Do not require clientExtensions in clientDataJSON
It is not included in the output from Firefox 92.1.1 on Android. It *is* included when using the same key on Firefox 78.14.0esr on Linux.
This commit is contained in:
parent
78be1d42df
commit
defc231491
2 changed files with 20 additions and 6 deletions
|
@ -297,7 +297,7 @@ type registration = {
|
||||||
sign_count : Int32.t ;
|
sign_count : Int32.t ;
|
||||||
attested_credential_data : credential_data ;
|
attested_credential_data : credential_data ;
|
||||||
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
||||||
client_extensions : (string * Yojson.Safe.t) list ;
|
client_extensions : (string * Yojson.Safe.t) list option ;
|
||||||
certificate : X509.Certificate.t option ;
|
certificate : X509.Certificate.t option ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -326,7 +326,14 @@ let register t response =
|
||||||
json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
|
json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
|
||||||
guard (String.equal t.origin origin)
|
guard (String.equal t.origin origin)
|
||||||
(`Origin_mismatch (t.origin, origin)) >>= fun () ->
|
(`Origin_mismatch (t.origin, origin)) >>= fun () ->
|
||||||
json_get "clientExtensions" client_data >>= json_assoc "clientExtensions" >>= fun client_extensions ->
|
let client_extensions = Result.to_option (json_get "clientExtensions" client_data) in
|
||||||
|
begin match client_extensions with
|
||||||
|
| Some client_extensions ->
|
||||||
|
json_assoc "clientExtensions" client_extensions >>= fun client_extensions ->
|
||||||
|
Ok (Some client_extensions)
|
||||||
|
| None ->
|
||||||
|
Ok None
|
||||||
|
end >>= fun client_extensions ->
|
||||||
parse_attestation_object response.attestation_object >>= fun (auth_data, attestation_statement) ->
|
parse_attestation_object response.attestation_object >>= fun (auth_data, attestation_statement) ->
|
||||||
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
|
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
|
||||||
guard (Cstruct.equal auth_data.rpid_hash rpid_hash)
|
guard (Cstruct.equal auth_data.rpid_hash rpid_hash)
|
||||||
|
@ -373,7 +380,7 @@ type authentication = {
|
||||||
user_verified : bool ;
|
user_verified : bool ;
|
||||||
sign_count : Int32.t ;
|
sign_count : Int32.t ;
|
||||||
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
||||||
client_extensions : (string * Yojson.Safe.t) list ;
|
client_extensions : (string * Yojson.Safe.t) list option ;
|
||||||
}
|
}
|
||||||
|
|
||||||
type authenticate_response = {
|
type authenticate_response = {
|
||||||
|
@ -402,7 +409,14 @@ let authenticate t public_key response =
|
||||||
json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
|
json_get "origin" client_data >>= json_string "origin" >>= fun origin ->
|
||||||
guard (String.equal t.origin origin)
|
guard (String.equal t.origin origin)
|
||||||
(`Origin_mismatch (t.origin, origin)) >>= fun () ->
|
(`Origin_mismatch (t.origin, origin)) >>= fun () ->
|
||||||
json_get "clientExtensions" client_data >>= json_assoc "clientExtensions" >>= fun client_extensions ->
|
let client_extensions = Result.to_option (json_get "clientExtensions" client_data) in
|
||||||
|
begin match client_extensions with
|
||||||
|
| Some client_extensions ->
|
||||||
|
json_assoc "clientExtensions" client_extensions >>= fun client_extensions ->
|
||||||
|
Ok (Some client_extensions)
|
||||||
|
| None ->
|
||||||
|
Ok None
|
||||||
|
end >>= fun client_extensions ->
|
||||||
parse_auth_data response.authenticator_data >>= fun auth_data ->
|
parse_auth_data response.authenticator_data >>= fun auth_data ->
|
||||||
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
|
let rpid_hash = Mirage_crypto.Hash.SHA256.digest (Cstruct.of_string (rpid t)) in
|
||||||
guard (Cstruct.equal auth_data.rpid_hash rpid_hash)
|
guard (Cstruct.equal auth_data.rpid_hash rpid_hash)
|
||||||
|
|
|
@ -105,7 +105,7 @@ type registration = {
|
||||||
sign_count : Int32.t ;
|
sign_count : Int32.t ;
|
||||||
attested_credential_data : credential_data ;
|
attested_credential_data : credential_data ;
|
||||||
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
||||||
client_extensions : (string * Yojson.Safe.t) list ;
|
client_extensions : (string * Yojson.Safe.t) list option ;
|
||||||
certificate : X509.Certificate.t option ;
|
certificate : X509.Certificate.t option ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -134,7 +134,7 @@ type authentication = {
|
||||||
user_verified : bool ;
|
user_verified : bool ;
|
||||||
sign_count : Int32.t ;
|
sign_count : Int32.t ;
|
||||||
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
authenticator_extensions : (string * CBOR.Simple.t) list option ;
|
||||||
client_extensions : (string * Yojson.Safe.t) list ;
|
client_extensions : (string * Yojson.Safe.t) list option ;
|
||||||
}
|
}
|
||||||
|
|
||||||
(** The type for an authentication response. *)
|
(** The type for an authentication response. *)
|
||||||
|
|
Loading…
Reference in a new issue