Class: WebAuthn::RelyingParty

Inherits:

Object

• Object
• WebAuthn::RelyingParty

Defined in:

lib/webauthn/relying_party.rb

Constant Summary

DEFAULT_ALGORITHMS =

["ES256", "PS256", "RS256"].compact.freeze

Instance Attribute Summary

• #acceptable_attestation_types ⇒ Object

  Returns the value of attribute acceptable_attestation_types.

• #algorithms ⇒ Object

  Returns the value of attribute algorithms.

• #attestation_root_certificates_finders ⇒ Object

  Returns the value of attribute attestation_root_certificates_finders.

• #credential_options_timeout ⇒ Object

  Returns the value of attribute credential_options_timeout.

• #encoding ⇒ Object

  Returns the value of attribute encoding.

• #id ⇒ Object

  Returns the value of attribute id.

• #legacy_u2f_appid ⇒ Object

  Returns the value of attribute legacy_u2f_appid.

• #name ⇒ Object

  Returns the value of attribute name.

• #origin ⇒ Object

  Returns the value of attribute origin.

• #silent_authentication ⇒ Object

  Returns the value of attribute silent_authentication.

• #verify_attestation_statement ⇒ Object

  Returns the value of attribute verify_attestation_statement.

Class Method Summary

• .if_pss_supported(algorithm) ⇒ Object

Instance Method Summary

• #encoder ⇒ Object

  This is the user-data encoder.

• #initialize(algorithms: DEFAULT_ALGORITHMS.dup, encoding: WebAuthn::Encoder::STANDARD_ENCODING, origin: nil, id: nil, name: nil, verify_attestation_statement: true, credential_options_timeout: 120000, silent_authentication: false, acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'], attestation_root_certificates_finders: [], legacy_u2f_appid: nil) ⇒ RelyingParty constructor

  A new instance of RelyingParty.

• #options_for_authentication(**keyword_arguments) ⇒ Object
• #options_for_registration(**keyword_arguments) ⇒ Object
• #verify_authentication(raw_credential, challenge, user_presence: nil, user_verification: nil, public_key: nil, sign_count: nil) ⇒ Object
• #verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil) ⇒ Object

Constructor Details

#initialize(algorithms: DEFAULT_ALGORITHMS.dup, encoding: WebAuthn::Encoder::STANDARD_ENCODING, origin: nil, id: nil, name: nil, verify_attestation_statement: true, credential_options_timeout: 120000, silent_authentication: false, acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'], attestation_root_certificates_finders: [], legacy_u2f_appid: nil) ⇒ RelyingParty

Returns a new instance of RelyingParty.

# File 'lib/webauthn/relying_party.rb', line 18

def initialize(
  algorithms: DEFAULT_ALGORITHMS.dup,
  encoding: WebAuthn::Encoder::STANDARD_ENCODING,
  origin: nil,
  id: nil,
  name: nil,
  verify_attestation_statement: true,
  credential_options_timeout: 120000,
  silent_authentication: false,
  acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'],
  attestation_root_certificates_finders: [],
  legacy_u2f_appid: nil
)
  @algorithms = algorithms
  @encoding = encoding
  @origin = origin
  @id = id
  @name = name
  @verify_attestation_statement = verify_attestation_statement
  @credential_options_timeout = credential_options_timeout
  @silent_authentication = silent_authentication
  @acceptable_attestation_types = acceptable_attestation_types
  @legacy_u2f_appid = legacy_u2f_appid
  self.attestation_root_certificates_finders = attestation_root_certificates_finders
end

Instance Attribute Details

#acceptable_attestation_types ⇒ Object

Returns the value of attribute acceptable_attestation_types.

# File 'lib/webauthn/relying_party.rb', line 44

def acceptable_attestation_types
  @acceptable_attestation_types
end

#algorithms ⇒ Object

Returns the value of attribute algorithms.

# File 'lib/webauthn/relying_party.rb', line 44

def algorithms
  @algorithms
end

#attestation_root_certificates_finders ⇒ Object

Returns the value of attribute attestation_root_certificates_finders.

# File 'lib/webauthn/relying_party.rb', line 55

def attestation_root_certificates_finders
  @attestation_root_certificates_finders
end

#credential_options_timeout ⇒ Object

Returns the value of attribute credential_options_timeout.

# File 'lib/webauthn/relying_party.rb', line 44

def credential_options_timeout
  @credential_options_timeout
end

#encoding ⇒ Object

Returns the value of attribute encoding.

# File 'lib/webauthn/relying_party.rb', line 44

def encoding
  @encoding
end

#id ⇒ Object

Returns the value of attribute id.

# File 'lib/webauthn/relying_party.rb', line 44

def id
  @id
end

#legacy_u2f_appid ⇒ Object

Returns the value of attribute legacy_u2f_appid.

# File 'lib/webauthn/relying_party.rb', line 44

def legacy_u2f_appid
  @legacy_u2f_appid
end

#name ⇒ Object

Returns the value of attribute name.

# File 'lib/webauthn/relying_party.rb', line 44

def name
  @name
end

#origin ⇒ Object

Returns the value of attribute origin.

# File 'lib/webauthn/relying_party.rb', line 44

def origin
  @origin
end

#silent_authentication ⇒ Object

Returns the value of attribute silent_authentication.

# File 'lib/webauthn/relying_party.rb', line 44

def silent_authentication
  @silent_authentication
end

#verify_attestation_statement ⇒ Object

Returns the value of attribute verify_attestation_statement.

# File 'lib/webauthn/relying_party.rb', line 44

def verify_attestation_statement
  @verify_attestation_statement
end

Class Method Details

.if_pss_supported(algorithm) ⇒ Object

# File 'lib/webauthn/relying_party.rb', line 12

def self.if_pss_supported(algorithm)
  OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss) ? algorithm : nil
end

Instance Method Details

#encoder ⇒ Object

This is the user-data encoder. Used to decode user input and to encode data provided to the user.

# File 'lib/webauthn/relying_party.rb', line 59

def encoder
  @encoder ||= WebAuthn::Encoder.new(encoding)
end

#options_for_authentication(**keyword_arguments) ⇒ Object

# File 'lib/webauthn/relying_party.rb', line 92

def options_for_authentication(**keyword_arguments)
  WebAuthn::Credential.options_for_get(
    **keyword_arguments,
    relying_party: self
  )
end

#options_for_registration(**keyword_arguments) ⇒ Object

# File 'lib/webauthn/relying_party.rb', line 77

def options_for_registration(**keyword_arguments)
  WebAuthn::Credential.options_for_create(
    **keyword_arguments,
    relying_party: self
  )
end

#verify_authentication(raw_credential, challenge, user_presence: nil, user_verification: nil, public_key: nil, sign_count: nil) ⇒ Object

# File 'lib/webauthn/relying_party.rb', line 99

def verify_authentication(
  raw_credential,
  challenge,
  user_presence: nil,
  user_verification: nil,
  public_key: nil,
  sign_count: nil
)
  webauthn_credential = WebAuthn::Credential.from_get(raw_credential, relying_party: self)

  stored_credential = yield(webauthn_credential) if block_given?

  if webauthn_credential.verify(
    challenge,
    public_key: public_key || stored_credential.public_key,
    sign_count: sign_count || stored_credential.sign_count,
    user_presence: user_presence,
    user_verification: user_verification
  )
    block_given? ? [webauthn_credential, stored_credential] : webauthn_credential
  end
end

#verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil) ⇒ Object

# File 'lib/webauthn/relying_party.rb', line 84

def verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil)
  webauthn_credential = WebAuthn::Credential.from_create(raw_credential, relying_party: self)

  if webauthn_credential.verify(challenge, user_presence: user_presence, user_verification: user_verification)
    webauthn_credential
  end
end