ServerPublicKeyCredentialCreationOptionsResponse IFidoServer.GetAssertionOptions(
ServerPublicKeyCredentialCreationOptionsRequest serverPublicKeyCredentialCreationOptionsRequest)
{
ServerPublicKeyCredentialCreationOptionsResponse response =
new ServerPublicKeyCredentialCreationOptionsResponse();
List <ServerPublicKeyCredentialDescriptor> allowCredentials = new List <ServerPublicKeyCredentialDescriptor>();
foreach (ServerRegInfo info in regInfos)
{
ServerPublicKeyCredentialDescriptor desc = new ServerPublicKeyCredentialDescriptor();
desc.Id = info.CredentialId;
desc.Type = "public-key";
allowCredentials.Add(desc);
}
response.AllowCredentials = allowCredentials.ToArray();
response.Challenge = ByteUtils.ByteToBase64(GetChallege());
response.RpId = "www.huawei.fidodemo";
response.Timeout = 60L;
return(response);
}
ServerPublicKeyCredentialCreationOptionsResponse IFidoServer.GetAttestationOptions(ServerPublicKeyCredentialCreationOptionsRequest request)
{
ServerPublicKeyCredentialCreationOptionsResponse response =
new ServerPublicKeyCredentialCreationOptionsResponse();
response.Attestation = request.Attestation;
ServerAuthenticatorSelectionCriteria selectionCriteria = request.AuthenticatorSelection;
if (selectionCriteria != null)
{
response.AuthenticatorSelection = selectionCriteria;
}
response.Challenge = ByteUtils.ByteToBase64(GetChallege());
List <ServerPublicKeyCredentialDescriptor> excludeCredentialList = new List <ServerPublicKeyCredentialDescriptor>();
foreach (ServerRegInfo info in regInfos)
{
ServerPublicKeyCredentialDescriptor desc = new ServerPublicKeyCredentialDescriptor();
desc.Id = info.CredentialId;
desc.Type = "public-key";
excludeCredentialList.Add(desc);
}
response.ExcludeCredentials = excludeCredentialList.ToArray();
List <ServerPublicKeyCredentialParameters> pubKeyCredParamList = new List <ServerPublicKeyCredentialParameters>();
ServerPublicKeyCredentialParameters cp = new ServerPublicKeyCredentialParameters();
cp.Alg = -7;
cp.Type = "public-key";
pubKeyCredParamList.Add(cp);
cp = new ServerPublicKeyCredentialParameters();
cp.Alg = -257;
cp.Type = "public-key";
pubKeyCredParamList.Add(cp);
response.PubKeyCredParams = pubKeyCredParamList.ToArray();
ServerPublicKeyCredentialRpEntity rpEntity = new ServerPublicKeyCredentialRpEntity();
rpEntity.Name = "www.huawei.fidodemo";
response.Rp = rpEntity;
response.RpId = "www.huawei.fidodemo";
response.Timeout = 60L;
ServerPublicKeyCredentialUserEntity user = new ServerPublicKeyCredentialUserEntity();
user.Id = request.Username;
user.DisplayName = request.DisplayName;
response.User = user;
return(response);
}
public static PublicKeyCredentialRequestOptions ConvertToPublicKeyCredentialRequestOptions(
IFido2Client fido2Client,
ServerPublicKeyCredentialCreationOptionsResponse response,
bool isUseSelectedPlatformAuthenticator)
{
PublicKeyCredentialRequestOptions.Builder builder = new PublicKeyCredentialRequestOptions.Builder();
builder.SetRpId(response.RpId);
builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge));
ServerPublicKeyCredentialDescriptor[] descriptors = response.AllowCredentials;
if (descriptors != null)
{
List <PublicKeyCredentialDescriptor> descriptorList = new List <PublicKeyCredentialDescriptor>();
foreach (ServerPublicKeyCredentialDescriptor descriptor in descriptors)
{
List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>();
if (descriptor.Transports != null)
{
try
{
transports.Add(AuthenticatorTransport.FromValue(descriptor.Transports));
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
PublicKeyCredentialDescriptor desc = new PublicKeyCredentialDescriptor(
PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(descriptor.Id), transports);
descriptorList.Add(desc);
}
builder.SetAllowList(descriptorList);
}
Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>();
if (response.Extensions != null)
{
extensions.AddRangeOverride(response.Extensions);
}
// Specify a platform authenticator and related extension items. You can specify a platform
// authenticator or not as needed.
if (isUseSelectedPlatformAuthenticator)
{
UseSelectedPlatformAuthenticator(fido2Client, extensions);
}
builder.SetExtensions(extensions);
builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout);
return(builder.Build());
}
private void OnClickAuthentication(object sender, EventArgs e)
{
string Tag = "OnClickAuthentication";
if (!fido2Client.IsSupported)
{
log.Info(Tag, "FIDO2 is not supported.");
return;
}
IFidoServer fidoServer = new FidoServerSimulator();
if (fidoServer == null)
{
log.Error(Tag, GetString(Resource.String.connect_server_err));
return;
}
ServerPublicKeyCredentialCreationOptionsRequest request = GetAuthnServerPublicKeyCredentialCreationOptionsRequest();
if (request == null)
{
return;
}
// Obtain the challenge value and related policy from the FIDO server, and initiate a Fido2AuthenticationRequest
// request.
ServerPublicKeyCredentialCreationOptionsResponse response = fidoServer.GetAssertionOptions(request);
if (!ServerStatus.Ok.Equals(response.GetStatus()))
{
log.Error(Tag, GetString(Resource.String.authn_fail) + response.GetErrorMessage());
return;
}
string attachmentMode = GetSpinnerSelect(attachmentSp.SelectedItem);
bool isUseSelectedPlatformAuthenticator = Attachment.Platform.Value.Equals(attachmentMode);
PublicKeyCredentialRequestOptions publicKeyCredentialCreationOptions = ServerUtils.ConvertToPublicKeyCredentialRequestOptions(fido2Client, response, isUseSelectedPlatformAuthenticator);
AuthenticateToFido2Client(publicKeyCredentialCreationOptions);
}
private void OnClickRegistration(object sender, EventArgs e)
{
string Tag = "OnClickRegistration";
if (!fido2Client.IsSupported)
{
log.Info(Tag, "FIDO2 is not supported.");
return;
}
IFidoServer fidoServer = new FidoServerSimulator();
if (fidoServer == null)
{
log.Error(Tag, GetString(Resource.String.connect_server_err));
return;
}
ServerPublicKeyCredentialCreationOptionsRequest request = GetRegServerPublicKeyCredentialCreationOptionsRequest();
if (request == null)
{
return;
}
// Obtain the challenge value and related policy from the FIDO server, and initiate a Fido2RegistrationRequest
// request.
ServerPublicKeyCredentialCreationOptionsResponse response = fidoServer.GetAttestationOptions(request);
if (!ServerStatus.Ok.Equals(response.GetStatus()))
{
log.Error(Tag, GetString(Resource.String.reg_fail) + response.GetErrorMessage());
}
PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions =
ServerUtils.ConvertToPublicKeyCredentialCreationOptions(fido2Client, response);
RegisterToFido2Client(publicKeyCredentialCreationOptions);
}
public static PublicKeyCredentialCreationOptions ConvertToPublicKeyCredentialCreationOptions(IFido2Client fido2Client,
ServerPublicKeyCredentialCreationOptionsResponse response)
{
PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder();
string name = response.Rp.Name;
PublicKeyCredentialRpEntity entity = new PublicKeyCredentialRpEntity(name, name, null);
builder.SetRp(entity);
string id = response.User.Id;
try
{
builder.SetUser(new PublicKeyCredentialUserEntity(id, System.Text.Encoding.UTF8.GetBytes(id)));
}
catch (UnsupportedEncodingException e)
{
Log.Error(Tag, e.Message, e);
}
builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge));
if (response.PubKeyCredParams != null)
{
List <PublicKeyCredentialParameters> parameters = new List <PublicKeyCredentialParameters>();
ServerPublicKeyCredentialParameters[] serverPublicKeyCredentialParameters = response.PubKeyCredParams;
foreach (ServerPublicKeyCredentialParameters param in serverPublicKeyCredentialParameters)
{
try
{
PublicKeyCredentialParameters parameter = new PublicKeyCredentialParameters(
PublicKeyCredentialType.PublicKey, Algorithm.FromCode(param.Alg));
parameters.Add(parameter);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
builder.SetPubKeyCredParams(parameters);
}
if (response.ExcludeCredentials != null)
{
List <PublicKeyCredentialDescriptor> descriptors = new List <PublicKeyCredentialDescriptor>();
ServerPublicKeyCredentialDescriptor[] serverDescriptors = response.ExcludeCredentials;
foreach (ServerPublicKeyCredentialDescriptor desc in serverDescriptors)
{
List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>();
if (desc.Transports != null)
{
try
{
transports.Add(AuthenticatorTransport.FromValue(desc.Transports));
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
PublicKeyCredentialDescriptor descriptor = new PublicKeyCredentialDescriptor(
PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(desc.Id), transports);
descriptors.Add(descriptor);
}
builder.SetExcludeList(descriptors);
}
Attachment attachment = null;
if (response.AuthenticatorSelection != null)
{
ServerAuthenticatorSelectionCriteria selectionCriteria = response.AuthenticatorSelection;
if (selectionCriteria.AuthenticatorAttachment != null)
{
try
{
attachment = Attachment.FromValue(selectionCriteria.AuthenticatorAttachment);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
bool residentKey = selectionCriteria.IsRequireResidentKey;
UserVerificationRequirement requirement = null;
if (selectionCriteria.UserVerification != null)
{
try
{
requirement = UserVerificationRequirement.FromValue(selectionCriteria.UserVerification);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
AuthenticatorSelectionCriteria fido2Selection =
new AuthenticatorSelectionCriteria(attachment, (Java.Lang.Boolean)residentKey, requirement);
builder.SetAuthenticatorSelection(fido2Selection);
}
// attestation
if (response.Attestation != null)
{
try
{
AttestationConveyancePreference preference =
AttestationConveyancePreference.FromValue(response.Attestation);
builder.SetAttestation(preference);
}
catch (System.Exception e)
{
Log.Error(Tag, e.Message, e);
}
}
Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>();
if (response.Extensions != null)
{
extensions.AddRangeOverride(response.Extensions);
}
// Specify a platform authenticator and related extension items. You can specify a platform
// authenticator or not as needed.
if (Attachment.Platform.Equals(attachment))
{
UseSelectedPlatformAuthenticator(fido2Client, extensions);
}
builder.SetExtensions(extensions);
builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout);
return(builder.Build());
}
