cbor decoding of attestationObject

2026-04-30 12:24:24 +02:00 · 2023-10-04 18:31:17 +02:00
parent 89f316d201
commit daf109a6bf
3 changed files with 466 additions and 14 deletions
--- a/src/main/resources/templates/OAuthResource/loginPasswordless.html
+++ b/src/main/resources/templates/OAuthResource/loginPasswordless.html
@@ -2,6 +2,7 @@
    {#title}Login passwordless{/title}
    {#add-header}
    <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
+    <script charset="UTF-8" src="/js/cbor.js" type="text/javascript"></script>
    <script charset="UTF-8" src="/js/webauthn-debug.js" type="text/javascript"></script>
    <style>
        .code {
@@ -11,6 +12,7 @@
            padding: 10px;
            margin: 10px 0;
            font-family: monospace;
+            overflow-y: scroll;
        }

        .step {
@@ -85,16 +87,37 @@
    </div>
 </div>

-<div class="section step" id="navigator-response">
+<div class="section step" id="navigator-attestation">
    <div class="col s12 m7">
        <div class="card horizontal">
            <div class="card-stacked">
                <div class="card-content">
                    <h6>Attestation</h6>
                    Which responds:
-                    <div class="code" id="navigator-response-body"></div>
-                    The <strong>response.clientDataJSON</strong> are base64 encoded:
-                    <div class="code" id="navigator-clientDataJSON"></div>
+                    <div class="code" id="navigator-attestation-body"></div>
+                    The <strong>response.clientDataJSON</strong> is base64 encoded:
+                    <div class="code" id="navigator-attestation-clientDataJSON"></div>
+                    The <strong>response.attestationObject</strong> is <a href="https://cbor.io/">CBOR</a> encoded and contains a public key and metadata:
+                    <div class="code" id="navigator-attestationObject" style="height: 150px;"></div>
+                    <button class="nextBtn waves-effect waves-light btn full-width">Finish the interaction</button>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+
+<div class="section step" id="navigator-assertion">
+    <div class="col s12 m7">
+        <div class="card horizontal">
+            <div class="card-stacked">
+                <div class="card-content">
+                    <h6>Assertion</h6>
+                    Which responds:
+                    <div class="code" id="navigator-assertion-body"></div>
+                    The <strong>response.clientDataJSON</strong> is base64 encoded:
+                    <div class="code" id="navigator-assertion-clientDataJSON"></div>
+                    The <strong>response.signature</strong> is derived from <strong>clientDataJSON</strong> and <strong>authenticatorData</strong>, using the private key stored on authenticator and validated public key stored on the server
                    <button class="nextBtn waves-effect waves-light btn full-width">Finish the interaction</button>
                </div>
            </div>
@@ -217,11 +240,11 @@
    }

    function traceCredentialsCreateResponse(response) {
-        $("#navigator-response").showInViewport();
-        $("#navigator-response h6").text("Attestation");
-        $("#navigator-response-body").html(JSON.stringify(response, null, 2));
-        $("#navigator-clientDataJSON").html(JSON.stringify(JSON.parse(tryDecodeBase64(response.response.clientDataJSON)), null, 2));
-        return continueButton("#navigator-response", response);
+        $("#navigator-attestation").showInViewport();
+        $("#navigator-attestation-body").html(JSON.stringify(response, null, 2));
+        $("#navigator-attestation-clientDataJSON").html(JSON.stringify(JSON.parse(tryDecodeBase64(response.response.clientDataJSON)), null, 2));
+        $("#navigator-attestationObject").html(JSON.stringify(CBOR.decode(WebAuthn.base64ToBuffer(response.response.attestationObject)), null, 2));
+        return continueButton("#navigator-attestation", response);
    }

    function traceCredentialsGetRequest(challenge) {
@@ -231,11 +254,10 @@
    }

    function traceCredentialsGetResponse(response) {
-        $("#navigator-response").showInViewport();
-        $("#navigator-response h6").text("Assertion");
-        $("#navigator-response-body").html(JSON.stringify(response, null, 2));
-        $("#navigator-clientDataJSON").html(JSON.stringify(JSON.parse(tryDecodeBase64(response.response.clientDataJSON)), null, 2));
-        return continueButton("#navigator-response", response);
+        $("#navigator-assertion").showInViewport();
+        $("#navigator-assertion-body").html(JSON.stringify(response, null, 2));
+        $("#navigator-assertion-clientDataJSON").html(JSON.stringify(JSON.parse(tryDecodeBase64(response.response.clientDataJSON)), null, 2));
+        return continueButton("#navigator-assertion", response);
    }

    function traceGeneric(stage, params) {