FlagUserVerified
// FlagBackupEligible Bit 00001000 in the byte sequence. Tells us if a backup is eligible for device. Also referred
// to as the BE flag.
FlagBackupEligible // Referred to as BE
// FlagBackupState Bit 00010000 in the byte sequence. Tells us if a backup state for device. Also referred to as the
// BS flag.
FlagBackupState
// FlagRFU2 is a reserved for future use flag.
FlagRFU2
// FlagAttestedCredentialData Bit 01000000 in the byte sequence. Indicates whether
// the authenticator added attested credential data. Also referred to as the AT flag.
FlagAttestedCredentialData
// FlagHasExtensions Bit 10000000 in the byte sequence. Indicates if the authenticator data has extensions. Also
// referred to as the ED flag.
FlagHasExtensions
)
type AttestationFormat string
const (
// AttestationFormatPacked is the "packed" attestation statement format is a WebAuthn-optimized format for
// attestation. It uses a very compact but still extensible encoding method. This format is implementable by
// authenticators with limited resources (e.g., secure elements).
AttestationFormatPacked AttestationFormat = "packed"
// AttestationFormatTPM is the TPM attestation statement format returns an attestation statement in the same format
// as the packed attestation statement format, although the rawData and signature fields are computed differently.
AttestationFormatTPM AttestationFormat = "tpm"
// AttestationFormatAndroidKey is the attestation statement format for platform authenticators on versions "N", and
// later, which may provide this proprietary "hardware attestation" statement.
AttestationFormatAndroidKey AttestationFormat = "android-key"
// AttestationFormatAndroidSafetyNet is the attestation statement format that Android-based platform authenticators
// MAY produce an attestation statement based on the Android SafetyNet API.
AttestationFormatAndroidSafetyNet AttestationFormat = "android-safetynet"
// AttestationFormatFIDOUniversalSecondFactor is the attestation statement format that is used with FIDO U2F
// authenticators.
AttestationFormatFIDOUniversalSecondFactor AttestationFormat = "fido-u2f"
// AttestationFormatApple is the attestation statement format that is used with Apple devices' platform
// authenticators.
AttestationFormatApple AttestationFormat = "apple"
// AttestationFormatNone is the attestation statement format that is used to replace any authenticator-provided
// attestation statement when a WebAuthn Relying Party indicates it does not wish to receive attestation information.
AttestationFormatNone AttestationFormat = "none"
)
func ExtractAttestationFormats(p *types.Params) []AttestationFormat {
var formats []AttestationFormat
for _, v := range p.AttestationFormats {
formats = append(formats, parseAttestationFormat(v))
}
return formats
}
func parseAttestationFormat(s string) AttestationFormat {
switch s {
case "packed":
return AttestationFormatPacked
case "tpm":
return AttestationFormatTPM
case "android-key":
return AttestationFormatAndroidKey
case "android-safetynet":
return AttestationFormatAndroidSafetyNet
case "fido-u2f":
return AttestationFormatFIDOUniversalSecondFactor
case "apple":
return AttestationFormatApple
case "none":
return AttestationFormatNone
default:
return AttestationFormatPacked
}
}
type CredentialType string
const (
CredentialTypePublicKeyCredential CredentialType = "public-key"
)
type ConveyancePreference string
const (
// PreferNoAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party is not interested in authenticator attestation. For example, in order
// to potentially avoid having to obtain user consent to relay identifying information to the Relying Party, or to
// save a round trip to an Attestation CA or Anonymization CA.
//
// This is the default value.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-none)
PreferNoAttestation ConveyancePreference = "none"
// PreferIndirectAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation
// statements, but allows the client to decide how to obtain such attestation statements. The client MAY replace the
// authenticator-generated attestation statements with attestation statements generated by an Anonymization CA, in
// order to protect the users privacy, or to assist Relying Parties with attestation verification in a
// heterogeneous ecosystem.
//
// Note: There is no guarantee that the Relying Party will obtain a verifiable attestation statement in this case.
// For example, in the case that the authenticator employs self attestation.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-indirect)
PreferIndirectAttestation ConveyancePreference = "indirect"
// PreferDirectAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party wants to receive the attestation statement as generated by the
// authenticator.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-direct)
PreferDirectAttestation ConveyancePreference = "direct"
// PreferEnterpriseAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely
// identifying information. This is intended for controlled deployments within an enterprise where the organization
// wishes to tie registrations to specific authenticators. User agents MUST NOT provide such an attestation unless
// the user agent or authenticator configuration permits it for the requested RP ID.
//
// If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that enterprise
// attestation is requested, and convey the resulting AAGUID and attestation statement, unaltered, to the Relying
// Party.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-enterprise)
PreferEnterpriseAttestation ConveyancePreference = "enterprise"
)
func ExtractConveyancePreference(p *types.Params) ConveyancePreference {
switch p.ConveyancePreference {
case "none":
return PreferNoAttestation
case "indirect":
return PreferIndirectAttestation
case "direct":
return PreferDirectAttestation
case "enterprise":
return PreferEnterpriseAttestation
default:
return PreferNoAttestation
}
}
type PublicKeyCredentialHints string
const (
// PublicKeyCredentialHintSecurityKey is a PublicKeyCredentialHint that indicates that the Relying Party believes
// that users will satisfy this request with a physical security key. For example, an enterprise Relying Party may
// set this hint if they have issued security keys to their employees and will only accept those authenticators for
// registration and authentication.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to cross-platform.
PublicKeyCredentialHintSecurityKey PublicKeyCredentialHints = "security-key"
// PublicKeyCredentialHintClientDevice is a PublicKeyCredentialHint that indicates that the Relying Party believes
// that users will satisfy this request with a platform authenticator attached to the client device.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to platform.
PublicKeyCredentialHintClientDevice PublicKeyCredentialHints = "client-device"
// PublicKeyCredentialHintHybrid is a PublicKeyCredentialHint that indicates that the Relying Party believes that
// users will satisfy this request with general-purpose authenticators such as smartphones. For example, a consumer
// Relying Party may believe that only a small fraction of their customers possesses dedicated security keys. This
// option also implies that the local platform authenticator should not be promoted in the UI.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to cross-platform.
PublicKeyCredentialHintHybrid PublicKeyCredentialHints = "hybrid"
)
func ParsePublicKeyCredentialHints(s string) PublicKeyCredentialHints {
switch s {
case "security-key":
return PublicKeyCredentialHintSecurityKey
case "client-device":
return PublicKeyCredentialHintClientDevice
case "hybrid":
return PublicKeyCredentialHintHybrid
default:
return ""
}
}
type AttestedCredentialData struct {
AAGUID []byte `json:"aaguid"`
CredentialID []byte `json:"credential_id"`
// The raw credential public key bytes received from the attestation data.
CredentialPublicKey []byte `json:"public_key"`
}
type ResidentKeyRequirement string
const (
// ResidentKeyRequirementDiscouraged indicates the Relying Party prefers creating a server-side credential, but will
// accept a client-side discoverable credential. This is the default.
ResidentKeyRequirementDiscouraged ResidentKeyRequirement = "discouraged"
// ResidentKeyRequirementPreferred indicates to the client we would prefer a discoverable credential.
ResidentKeyRequirementPreferred ResidentKeyRequirement = "preferred"
// ResidentKeyRequirementRequired indicates the Relying Party requires a client-side discoverable credential, and is
// prepared to receive an error if a client-side discoverable credential cannot be created.
ResidentKeyRequirementRequired ResidentKeyRequirement = "required"
)
func ParseResidentKeyRequirement(s string) ResidentKeyRequirement {
switch s {
case "discouraged":
return ResidentKeyRequirementDiscouraged
case "preferred":
return ResidentKeyRequirementPreferred
default:
return ResidentKeyRequirementRequired
}
}
type (
AuthenticationExtensions map[string]any
UserVerificationRequirement string
)
const (
// VerificationRequired User verification is required to create/release a credential
VerificationRequired UserVerificationRequirement = "required"
// VerificationPreferred User verification is preferred to create/release a credential
VerificationPreferred UserVerificationRequirement = "preferred" // This is the default
// VerificationDiscouraged The authenticator should not verify the user for the credential
VerificationDiscouraged UserVerificationRequirement = "discouraged"
)
Reference in New Issue View Git Blame Copy Permalink