| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | package webauthn | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							| 
									
										
										
										
											2023-05-24 13:22:00 +03:00
										 |  |  | 	"github.com/go-webauthn/webauthn/protocol" | 
					
						
							|  |  |  | 	"github.com/go-webauthn/webauthn/webauthn" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-27 01:01:45 +02:00
										 |  |  | 	"github.com/zitadel/zitadel/internal/domain" | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-06-27 14:36:07 +02:00
										 |  |  | func WebAuthNsToCredentials(webAuthNs []*domain.WebAuthNToken, rpID string) []webauthn.Credential { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	creds := make([]webauthn.Credential, 0) | 
					
						
							|  |  |  | 	for _, webAuthN := range webAuthNs { | 
					
						
							| 
									
										
										
										
											2023-06-27 14:36:07 +02:00
										 |  |  | 		if webAuthN.State == domain.MFAStateReady && webAuthN.RPID == rpID { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 			creds = append(creds, webauthn.Credential{ | 
					
						
							|  |  |  | 				ID:              webAuthN.KeyID, | 
					
						
							|  |  |  | 				PublicKey:       webAuthN.PublicKey, | 
					
						
							|  |  |  | 				AttestationType: webAuthN.AttestationType, | 
					
						
							|  |  |  | 				Authenticator: webauthn.Authenticator{ | 
					
						
							|  |  |  | 					AAGUID:    webAuthN.AAGUID, | 
					
						
							|  |  |  | 					SignCount: webAuthN.SignCount, | 
					
						
							|  |  |  | 				}, | 
					
						
							|  |  |  | 			}) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return creds | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func WebAuthNToSessionData(webAuthN *domain.WebAuthNToken) webauthn.SessionData { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	return webauthn.SessionData{ | 
					
						
							|  |  |  | 		Challenge:            webAuthN.Challenge, | 
					
						
							|  |  |  | 		UserID:               []byte(webAuthN.AggregateID), | 
					
						
							|  |  |  | 		AllowedCredentialIDs: webAuthN.AllowedCredentialIDs, | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		UserVerification:     UserVerificationFromDomain(webAuthN.UserVerification), | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func WebAuthNLoginToSessionData(webAuthN *domain.WebAuthNLogin) webauthn.SessionData { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	return webauthn.SessionData{ | 
					
						
							|  |  |  | 		Challenge:            webAuthN.Challenge, | 
					
						
							|  |  |  | 		UserID:               []byte(webAuthN.AggregateID), | 
					
						
							|  |  |  | 		AllowedCredentialIDs: webAuthN.AllowedCredentialIDs, | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		UserVerification:     UserVerificationFromDomain(webAuthN.UserVerification), | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func UserVerificationToDomain(verification protocol.UserVerificationRequirement) domain.UserVerificationRequirement { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	switch verification { | 
					
						
							|  |  |  | 	case protocol.VerificationRequired: | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		return domain.UserVerificationRequirementRequired | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	case protocol.VerificationPreferred: | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		return domain.UserVerificationRequirementPreferred | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	case protocol.VerificationDiscouraged: | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		return domain.UserVerificationRequirementDiscouraged | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	default: | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 		return domain.UserVerificationRequirementUnspecified | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func UserVerificationFromDomain(verification domain.UserVerificationRequirement) protocol.UserVerificationRequirement { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	switch verification { | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	case domain.UserVerificationRequirementRequired: | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 		return protocol.VerificationRequired | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	case domain.UserVerificationRequirementPreferred: | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 		return protocol.VerificationPreferred | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	case domain.UserVerificationRequirementDiscouraged: | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 		return protocol.VerificationDiscouraged | 
					
						
							|  |  |  | 	default: | 
					
						
							|  |  |  | 		return protocol.VerificationDiscouraged | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | func AuthenticatorAttachmentFromDomain(authType domain.AuthenticatorAttachment) protocol.AuthenticatorAttachment { | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 	switch authType { | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	case domain.AuthenticatorAttachmentPlattform: | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 		return protocol.Platform | 
					
						
							| 
									
										
										
										
											2021-01-15 09:32:59 +01:00
										 |  |  | 	case domain.AuthenticatorAttachmentCrossPlattform: | 
					
						
							| 
									
										
										
										
											2020-12-02 17:00:04 +01:00
										 |  |  | 		return protocol.CrossPlatform | 
					
						
							|  |  |  | 	default: | 
					
						
							|  |  |  | 		return "" | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } |