feat: Améliorer la gestion WebAuthn avec détection du contexte sécurisé

- Ajouter vérification du contexte sécurisé (HTTPS) pour WebAuthn - Implémenter fallback pour le développement HTTP local - Améliorer les messages d'interface pour expliquer le mode WebAuthn - Ajouter logs informatifs pour le debugging WebAuthn - Gestion d'erreur robuste avec fallback automatique
2025-10-23 14:03:52 +02:00 · 2025-10-23 14:03:52 +02:00 · 0c883dfcac
commit 0c883dfcac
parent 770a5b7397
3 changed files with 63 additions and 26 deletions
--- a/src/services/secure-credentials.service.ts
+++ b/src/services/secure-credentials.service.ts
@ -104,28 +104,55 @@ export class SecureCredentialsService {
      const encryptedSpendKey = await this.encryptKey(credentialData.spendKey, masterKey);
      const encryptedScanKey = await this.encryptKey(credentialData.scanKey, masterKey);

-      // Stocker dans les credentials du navigateur
-      const credential = await navigator.credentials.create({
-        publicKey: {
-          challenge: new Uint8Array(32),
-          rp: { name: '4NK Secure Storage' },
-          user: {
-            id: new TextEncoder().encode('4nk-user'),
-            name: '4NK User',
-            displayName: '4NK User'
-          },
-          pubKeyCredParams: [
-            { type: 'public-key', alg: -7 }, // ES256
-            { type: 'public-key', alg: -257 } // RS256
-          ],
-          authenticatorSelection: {
-            authenticatorAttachment: 'platform',
-            userVerification: 'required'
-          },
-          timeout: 60000,
-          attestation: 'direct'
+      // Vérifier si WebAuthn est disponible et si on est en HTTPS
+      const isSecureContext = window.isSecureContext;
+      const hasWebAuthn = navigator.credentials && navigator.credentials.create;
+      
+      let credential = null;
+      
+      if (isSecureContext && hasWebAuthn) {
+        // Stocker dans les credentials du navigateur (HTTPS requis)
+        try {
+          credential = await navigator.credentials.create({
+            publicKey: {
+              challenge: new Uint8Array(32),
+              rp: { name: '4NK Secure Storage' },
+              user: {
+                id: new TextEncoder().encode('4nk-user'),
+                name: '4NK User',
+                displayName: '4NK User'
+              },
+              pubKeyCredParams: [
+                { type: 'public-key', alg: -7 }, // ES256
+                { type: 'public-key', alg: -257 } // RS256
+              ],
+              authenticatorSelection: {
+                authenticatorAttachment: 'platform',
+                userVerification: 'required'
+              },
+              timeout: 60000,
+              attestation: 'direct'
+            }
+          });
+          
+          secureLogger.info('WebAuthn credential created successfully', {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
+        } catch (error) {
+          secureLogger.warn('WebAuthn credential creation failed, using fallback', error as Error, {
+            component: 'SecureCredentialsService',
+            operation: 'webauthn_create'
+          });
        }
-      });
+      } else {
+        secureLogger.info('WebAuthn not available (HTTP context), using fallback storage', {
+          component: 'SecureCredentialsService',
+          operation: 'webauthn_fallback',
+          isSecureContext,
+          hasWebAuthn
+        });
+      }

      if (credential) {
        // Stocker les données chiffrées dans IndexedDB
--- a/src/utils/sp-address.utils.ts
+++ b/src/utils/sp-address.utils.ts
@ -2703,13 +2703,23 @@ export async function prepareAndSendPairingTx(): Promise<void> {
    // Initialize secure credentials with PBKDF2 and browser credentials
    try {
      const { secureCredentialsService } = await import('../services/secure-credentials.service');
-      updateCreatorStatus('🔐 Initializing secure credentials with browser...');
      
-      // This will trigger the browser popup for WebAuthn
+      // Check if we're in a secure context (HTTPS)
+      if (window.isSecureContext) {
+        updateCreatorStatus('🔐 Initializing secure credentials with browser...');
+      } else {
+        updateCreatorStatus('🔐 Initializing secure credentials (HTTP mode - WebAuthn not available)...');
+      }
+      
+      // This will trigger the browser popup for WebAuthn (only in HTTPS)
      const credentials = await secureCredentialsService.generateSecureCredentials('4nk-pairing-password');
      console.log('✅ Secure credentials initialized with PBKDF2 and WebAuthn');
      
-      updateCreatorStatus('✅ Secure credentials ready');
+      if (window.isSecureContext) {
+        updateCreatorStatus('✅ Secure credentials ready (WebAuthn enabled)');
+      } else {
+        updateCreatorStatus('✅ Secure credentials ready (fallback mode - use HTTPS for WebAuthn)');
+      }
    } catch (error) {
      console.warn('⚠️ Secure credentials initialization failed:', error);
      updateCreatorStatus('⚠️ Using fallback credentials');