introduce VerifyArgs

fumieval · Nov 22, 2021 · 0f5be3f · 0f5be3f
1 parent ebeac8a
commit 0f5be3f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/src/WebAuthn.hs b/src/WebAuthn.hs
@@ -37,6 +37,7 @@ module WebAuthn (
   , registerCredential
   , CredentialCreationOptions(..)
   , defaultCredentialCreationOptions
+  , VerifyArgs(..)
   , verify
   , encodeAttestation
   ) where
@@ -202,23 +203,27 @@ registerCredential certStore opts@CredentialCreationOptions{..} clientDataJSON a
         -- non present public key will fail anyway or the fmt == 'none'
         Nothing -> return Nothing
 
+data VerifyArgs = VerifyArgs
+  { challenge :: Challenge
+  , relyingParty :: RelyingParty
+  , tokenBindingID :: Maybe Text
+  , requireVerification :: Bool
+  , clientDataJSON :: ByteString
+  , authenticatorData :: ByteString
+  , signature :: ByteString
+  , credentialPublicKey :: CredentialPublicKey
+  }
+
 -- | 7.2. Verifying an Authentication Assertion
-verify :: Challenge
-  -> RelyingParty
-  -> Maybe Text -- ^ Token Binding ID in base64
-  -> Bool -- ^ require user verification?
-  -> ByteString -- ^ clientDataJSON
-  -> ByteString -- ^ authenticatorData
-  -> ByteString -- ^ signature
-  -> CredentialPublicKey -- ^ public key
+verify :: VerifyArgs
   -> Either VerificationFailure ()
-verify challenge rp tbi verificationRequired clientDataJSON adRaw sig pub = do
-  clientDataCheck Get challenge clientDataJSON rp tbi
+verify VerifyArgs{..} = do
+  clientDataCheck Get challenge clientDataJSON relyingParty tokenBindingID
   let clientDataHash = hash clientDataJSON :: Digest SHA256
-  _ <- verifyAuthenticatorData rp adRaw verificationRequired
-  let dat = adRaw <> BA.convert clientDataHash
-  pub' <- parsePublicKey pub
-  verifySig pub' sig dat
+  _ <- verifyAuthenticatorData relyingParty authenticatorData requireVerification
+  let dat = authenticatorData <> BA.convert clientDataHash
+  pub' <- parsePublicKey credentialPublicKey
+  verifySig pub' signature dat
 
 clientDataCheck :: WebAuthnType -> Challenge -> ByteString -> RelyingParty -> Maybe Text -> Either VerificationFailure ()
 clientDataCheck ctype challenge clientDataJSON rp tbi = do

diff --git a/test/Tests.hs b/test/Tests.hs
@@ -4,7 +4,9 @@
 {-# LANGUAGE RecordWildCards #-}
 import WebAuthn
     ( registerCredential,
-      verify )
+      VerifyArgs(..),
+      verify,
+    )
 import Test.Tasty ( defaultMain, testGroup, TestTree )
 import Test.Tasty.HUnit (assertEqual,  assertBool, testCaseSteps )
 import Data.String.Interpolate ()
@@ -126,7 +128,16 @@ genericCredentialTest name TestPublicKeyCredential{..} time = testCaseSteps name
   assertBool (show eth) (isRight eth)
   let Right cdata = eth
   step "Verification check..."
-  let eth = verify getChallenge defRp Nothing False getClientDataJSON getAuthenticatorData getSignature cdata.credentialPublicKey
+  let eth = verify VerifyArgs
+        { challenge = getChallenge
+        , relyingParty = defRp
+        , tokenBindingID = Nothing
+        , requireVerification = False
+        , clientDataJSON = getClientDataJSON
+        , authenticatorData = getAuthenticatorData
+        , signature = getSignature
+        , credentialPublicKey = cdata.credentialPublicKey
+        }
   assertBool (show eth) (isRight eth)
 
 registrationTest :: TestTree