Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client attestation updates #110

Merged
merged 1 commit into from
Feb 14, 2025
Merged

Client attestation updates #110

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions Sources/Main/AttestationBasedClient/ClientAttestation.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,6 @@ public struct ClientAttestationJWT {
}
self.payload = JSON(jsonObject)

/*
guard payload[JWTClaimNames.subject].string != nil else {
throw ClientAttestationError.missingSubject
}
*/

guard let cnf = payload[JWTClaimNames.cnf].dictionary else {
throw ClientAttestationError.missingCnfClaim
}
Expand Down
12 changes: 6 additions & 6 deletions Sources/Main/AttestationBasedClient/ClientAttestationPoPBuilder.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,22 +48,22 @@ public struct DefaultClientAttestationPoPBuilder: ClientAttestationPoPBuilder {
clock: ClockType,
authServerId: URL
) throws -> ClientAttestationPoPJWT {

switch client {
case .attested(let attestationJWT, let popJwtSpec):
let now = Date()
let exp = now.addingTimeInterval(popJwtSpec.duration)
let jws = try JWS.init(
let now = Date().timeIntervalSince1970
let exp = Date().addingTimeInterval(popJwtSpec.duration).timeIntervalSince1970
let jws: JWS = try .init(
header: try .init(parameters: [
JWTClaimNames.algorithm: popJwtSpec.signingAlgorithm.rawValue,
JWTClaimNames.type: popJwtSpec.typ
]),
payload: .init(JSON([
JWTClaimNames.issuer: attestationJWT.clientId,
JWTClaimNames.jwtId: UUID().uuidString,
JWTClaimNames.jwtId: String.randomBase64URLString(length: 20),
JWTClaimNames.expirationTime: exp,
JWTClaimNames.issuedAt: now,
JWTClaimNames.audience: authServerId.absoluteString
JWTClaimNames.audience: authServerId.absoluteString,
JWTClaimNames.cnf: attestationJWT.cnf
]).rawData()),
signer: popJwtSpec.jwsSigner
)
Expand Down
4 changes: 2 additions & 2 deletions Sources/Main/AttestationBasedClient/ClientAttestationPoPJWTSpec.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ public struct ClientAttestationPoPJWTSpec {

public let signingAlgorithm: SignatureAlgorithm
public let duration: TimeInterval
public let typ: String?
public let typ: String
public let jwsSigner: Signer

// MARK: - Initializer

public init(
signingAlgorithm: SignatureAlgorithm,
duration: TimeInterval = 300, // Default to 5 minutes
typ: String? = nil,
typ: String,
jwsSigner: Signer
) throws {
// Validate the signing algorithm (must not be MAC)
Expand Down
10 changes: 8 additions & 2 deletions Tests/Helpers/SelfSignedClientAttestation.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,15 @@ internal func selfSignedClient(
algorithm: algorithm
)

let duration: TimeInterval = 300
let now = Date().timeIntervalSince1970
let exp = Date().addingTimeInterval(duration).timeIntervalSince1970
let payload: Payload = try! .init([
"iss": clientId,
"clientId": clientId,
"aud": clientId,
"sub": clientId,
"exp": 1800000000,
"iat": now,
"exp": exp,
"cnf": [
"jwk": ECPublicKey(
publicKey: try! KeyController.generateECDHPublicKey(
Expand All @@ -65,6 +69,8 @@ internal func selfSignedClient(
),
popJwtSpec: .init(
signingAlgorithm: algorithm,
duration: duration,
typ: "oauth-client-attestation-pop+jwt",
jwsSigner: signer
)
)
Expand Down
Loading