`AuthenticatorAttestationResponse.kt`

Package: androidx.credentials.webauthn
Artifact: androidx.credentials:credentials:1.2.0-rc01
Raw Source
/*
 * Copyright 2023 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package androidx.credentials.webauthn

import androidx.annotation.RestrictTo
import java.security.MessageDigest
import org.json.JSONArray
import org.json.JSONObject

@RestrictTo(RestrictTo.Scope.LIBRARY)
class AuthenticatorAttestationResponse(
  private val requestOptions: PublicKeyCredentialCreationOptions,
  private val credentialId: ByteArray,
  private val credentialPublicKey: ByteArray,
  private val origin: String,
  private val up: Boolean,
  private val uv: Boolean,
  private val be: Boolean,
  private val bs: Boolean,
  private val packageName: String? = null,
  private val clientDataHash: ByteArray? = null,
) : AuthenticatorResponse {
  override var clientJson = JSONObject()
  var attestationObject: ByteArray

  init {
    clientJson.put("type", "webauthn.create")
    clientJson.put("challenge", WebAuthnUtils.b64Encode(requestOptions.challenge))
    clientJson.put("origin", origin)
    if (packageName != null) {
      clientJson.put("androidPackageName", packageName)
    }

    attestationObject = defaultAttestationObject()
  }

  private fun authData(): ByteArray {
    val md = MessageDigest.getInstance("SHA-256")
    val rpHash = md.digest(requestOptions.rp.id.toByteArray())
    var flags: Int = 0
    if (up) {
      flags = flags or 0x01
    }
    if (uv) {
      flags = flags or 0x04
    }
    if (be) {
      flags = flags or 0x08
    }
    if (bs) {
      flags = flags or 0x10
    }
    flags = flags or 0x40

    val aaguid = ByteArray(16) { 0 }
    val credIdLen = byteArrayOf((credentialId.size shr 8).toByte(), credentialId.size.toByte())

    val ret =
      rpHash +
        byteArrayOf(flags.toByte()) +
        byteArrayOf(0, 0, 0, 0) +
        aaguid +
        credIdLen +
        credentialId +
        credentialPublicKey

    return ret
  }

  internal fun defaultAttestationObject(): ByteArray {
    val ao = mutableMapOf<String, Any>()
    ao.put("fmt", "none")
    ao.put("attStmt", emptyMap<Any, Any>())
    ao.put("authData", authData())
    return Cbor().encode(ao)
  }

  override fun json(): JSONObject {
    // See AuthenticatorAttestationResponseJSON at
    // https://w3c.github.io/webauthn/#ref-for-dom-publickeycredential-tojson

    val clientData = clientJson.toString().toByteArray()
    val response = JSONObject()
    if (clientDataHash == null) {
      response.put("clientDataJSON", WebAuthnUtils.b64Encode(clientData))
    }
    response.put("attestationObject", WebAuthnUtils.b64Encode(attestationObject))
    response.put("transports", JSONArray(listOf("internal", "hybrid")))

    return response
  }
}