-
-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathappvalidate.go
61 lines (54 loc) · 2.78 KB
/
appvalidate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// Package appvalidate handles the logic for validating whether an app is a
// valid instance of your app via Apple's App Attest service.
package appvalidate
import (
"context"
"regexp"
"time"
"github.com/tidepool-org/platform/log"
"github.com/tidepool-org/platform/structure"
structureValidator "github.com/tidepool-org/platform/structure/validator"
)
//go:generate mockgen -build_flags=--mod=mod -destination=./mock.go -package=appvalidate github.com/tidepool-org/platform/appvalidate Repository,ChallengeGenerator
var (
// base64 regex that supports base64.URLEncoding ("+/" replaced by "-_") or base64.StdEncoding. Used for base64 payloads like the attestation and assertion object.
base64Chars = regexp.MustCompile("^(?:[A-Za-z0-9+/\\-_]{4})*(?:[A-Za-z0-9+/\\-_]{2}==|[A-Za-z0-9+/\\-_]{3}=)?$")
)
// AppValidation represents the entire state of a person's attestation /
// assertion status that determines if they are using a legitimate instance
// of an iOS app.
type AppValidation struct {
UserID string `json:"userId" bson:"userId,omitempty"`
KeyID string `json:"keyId" bson:"keyId,omitempty"`
PublicKey string `json:"-" bson:"publicKey,omitempty"`
Verified bool `json:"verified" bson:"verified"`
FraudAssessmentReceipt string `json:"-" bson:"fraudAssessmentReceipt,omitempty"`
AttestationChallenge string `json:"-" bson:"attestationChallenge,omitempty"`
AssertionVerifiedTime *time.Time `json:"-" bson:"assertionVerifiedTime,omitempty"`
AssertionChallenge string `json:"-" bson:"assertionChallenge,omitempty"`
AttestationVerifiedTime *time.Time `json:"-" bson:"attestationVerifiedTime"`
AssertionCounter uint32 `json:"assertionCounter" bson:"assertionCounter"`
}
// NewAppValidation creates a new AppValidation from a ChallengeCreate. Once a
// person starts the attestation process by requesting an attestation
// challenge, a new AppValidation needs to be persisted to keep track of the
// progress and state of the attestation and future assertions.
func NewAppValidation(ctx context.Context, attestChallenge string, create *ChallengeCreate) (*AppValidation, error) {
if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(create); err != nil {
return nil, err
}
validation := AppValidation{
UserID: create.UserID,
KeyID: create.KeyID,
AttestationChallenge: attestChallenge,
}
if err := structureValidator.New(log.LoggerFromContext(ctx)).Validate(&validation); err != nil {
return nil, err
}
return &validation, nil
}
func (av *AppValidation) Validate(v structure.Validator) {
v.String("attestationChallenge", &av.AttestationChallenge).NotEmpty()
v.String("userId", &av.UserID).NotEmpty()
v.String("keyId", &av.KeyID).NotEmpty()
}