Add transports information to registration response types

This is only possible since webauthn-json has recently implemented support for [passing this value](github/webauthn-json#44)
tweag · Jan 20, 2022 · 138dd7c · 138dd7c
1 parent 6adf5c9
commit 138dd7c
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 9 deletions.
diff --git a/src/Crypto/WebAuthn/Model/Types.hs b/src/Crypto/WebAuthn/Model/Types.hs
@@ -1201,16 +1201,14 @@ data AuthenticatorResponse (c :: CeremonyKind) raw where
       -- For more details, see [§ 6.5 Attestation](https://www.w3.org/TR/webauthn-2/#sctn-attestation),
       -- [§ 6.5.4 Generating an Attestation Object](https://www.w3.org/TR/webauthn-2/#sctn-generating-an-attestation-object),
       -- and [Figure 6](https://www.w3.org/TR/webauthn-2/#fig-attStructs).
-      arrAttestationObject :: AttestationObject raw
-      -- TODO: This property is currently not propagated by webauthn-json. See:
-      -- <https://github.com/github/webauthn-json/pull/44>
-      -- [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-gettransports)
+      arrAttestationObject :: AttestationObject raw,
+      -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-gettransports)
       -- This [internal slot](https://tc39.github.io/ecma262/#sec-object-internal-methods-and-internal-slots)
       -- contains a sequence of zero or more unique `[DOMString](https://heycam.github.io/webidl/#idl-DOMString)`s
       -- in lexicoaraphical order. These values are the transports that the
       -- [authenticator](https://www.w3.org/TR/webauthn-2/#authenticator) is believed to support,
       -- or an empty sequence if the information is unavailable.
-      -- arrTransports :: Set AuthenticatorTransport
+      arrTransports :: [AuthenticatorTransport]
     } ->
     AuthenticatorResponse 'Registration raw
   -- | [(spec)](https://www.w3.org/TR/webauthn-2/#authenticatorassertionresponse)

diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs
@@ -232,6 +232,9 @@ instance DecodeCreated (M.AuthenticatorResponse 'K.Registration 'True) where
   decodeCreated supportedFormats IDL.AuthenticatorAttestationResponse {..} = do
     arrClientData <- decode clientDataJSON
     arrAttestationObject <- decodeCreated supportedFormats attestationObject
+    arrTransports <- case transports of
+      Nothing -> pure []
+      Just t -> decode t
     pure $ M.AuthenticatorResponseRegistration {..}
 
 instance DecodeCreated (M.Credential 'K.Registration 'True) where

diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs
@@ -212,7 +212,8 @@ instance Encode (M.AuthenticatorResponse 'K.Registration 'True) where
   encode M.AuthenticatorResponseRegistration {..} =
     IDL.AuthenticatorAttestationResponse
       { clientDataJSON = encode arrClientData,
-        attestationObject = encode arrAttestationObject
+        attestationObject = encode arrAttestationObject,
+        transports = Just $ encode arrTransports
       }
 
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-attestationobject)

diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Types.hs b/src/Crypto/WebAuthn/Model/WebIDL/Types.hs
@@ -180,7 +180,11 @@ data AuthenticatorAttestationResponse = AuthenticatorAttestationResponse
   { -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson)
     clientDataJSON :: IDL.ArrayBuffer,
     -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-attestationobject)
-    attestationObject :: IDL.ArrayBuffer
+    attestationObject :: IDL.ArrayBuffer,
+    -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-transports-slot)
+    -- This field is only being propagated by webauthn-json [since recently](https://github.com/github/webauthn-json/pull/44),
+    -- which is why we allow absence of this value
+    transports :: Maybe [IDL.DOMString]
   }
   deriving (Eq, Show, Generic)
   deriving (Aeson.FromJSON, Aeson.ToJSON) via JSONEncoding AuthenticatorAttestationResponse

diff --git a/tests/Emulation/Client.hs b/tests/Emulation/Client.hs
@@ -89,7 +89,8 @@ clientAttestation M.CredentialOptionsRegistration {..} AnnotatedOrigin {..} conf
             M.cResponse =
               M.AuthenticatorResponseRegistration
                 { M.arrClientData = clientData,
-                  M.arrAttestationObject = attestationObject
+                  M.arrAttestationObject = attestationObject,
+                  M.arrTransports = []
                 },
             M.cClientExtensionResults = M.AuthenticationExtensionsClientOutputs {}
           }

diff --git a/tests/Main.hs b/tests/Main.hs
@@ -191,6 +191,14 @@ main = Hspec.hspec $ do
         True
         registry
         predeterminedDateTime
+    it "the response with transports information works" $
+      registerTestFromFile
+        "tests/responses/attestation/with-transports.json"
+        "https://infinisil.webauthn.dev.tweag.io"
+        "infinisil.webauthn.dev.tweag.io"
+        True
+        registry
+        predeterminedDateTime
   describe "AndroidKey register" $ do
     it "tests whether the fixed android key register has a valid attestation" $
       registerTestFromFile

diff --git a/tests/Spec/Types.hs b/tests/Spec/Types.hs
@@ -90,7 +90,7 @@ instance Arbitrary M.AttestationConveyancePreference where
   arbitrary = arbitraryBoundedEnum
 
 instance Arbitrary (M.AuthenticatorResponse 'M.Registration 'False) where
-  arbitrary = M.AuthenticatorResponseRegistration <$> arbitrary <*> arbitrary
+  arbitrary = M.AuthenticatorResponseRegistration <$> arbitrary <*> arbitrary <*> arbitrary
 
 instance Arbitrary M.AssertionSignature where
   arbitrary = M.AssertionSignature <$> arbitrary

diff --git a/tests/responses/attestation/with-transports.json b/tests/responses/attestation/with-transports.json
@@ -0,0 +1,12 @@
+{
+  "clientExtensionResults": {},
+  "rawId": "KUf81qzsKaofpSlxy5avzDu3hrHHLFMdGhNZOts9YDCC_lTspfkVUGlhaHwfxPJ6h3sWPPS6XkcI_2N3FbXfyQ",
+  "response": {
+    "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgTApe7qutMMPaNPA7NfFC21_-m46k4EWuh3BmKDYSDAoCIGB6A04-n7TYGJsc474JTayLKqSuUs2cvIorGreIvpS1Y3g1Y4FZAsEwggK9MIIBpaADAgECAgQej4c0MA0GCSqGSIb3DQEBCwUAMC4xLDAqBgNVBAMTI1l1YmljbyBVMkYgUm9vdCBDQSBTZXJpYWwgNDU3MjAwNjMxMCAXDTE0MDgwMTAwMDAwMFoYDzIwNTAwOTA0MDAwMDAwWjBuMQswCQYDVQQGEwJTRTESMBAGA1UECgwJWXViaWNvIEFCMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMScwJQYDVQQDDB5ZdWJpY28gVTJGIEVFIFNlcmlhbCA1MTI3MjI3NDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASoefgjOO0UlLrAcEvMf8Zj0bJxcVl2JDEBx2BRFdfBUp4oHBxnMi04S1zVXdPpgY1f2FwirzJuDGT8IK_jPyNmo2wwajAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuNzATBgsrBgEEAYLlHAIBAQQEAwIEMDAhBgsrBgEEAYLlHAEBBAQSBBAvwFefgRNH6rEWu1qNuSAqMAwGA1UdEwEB_wQCMAAwDQYJKoZIhvcNAQELBQADggEBAIaT_2LfDVd51HSNf8jRAicxio5YDmo6V8EI6U4Dw4Vos2aJT85WJL5KPv1_NBGLPZk3Q_eSoZiRYMj8muCwTj357hXj6IwE_IKo3L9YGOEI3MKWhXeuef9mK5RzTj3sRZcwXXPm5V7ivrnNlnjKCTXlM-tjj44m-ruBfNpEH76YMYMq5fbirZkvnrvbTGIji4-NerSB1tMmO82_nkpXVQNwmIrVgTRA-gMsrbZyPK3Y-Ne6gJ91tDz_oKW5rdFCMu-dnhSBJjgjPEykqHO5-KyY4yuhkWdgbhWQn83bSi3_va5GICSfmmZGrIHkgy0RGf6_qnMaiC2iWneCfUbRkBdoYXV0aERhdGFYxHzbgD-dWYiJjEu61dG4h-4WDe8NvHGqRb7HCEWeUfR8RQAAAAMvwFefgRNH6rEWu1qNuSAqAEApR_zWrOwpqh-lKXHLlq_MO7eGsccsUx0aE1k62z1gMIL-VOyl-RVQaWFofB_E8nqHexY89LpeRwj_Y3cVtd_JpQECAyYgASFYIKemkuzSyPwRFCcRBY4lmbhgQSCAfNTSJoDOnzokwUzuIlgglCsWjxTR4Dmb1CNnRcSmQxfKCL7cpqmS6xZLOU_xY7w",
+    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiZDdicFlRQUFBQURudERoamV5NlB5eGcwb1RpTnZEc1kiLCJvcmlnaW4iOiJodHRwczovL2luZmluaXNpbC53ZWJhdXRobi5kZXYudHdlYWcuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9",
+    "transports": [
+      "nfc",
+      "usb"
+    ]
+  }
+}