-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(protocol): enhance mds errors #341
base: master
Are you sure you want to change the base?
Conversation
WalkthroughThe changes primarily focus on enhancing the error handling and validation processes within the Changes
Possibly related issues
Possibly related PRs
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Outside diff range and nitpick comments (7)
protocol/errors.go (2)
43-46
: Add a default details message for consistencyUnlike other error definitions in this file,
ErrMetadata
has an empty Details field. Consider adding a default message to maintain consistency and provide immediate context when the error is used without callingWithDetails()
.ErrMetadata = &Error{ Type: "invalid_metadata", - Details: "", + Details: "Error validating metadata statement", }
43-46
: Consider maintaining alphabetical ordering of error definitionsThe new
ErrMetadata
is placed betweenErrInvalidAttestation
andErrAttestationFormat
, breaking the apparent alphabetical ordering of error variables. Consider moving it afterErrInvalidAttestation
but beforeErrNotImplemented
to maintain consistent ordering.protocol/metadata.go (3)
22-22
: Typographical Error in Error MessageThe word "retrieving" is misspelled as "retreiving" in the error message. Please correct the spelling to improve clarity.
Apply this diff to fix the typo:
- return nil, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred retreiving the metadata entry: %+v", aaguid, err)) + return nil, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred retrieving the metadata entry: %+v", aaguid, err))
49-49
: Inconsistent Return Value on Attestation Type MismatchWhen the attestation type is not found, the function returns
(entry, ErrMetadata.WithInfo(...))
. In other error cases where validation fails, the function returns(nil, error)
. For consistency and to avoid potential confusion, consider returning(nil, error)
when an error occurs.Apply this diff to make the return value consistent:
- return entry, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. The attestation type '%s' is not known to be used by this authenticator.", aaguid.String(), attestationType)) + return nil, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. The attestation type '%s' is not known to be used by this authenticator.", aaguid.String(), attestationType))
55-55
: Inconsistent Return Value on Status Validation ErrorSimilarly, when
mds.ValidateStatusReports
returns an error, the function returns(entry, error)
. To maintain consistency across the function, consider returning(nil, error)
unless there is a specific reason to return theentry
alongside the error.Apply this diff to align the return values:
- return entry, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred validating the authenticator status: %+v", aaguid, err)) + return nil, ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred validating the authenticator status: %+v", aaguid, err))protocol/attestation.go (1)
190-190
: Use the declared context variablectx
The context variable
ctx
is declared but not used. Consider usingctx
in the call toValidateMetadata
for consistency.Apply this diff to utilize the
ctx
variable:var protoErr *Error ctx := context.Background() - if entry, protoErr = ValidateMetadata(context.Background(), aaguid, attestationType, mds); protoErr != nil { + if entry, protoErr = ValidateMetadata(ctx, aaguid, attestationType, mds); protoErr != nil {webauthn/login.go (1)
320-323
: Consider passing a context instead of usingcontext.Background()
Using
context.Background()
may limit the ability to handle cancellations and timeouts effectively. Consider passing acontext.Context
from the caller to allow for better control over the execution flow and resource management.Apply the following changes:
Modify the call to
ValidateMetadata
:- if _, protoErr = protocol.ValidateMetadata(context.Background(), aaguid, credential.AttestationType, webauthn.Config.MDS); protoErr != nil { + if _, protoErr = protocol.ValidateMetadata(ctx, aaguid, credential.AttestationType, webauthn.Config.MDS); protoErr != nil {Update the function signature to accept a
context.Context
:- func (webauthn *WebAuthn) validateLogin(user User, session SessionData, parsedResponse *protocol.ParsedCredentialAssertionData) (*Credential, error) { + func (webauthn *WebAuthn) validateLogin(ctx context.Context, user User, session SessionData, parsedResponse *protocol.ParsedCredentialAssertionData) (*Credential, error) {Ensure that all callers of
validateLogin
pass the appropriate context. For example:- return webauthn.validateLogin(user, session, parsedResponse) + return webauthn.validateLogin(ctx, user, session, parsedResponse)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
protocol/attestation.go
(1 hunks)protocol/errors.go
(1 hunks)protocol/metadata.go
(1 hunks)webauthn/login.go
(1 hunks)
🔇 Additional comments (2)
protocol/errors.go (1)
43-46
: Verify error handling consistency across metadata validation
Let's ensure this new error is properly integrated with appropriate error details where used.
✅ Verification successful
Error handling is consistent but uses WithInfo instead of WithDetails
The error is properly integrated across the codebase in protocol/metadata.go
with detailed error messages, but it consistently uses WithInfo()
method instead of WithDetails()
. All usages provide specific error context including the AAGUID and detailed failure reasons. The error is used in appropriate scenarios:
- When metadata entry retrieval fails
- When authenticator has no registered metadata
- When attestation type validation fails
- When status report validation fails
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check how ErrMetadata is used across the codebase
# Expect: Usage in ValidateMetadata with WithDetails() calls
# Check for direct ErrMetadata usage
rg "ErrMetadata" -B 2 -A 2
# Check for "invalid_metadata" type usage
rg "invalid_metadata" -B 2 -A 2
# Look for potential error wrapping patterns
ast-grep --pattern 'WithDetails($$$)'
Length of output: 1982
protocol/metadata.go (1)
14-14
: Verify the Handling of Nil Metadata Provider
When mds == nil
, the function returns (nil, nil)
. Ensure that this behavior is intentional and that the calling code correctly handles a nil
entry and a nil
error. If a nil
mds
should be considered an error, you might want to return an appropriate error to avoid potential nil
pointer dereferences.
Run the following script to check how ValidateMetadata
is called in the codebase and whether mds
can be nil
:
✅ Verification successful
Returning nil, nil
for a nil
Provider is Correct
The current behavior is intentional and safe. From the code analysis:
- The
webauthn.Config.MDS
is explicitly checked fornil
before callingValidateMetadata
- The
ValidateMetadata
function gracefully handles bothnil
provider andnil
entry cases - The metadata validation is an optional feature, as evidenced by the conditional checks in
login.go
The function correctly follows the pattern where a nil
provider indicates that metadata validation is disabled, which is a valid configuration state. No changes are needed.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Find all calls to ValidateMetadata and check for nil `mds`.
# Search for all usages of ValidateMetadata
rg 'ValidateMetadata\('
# Check if `mds` is ever passed as `nil`
rg -A2 -B2 'ValidateMetadata\([^,]+,[^,]+,[^,]+,\s*nil\)'
Length of output: 552
Script:
#!/bin/bash
# Let's check how webauthn.Config.MDS is used and initialized
rg -A 5 -B 5 'Config.*MDS'
# Let's also check the metadata.Provider interface definition
ast-grep --pattern 'type Provider interface {
$$$
}'
# And check if there are any tests that verify nil provider behavior
rg -A 5 -B 5 'TestValidateMetadata'
Length of output: 4107
Script:
#!/bin/bash
# Let's check the implementation of ValidateMetadata to understand the nil handling logic
rg -A 20 "func ValidateMetadata"
# Let's also check if there are any tests in protocol package
fd ".*_test.go" protocol/ --exec rg -l "TestValidate"
Length of output: 1340
if string(atype) == attestationType { | ||
found = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Possible Type Conversion Issue in Attestation Type Comparison
In the comparison string(atype) == attestationType
, there may be a type mismatch. If atype
is not inherently a string, converting it using string(atype)
might not yield the expected result. Ensure that atype
is properly converted to a string that represents the attestation type.
Apply this diff if atype
is of a custom type that implements String()
:
- if string(atype) == attestationType {
+ if atype.String() == attestationType {
Alternatively, if attestationType
can be converted to the same type as atype
, consider:
- if string(atype) == attestationType {
+ if atype == metadata.AttestationType(attestationType) {
Please verify that the comparison accurately reflects the intended logic.
Committable suggestion skipped: line range outside the PR's diff.
bf6866e
to
493a377
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (2)
protocol/metadata.go (2)
90-90
: Fix spelling error in error messageThe word "agaisnt" is misspelled and should be "against".
- return ErrMetadata.WithDetails(fmt.Sprintf("Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. The attestation certificate could not be verified due to an error validating the trust chain agaisnt the Metadata Service.", aaguid)) + return ErrMetadata.WithDetails(fmt.Sprintf("Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. The attestation certificate could not be verified due to an error validating the trust chain against the Metadata Service.", aaguid))🧰 Tools
🪛 golangci-lint (1.62.2)
90-90:
agaisnt
is a misspelling ofagainst
(misspell)
72-91
: Consider using error constants for common error messagesThe error messages for certificate validation are quite long and repeated. Consider extracting them into constants for better maintainability and consistency.
Example:
const ( errNoCertificates = "The attestation had no certificates" errCertificateTypeMismatch = "The first certificate in the attestation was type '%T' but '[]byte' was expected" errFullFormatUnsupported = "Attestation was provided in the full format but the authenticator doesn't support the full attestation format" // ... more constants )🧰 Tools
🪛 golangci-lint (1.62.2)
90-90:
agaisnt
is a misspelling ofagainst
(misspell)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
protocol/attestation.go
(1 hunks)protocol/errors.go
(1 hunks)protocol/metadata.go
(2 hunks)webauthn/login.go
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
- protocol/attestation.go
- protocol/errors.go
- webauthn/login.go
🧰 Additional context used
🪛 golangci-lint (1.62.2)
protocol/metadata.go
13-13: cyclomatic complexity 21 of func ValidateMetadata
is high (> 15)
(gocyclo)
90-90: agaisnt
is a misspelling of against
(misspell)
🔇 Additional comments (3)
protocol/metadata.go (3)
Line range hint 23-38
: LGTM! Enhanced error messages provide better context
The entry validation logic has been improved with detailed error messages that include the AAGUID, making it easier to diagnose issues.
🧰 Tools
🪛 golangci-lint (1.62.2)
90-90: agaisnt
is a misspelling of against
(misspell)
42-48
: Ensure safe type conversion in attestation type comparison
The string(atype)
conversion might not yield the expected result if atype
is not inherently a string.
Consider using the type's String() method or proper type conversion:
- if string(atype) == attestationType {
+ if atype.String() == attestationType {
54-59
: LGTM! Clear error handling for status validation
The status validation error handling has been improved with detailed context.
493a377
to
9ac95ef
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
protocol/metadata.go (2)
96-96
: Fix spelling error in error messageThere's a spelling error in the error message: "agaisnt" should be "against".
Apply this diff:
- return ErrMetadata.WithDetails(fmt.Sprintf("Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. The attestation certificate could not be verified due to an error validating the trust chain agaisnt the Metadata Service.", aaguid)) + return ErrMetadata.WithDetails(fmt.Sprintf("Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. The attestation certificate could not be verified due to an error validating the trust chain against the Metadata Service.", aaguid))🧰 Tools
🪛 golangci-lint (1.62.2)
96-96:
agaisnt
is a misspelling ofagainst
(misspell)
76-82
: Consider additional error handling for certificate parsingWhile the current error handling is good, consider adding validation for the certificate data length before parsing:
if data, ok = x5cs[0].([]byte); !ok { return ErrMetadata.WithDetails(fmt.Sprintf("Failed to parse attestation certificate from x5c during attestation validation for Authenticator Attestation GUID '%s'.", aaguid)).WithInfo(fmt.Sprintf("The first certificate in the attestation was type '%T' but '[]byte' was expected", x5cs[0])) } +if len(data) == 0 { + return ErrMetadata.WithDetails(fmt.Sprintf("Failed to parse attestation certificate from x5c during attestation validation for Authenticator Attestation GUID '%s'.", aaguid)).WithInfo("The certificate data is empty") +} + if x5c, err = x509.ParseCertificate(data); err != nil { return ErrMetadata.WithDetails(fmt.Sprintf("Failed to parse attestation certificate from x5c during attestation validation for Authenticator Attestation GUID '%s'.", aaguid)).WithInfo(fmt.Sprintf("Error returned from x509.ParseCertificate: %+v", err)) }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (4)
protocol/attestation.go
(1 hunks)protocol/errors.go
(1 hunks)protocol/metadata.go
(2 hunks)webauthn/login.go
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
- protocol/attestation.go
- protocol/errors.go
- webauthn/login.go
🧰 Additional context used
🪛 golangci-lint (1.62.2)
protocol/metadata.go
13-13: cyclomatic complexity 23 of func ValidateMetadata
is high (> 15)
(gocyclo)
96-96: agaisnt
is a misspelling of against
(misspell)
🔇 Additional comments (4)
protocol/metadata.go (4)
Line range hint 23-38
: LGTM! Error handling improvements
The error handling has been enhanced with more descriptive messages using ErrMetadata.WithInfo
. The special case handling for zero AAGUID is well-implemented.
🧰 Tools
🪛 golangci-lint (1.62.2)
96-96: agaisnt
is a misspelling of against
(misspell)
42-48
: Possible Type Conversion Issue in Attestation Type Comparison
The comparison string(atype) == attestationType
might not yield the expected result if atype
is not inherently a string type.
Let's verify the type definition:
#!/bin/bash
# Search for AttestationType definition
ast-grep --pattern 'type AttestationType'
54-59
: LGTM! Clear status validation
The status validation logic is well-structured with proper error handling and descriptive messages.
13-21
: 🛠️ Refactor suggestion
Consider decomposing the function to reduce complexity
The function's cyclomatic complexity has increased to 23 (> 15), making it harder to maintain and test. Consider breaking it down into smaller, focused functions.
Consider splitting into these functions:
func validateEntry(ctx context.Context, mds metadata.Provider, aaguid uuid.UUID) *Error
func validateAttestationType(ctx context.Context, entry *metadata.Entry, attestationType string) *Error
func validateStatus(ctx context.Context, mds metadata.Provider, entry *metadata.Entry) *Error
func validateTrustAnchor(ctx context.Context, mds metadata.Provider, entry *metadata.Entry, attestationType string, x5cs []any) *Error
🧰 Tools
🪛 golangci-lint (1.62.2)
13-13: cyclomatic complexity 23 of func ValidateMetadata
is high (> 15)
(gocyclo)
9ac95ef
to
acf168c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Nitpick comments (17)
protocol/attestation_tpm.go (2)
223-239
: Documentation is clear and references the relevant RFC.
These docstrings provide a solid explanation of the SAN structure. Including direct links or referencing the specific subsection in RFC 5280 could further assist contributors.
Line range hint
388-434
: Clear separation of concerns in SAN extension parsing.
Returning a custom *Error type helps maintain clarity in error handling. The checks for empty manufacturer, model, and version are appropriate. However, if partial device attributes exist, consider presenting a more granular error message identifying which field is missing.🧰 Tools
🪛 golangci-lint (1.62.2)
406-406: Consider pre-allocating
unhandled
(prealloc)
protocol/assertion.go (2)
109-111
: Selective handling of known AuthenticatorAttachment values.
Casting to AuthenticatorAttachment and selectively storing recognized values is concise and clear. Consider adding a default branch to log or handle unexpected attachments, if relevant.
146-148
: Comment block clarifies the scope of steps being performed.
These lines help explain the following verification logic, though referencing the exact paragraph of the WebAuthn spec could further assist new contributors.protocol/attestation_packed.go (1)
210-210
: Clear specification reference.Adding the comment referencing §4.1 clarifies the step for validating the attested algorithm, enhancing code readability.
protocol/attestation_tpm_test.go (1)
33-33
: Consider removing redundant error check.
Line 32 already uses require.NoError(t, err) which will halt execution if err is non-nil. This subsequent if-statement on line 33 is therefore redundant.require.NoError(t, err) -if err != nil { - t.Fatalf("Not valid: %+v", err) -}protocol/metadata.go (7)
13-13
: Refactor suggestion for high cyclomatic complexity in ValidateMetadata.
The function’s cyclomatic complexity is 25 (>15). Consider splitting it into smaller helper functions for improved readability and maintainability.🧰 Tools
🪛 golangci-lint (1.62.2)
13-13: cyclomatic complexity 25 of func
ValidateMetadata
is high (> 15)(gocyclo)
24-24
: Typographical fix: "retreiving" → "retrieving".
Improve clarity in the error message by correcting the spelling.- Error occurred retreiving the metadata entry + Error occurred retrieving the metadata entry
39-53
: Use a consistent approach for attestation-type matching.
Current code checks attestation types in a loop. If you frequently compare or log these types, consider switching to typed constants or enumerations to avoid mismatches.
50-51
: Provide fallback or more context in error.
When no matching attestation type is found, the error might benefit from suggesting known or expected attestation types.
73-77
: Improve error granularity for x5c parse type mismatch.
It might be useful to mention the index/ordinal in the error details to help pinpoint the offending certificate. The loopOrdinalNumber function is invoked below, but consider reusing it here if relevant.
78-81
: Consider adding context to parse errors.
When x509.ParseCertificate fails, you might include the ordinal number or partial certificate data for easier debugging.
95-102
: Typographical fix: "agaisnt" → "against".
Line 101 has the misspelling in the error message.- error validating the trust chain agaisnt the Metadata Service + error validating the trust chain against the Metadata Service🧰 Tools
🪛 golangci-lint (1.62.2)
101-101:
agaisnt
is a misspelling ofagainst
(misspell)
protocol/attestation.go (3)
146-151
: Confirm necessity of detailed comment.
These lines are purely comments describing the approach. Ensure they are still accurate given recently introduced logic and the updated attestation format references.
187-187
: Consider a non-Background context.
Using context.Background() might hide cancellation or deadlines from upstream. Evaluate whether the calling context can be passed here instead.
189-190
: Improve error context.
Including “protoErr” in the error message is useful, but consider also referencing attestationType or other local variables for deeper debugging.README.md (1)
240-240
: Replace hard tab with spaces.
In Markdown, use spaces to avoid potential rendering issues.- Type: protocol.PublicKeyCredentialType, + Type: protocol.PublicKeyCredentialType,🧰 Tools
🪛 Markdownlint (0.37.0)
240-240: Column: 1
Hard tabs(MD010, no-hard-tabs)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (18)
README.md
(1 hunks)protocol/assertion.go
(3 hunks)protocol/assertion_test.go
(2 hunks)protocol/attestation.go
(2 hunks)protocol/attestation_androidkey_test.go
(1 hunks)protocol/attestation_apple.go
(2 hunks)protocol/attestation_packed.go
(2 hunks)protocol/attestation_packed_test.go
(1 hunks)protocol/attestation_safetynet.go
(1 hunks)protocol/attestation_tpm.go
(7 hunks)protocol/attestation_tpm_test.go
(1 hunks)protocol/client.go
(1 hunks)protocol/credential.go
(1 hunks)protocol/credential_test.go
(4 hunks)protocol/errors.go
(1 hunks)protocol/metadata.go
(2 hunks)protocol/options_test.go
(1 hunks)webauthn/login.go
(2 hunks)
✅ Files skipped from review due to trivial changes (3)
- protocol/client.go
- protocol/attestation_packed_test.go
- protocol/attestation_apple.go
🚧 Files skipped from review as they are similar to previous changes (2)
- protocol/errors.go
- webauthn/login.go
🧰 Additional context used
🪛 Markdownlint (0.37.0)
README.md
240-240: Column: 1
Hard tabs
(MD010, no-hard-tabs)
🪛 golangci-lint (1.62.2)
protocol/metadata.go
13-13: cyclomatic complexity 25 of func ValidateMetadata
is high (> 15)
(gocyclo)
101-101: agaisnt
is a misspelling of against
(misspell)
🔇 Additional comments (22)
protocol/attestation_tpm.go (4)
118-118
: Well-structured verification of TPM CertInfo consistency.
This check correctly ensures that certInfo.ExtraData matches the expected hash of the concatenated authenticator data and client data. No issues found.
Line range hint 289-319
: Potential edge case handling for 'id:' prefix.
Unmarshaling into tpmDeviceAttributes and trimming the "id:" prefix is straightforward. However, if "id:" is absent or partially spelled, the code silently sets the string as-is. Consider confirming that an "id:" prefix is truly expected, and handle partial matches or unexpected values.
370-386
: Straightforward hierarchy checks for AIK CA certificate.
This function cleanly orchestrates SAN parsing and EKU removal. The loop that processes parent certificates also returns early upon first failure, which seems correct in preventing partial acceptance of a broken chain.
Line range hint 434-455
: Mutating certificate UnknownExtKeyUsage in place.
This function removes invalid or unrecognized EKUs and checks for mandatory AIK usage. The in-place update of x5c.UnknownExtKeyUsage is intentional. Just ensure that no other code path relies on the original EKUs before this modification.
🧰 Tools
🪛 golangci-lint (1.62.2)
435-435: Consider pre-allocating unknown
(prealloc)
protocol/options_test.go (1)
30-30
: Use of PublicKeyCredentialType constant improves maintainability.
Replacing the hardcoded string with a typed constant ensures consistency and reduces the risk of typos across the codebase.
protocol/attestation_safetynet.go (1)
88-88
: Properly parsing the certificate from the SafetyNet JWT header.
This approach, using x509.ParseCertificate, is aligned with best practices for validating SafetyNet attestations. No issues found.
protocol/attestation_androidkey_test.go (1)
57-57
: Enhanced test assertion ensures correctness.
Verifying the return value is consistent with the expected output. This clarifies test intentions.
protocol/assertion.go (2)
57-60
: Ensuring request body is fully discarded and closed.
Capturing the body reading/closing in a defer function is a best practice that aids connection reuse. This pattern is safe for all typical use cases.
103-103
: Type check leverages typed constant for clarity.
Switching to string(PublicKeyCredentialType) for comparison is more robust than a hardcoded string, avoiding accidental mismatch.
protocol/assertion_test.go (2)
47-47
: Use of typed constant instead of magic string.
Replacing the hard-coded "public-key" value with string(PublicKeyCredentialType) promotes consistency and reduces the risk of typographical errors.
77-77
: Consistent credential type checks.
Updating the credential type to string(PublicKeyCredentialType) keeps it in sync with the existing constant, improving maintainability in test assertions.
protocol/attestation_packed.go (1)
226-227
: Helpful documentation for signature verification flow.
These comments illustrate the signature validation over authData + clientDataHash, aligning with the official spec guidelines without altering logic.
protocol/credential.go (1)
118-118
: Robust type check for credential creation.
Ensuring that PublicKeyCredentialType matches "public-key" via a typed constant avoids magic strings and possible mismatches. Well done.
protocol/credential_test.go (4)
44-44
: Test alignment with the typed credential.
Using string(PublicKeyCredentialType) in tests guarantees consistency with production code, preventing accidental string mismatches.
77-77
: Improved maintainability of credential tests.
This reiterates the same change—switching to the typed constant ensures consistent usage across test and production code.
185-185
: Unified approach for credential type verification in tests.
Replacing the hard-coded value maintains a single source of truth, making future refactors simpler.
213-213
: Update to typed constant for clarity.
Adopting string(PublicKeyCredentialType) clarifies that we are testing a public-key credential properly.
protocol/metadata.go (5)
54-59
: ValidateStatus call looks correct.
The error handling properly wraps and returns a contextual message.
60-64
: Double-check the early return when x5cs is empty.
Returning nil might skip further validation that could still be necessary. Confirm that a missing x5cs array is always valid in your scenario.
89-94
: Check TPM-specific logic.
The code specifically calls tpmParseAIKAttCA only if attestationType == string(metadata.AttCA). Ensure that all expected TPM attestation types are covered and tested.
108-126
: loopOrdinalNumber method is well-structured.
The switch statement neatly handles ordinal variants.
33-33
: Clarify reason for returning nil.
When no metadata entry is found, yet the code returns nil here. Verify that skipping validation is the intended behavior, especially for AAGUIDs with no metadata.
✅ Verification successful
Let me gather more context about the validation logic by checking the surrounding code.
Let me check the validation configuration methods to understand the complete validation logic.
Let me check the memory provider's initialization to understand how these validation flags are configured.
Based on the gathered context, I can now provide the final response:
The return behavior for missing metadata entries is correct and well-documented
The code follows a clear validation strategy where:
- For zero AAGUID: Returns nil if
GetValidateEntryPermitZeroAAGUID
is true - For missing entries: Returns error if
GetValidateEntry
is true, nil otherwise - Default configuration (seen in cached provider) enforces validation (
WithValidateEntry(true)
) and doesn't permit zero AAGUID (WithValidateEntryPermitZeroAAGUID(false)
)
The error message is appropriate as it clearly indicates the validation failure reason for missing metadata entries.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Searching for any usage of the "GetValidateEntryPermitZeroAAGUID" method calls
# to see if there's code that expects a particular reaction to missing entries.
rg -A 5 'GetValidateEntryPermitZeroAAGUID'
Length of output: 1670
Script:
#!/bin/bash
# Check the full context of the validation logic in metadata.go
rg -B 10 -A 10 'Failed to validate authenticator metadata'
# Also check for any tests that might reveal the intended behavior
rg -l 'TestMetadata.*AAGUID|AAGUID.*Test'
Length of output: 2825
Script:
#!/bin/bash
# Check for GetValidateEntry usage and implementation
rg -A 5 'GetValidateEntry[^P]'
# Look for any configuration or setup of these validation flags
rg -A 5 'validateEntry.*='
Length of output: 2300
Script:
#!/bin/bash
# Look for the Provider struct definition and initialization
rg -B 5 -A 10 'type Provider struct' metadata/providers/memory/
# Check for any configuration methods that set these validation flags
rg -A 5 'WithValidate|SetValidate'
Length of output: 5900
This adds significant improvements to the MDS3 errors helping identify the root cause of a validation error.
acf168c
to
99d717d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Nitpick comments (5)
README.md (1)
240-240
: LGTM! Type-safe credential type.The change from string literal to
protocol.PublicKeyCredentialType
improves type safety and aligns with the library's enhanced validation capabilities.Consider replacing the hard tab with spaces for consistency with the rest of the file.
🧰 Tools
🪛 Markdownlint (0.37.0)
240-240: Column: 1
Hard tabs(MD010, no-hard-tabs)
protocol/attestation.go (1)
187-190
: Consider using a more meaningful context
Usingcontext.Background()
here might mask potential cancellations or timeouts if this code is part of a larger request flow. Consider threading a real request context down toValidateMetadata
.Would you like help incorporating a more complete context-handling approach for your attestation verification?
protocol/metadata.go (3)
Line range hint
13-106
: Reduce cyclomatic complexity in ValidateMetadata
The functionValidateMetadata
has grown to a cyclomatic complexity of 25, making it harder to maintain and test. Consider splitting it into smaller logical units (e.g., separate functions for parsing x5cs, matching attestation types, and checking trust anchors).🧰 Tools
🪛 golangci-lint (1.62.2)
101-101:
agaisnt
is a misspelling ofagainst
(misspell)
24-24
: Fix spelling of “retrieving”
There's a small typo in the error message.Apply this diff to correct the misspelling:
- return ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred retreiving the metadata entry: %+v", aaguid, err)) + return ErrMetadata.WithInfo(fmt.Sprintf("Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred retrieving the metadata entry: %+v", aaguid, err))
101-101
: Fix spelling of “against”
There is a small typo in the error message: “agaisnt” should be “against.”Apply this diff to correct the misspelling:
- ...due to an error validating the trust chain agaisnt the Metadata Service... + ...due to an error validating the trust chain against the Metadata Service...🧰 Tools
🪛 golangci-lint (1.62.2)
101-101:
agaisnt
is a misspelling ofagainst
(misspell)
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (18)
README.md
(1 hunks)protocol/assertion.go
(3 hunks)protocol/assertion_test.go
(2 hunks)protocol/attestation.go
(2 hunks)protocol/attestation_androidkey_test.go
(1 hunks)protocol/attestation_apple.go
(2 hunks)protocol/attestation_packed.go
(2 hunks)protocol/attestation_packed_test.go
(1 hunks)protocol/attestation_safetynet.go
(1 hunks)protocol/attestation_tpm.go
(7 hunks)protocol/attestation_tpm_test.go
(1 hunks)protocol/client.go
(1 hunks)protocol/credential.go
(1 hunks)protocol/credential_test.go
(4 hunks)protocol/errors.go
(1 hunks)protocol/metadata.go
(2 hunks)protocol/options_test.go
(1 hunks)webauthn/login.go
(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (14)
- protocol/errors.go
- protocol/options_test.go
- protocol/attestation_safetynet.go
- protocol/credential_test.go
- protocol/attestation_androidkey_test.go
- protocol/attestation_packed.go
- protocol/assertion_test.go
- protocol/credential.go
- protocol/client.go
- protocol/attestation_apple.go
- protocol/attestation_tpm_test.go
- protocol/assertion.go
- protocol/attestation_packed_test.go
- webauthn/login.go
🧰 Additional context used
🪛 Markdownlint (0.37.0)
README.md
240-240: Column: 1
Hard tabs
(MD010, no-hard-tabs)
🪛 golangci-lint (1.62.2)
protocol/metadata.go
13-13: cyclomatic complexity 25 of func ValidateMetadata
is high (> 15)
(gocyclo)
101-101: agaisnt
is a misspelling of against
(misspell)
🔇 Additional comments (8)
protocol/attestation.go (1)
146-151
: Good handling of the AttestationFormatNone case
This logic correctly checks for an emptyattStatement
and returns early if the format is none, preventing unnecessary validations.protocol/metadata.go (2)
43-44
: Re-check attestation type comparison
This mirrors a previous comment about potential type mismatch. Ifatype
is a custom type rather than a string alias, converting it withstring(atype)
might not behave as expected.
61-66
: Verify skipping trust anchor validation when x5cs is empty
Returning early withnil
might hide cases where a trust anchor is expected but not provided. Verify that this silent pass is the intended behavior.protocol/attestation_tpm.go (5)
223-239
: Well-documented SAN parsing approach
The doc comments referencing RFC 5280 provide helpful context for maintainers. Good job documenting the format of SAN and its intended usage.
Line range hint
289-319
: Clear attribute extraction in parseSANExtension
This code nicely iterates through the RDN attributes to retrievemanufacturer
,model
, andversion
. The string trimming and type checks are straightforward and maintainable.
370-386
: Concise AIK certificate chain processing
The newtpmParseAIKAttCA
function cleanly centralizes SAN parsing and EKU removal for the entire certificate chain, improving readability.
388-403
: Consistent error wrapping for SAN extension parsing
Returning custom*Error
values with developer info ensures consistent error handling. The approach is coherent with the rest of your attestation logic.
Line range hint
434-455
: Correct enforcement of Extended Key Usage
Checking for the AIK OID and removing unknown EKUs is a clear way to ensure compliance with the TPM AIK profile.🧰 Tools
🪛 golangci-lint (1.62.2)
435-435: Consider pre-allocating
unknown
(prealloc)
This adds significant improvements to the MDS3 errors helping identify the root cause of a validation error.