0

我已经在 Node.js 中模拟了来自前端的响应,如下所示。

attestationObject 参数是 Yubikey 签署挑战并将其转换为 base64 以传输到节点服务器后返回的参数。

我得到的是一个 ArrayBuffer { byteLength: 226 } 但我不知道如何处理它。

我知道我需要检查已签名的域名,并且我需要使用用户凭据存储一些内容,以便他们可以再次登录。

我知道有很多选择,我只想获得最低限度的无密码注册和登录工作。

const cbor = require("cbor");
const attestationObject = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjE4mQ5WmgO3yl24XjxRqkP9LjqRYP-GsIubALB-5K_CK5FXMrOUa3OAAI1vMYKZIsLJfHwVQMAQABcapsmHtrsLJtfZ7RDcRm0iDgMlc5-CuP2XcNOwDy0uU2mU44ENk-EqtthH7huq8AipYfY0EvmfPRqQI-zI5GlAQIDJiABIVggZplpmQSKsJvg78INyrQUgBo9dv0vaZL6Qp15rOd6wMQiWCAx-ZeQ6T_xTMlY9cG3EWY54wT9Hd6EX7P7Ak-9uwauCA"
const clientDataJSON = "eyJjaGFsbGVuZ2UiOiJlVGR1TjJGaGFIaHhhRFJzT0RsdU1qTnRhMjgiLCJvcmlnaW4iOiJodHRwczovL2UzMDI3MTU3Lm5ncm9rLmlvIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9"
const id = "AFxqmyYe2uwsm19ntENxGbSIOAyVzn4K4_Zdw07APLS5TaZTjgQ2T4Sq22EfuG6rwCKlh9jQS-Z89GpAj7MjkQ"
const rawid = "AFxqmyYe2uwsm19ntENxGbSIOAyVzn4K4_Zdw07APLS5TaZTjgQ2T4Sq22EfuG6rwCKlh9jQS-Z89GpAj7MjkQ"

convertToBuffer(attestationObject)
.then((buffer) => {
 return parseAttestationObject(buffer)
})
.then((json) => {
    console.log(json)
})
.catch((err) => {
    console.log(err)
})

function convertToBuffer(base64) {
    return new Promise((resolve, reject) => {
        if (typeof base64 === "string") {
            base64 = base64.replace(/-/g, "+").replace(/_/g, "/");
            base64 = Buffer.from(base64, "base64");
            base64 = new Uint8Array(base64);
            resolve(base64.buffer);
        }

    })
}

function parseAttestationObject(attestationObject){
    return new Promise((resolve, reject) => {
        const authData = cbor.decodeAllSync(Buffer.from(attestationObject));
        const authnrDataArrayBuffer = authData[0].authData.buffer;
        console.log(authnrDataArrayBuffer)
        // What do I do with this authnrDataArrayBuffer? What needs saving to the database?
    }) 
}
4

2 回答 2

0 
// this is your attestationObject which is web safe base64 encode string
var attestationObject = "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjE4mQ5WmgO3yl24XjxRqkP9LjqRYP-GsIubALB-5K_CK5FXMrOUa3OAAI1vMYKZIsLJfHwVQMAQABcapsmHtrsLJtfZ7RDcRm0iDgMlc5-CuP2XcNOwDy0uU2mU44ENk-EqtthH7huq8AipYfY0EvmfPRqQI-zI5GlAQIDJiABIVggZplpmQSKsJvg78INyrQUgBo9dv0vaZL6Qp15rOd6wMQiWCAx-ZeQ6T_xTMlY9cG3EWY54wT9Hd6EX7P7Ak-9uwauCA";

// need to convert to base64 encode string
attestationObject = attestationObject.replace(/\-/g, '+').replace(/_/g, '/') + '=='.substring(0, (3*attestationObject.length)%4);

// do a base64 decode
var attCbor = Buffer.from(attestationObject, 'base64');

// decode to have CBOR object, using cbor module
const cbor = require("cbor");
var attCborObj = cbor.decodeAllSync(attCbor)[0];
console.log(attCborObj);
于 2019-06-10T07:49:51.980 回答
0

如果您对确切的问题更准确一点会有所帮助,但简而言之:

  • 您想要存储 rawI 这是您需要在身份验证步骤中传递到 allowCredentials 对象中的标识符,因此您将需要它。
  • attestationobject 是一个 CBOR 编码值。经过一些操作后,您应该能够从中提取公钥。您将能够使用此证书在身份验证步骤中验证来自身份验证器的响应。

我省略了任何具体的实现步骤,但请看一下https://github.com/fido-alliance/webauthn-demo因为这个项目也为 node.js 实现了 webauthn,所以你应该能够提取来自它的所有相关代码。

于 2019-05-29T12:04:00.353 回答