defuse_core/payload/
webauthn.rs1use defuse_crypto::{Payload, PublicKey, SignedPayload};
2use defuse_webauthn::PayloadSignature;
3use near_sdk::{CryptoHash, env, near, serde::de::DeserializeOwned, serde_json};
4
5use super::{DefusePayload, ExtractDefusePayload};
6
7#[near(serializers = [json])]
8#[derive(Debug, Clone)]
9pub struct SignedWebAuthnPayload {
10 pub payload: String,
11 #[serde(flatten)]
12 pub signature: PayloadSignature,
13}
14
15impl Payload for SignedWebAuthnPayload {
16 #[inline]
17 fn hash(&self) -> CryptoHash {
18 env::sha256_array(self.payload.as_bytes())
19 }
20}
21
22impl SignedPayload for SignedWebAuthnPayload {
23 type PublicKey = PublicKey;
24
25 #[inline]
26 fn verify(&self) -> Option<Self::PublicKey> {
27 self.signature.verify(self.hash(), false)
28 }
29}
30
31impl<T> ExtractDefusePayload<T> for SignedWebAuthnPayload
32where
33 T: DeserializeOwned,
34{
35 type Error = serde_json::Error;
36
37 #[inline]
38 fn extract_defuse_payload(self) -> Result<DefusePayload<T>, Self::Error> {
39 serde_json::from_str(&self.payload)
40 }
41}
42
43#[cfg(test)]
44mod tests {
45 use super::*;
46 use near_sdk::{AccountIdRef, serde_json};
47
48 #[test]
49 fn p256() {
50 let p: SignedWebAuthnPayload = serde_json::from_str(r#"{
51 "standard": "webauthn",
52 "payload": "{\"signer_id\":\"0x3602b546589a8fcafdce7fad64a46f91db0e4d50\",\"verifying_contract\":\"defuse.test.near\",\"deadline\":\"2025-03-30T00:00:00Z\",\"nonce\":\"A3nsY1GMVjzyXL3mUzOOP3KT+5a0Ruy+QDNWPhchnxM=\",\"intents\":[{\"intent\":\"transfer\",\"receiver_id\":\"user1.test.near\",\"tokens\":{\"nep141:ft1.poa-factory.test.near\":\"1000\"}}]}",
53 "public_key": "p256:2V8Np9vGqLiwVZ8qmMmpkxU7CTRqje4WtwFeLimSwuuyF1rddQK5fELiMgxUnYbVjbZHCNnGc6fAe4JeDcVxgj3Q",
54 "signature": "p256:3KBMZ72BHUiVfE1ey5dpi3KgbXvSEf9kuxgBEax7qLBQtidZExxxjjQk1hTTGFRrPvUoEStfrjoFNVVW4Abar94W",
55 "client_data_json": "{\"type\":\"webauthn.get\",\"challenge\":\"4cveZsIe6p-WaEcL-Lhtzt3SZuXbYsjDdlFhLNrSjjk\",\"origin\":\"https://defuse-widget-git-feat-passkeys-defuse-94bbc1b2.vercel.app\"}",
56 "authenticator_data": "933cQogpBzE3RSAYSAkfWoNEcBd3X84PxE8iRrRVxMgdAAAAAA=="
57}"#).unwrap();
58
59 let public_key = p.verify().expect("invalid signature");
60 assert_eq!(
61 public_key,
62 "p256:2V8Np9vGqLiwVZ8qmMmpkxU7CTRqje4WtwFeLimSwuuyF1rddQK5fELiMgxUnYbVjbZHCNnGc6fAe4JeDcVxgj3Q"
63 .parse()
64 .unwrap(),
65 );
66 assert_eq!(
67 public_key.to_implicit_account_id(),
68 AccountIdRef::new_or_panic("0x3602b546589a8fcafdce7fad64a46f91db0e4d50")
69 );
70 }
71
72 #[test]
73 fn ed25519() {
74 let p: SignedWebAuthnPayload = serde_json::from_str(r#" {
75 "standard": "webauthn",
76 "payload": "{\"signer_id\":\"19a8cd22b37802c3cbc0031f55c70f3858ac48dbfb7697c435da637fea0e0e47\",\"verifying_contract\":\"intents.near\",\"deadline\":{\"timestamp\":1732035219},\"nonce\":\"XVoKfmScb3G+XqH9ke/fSlJ/3xO59sNhCxhpG821BH8=\",\"intents\":[{\"intent\":\"token_diff\",\"diff\":{\"nep141:base-0x833589fcd6edb6e08f4c7c32d4f71b54bda02913.omft.near\":\"-1000\",\"nep141:eth-0xdac17f958d2ee523a2206206994597c13d831ec7.omft.near\":\"998\"}}]}",
77 "public_key": "ed25519:2jAUugnvWPvMaftKj5TDkyfsfxBwYjkMSf5MRtqDUMHY",
78 "signature": "ed25519:2yBp5oExa9BBZQf8habpjLUaSiprvT7srHrK38Bxt9zL1yrkQSeeXMLmkihKCd9frmTdk24YctUdzNN5nGqHWHgb",
79 "client_data_json": "{\"type\":\"webauthn.get\",\"challenge\":\"PfRFOFrLxCfyomuDryxhv6v2OzJIWqyMXaMikUYHSmY\",\"origin\":\"http://localhost:3000\"}",
80 "authenticator_data": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFZ50DuA"
81}"#).unwrap();
82
83 let public_key = p.verify().expect("invalid signature");
84 assert_eq!(
85 public_key,
86 "ed25519:2jAUugnvWPvMaftKj5TDkyfsfxBwYjkMSf5MRtqDUMHY"
87 .parse()
88 .unwrap(),
89 );
90 assert_eq!(
91 public_key.to_implicit_account_id(),
92 AccountIdRef::new_or_panic(
93 "19a8cd22b37802c3cbc0031f55c70f3858ac48dbfb7697c435da637fea0e0e47"
94 )
95 );
96 }
97}