defuse_core/payload/
webauthn.rs

1use defuse_crypto::{Payload, PublicKey, SignedPayload};
2use defuse_webauthn::PayloadSignature;
3use near_sdk::{CryptoHash, env, near, serde::de::DeserializeOwned, serde_json};
4
5use super::{DefusePayload, ExtractDefusePayload};
6
7#[near(serializers = [json])]
8#[derive(Debug, Clone)]
9pub struct SignedWebAuthnPayload {
10    pub payload: String,
11    #[serde(flatten)]
12    pub signature: PayloadSignature,
13}
14
15impl Payload for SignedWebAuthnPayload {
16    #[inline]
17    fn hash(&self) -> CryptoHash {
18        env::sha256_array(self.payload.as_bytes())
19    }
20}
21
22impl SignedPayload for SignedWebAuthnPayload {
23    type PublicKey = PublicKey;
24
25    #[inline]
26    fn verify(&self) -> Option<Self::PublicKey> {
27        self.signature.verify(self.hash(), false)
28    }
29}
30
31impl<T> ExtractDefusePayload<T> for SignedWebAuthnPayload
32where
33    T: DeserializeOwned,
34{
35    type Error = serde_json::Error;
36
37    #[inline]
38    fn extract_defuse_payload(self) -> Result<DefusePayload<T>, Self::Error> {
39        serde_json::from_str(&self.payload)
40    }
41}
42
43#[cfg(test)]
44mod tests {
45    use super::*;
46    use near_sdk::{AccountIdRef, serde_json};
47
48    #[test]
49    fn p256() {
50        let p: SignedWebAuthnPayload = serde_json::from_str(r#"{
51  "standard": "webauthn",
52  "payload": "{\"signer_id\":\"0x3602b546589a8fcafdce7fad64a46f91db0e4d50\",\"verifying_contract\":\"defuse.test.near\",\"deadline\":\"2025-03-30T00:00:00Z\",\"nonce\":\"A3nsY1GMVjzyXL3mUzOOP3KT+5a0Ruy+QDNWPhchnxM=\",\"intents\":[{\"intent\":\"transfer\",\"receiver_id\":\"user1.test.near\",\"tokens\":{\"nep141:ft1.poa-factory.test.near\":\"1000\"}}]}",
53  "public_key": "p256:2V8Np9vGqLiwVZ8qmMmpkxU7CTRqje4WtwFeLimSwuuyF1rddQK5fELiMgxUnYbVjbZHCNnGc6fAe4JeDcVxgj3Q",
54  "signature": "p256:3KBMZ72BHUiVfE1ey5dpi3KgbXvSEf9kuxgBEax7qLBQtidZExxxjjQk1hTTGFRrPvUoEStfrjoFNVVW4Abar94W",
55  "client_data_json": "{\"type\":\"webauthn.get\",\"challenge\":\"4cveZsIe6p-WaEcL-Lhtzt3SZuXbYsjDdlFhLNrSjjk\",\"origin\":\"https://defuse-widget-git-feat-passkeys-defuse-94bbc1b2.vercel.app\"}",
56  "authenticator_data": "933cQogpBzE3RSAYSAkfWoNEcBd3X84PxE8iRrRVxMgdAAAAAA=="
57}"#).unwrap();
58
59        let public_key = p.verify().expect("invalid signature");
60        assert_eq!(
61            public_key,
62            "p256:2V8Np9vGqLiwVZ8qmMmpkxU7CTRqje4WtwFeLimSwuuyF1rddQK5fELiMgxUnYbVjbZHCNnGc6fAe4JeDcVxgj3Q"
63                .parse()
64                .unwrap(),
65        );
66        assert_eq!(
67            public_key.to_implicit_account_id(),
68            AccountIdRef::new_or_panic("0x3602b546589a8fcafdce7fad64a46f91db0e4d50")
69        );
70    }
71
72    #[test]
73    fn ed25519() {
74        let p: SignedWebAuthnPayload = serde_json::from_str(r#" {
75  "standard": "webauthn",
76  "payload": "{\"signer_id\":\"19a8cd22b37802c3cbc0031f55c70f3858ac48dbfb7697c435da637fea0e0e47\",\"verifying_contract\":\"intents.near\",\"deadline\":{\"timestamp\":1732035219},\"nonce\":\"XVoKfmScb3G+XqH9ke/fSlJ/3xO59sNhCxhpG821BH8=\",\"intents\":[{\"intent\":\"token_diff\",\"diff\":{\"nep141:base-0x833589fcd6edb6e08f4c7c32d4f71b54bda02913.omft.near\":\"-1000\",\"nep141:eth-0xdac17f958d2ee523a2206206994597c13d831ec7.omft.near\":\"998\"}}]}",
77  "public_key": "ed25519:2jAUugnvWPvMaftKj5TDkyfsfxBwYjkMSf5MRtqDUMHY",
78  "signature": "ed25519:2yBp5oExa9BBZQf8habpjLUaSiprvT7srHrK38Bxt9zL1yrkQSeeXMLmkihKCd9frmTdk24YctUdzNN5nGqHWHgb",
79  "client_data_json": "{\"type\":\"webauthn.get\",\"challenge\":\"PfRFOFrLxCfyomuDryxhv6v2OzJIWqyMXaMikUYHSmY\",\"origin\":\"http://localhost:3000\"}",
80  "authenticator_data": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MFZ50DuA"
81}"#).unwrap();
82
83        let public_key = p.verify().expect("invalid signature");
84        assert_eq!(
85            public_key,
86            "ed25519:2jAUugnvWPvMaftKj5TDkyfsfxBwYjkMSf5MRtqDUMHY"
87                .parse()
88                .unwrap(),
89        );
90        assert_eq!(
91            public_key.to_implicit_account_id(),
92            AccountIdRef::new_or_panic(
93                "19a8cd22b37802c3cbc0031f55c70f3858ac48dbfb7697c435da637fea0e0e47"
94            )
95        );
96    }
97}