[EC-598] feat: add general error handling for attestation

2025-12-22 11:13:46 +00:00 · 2023-03-30 10:59:19 +02:00
parent b3d5ab4472
commit e7454501ea
2 changed files with 41 additions and 28 deletions
--- a/libs/common/src/webauthn/services/fido2-authenticator.service.ts
+++ b/libs/common/src/webauthn/services/fido2-authenticator.service.ts
@@ -173,38 +173,42 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.NotAllowed);
    }

-    const selectedCredentialId =
-      params.allowCredentialDescriptorList?.length > 0
-        ? selectedCipher.fido2Key.nonDiscoverableId
-        : selectedCipher.id;
+    try {
+      const selectedCredentialId =
+        params.allowCredentialDescriptorList?.length > 0
+          ? selectedCipher.fido2Key.nonDiscoverableId
+          : selectedCipher.id;

-    ++selectedCipher.fido2Key.counter;
-    selectedCipher.localData.lastUsedDate = new Date().getTime();
-    const encrypted = await this.cipherService.encrypt(selectedCipher);
-    await this.cipherService.updateWithServer(encrypted);
+      ++selectedCipher.fido2Key.counter;
+      selectedCipher.localData.lastUsedDate = new Date().getTime();
+      const encrypted = await this.cipherService.encrypt(selectedCipher);
+      await this.cipherService.updateWithServer(encrypted);

-    const authenticatorData = await generateAuthData({
-      rpId: selectedCipher.fido2Key.rpId,
-      credentialId: selectedCredentialId,
-      counter: selectedCipher.fido2Key.counter,
-      userPresence: true,
-      userVerification: false,
-    });
+      const authenticatorData = await generateAuthData({
+        rpId: selectedCipher.fido2Key.rpId,
+        credentialId: selectedCredentialId,
+        counter: selectedCipher.fido2Key.counter,
+        userPresence: true,
+        userVerification: false,
+      });

-    const signature = await generateSignature({
-      authData: authenticatorData,
-      clientData: params.hash,
-      privateKey: await getPrivateKeyFromCipher(selectedCipher),
-    });
+      const signature = await generateSignature({
+        authData: authenticatorData,
+        clientData: params.hash,
+        privateKey: await getPrivateKeyFromCipher(selectedCipher),
+      });

-    return {
-      authenticatorData,
-      selectedCredential: {
-        id: selectedCredentialId,
-        userHandle: Fido2Utils.stringToBuffer(selectedCipher.fido2Key.userHandle),
-      },
-      signature,
-    };
+      return {
+        authenticatorData,
+        selectedCredential: {
+          id: selectedCredentialId,
+          userHandle: Fido2Utils.stringToBuffer(selectedCipher.fido2Key.userHandle),
+        },
+        signature,
+      };
+    } catch {
+      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.Unknown);
+    }
  }

  private async vaultContainsCredentials(