mirror of
https://github.com/outbackdingo/certificates.git
synced 2026-01-27 02:18:27 +00:00
Add attestation format to challenge
This commit adds the format of the payload to the challenge object.
This commit is contained in:
Mariano Cano
@@ -89,6 +89,7 @@ type Challenge struct {
|
||||
Target string `json:"target,omitempty"`
|
||||
Error *Error `json:"error,omitempty"`
|
||||
Payload []byte `json:"-"`
|
||||
PayloadFormat string `json:"-"`
|
||||
}
|
||||
|
||||
// ToLog enables response logging.
|
||||
@@ -944,6 +945,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
|
||||
ch.Error = nil
|
||||
ch.ValidatedAt = clock.Now().Format(time.RFC3339)
|
||||
ch.Payload = payload
|
||||
ch.PayloadFormat = format
|
||||
|
||||
// Store the fingerprint in the authorization.
|
||||
//
|
||||
|
||||
@@ -151,6 +151,8 @@ func mustAttestApple(t *testing.T, nonce string) ([]byte, *x509.Certificate, *x5
|
||||
}
|
||||
|
||||
func mustAttestYubikey(t *testing.T, _, keyAuthorization string, serial int) ([]byte, *x509.Certificate, *x509.Certificate) {
|
||||
t.Helper()
|
||||
|
||||
ca, err := minica.New()
|
||||
fatalError(t, err)
|
||||
|
||||
@@ -821,6 +823,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")
|
||||
|
||||
@@ -873,6 +876,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "1234", updch.Value)
|
||||
assert.Equal(t, payload, updch.Payload)
|
||||
assert.Equal(t, "step", updch.PayloadFormat)
|
||||
|
||||
return nil
|
||||
},
|
||||
@@ -4007,6 +4011,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewError(ErrorRejectedIdentifierType, "payload contained error: an error")
|
||||
|
||||
@@ -4046,6 +4051,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "failed base64 decoding attObj %q", "?!")
|
||||
|
||||
@@ -4085,6 +4091,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")
|
||||
|
||||
@@ -4124,6 +4131,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj must not be empty")
|
||||
|
||||
@@ -4163,6 +4171,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "attObj is not well formed CBOR: unexpected EOF")
|
||||
|
||||
@@ -4204,6 +4213,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "unsupported attestation object format %q", "unsupported-format")
|
||||
|
||||
@@ -4250,6 +4260,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewError(ErrorBadAttestationStatementType, "attestation format %q is not enabled", "step")
|
||||
|
||||
@@ -4306,6 +4317,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")
|
||||
|
||||
@@ -4354,6 +4366,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "serial-number", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "challenge token does not match")
|
||||
|
||||
@@ -4401,6 +4414,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "non-matching-value", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
subproblem := NewSubproblemWithIdentifier(
|
||||
ErrorRejectedIdentifierType,
|
||||
@@ -4480,6 +4494,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "x5c not present")
|
||||
|
||||
@@ -4535,6 +4550,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, "permanent identifier does not match").
|
||||
AddSubproblems(NewSubproblemWithIdentifier(
|
||||
@@ -4631,6 +4647,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Nil(t, updch.Payload)
|
||||
assert.Empty(t, updch.PayloadFormat)
|
||||
|
||||
err := NewDetailedError(ErrorBadAttestationStatementType, `unsupported attestation object format "bogus-format"`)
|
||||
|
||||
@@ -4724,6 +4741,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Equal(t, payload, updch.Payload)
|
||||
assert.Equal(t, "step", updch.PayloadFormat)
|
||||
|
||||
return errors.New("force")
|
||||
},
|
||||
@@ -4771,6 +4789,7 @@ func Test_deviceAttest01Validate(t *testing.T) {
|
||||
assert.Equal(t, ChallengeType("device-attest-01"), updch.Type)
|
||||
assert.Equal(t, "12345678", updch.Value)
|
||||
assert.Equal(t, payload, updch.Payload)
|
||||
assert.Equal(t, "step", updch.PayloadFormat)
|
||||
|
||||
return nil
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user