如何在Node.js中解析attestationObject

时间:2019-05-03 04:24:26

标签: yubico webauthn

我已经从Node.js的前端模拟了响应,如下所示。

当Yubikey签署挑战并将其转换为base64以传输到节点服务器后,将返回attestationObject参数。

我得到的是一个ArrayBuffer {byteLength:226},但我不知道该如何处理。

我知道我需要检查已签名的域名,并且需要使用用户凭据存储一些内容,以便他们可以再次登录。

我知道有很多选项,我只想获得最少的无密码注册和登录即可。

const cbor = require("cbor");
const attestationObject = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjE4mQ5WmgO3yl24XjxRqkP9LjqRYP-GsIubALB-5K_CK5FXMrOUa3OAAI1vMYKZIsLJfHwVQMAQABcapsmHtrsLJtfZ7RDcRm0iDgMlc5-CuP2XcNOwDy0uU2mU44ENk-EqtthH7huq8AipYfY0EvmfPRqQI-zI5GlAQIDJiABIVggZplpmQSKsJvg78INyrQUgBo9dv0vaZL6Qp15rOd6wMQiWCAx-ZeQ6T_xTMlY9cG3EWY54wT9Hd6EX7P7Ak-9uwauCA"
const clientDataJSON = "eyJjaGFsbGVuZ2UiOiJlVGR1TjJGaGFIaHhhRFJzT0RsdU1qTnRhMjgiLCJvcmlnaW4iOiJodHRwczovL2UzMDI3MTU3Lm5ncm9rLmlvIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9"
const id = "AFxqmyYe2uwsm19ntENxGbSIOAyVzn4K4_Zdw07APLS5TaZTjgQ2T4Sq22EfuG6rwCKlh9jQS-Z89GpAj7MjkQ"
const rawid = "AFxqmyYe2uwsm19ntENxGbSIOAyVzn4K4_Zdw07APLS5TaZTjgQ2T4Sq22EfuG6rwCKlh9jQS-Z89GpAj7MjkQ"

convertToBuffer(attestationObject)
.then((buffer) => {
 return parseAttestationObject(buffer)
})
.then((json) => {
    console.log(json)
})
.catch((err) => {
    console.log(err)
})

function convertToBuffer(base64) {
    return new Promise((resolve, reject) => {
        if (typeof base64 === "string") {
            base64 = base64.replace(/-/g, "+").replace(/_/g, "/");
            base64 = Buffer.from(base64, "base64");
            base64 = new Uint8Array(base64);
            resolve(base64.buffer);
        }

    })
}

function parseAttestationObject(attestationObject){
    return new Promise((resolve, reject) => {
        const authData = cbor.decodeAllSync(Buffer.from(attestationObject));
        const authnrDataArrayBuffer = authData[0].authData.buffer;
        console.log(authnrDataArrayBuffer)
        // What do I do with this authnrDataArrayBuffer? What needs saving to the database?
    }) 
}

2 个答案:

答案 0 :(得分:0)

如果您对确切的问题更为准确,但总而言之,这将很有帮助:

  • 您要存储rawI这是在身份验证步骤中需要传递到allowCredentials对象中的标识符,因此将需要它。
  • 证明对象是CBOR编码的值。经过一些操作后,您应该能够从中提取公共密钥。您将可以使用此证书在身份验证步骤中验证来自身份验证器的响应。

我将省略所有具体的实现步骤,但是请查看https://github.com/fido-alliance/webauthn-demo,因为该项目也为node.js实现了webauthn,因此您应该能够从中提取所有相关代码。 / p>

答案 1 :(得分:0)

// this is your attestationObject which is web safe base64 encode string
var attestationObject = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjE4mQ5WmgO3yl24XjxRqkP9LjqRYP-GsIubALB-5K_CK5FXMrOUa3OAAI1vMYKZIsLJfHwVQMAQABcapsmHtrsLJtfZ7RDcRm0iDgMlc5-CuP2XcNOwDy0uU2mU44ENk-EqtthH7huq8AipYfY0EvmfPRqQI-zI5GlAQIDJiABIVggZplpmQSKsJvg78INyrQUgBo9dv0vaZL6Qp15rOd6wMQiWCAx-ZeQ6T_xTMlY9cG3EWY54wT9Hd6EX7P7Ak-9uwauCA";

// need to convert to base64 encode string
attestationObject = attestationObject.replace(/\-/g, '+').replace(/_/g, '/') + '=='.substring(0, (3*attestationObject.length)%4);

// do a base64 decode
var attCbor = new Buffer(attestationObject, 'base64');

// decode to have CBOR object, using cbor module
const cbor = require("cbor");
var attCborObj = cbor.decodeAllSync(attCbor)[0];
console.log(attCborObj);
相关问题
最新问题