diff --git a/lib/webauthn/authenticator_assertion_response.rb b/lib/webauthn/authenticator_assertion_response.rb index 41edcedf..7f90640b 100644 --- a/lib/webauthn/authenticator_assertion_response.rb +++ b/lib/webauthn/authenticator_assertion_response.rb @@ -18,6 +18,10 @@ def valid?(original_challenge, original_origin, allowed_credentials:) valid_signature?(credential_public_key(allowed_credentials)) end + def authenticator_data + @authenticator_data ||= WebAuthn::AuthenticatorData.new(authenticator_data_bytes) + end + private attr_reader :credential_id, :authenticator_data_bytes, :signature @@ -42,10 +46,6 @@ def valid_credential?(allowed_credentials) allowed_credential_ids.include?(credential_id) end - def authenticator_data - @authenticator_data ||= WebAuthn::AuthenticatorData.new(authenticator_data_bytes) - end - def credential_public_key(allowed_credentials) matched_credential = allowed_credentials.find do |credential| credential[:id] == credential_id diff --git a/lib/webauthn/authenticator_attestation_response.rb b/lib/webauthn/authenticator_attestation_response.rb index de292123..c5ecaa8f 100644 --- a/lib/webauthn/authenticator_attestation_response.rb +++ b/lib/webauthn/authenticator_attestation_response.rb @@ -26,10 +26,6 @@ def credential authenticator_data.credential end - private - - attr_reader :attestation_object - def attestation_statement @attestation_statement ||= WebAuthn::AttestationStatement.from(attestation["fmt"], attestation["attStmt"]) @@ -47,6 +43,10 @@ def attestation @attestation ||= CBOR.decode(attestation_object) end + private + + attr_reader :attestation_object + def type WebAuthn::TYPES[:create] end diff --git a/lib/webauthn/authenticator_data.rb b/lib/webauthn/authenticator_data.rb index 08e0c3a6..0f46709f 100644 --- a/lib/webauthn/authenticator_data.rb +++ b/lib/webauthn/authenticator_data.rb @@ -17,6 +17,8 @@ def initialize(data) @data = data end + attr_reader :data + def valid? if attested_credential_data_included? data.length > base_length && attested_credential_data.valid? @@ -29,6 +31,10 @@ def user_present? flags[USER_PRESENT_FLAG_POSITION] == "1" end + def attested_credential_data_included? + flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1" + end + def rp_id_hash @rp_id_hash ||= if valid? @@ -40,15 +46,17 @@ def credential attested_credential_data.credential end - private - - attr_reader :data - def attested_credential_data @attested_credential_data ||= AttestedCredentialData.new(data_at(attested_credential_data_position)) end + def flags + @flags ||= data_at(flags_position, FLAGS_LENGTH).unpack1("b*") + end + + private + def attested_credential_data_position base_length end @@ -57,18 +65,10 @@ def base_length RP_ID_HASH_LENGTH + FLAGS_LENGTH + SIGN_COUNT_LENGTH end - def flags - @flags ||= data_at(flags_position, FLAGS_LENGTH).unpack1("b*") - end - def flags_position RP_ID_HASH_LENGTH end - def attested_credential_data_included? - flags[ATTESTED_CREDENTIAL_DATA_INCLUDED_FLAG_POSITION] == "1" - end - def data_at(position, length = nil) length ||= data.size - position diff --git a/lib/webauthn/authenticator_response.rb b/lib/webauthn/authenticator_response.rb index bd036fc9..01057a74 100644 --- a/lib/webauthn/authenticator_response.rb +++ b/lib/webauthn/authenticator_response.rb @@ -15,6 +15,10 @@ def valid?(original_challenge, original_origin) authenticator_data.user_present? end + def client_data + @client_data ||= WebAuthn::ClientData.new(client_data_json) + end + private attr_reader :client_data_json @@ -23,10 +27,6 @@ def valid_type? client_data.type == type end - def client_data - @client_data ||= WebAuthn::ClientData.new(client_data_json) - end - def valid_challenge?(original_challenge) WebAuthn::Utils.authenticator_decode(client_data.challenge) == original_challenge end