/// <summary>
/// Verifies the response from the browser/authr after creating new credentials
/// </summary>
/// <param name="attestationResponse"></param>
/// <param name="origChallenge"></param>
/// <returns></returns>
public RegisterCredentialResult SetRegisterCredentialResult(AuthenticatorAttestationRawResponse attestationResponse, RegisterCredentialOptions origChallenge, IsCredentialIdUniqueToUserDelegate isCredentialIdUniqueToUser, byte[] requestTokenBindingId = null)
{
var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
var success = parsedResponse.VerifyCredentialCreateOptions(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, requestTokenBindingId);
// todo: Set Errormessage etc.
return(new RegisterCredentialResult
{
Status = "ok",
ErrorMessage = string.Empty,
Result = success
});
}
public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
{
if (null == rawResponse || null == rawResponse.Response)
{
throw new VerificationException("Expected rawResponse, got null");
}
if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
{
throw new VerificationException("Missing AttestationObject");
}
// 8. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse structure to obtain the attestation statement format fmt, the authenticator data authData, and the attestation statement attStmt.
CBORObject cborAttestation;
try
{
cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
}
catch (CBORException ex)
{
throw new VerificationException("AttestationObject invalid CBOR", ex);
}
if (null == cborAttestation["fmt"] ||
CBORType.TextString != cborAttestation["fmt"].Type ||
null == cborAttestation["attStmt"] ||
CBORType.Map != cborAttestation["attStmt"].Type ||
null == cborAttestation["authData"] ||
CBORType.ByteString != cborAttestation["authData"].Type)
{
throw new VerificationException("Malformed AttestationObject");
}
var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
{
Raw = rawResponse,
AttestationObject = new ParsedAttestationObject()
{
Fmt = cborAttestation["fmt"].AsString(),
AttStmt = cborAttestation["attStmt"], // convert to dictionary?
AuthData = cborAttestation["authData"].GetByteString()
}
};
return(response);
}
public static AuthenticatorAttestationResponse Parse(AuthenticatorAttestationRawResponse rawResponse)
{
if (null == rawResponse || null == rawResponse.Response)
{
throw new VerificationException("Expected rawResponse, got null");
}
if (null == rawResponse.Response.AttestationObject || 0 == rawResponse.Response.AttestationObject.Length)
{
throw new VerificationException("Missing AttestationObject");
}
CBORObject cborAttestation;
try
{
cborAttestation = CBORObject.DecodeFromBytes(rawResponse.Response.AttestationObject);
}
catch (CBORException ex)
{
throw new VerificationException("Malformed AttestationObject", ex);
}
if (null == cborAttestation["fmt"] ||
CBORType.TextString != cborAttestation["fmt"].Type ||
null == cborAttestation["attStmt"] ||
CBORType.Map != cborAttestation["attStmt"].Type ||
null == cborAttestation["authData"] ||
CBORType.ByteString != cborAttestation["authData"].Type)
{
throw new VerificationException("Malformed AttestationObject");
}
var response = new AuthenticatorAttestationResponse(rawResponse.Response.ClientDataJson)
{
Raw = rawResponse,
AttestationObject = new ParsedAttestationObject()
{
Fmt = cborAttestation["fmt"].AsString(),
AttStmt = cborAttestation["attStmt"], // convert to dictionary?
AuthData = cborAttestation["authData"].GetByteString()
}
};
return(response);
}
/// <summary>
/// Verifies the response from the browser/authr after creating new credentials (MakeNewCredentialAsync)
/// </summary>
/// <param name="attestationResponse"></param>
/// <param name="origChallenge"></param>
/// <returns></returns>
public async Task <CredentialMakeResult> SetRegisterCredentialResult(AuthenticatorAttestationRawResponse attestationResponse, CredentialCreateOptions origChallenge, IsCredentialIdUniqueToUserAsyncDelegate isCredentialIdUniqueToUser, byte[] requestTokenBindingId = null)
{
var parsedResponse = AuthenticatorAttestationResponse.Parse(attestationResponse);
var success = await parsedResponse.VerifyAsync(origChallenge, _config, isCredentialIdUniqueToUser, _metadataService, requestTokenBindingId);
try
{
return(new CredentialMakeResult
{
Status = "ok",
ErrorMessage = string.Empty,
Result = success
});
}
catch (Exception e)
{
return(new CredentialMakeResult
{
Status = "error",
ErrorMessage = e.Message,
Result = success
});
}
}