Class: Aptible::CLI::Helpers::SecurityKey::Authenticator

Inherits:

Object

• Object
• Aptible::CLI::Helpers::SecurityKey::Authenticator

Defined in:

lib/aptible/cli/helpers/security_key.rb

Instance Attribute Summary

• #auth ⇒ Object readonly

  Returns the value of attribute auth.

• #pid ⇒ Object readonly

  Returns the value of attribute pid.

Class Method Summary

• .spawn(auth) ⇒ Object

Instance Method Summary

• #exited(status) ⇒ Object
• #fido_err_msg(err) ⇒ Object
• #formatted_out(out) ⇒ Object
• #initialize(auth, pid, out_read, err_read) ⇒ Authenticator constructor

  A new instance of Authenticator.

Constructor Details

#initialize(auth, pid, out_read, err_read) ⇒ Authenticator

Returns a new instance of Authenticator.

# File 'lib/aptible/cli/helpers/security_key.rb', line 112

def initialize(auth, pid, out_read, err_read)
  @auth = auth
  @pid = pid
  @out_read = out_read
  @err_read = err_read
end

Instance Attribute Details

#auth ⇒ Object (readonly)

Returns the value of attribute auth.

# File 'lib/aptible/cli/helpers/security_key.rb', line 110

def auth
  @auth
end

#pid ⇒ Object (readonly)

Returns the value of attribute pid.

# File 'lib/aptible/cli/helpers/security_key.rb', line 110

def pid
  @pid
end

Class Method Details

.spawn(auth) ⇒ Object

# File 'lib/aptible/cli/helpers/security_key.rb', line 175

def self.spawn(auth)
  in_read, in_write = IO.pipe
  out_read, out_write = IO.pipe
  err_read, err_write = IO.pipe

  pid = Process.spawn(
    "fido2-assert -G #{auth.device_location}",
    in: in_read, out: out_write, err: err_write,
    close_others: true
  )

  U2F_LOGGER.debug("#{self} #{auth.key_handle}: spawned #{pid}")

  [in_read, out_write, err_write].each(&:close)

  in_write.write(auth.assert_str)
  in_write.close

  new(auth, pid, out_read, err_read)
end

Instance Method Details

#exited(status) ⇒ Object

# File 'lib/aptible/cli/helpers/security_key.rb', line 159

def exited(status)
  out, err = [@out_read, @err_read].map(&:read).map(&:chomp)

  if status.exitstatus == 0
    U2F_LOGGER.info("#{self.class} #{@auth.key_handle}: ok: #{out}")
    [nil, out]
  else
    err_msg = fido_err_msg(err)
    CLI.logger.error(err_msg) if err_msg
    U2F_LOGGER.warn("#{self.class} #{@auth.key_handle}: err: #{err}")
    [ThrottledAuthenticator.spawn(@auth), nil]
  end
ensure
  [@out_read, @err_read].each(&:close)
end

#fido_err_msg(err) ⇒ Object

# File 'lib/aptible/cli/helpers/security_key.rb', line 143

def fido_err_msg(err)
  match = err.match(/(FIDO_ERR.+)/)
  return nil unless match
  result = match.captures || []
  no_cred = "\nCredential not found on device, " \
            'are you sure you selected the right ' \
            'credential for this device?'
  err_map = {
    'FIDO_ERR_NO_CREDENTIALS' => no_cred
  }

  return err_map[result[0]] if result.count > 0

  nil
end

#formatted_out(out) ⇒ Object

# File 'lib/aptible/cli/helpers/security_key.rb', line 119

def formatted_out(out)
  arr = out.split("\n")
  authenticator_data = arr[2]
  signature = arr[3]
  appid = auth.app_id if auth.version == 'U2F_V2'
  client_data_json = Base64.urlsafe_encode64(auth.client_data)

  {
    id: auth.key_handle,
    rawId: auth.key_handle,
    clientExtensionResults: { appid: appid },
    type: 'public-key',
    response: {
      clientDataJSON: client_data_json,
      authenticatorData: Base64.urlsafe_encode64(
        CBOR.decode(
          Base64.strict_decode64(authenticator_data)
        )
      ),
      signature: signature
    }
  }
end