ServerPublicKeyCredentialCreationOptionsResponse IFidoServer.GetAssertionOptions( ServerPublicKeyCredentialCreationOptionsRequest serverPublicKeyCredentialCreationOptionsRequest) { ServerPublicKeyCredentialCreationOptionsResponse response = new ServerPublicKeyCredentialCreationOptionsResponse(); List <ServerPublicKeyCredentialDescriptor> allowCredentials = new List <ServerPublicKeyCredentialDescriptor>(); foreach (ServerRegInfo info in regInfos) { ServerPublicKeyCredentialDescriptor desc = new ServerPublicKeyCredentialDescriptor(); desc.Id = info.CredentialId; desc.Type = "public-key"; allowCredentials.Add(desc); } response.AllowCredentials = allowCredentials.ToArray(); response.Challenge = ByteUtils.ByteToBase64(GetChallege()); response.RpId = "www.huawei.fidodemo"; response.Timeout = 60L; return(response); }
ServerPublicKeyCredentialCreationOptionsResponse IFidoServer.GetAttestationOptions(ServerPublicKeyCredentialCreationOptionsRequest request) { ServerPublicKeyCredentialCreationOptionsResponse response = new ServerPublicKeyCredentialCreationOptionsResponse(); response.Attestation = request.Attestation; ServerAuthenticatorSelectionCriteria selectionCriteria = request.AuthenticatorSelection; if (selectionCriteria != null) { response.AuthenticatorSelection = selectionCriteria; } response.Challenge = ByteUtils.ByteToBase64(GetChallege()); List <ServerPublicKeyCredentialDescriptor> excludeCredentialList = new List <ServerPublicKeyCredentialDescriptor>(); foreach (ServerRegInfo info in regInfos) { ServerPublicKeyCredentialDescriptor desc = new ServerPublicKeyCredentialDescriptor(); desc.Id = info.CredentialId; desc.Type = "public-key"; excludeCredentialList.Add(desc); } response.ExcludeCredentials = excludeCredentialList.ToArray(); List <ServerPublicKeyCredentialParameters> pubKeyCredParamList = new List <ServerPublicKeyCredentialParameters>(); ServerPublicKeyCredentialParameters cp = new ServerPublicKeyCredentialParameters(); cp.Alg = -7; cp.Type = "public-key"; pubKeyCredParamList.Add(cp); cp = new ServerPublicKeyCredentialParameters(); cp.Alg = -257; cp.Type = "public-key"; pubKeyCredParamList.Add(cp); response.PubKeyCredParams = pubKeyCredParamList.ToArray(); ServerPublicKeyCredentialRpEntity rpEntity = new ServerPublicKeyCredentialRpEntity(); rpEntity.Name = "www.huawei.fidodemo"; response.Rp = rpEntity; response.RpId = "www.huawei.fidodemo"; response.Timeout = 60L; ServerPublicKeyCredentialUserEntity user = new ServerPublicKeyCredentialUserEntity(); user.Id = request.Username; user.DisplayName = request.DisplayName; response.User = user; return(response); }
public static PublicKeyCredentialRequestOptions ConvertToPublicKeyCredentialRequestOptions( IFido2Client fido2Client, ServerPublicKeyCredentialCreationOptionsResponse response, bool isUseSelectedPlatformAuthenticator) { PublicKeyCredentialRequestOptions.Builder builder = new PublicKeyCredentialRequestOptions.Builder(); builder.SetRpId(response.RpId); builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge)); ServerPublicKeyCredentialDescriptor[] descriptors = response.AllowCredentials; if (descriptors != null) { List <PublicKeyCredentialDescriptor> descriptorList = new List <PublicKeyCredentialDescriptor>(); foreach (ServerPublicKeyCredentialDescriptor descriptor in descriptors) { List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>(); if (descriptor.Transports != null) { try { transports.Add(AuthenticatorTransport.FromValue(descriptor.Transports)); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } PublicKeyCredentialDescriptor desc = new PublicKeyCredentialDescriptor( PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(descriptor.Id), transports); descriptorList.Add(desc); } builder.SetAllowList(descriptorList); } Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>(); if (response.Extensions != null) { extensions.AddRangeOverride(response.Extensions); } // Specify a platform authenticator and related extension items. You can specify a platform // authenticator or not as needed. if (isUseSelectedPlatformAuthenticator) { UseSelectedPlatformAuthenticator(fido2Client, extensions); } builder.SetExtensions(extensions); builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout); return(builder.Build()); }
private void OnClickAuthentication(object sender, EventArgs e) { string Tag = "OnClickAuthentication"; if (!fido2Client.IsSupported) { log.Info(Tag, "FIDO2 is not supported."); return; } IFidoServer fidoServer = new FidoServerSimulator(); if (fidoServer == null) { log.Error(Tag, GetString(Resource.String.connect_server_err)); return; } ServerPublicKeyCredentialCreationOptionsRequest request = GetAuthnServerPublicKeyCredentialCreationOptionsRequest(); if (request == null) { return; } // Obtain the challenge value and related policy from the FIDO server, and initiate a Fido2AuthenticationRequest // request. ServerPublicKeyCredentialCreationOptionsResponse response = fidoServer.GetAssertionOptions(request); if (!ServerStatus.Ok.Equals(response.GetStatus())) { log.Error(Tag, GetString(Resource.String.authn_fail) + response.GetErrorMessage()); return; } string attachmentMode = GetSpinnerSelect(attachmentSp.SelectedItem); bool isUseSelectedPlatformAuthenticator = Attachment.Platform.Value.Equals(attachmentMode); PublicKeyCredentialRequestOptions publicKeyCredentialCreationOptions = ServerUtils.ConvertToPublicKeyCredentialRequestOptions(fido2Client, response, isUseSelectedPlatformAuthenticator); AuthenticateToFido2Client(publicKeyCredentialCreationOptions); }
private void OnClickRegistration(object sender, EventArgs e) { string Tag = "OnClickRegistration"; if (!fido2Client.IsSupported) { log.Info(Tag, "FIDO2 is not supported."); return; } IFidoServer fidoServer = new FidoServerSimulator(); if (fidoServer == null) { log.Error(Tag, GetString(Resource.String.connect_server_err)); return; } ServerPublicKeyCredentialCreationOptionsRequest request = GetRegServerPublicKeyCredentialCreationOptionsRequest(); if (request == null) { return; } // Obtain the challenge value and related policy from the FIDO server, and initiate a Fido2RegistrationRequest // request. ServerPublicKeyCredentialCreationOptionsResponse response = fidoServer.GetAttestationOptions(request); if (!ServerStatus.Ok.Equals(response.GetStatus())) { log.Error(Tag, GetString(Resource.String.reg_fail) + response.GetErrorMessage()); } PublicKeyCredentialCreationOptions publicKeyCredentialCreationOptions = ServerUtils.ConvertToPublicKeyCredentialCreationOptions(fido2Client, response); RegisterToFido2Client(publicKeyCredentialCreationOptions); }
public static PublicKeyCredentialCreationOptions ConvertToPublicKeyCredentialCreationOptions(IFido2Client fido2Client, ServerPublicKeyCredentialCreationOptionsResponse response) { PublicKeyCredentialCreationOptions.Builder builder = new PublicKeyCredentialCreationOptions.Builder(); string name = response.Rp.Name; PublicKeyCredentialRpEntity entity = new PublicKeyCredentialRpEntity(name, name, null); builder.SetRp(entity); string id = response.User.Id; try { builder.SetUser(new PublicKeyCredentialUserEntity(id, System.Text.Encoding.UTF8.GetBytes(id))); } catch (UnsupportedEncodingException e) { Log.Error(Tag, e.Message, e); } builder.SetChallenge(ByteUtils.Base64ToByte(response.Challenge)); if (response.PubKeyCredParams != null) { List <PublicKeyCredentialParameters> parameters = new List <PublicKeyCredentialParameters>(); ServerPublicKeyCredentialParameters[] serverPublicKeyCredentialParameters = response.PubKeyCredParams; foreach (ServerPublicKeyCredentialParameters param in serverPublicKeyCredentialParameters) { try { PublicKeyCredentialParameters parameter = new PublicKeyCredentialParameters( PublicKeyCredentialType.PublicKey, Algorithm.FromCode(param.Alg)); parameters.Add(parameter); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } builder.SetPubKeyCredParams(parameters); } if (response.ExcludeCredentials != null) { List <PublicKeyCredentialDescriptor> descriptors = new List <PublicKeyCredentialDescriptor>(); ServerPublicKeyCredentialDescriptor[] serverDescriptors = response.ExcludeCredentials; foreach (ServerPublicKeyCredentialDescriptor desc in serverDescriptors) { List <AuthenticatorTransport> transports = new List <AuthenticatorTransport>(); if (desc.Transports != null) { try { transports.Add(AuthenticatorTransport.FromValue(desc.Transports)); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } PublicKeyCredentialDescriptor descriptor = new PublicKeyCredentialDescriptor( PublicKeyCredentialType.PublicKey, ByteUtils.Base64ToByte(desc.Id), transports); descriptors.Add(descriptor); } builder.SetExcludeList(descriptors); } Attachment attachment = null; if (response.AuthenticatorSelection != null) { ServerAuthenticatorSelectionCriteria selectionCriteria = response.AuthenticatorSelection; if (selectionCriteria.AuthenticatorAttachment != null) { try { attachment = Attachment.FromValue(selectionCriteria.AuthenticatorAttachment); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } bool residentKey = selectionCriteria.IsRequireResidentKey; UserVerificationRequirement requirement = null; if (selectionCriteria.UserVerification != null) { try { requirement = UserVerificationRequirement.FromValue(selectionCriteria.UserVerification); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } AuthenticatorSelectionCriteria fido2Selection = new AuthenticatorSelectionCriteria(attachment, (Java.Lang.Boolean)residentKey, requirement); builder.SetAuthenticatorSelection(fido2Selection); } // attestation if (response.Attestation != null) { try { AttestationConveyancePreference preference = AttestationConveyancePreference.FromValue(response.Attestation); builder.SetAttestation(preference); } catch (System.Exception e) { Log.Error(Tag, e.Message, e); } } Dictionary <string, Java.Lang.Object> extensions = new Dictionary <string, Java.Lang.Object>(); if (response.Extensions != null) { extensions.AddRangeOverride(response.Extensions); } // Specify a platform authenticator and related extension items. You can specify a platform // authenticator or not as needed. if (Attachment.Platform.Equals(attachment)) { UseSelectedPlatformAuthenticator(fido2Client, extensions); } builder.SetExtensions(extensions); builder.SetTimeoutSeconds((Java.Lang.Long)response.Timeout); return(builder.Build()); }