Class: WebAuthn::RelyingParty

Inherits:
Object
  • Object
show all
Defined in:
lib/webauthn/relying_party.rb

Constant Summary collapse

DEFAULT_ALGORITHMS = 
["ES256", "PS256", "RS256"].compact.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(algorithms: DEFAULT_ALGORITHMS.dup, encoding: WebAuthn::Encoder::STANDARD_ENCODING, allowed_origins: nil, origin: nil, id: nil, name: nil, verify_attestation_statement: true, credential_options_timeout: 120000, silent_authentication: false, acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'], attestation_root_certificates_finders: [], legacy_u2f_appid: nil) ⇒ RelyingParty

Returns a new instance of RelyingParty.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/webauthn/relying_party.rb', line 18

def initialize(
  algorithms: DEFAULT_ALGORITHMS.dup,
  encoding: WebAuthn::Encoder::STANDARD_ENCODING,
  allowed_origins: nil,
  origin: nil,
  id: nil,
  name: nil,
  verify_attestation_statement: true,
  credential_options_timeout: 120000,
  silent_authentication: false,
  acceptable_attestation_types: ['None', 'Self', 'Basic', 'AttCA', 'Basic_or_AttCA', 'AnonCA'],
  attestation_root_certificates_finders: [],
  legacy_u2f_appid: nil
)
  @algorithms = algorithms
  @encoding = encoding
  @allowed_origins = allowed_origins
  @id = id
  @name = name
  @verify_attestation_statement = verify_attestation_statement
  @credential_options_timeout = credential_options_timeout
  @silent_authentication = silent_authentication
  @acceptable_attestation_types = acceptable_attestation_types
  @legacy_u2f_appid = legacy_u2f_appid
  self.origin = origin
  self.attestation_root_certificates_finders = attestation_root_certificates_finders
end

Instance Attribute Details

#acceptable_attestation_typesObject

Returns the value of attribute acceptable_attestation_types.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def acceptable_attestation_types
  @acceptable_attestation_types
end

#algorithmsObject

Returns the value of attribute algorithms.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def algorithms
  @algorithms
end

#allowed_originsObject

Returns the value of attribute allowed_origins.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def allowed_origins
  @allowed_origins
end

#attestation_root_certificates_findersObject

Returns the value of attribute attestation_root_certificates_finders.



57
58
59
 
# File 'lib/webauthn/relying_party.rb', line 57

def attestation_root_certificates_finders
  @attestation_root_certificates_finders
end

#credential_options_timeoutObject

Returns the value of attribute credential_options_timeout.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def credential_options_timeout
  @credential_options_timeout
end

#encodingObject

Returns the value of attribute encoding.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def encoding
  @encoding
end

#idObject

Returns the value of attribute id.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def id
  @id
end

#legacy_u2f_appidObject

Returns the value of attribute legacy_u2f_appid.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def legacy_u2f_appid
  @legacy_u2f_appid
end

#nameObject

Returns the value of attribute name.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def name
  @name
end

#silent_authenticationObject

Returns the value of attribute silent_authentication.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def silent_authentication
  @silent_authentication
end

#verify_attestation_statementObject

Returns the value of attribute verify_attestation_statement.



46
47
48
 
# File 'lib/webauthn/relying_party.rb', line 46

def verify_attestation_statement
  @verify_attestation_statement
end

Class Method Details

.if_pss_supported(algorithm) ⇒ Object 



14
15
16
 
# File 'lib/webauthn/relying_party.rb', line 14

def self.if_pss_supported(algorithm)
  OpenSSL::PKey::RSA.instance_methods.include?(:verify_pss) ? algorithm : nil
end

Instance Method Details

#encoderObject

This is the user-data encoder. Used to decode user input and to encode data provided to the user.



61
62
63
 
# File 'lib/webauthn/relying_party.rb', line 61

def encoder
  @encoder ||= WebAuthn::Encoder.new(encoding)
end

#options_for_authentication(**keyword_arguments) ⇒ Object 



94
95
96
97
98
99
 
# File 'lib/webauthn/relying_party.rb', line 94

def options_for_authentication(**keyword_arguments)
  WebAuthn::Credential.options_for_get(
    **keyword_arguments,
    relying_party: self
  )
end

#options_for_registration(**keyword_arguments) ⇒ Object 



79
80
81
82
83
84
 
# File 'lib/webauthn/relying_party.rb', line 79

def options_for_registration(**keyword_arguments)
  WebAuthn::Credential.options_for_create(
    **keyword_arguments,
    relying_party: self
  )
end

#originObject

DEPRECATED: This method will be removed in future.



125
126
127
128
129
130
131
132
133
 
# File 'lib/webauthn/relying_party.rb', line 125

def origin
  warn(
    "DEPRECATION WARNING: `WebAuthn.origin` is deprecated and returns `nil` " \
    "when `WebAuthn.allowed_origins` contains more than one origin. " \
    "It will be removed in future. Please use `WebAuthn.allowed_origins` instead."
  )

  allowed_origins.first if allowed_origins&.size == 1
end

#origin=(new_origin) ⇒ Object

DEPRECATED: This method will be removed in future.



136
137
138
139
140
141
142
143
144
145
146
 
# File 'lib/webauthn/relying_party.rb', line 136

def origin=(new_origin)
  return if new_origin.nil?

  warn(
    "DEPRECATION WARNING: `WebAuthn.origin=` is deprecated and will be removed in future. "\
    "Please use `WebAuthn.allowed_origins=` instead "\
    "that also allows configuring multiple origins per Relying Party"
  )

  @allowed_origins ||= Array(new_origin) # rubocop:disable Naming/MemoizedInstanceVariableName
end

#verify_authentication(raw_credential, challenge, user_presence: nil, user_verification: nil, public_key: nil, sign_count: nil) ⇒ Object 



101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/webauthn/relying_party.rb', line 101

def verify_authentication(
  raw_credential,
  challenge,
  user_presence: nil,
  user_verification: nil,
  public_key: nil,
  sign_count: nil
)
  webauthn_credential = WebAuthn::Credential.from_get(raw_credential, relying_party: self)

  stored_credential = yield(webauthn_credential) if block_given?

  if webauthn_credential.verify(
    challenge,
    public_key: public_key || stored_credential.public_key,
    sign_count: sign_count || stored_credential.sign_count,
    user_presence: user_presence,
    user_verification: user_verification
  )
    block_given? ? [webauthn_credential, stored_credential] : webauthn_credential
  end
end

#verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil) ⇒ Object 



86
87
88
89
90
91
92
 
# File 'lib/webauthn/relying_party.rb', line 86

def verify_registration(raw_credential, challenge, user_presence: nil, user_verification: nil)
  webauthn_credential = WebAuthn::Credential.from_create(raw_credential, relying_party: self)

  if webauthn_credential.verify(challenge, user_presence: user_presence, user_verification: user_verification)
    webauthn_credential
  end
end