Can generate admin key enrollment challenge

Cargo.lock

@@ -816,6 +816,7 @@ dependencies = [
  "serde_json",
  "sha1",
  "tokio 0.2.25",
+ "webauthn-rs",
  "webpage",
  "webrtc-sdp",
  "yaml-rust",
@@ -1401,6 +1402,12 @@ dependencies = [
  "tracing-futures",
 ]
 
+[[package]]
+name = "half"
+version = "1.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3"
+
 [[package]]
 name = "hashbrown"
 version = "0.9.1"
@@ -2948,6 +2955,25 @@ dependencies = [
  "serde_derive",
 ]
 
+[[package]]
+name = "serde_bytes"
+version = "0.11.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16ae07dd2f88a366f15bd0632ba725227018c69a1c8550a927324f8eb8368bb9"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "serde_cbor"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e18acfa2f90e8b735b2836ab8d538de304cbb6729a7360729ea5a895d15a622"
+dependencies = [
+ "half",
+ "serde",
+]
+
 [[package]]
 name = "serde_derive"
 version = "1.0.123"
@@ -3798,6 +3824,25 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webauthn-rs"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dca232368e409a186d2cc0a83380398429a5b6c39608143c2a9bcc16e96b08d0"
+dependencies = [
+ "base64 0.12.3",
+ "log",
+ "nom",
+ "openssl",
+ "rand 0.7.3",
+ "serde",
+ "serde_bytes",
+ "serde_cbor",
+ "serde_derive",
+ "serde_json",
+ "thiserror",
+]
+
 [[package]]
 name = "webpage"
 version = "1.2.0"

Cargo.toml

@@ -41,3 +41,4 @@ zip = "0.5.10"
 webpage = "1.2.0"
 gouth = "0.2.0"
 tokio = { version = "0.2" }
+webauthn-rs = "0.2.5"

src/controllers/admin/admin_account_controller.rs

@@ -2,6 +2,8 @@
 //!
 //! @author Pierre Hubert
 
+
+
 use crate::api_data::admin::admin_auth_options::AdminAuthOptions;
 use crate::api_data::admin::admin_auth_success::AdminAuthSuccess;
 use crate::api_data::admin::admin_id_api::AdminIDAPI;
@@ -9,7 +11,8 @@ use crate::api_data::admin::admin_info_api::AdminInfoAPI;
 use crate::data::admin::NewAdminGeneralSettings;
 use crate::data::base_request_handler::BaseRequestHandler;
 use crate::data::http_request_handler::HttpRequestHandler;
-use crate::helpers::{admin_access_token_helper, admin_account_helper};
+use crate::data::webauthn_config::get_wan;
+use crate::helpers::{admin_access_token_helper, admin_account_helper, admin_key_registration_challenges_helper};
 use crate::routes::RequestResult;
 use crate::utils::date_utils::time;
 
@@ -90,3 +93,14 @@ pub fn update_general_settings(r: &mut HttpRequestHandler) -> RequestResult {
 
     r.ok()
 }
+
+/// Generate a challenge to register a new key
+pub fn challenge_register_key(r: &mut HttpRequestHandler) -> RequestResult {
+    let mut wan = get_wan();
+
+    let (res, state) = wan.generate_challenge_register(&r.admin_id()?.id_str(), None)?;
+
+    admin_key_registration_challenges_helper::set(r.admin_id()?, state)?;
+
+    r.set_response(res)
+}

src/data/admin.rs

@@ -13,6 +13,10 @@ impl AdminID {
     pub fn id(&self) -> u64 {
         self.0
     }
+
+    pub fn id_str(&self) -> String {
+        format!("{}", self.0)
+    }
 }
 
 pub struct NewAdmin {
@@ -47,12 +51,12 @@ pub struct AdminKey {
 pub struct AdminAccessToken {
     pub token: String,
     pub id: AdminID,
-    pub last_refresh: u64
+    pub last_refresh: u64,
 }
 
 /// New admin general settings
 pub struct NewAdminGeneralSettings {
     pub id: AdminID,
     pub name: String,
-    pub email: String
+    pub email: String,
 }

src/data/mod.rs

@@ -42,3 +42,4 @@ pub mod new_notifications_settings;
 pub mod push_notification;
 pub mod presence;
 pub mod admin;
+pub mod webauthn_config;

src/data/webauthn_config.rs

@@ -0,0 +1,36 @@
+//! # Webauthn config
+//!
+//! @author Pierre Hubert
+
+use webauthn_rs::{Webauthn, WebauthnConfig};
+
+use crate::data::config::conf;
+
+pub struct ComunicAdminWebauthnConfig {}
+
+impl WebauthnConfig for ComunicAdminWebauthnConfig {
+    fn get_relying_party_name(&self) -> String {
+        "ComunicAdmin".to_string()
+    }
+
+    fn get_origin(&self) -> &String {
+        &conf().admin_url
+    }
+
+    fn get_relying_party_id(&self) -> String {
+        self.get_origin()
+            .replace("https://", "")
+            .replace("http://", "")
+            .split(":")
+            .next()
+            .unwrap()
+            .split("/")
+            .next()
+            .unwrap()
+            .to_string()
+    }
+}
+
+pub fn get_wan() -> Webauthn<ComunicAdminWebauthnConfig> {
+    Webauthn::new(ComunicAdminWebauthnConfig {})
+}

src/helpers/admin_access_token_helper.rs

@@ -13,7 +13,7 @@ use crate::utils::date_utils::time;
 
 static mut CACHE: Option<Arc<Mutex<HashMap<AdminID, AdminAccessToken>>>> = None;
 
-/// Initialize this helper
+/// Initialize this helper's cache
 pub fn init() {
     unsafe {
         let map = HashMap::new();

src/helpers/admin_key_registration_challenges_helper.rs

@@ -0,0 +1,34 @@
+//! # Administrators key registration challenges helper
+//!
+//! Allows to temporarily stores keys registration challenges
+//!
+//! @author Pierre Hubert
+
+use std::collections::HashMap;
+use std::sync::{Arc, Mutex};
+
+use webauthn_rs::RegistrationState;
+
+use crate::data::admin::AdminID;
+use crate::data::error::Res;
+
+static mut CACHE: Option<Arc<Mutex<HashMap<AdminID, RegistrationState>>>> = None;
+
+/// Initialize this helper's cache
+pub fn init() {
+    unsafe {
+        let map = HashMap::new();
+        CACHE = Some(Arc::new(Mutex::new(map)));
+    }
+}
+
+/// Store a new entry in the cache
+pub fn set(admin: AdminID, key: RegistrationState) -> Res {
+    let cache = unsafe {
+        CACHE.as_ref().unwrap().lock()
+    };
+
+    cache?.insert(admin, key);
+
+    Ok(())
+}

src/helpers/mod.rs

@@ -24,3 +24,4 @@ pub mod firebase_notifications_helper;
 pub mod forez_presence_helper;
 pub mod admin_account_helper;
 pub mod admin_access_token_helper;
+pub mod admin_key_registration_challenges_helper;

src/routes.rs

@@ -353,5 +353,6 @@ pub fn get_routes() -> Vec<Route> {
         Route::admin_post("/admin/accounts/id", Box::new(admin_account_controller::get_admin_id)),
         Route::admin_post("/admin/accounts/info", Box::new(admin_account_controller::get_admin_info)),
         Route::admin_post("/admin/accounts/update_general_settings", Box::new(admin_account_controller::update_general_settings)),
+        Route::admin_post("/admin/accounts/challenge_register_key", Box::new(admin_account_controller::challenge_register_key))
     ]
 }

src/server.rs

@@ -17,7 +17,7 @@ use crate::controllers::{rtc_relay_controller, user_ws_controller};
 use crate::data::base_request_handler::{BaseRequestHandler, PostFile, RequestValue};
 use crate::data::config::Config;
 use crate::data::http_request_handler::HttpRequestHandler;
-use crate::helpers::{api_helper, requests_limit_helper, admin_access_token_helper};
+use crate::helpers::{admin_access_token_helper, admin_key_registration_challenges_helper, api_helper, requests_limit_helper};
 use crate::routes::{get_routes, RequestResult, Route, RouteScope};
 use crate::routes::Method::{GET, POST};
 use crate::utils::user_data_utils::user_data_path;
@@ -221,7 +221,7 @@ fn process_simple_route(route: &Route, req: &mut HttpRequestHandler) -> RequestR
             if route.need_login || req.has_post_parameter("token") {
                 req.check_user_token()?;
             }
-        },
+        }
 
         // "Admin" user scope
         RouteScope::ADMIN => {
@@ -234,7 +234,6 @@ fn process_simple_route(route: &Route, req: &mut HttpRequestHandler) -> RequestR
     }
 
 
-
     let res: RequestResult = (route.func)(req);
 
     requests_limit_helper::trigger_after(res.is_ok(), req, route)?;
@@ -350,8 +349,8 @@ pub async fn start_server(conf: &Config) -> std::io::Result<()> {
 
     // Initialize limit helper
     requests_limit_helper::init();
-
     admin_access_token_helper::init();
+    admin_key_registration_challenges_helper::init();
 
     let addr = conf.server_listen_address();
     println!("Start to listen on http://{}/", addr);