From 74829bdd385e049b6bff3a7bac46f7c237138164 Mon Sep 17 00:00:00 2001 From: Eiji Kitamura Date: Wed, 23 Nov 2022 21:55:50 +0900 Subject: [PATCH] Allow extending DPK object --- .../decodeDevicePubKey.test.ts | 45 +++++++++++++++++-- .../devicePublicKey/decodeDevicePubKey.ts | 9 +++- .../devicePublicKey/isRecognizedDevice.ts | 3 +- 3 files changed, 50 insertions(+), 7 deletions(-) diff --git a/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.test.ts b/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.test.ts index a563eedb..23d326ba 100644 --- a/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.test.ts +++ b/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.test.ts @@ -1,5 +1,15 @@ -import { AuthenticationExtensionsDevicePublicKeyOutputs, AuthenticationExtensionsDevicePublicKeyOutputsJSON } from "@simplewebauthn/typescript-types"; -import { decodeDevicePubKey, deserializeDevicePubKeyAuthenticatorOutput } from "./decodeDevicePubKey"; +import { + AuthenticationExtensionsDevicePublicKeyOutputs, + AuthenticationExtensionsDevicePublicKeyOutputsJSON +} from "@simplewebauthn/typescript-types"; +import { decode } from "cbor"; +import { + decodeDevicePubKey, + decodeDevicePubKeyAuthenticatorOutput, + deserializeDevicePubKeyAuthenticatorOutput, + DevicePublicKeyAuthenticatorOutputExtended, + DevicePublicKeyAuthenticatorOutputJSON +} from "./decodeDevicePubKey"; it("should decode device public key client extension output", () => { const devicePubKeyJSON: AuthenticationExtensionsDevicePublicKeyOutputsJSON = { @@ -14,7 +24,7 @@ it("should decode device public key client extension output", () => { }); }); -it("should decode device public key authenticator output", () => { +it("should deserialize device public key authenticator output", () => { const devicePubKey: AuthenticationExtensionsDevicePublicKeyOutputs = { authenticatorOutput: Buffer.from('A66364706B584DA50102032620012158204DC1989D0C2F1040D01F7EC15AC542B14DB54BC5EA5D57ED7F6B383EBB4FABB02258205B61B7D9752FC83686A40EA3CA269C177D7D18F66F22739F5250AA7A75F6855B63666D74646E6F6E65656E6F6E6365406573636F7065006661616775696450000000000000000000000000000000006761747453746D74A0', 'hex'), signature: Buffer.from('3045022100d37f62269e010e8b7a87c2cea0c5fe82a6ab88f7ba03225f26ff84f6c503be63022075637b7a5a8db94fb2319b46a72f2142d2ff13eaa6675feb336bb69e15d8c3b0', 'hex'), @@ -29,4 +39,31 @@ it("should decode device public key authenticator output", () => { aaguid: Buffer.from('00000000000000000000000000000000', 'hex'), attStmt: {}, }); -}) +}); + +test("should decode device public key authenticator output that includes additional values", () => { + const devicePubKeyJSON: DevicePublicKeyAuthenticatorOutputJSON = { + id: 'abcdefghijklmn', + dpk: 'pQECAyYgASFYIO3q0_01dpwj00DdwYMKf_IOc1XynRx1qg3CtqwYLqfTIlggNFHcmZKvlGgltEGUX8nRNOF7c6pf6pWANR58k_XTZRM', + nonce: '', + scope: 0, + aaguid: 'uT_ZYfLmRi-xIoIAIkfeeA', + fmt: 'none', + attStmt: {}, + last_update: 1000000000000000 + } + + const devicePubKey: DevicePublicKeyAuthenticatorOutputExtended = { + id: 'abcdefghijklmn', + dpk: Buffer.from('A5010203262001215820EDEAD3FD35769C23D340DDC1830A7FF20E7355F29D1C75AA0DC2B6AC182EA7D32258203451DC9992AF946825B441945FC9D134E17B73AA5FEA9580351E7C93F5D36513', 'hex'), + nonce: Buffer.from('', 'hex'), + scope: 0, + aaguid: Buffer.from('B93FD961F2E6462FB12282002247DE78', 'hex'), + fmt: 'none', + attStmt: {}, + last_update: 1000000000000000, + } + + const result = decodeDevicePubKeyAuthenticatorOutput(devicePubKeyJSON); + expect(result).toMatchObject(devicePubKey); +}); diff --git a/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.ts b/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.ts index a6825f57..de6f1253 100644 --- a/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.ts +++ b/packages/server/src/extensions/devicePublicKey/decodeDevicePubKey.ts @@ -103,14 +103,15 @@ export function encodeDevicePubKeyAuthenticatorOutput( export function decodeDevicePubKeyAuthenticatorOutput( encodedDevicePubKey: DevicePublicKeyAuthenticatorOutputJSON -): DevicePublicKeyAuthenticatorOutput { +): DevicePublicKeyAuthenticatorOutputExtended { const aaguid = base64url.toBuffer(encodedDevicePubKey.aaguid); const dpk = base64url.toBuffer(encodedDevicePubKey.dpk); const scope = encodedDevicePubKey.scope; const nonce = encodedDevicePubKey.nonce ? base64url.toBuffer(encodedDevicePubKey.nonce) : Buffer.from('', 'hex'); const fmt = encodedDevicePubKey.fmt ? encodedDevicePubKey.fmt : 'none'; - const decodedDevicePubKey: DevicePublicKeyAuthenticatorOutput = { + const decodedDevicePubKey: DevicePublicKeyAuthenticatorOutputExtended = { + ...encodedDevicePubKey, aaguid, dpk, scope, @@ -145,7 +146,11 @@ export type DevicePublicKeyAuthenticatorOutput = { nonce?: Buffer; }; +export type DevicePublicKeyAuthenticatorOutputExtended = + DevicePublicKeyAuthenticatorOutput | {[key: string]: any} + export type DevicePublicKeyAuthenticatorOutputJSON = { + [key: string]: any; aaguid: string; dpk: string; scope: number; diff --git a/packages/server/src/extensions/devicePublicKey/isRecognizedDevice.ts b/packages/server/src/extensions/devicePublicKey/isRecognizedDevice.ts index fa182ec1..e9642570 100644 --- a/packages/server/src/extensions/devicePublicKey/isRecognizedDevice.ts +++ b/packages/server/src/extensions/devicePublicKey/isRecognizedDevice.ts @@ -1,6 +1,7 @@ import { AttestationStatement } from "@simplewebauthn/typescript-types"; import { DevicePublicKeyAuthenticatorOutput, + DevicePublicKeyAuthenticatorOutputExtended, DevicePublicKeyAuthenticatorOutputJSON, decodeDevicePubKeyAuthenticatorOutput, } from './decodeDevicePubKey'; @@ -170,6 +171,6 @@ export function checkAttStmtBinaryEquality( } export type DevicePublicKeyRecognitionResult = { - authenticatorOutput: DevicePublicKeyAuthenticatorOutput, + authenticatorOutput: DevicePublicKeyAuthenticatorOutputExtended, recognitionResult: 'recognized' | 'unrecognized' }