-
-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve error handling #344
Conversation
Codecov Report
@@ Coverage Diff @@
## master #344 +/- ##
==========================================
+ Coverage 77.87% 77.95% +0.07%
==========================================
Files 88 88
Lines 2495 2513 +18
Branches 415 421 +6
==========================================
+ Hits 1943 1959 +16
Misses 439 439
- Partials 113 115 +2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
I was looking to add something like the below to AttestationVerifer and move the similar code out of the public static AttestationVerifier Create(string fmt)
{
return fmt switch
{
"none" => new None(), // https://www.w3.org/TR/webauthn/#none-attestation
"tpm" => new Tpm(), // https://www.w3.org/TR/webauthn/#tpm-attestation
"android-key" => new AndroidKey(), // https://www.w3.org/TR/webauthn/#android-key-attestation
"android-safetynet" => new AndroidSafetyNet(), // https://www.w3.org/TR/webauthn/#android-safetynet-attestation
"fido-u2f" => new FidoU2f(), // https://www.w3.org/TR/webauthn/#fido-u2f-attestation
"packed" => new Packed(), // https://www.w3.org/TR/webauthn/#packed-attestation
"apple" => new Apple(), // https://www.w3.org/TR/webauthn/#apple-anonymous-attestation
"apple-appattest" => new AppleAppAttest(), // https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server
_ => throw new Fido2VerificationException(Fido2ErrorCode.UnknownAttestationType, $"Unknown attestation type. Was '{fmt}'")
};
} Then have the caller call |
|
||
if (!(Sig is CborByteString { Length: > 0 })) | ||
throw new Fido2VerificationException(Fido2ErrorCode.InvalidAttestation, "Invalid android-key attestation signature"); | ||
if (!TryGetSig(out byte[]? sig)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's unfortunate that this performance boost is a little less readable. Never been a fan of out
, but I think the trade off is OK, just unfortunate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've did a quick review of 12/13 files, which is fine.
I haven't looked at the big bulk of changes in Src/Fido2/AttestationFormat/AttestationVerifier.cs.
I like @aseigler approach.
@aseigler I went ahead and moved the logic for creating AttestationVerifier instances up. Much nicer. |
So glad you like it. I have been staring at that area for the past....I want to say, 4 years, and keep thinking |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed, really nice.
In addition to addressing #340 (and superseding #341) to address the merge conflict:
This PR: