private async Task MigrateU2FToFIDO2() { await using var ctx = _DBContextFactory.CreateContext(); var u2fDevices = await ctx.U2FDevices.ToListAsync(); foreach (U2FDevice u2FDevice in u2fDevices) { var fido2 = new Fido2Credential() { ApplicationUserId = u2FDevice.ApplicationUserId, Name = u2FDevice.Name, Type = Fido2Credential.CredentialType.FIDO2 }; fido2.SetBlob(new Fido2CredentialBlob() { SignatureCounter = (uint)u2FDevice.Counter, PublicKey = CreatePublicKeyFromU2fRegistrationData(u2FDevice.PublicKey).EncodeToBytes(), UserHandle = u2FDevice.KeyHandle, Descriptor = new PublicKeyCredentialDescriptor(u2FDevice.KeyHandle), CredType = "u2f" }); await ctx.AddAsync(fido2); ctx.Remove(u2FDevice); } await ctx.SaveChangesAsync(); }
public async Task <bool> CompleteCreation(string userId, string name, string data) { try { var attestationResponse = JObject.Parse(data).ToObject <AuthenticatorAttestationRawResponse>(); await using var dbContext = _contextFactory.CreateContext(); var user = await dbContext.Users.Include(applicationUser => applicationUser.Fido2Credentials) .FirstOrDefaultAsync(applicationUser => applicationUser.Id == userId); if (user == null || !CreationStore.TryGetValue(userId, out var options)) { return(false); } // 2. Verify and make the credentials var success = await _fido2.MakeNewCredentialAsync(attestationResponse, options, args => Task.FromResult(true)); // 3. Store the credentials in db var newCredential = new Fido2Credential() { Name = name, ApplicationUserId = userId }; newCredential.SetBlob(new Fido2CredentialBlob() { Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId), PublicKey = success.Result.PublicKey, UserHandle = success.Result.User.Id, SignatureCounter = success.Result.Counter, CredType = success.Result.CredType, AaGuid = success.Result.Aaguid.ToString(), }); await dbContext.Fido2Credentials.AddAsync(newCredential); await dbContext.SaveChangesAsync(); CreationStore.Remove(userId, out _); return(true); } catch (Exception) { return(false); } }