mirror of
https://github.com/onsonr/sonr.git
synced 2025-03-10 21:09:11 +00:00
Prad Nukala
96e6486c43
* feat: add new supported attestation formats to genesis * feat: refactor keyType to keytype enum * refactor: remove unused imports and code * refactor: update main.go to use src package * refactor: move web-related structs from to * refactor: move client middleware package to root * refactor: remove unused IndexedDB dependency * feat: update worker implementation to use * feat: add Caddyfile and Caddy configuration for vault service * refactor(config): move keyshare and address to Motr config * fix: validate service origin in AllocateVault * chore: remove IndexedDB configuration * feat: add support for IPNS-based vault access
57 lines
2.0 KiB
Go
57 lines
2.0 KiB
Go
package orm
|
|
|
|
import (
|
|
"encoding/base64"
|
|
|
|
"github.com/go-webauthn/webauthn/protocol"
|
|
)
|
|
|
|
// NewCredential will return a credential pointer on successful validation of a registration response.
|
|
func NewCredential(c *protocol.ParsedCredentialCreationData, origin, handle string) *Credential {
|
|
return &Credential{
|
|
Subject: handle,
|
|
Origin: origin,
|
|
AttestationType: c.Response.AttestationObject.Format,
|
|
CredentialId: BytesToBase64(c.Response.AttestationObject.AuthData.AttData.CredentialID),
|
|
PublicKey: BytesToBase64(c.Response.AttestationObject.AuthData.AttData.CredentialPublicKey),
|
|
Transport: NormalizeTransports(c.Response.Transports),
|
|
SignCount: uint(c.Response.AttestationObject.AuthData.Counter),
|
|
UserPresent: c.Response.AttestationObject.AuthData.Flags.HasUserPresent(),
|
|
UserVerified: c.Response.AttestationObject.AuthData.Flags.HasUserVerified(),
|
|
BackupEligible: c.Response.AttestationObject.AuthData.Flags.HasBackupEligible(),
|
|
BackupState: c.Response.AttestationObject.AuthData.Flags.HasAttestedCredentialData(),
|
|
}
|
|
}
|
|
|
|
func BytesToBase64(b []byte) string {
|
|
return base64.RawURLEncoding.EncodeToString(b)
|
|
}
|
|
|
|
func Base64ToBytes(b string) ([]byte, error) {
|
|
return base64.RawURLEncoding.DecodeString(b)
|
|
}
|
|
|
|
// Descriptor converts a Credential into a protocol.CredentialDescriptor.
|
|
func (c *Credential) Descriptor() protocol.CredentialDescriptor {
|
|
id, err := base64.RawURLEncoding.DecodeString(c.CredentialId)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return protocol.CredentialDescriptor{
|
|
Type: protocol.PublicKeyCredentialType,
|
|
CredentialID: id,
|
|
Transport: ConvertTransports(c.Transport),
|
|
AttestationType: c.AttestationType,
|
|
}
|
|
}
|
|
|
|
// This is a signal that the authenticator may be cloned, see CloneWarning above for more information.
|
|
func (a *Credential) UpdateCounter(authDataCount uint) {
|
|
if authDataCount <= a.SignCount && (authDataCount != 0 || a.SignCount != 0) {
|
|
a.CloneWarning = true
|
|
return
|
|
}
|
|
|
|
a.SignCount = authDataCount
|
|
}
|